计算机应用 ›› 2012, Vol. 32 ›› Issue (06): 1766-1768.DOI: 10.3724/SP.J.1087.2012.01766

• 典型应用 • 上一篇    下一篇

基于票据的跨域单点登录

王国伟1,薛曼君2   

  1. 1. 河南理工大学 计算机科学与技术学院,河南 焦作 454000
    2. 河南理工大学 建筑与艺术设计学院,河南 焦作 454000
  • 收稿日期:2011-11-29 修回日期:2012-01-25 发布日期:2012-06-04 出版日期:2012-06-01
  • 通讯作者: 王国伟
  • 作者简介:王国伟(1979-),男,河南平顶山人,讲师,硕士,主要研究方向:分布式系统架构、网络安全;〓薛曼君(1982-),女,河南焦作人,讲师,硕士,主要研究方向:计算机图形处理。
  • 基金资助:
    河南省软科学研究计划项目;河南理工大学青年基金重点资助项目

Token-based cross domain single sign on

WANG Guo-wei1,XUE Man-jun2   

  1. 1. School of Computer Science and Technology, Henan Polytechnic University, Jiaozuo Henan 454000, China
    2. School of Architectural and Artistic Design, Henan Polytechnic University, Jiaozuo Henan 454000, China
  • Received:2011-11-29 Revised:2012-01-25 Online:2012-06-04 Published:2012-06-01
  • Contact: WANG Guo-wei

摘要: 针对单点登录中的跨域身份认证问题,提出了一种基于票据的解决方案,以地址重定向的方式传递加密用户登录信息,异域应用系统获取用户信息并提供数据操作服务。使用随机数字生成票据,并作为生成传统加密算法会话密钥的参数,采用现代加密算法实现异域系统之间的互信并安全传递票据,异域应用系统根据票据产生会话密钥,加密并传输用户登录信息,每次会话产生新的密钥。通过对票据产生和传输以及密钥的安全性分析,可以实现跨域单点登录的功能并保证身份认证安全可信。

关键词: 单点登录, 跨域, 密钥, 认证, 票据

Abstract: To resolve the problems of cross domain identity authentication in single sign on, a solution based on token was proposed, which transmit the encrypted logon information of user through URL redirection, and then the application systems in heterogeneous domains get the information and response data operation. By using random digital number as token that can be act as the parameter to generate session key of traditional cryptosystem, the solution presents a method of mutual trust and security token transmission between application systems in heterogeneous domains through modern cryptosystem, in this method the application systems generate the session key by using token and encrypt/decrypt the user information, and each communication use different session key. The security analysis of the generation and transmission of token and key shows that the solution is a security implementation of identity authentication in cross domain single sign on.

Key words: single sign on, cross domain, key, authentication, token

中图分类号: