Abstract: To solve the problem of user repeated logon from various kinds of applications based on hybrid architecture and in different domains, a single sign-on architecture was proposed. On the basis of analyzing the advantages and disadvantages of existing single sign-on models, combined with the key technology like Web service, Applet and reverse proxy, two core problems such as single sign-on architecture mixing B/S and C/S structure applications and cross-domain single sign-on were resolved. Meanwhile, the security and performance of this architecture were well guaranteed since the reverse proxy and related encryption technology were adopted. The results show that this architecture is of high performance and it is widely applicable.

Key words: single sign-on, Web service, cross domain, reverse proxy, B/S, C/S

摘要： 为解决用户在访问多个不同的应用系统而需要进行多次登录认证的困扰，提出了单点登录技术。在分析现有的单点登录模型的优缺点的基础上，结合Web service、Applet、反向代理等关键技术，提出了一个全新的单点登录模型，解决了跨域以及混合B/S与C/S架构的应用的单点登录两大比较核心的问题。同时，由于反向代理技术以及相关加密技术的采用，使得本系统在安全和性能上得到很好的保障。

关键词: 单点登录, Web服务, 跨域, 反向代理, B/S, C/S