面向Web Form身份鉴别的单点登录透明集成技术

Transparent Single Sign-On Integration Technology for Web Form Authentication

针对单点登录实施中已有Web应用系统无法修改的问题,提出了一种面向Web Form身份鉴别、无需修改应用程序的单点登录透明集成技术。该技术通过仅拦截获取登录页面和提交到登录验证URL的HTTP请求的插件,实现与在线身份服务系统交互并通过口令代填实现Web应用系统的单点登录。所述插件既可以是Web服务器插件,也可以是普通Web页面。有关技术实现简单、方便。

To address the issue that existing web applications are not allowed to modify in implementing single sign-on(SSO) functionality, a transparent SSO integration technlology which requires no modifications to the application programs is proposed. It employs plug-ins that only intercept web requests for retrieving login page or requests submitted to the URL enforcing login verifications. The plug-ins are either web server plug-ins or ordinary web pages. They enforce SSO through interacting with an online identity provider and inserting an ender-user's application login account name and password into the login requst on the ender-user's behalf. The proposed method is simple and easy to implement.