Application Research of Smart Card in SAML-based Single Sign-on Model
|School||Southwest Jiaotong University|
|Keywords||SAML Single sign-on Smart Card Authentication Token|
Single sign-on is a collaborative work , in order to take into account the practicality and safety of the design makes it possible integrated user login functionality and user account management functions between different systems . In the single sign-on system , user access to multiple system applications need to be certified , just one login and authentication can seamlessly access their access to any system , without the need to log in again . Cross-domain single sign-on system there is a lack of a unified standard , run complex process , and lack of security and other issues . Traditional single sign-on system to achieve a variety of ways , in recent years tended to adopt the standard specification - SAML Security Assertion Markup Language to build a single sign-on system . This article compares the advantages and disadvantages of the usual three top built on SAML single sign-on model , to strengthen the focus on the security of a simplified model . SAML security token in the storage and maintenance of the client by the smart card to complete, At the same time , also made of a combination of a password with the smart card user authentication scheme , used in a simplified model . The smart card is easy to carry , plug-and-play , difficult to counterfeit, the characteristics of the data as well as data storage , data processing functions can not be read directly . User authentication and security token storage maintenance functions , using a smart card auxiliary simplified model can improve the single sign-on system security . To the theory is applied to the actual system is designed based on a simplified single sign-on model of the overall framework of the system one by one in detail the design and implementation of the various functional modules in the framework for system design customers end , the identity provider side and the services provided to end three entities , the main achievement of the registration, login, cancel the account and password to change the four functions . Finally , program implementation and testing of the system is described , and illustrates the shortcomings of the system existing in and looking forward to the future research work .