分布式跨域单点登录模型的研究与应用

发布时间：2018-05-29 08:05

本文选题：统一身份认证 + 单点登录　；参考：《上海交通大学》2014年硕士论文

【摘要】：随着互联网的发展,网络应用不断推广,企业信息化程度也越来越深入。不论是大小企业还是政府机关都开始使用信息化系统来完成日常的工作,包括办公自动化系统(OA)、财务管理系统、档案管理系统、项目管理系统以及一些专业专用的信息系统等等。由于信息化系统的增多,致使用户需要记忆更多的用户名与密码。若使用相同的账号密码则会带来安全隐患,因此单点登录与统一用户管理必然成为发展趋势。单点登录技术是一种解决不同系统之间一次登录,多次访问的技术。用户只需要主动地进行一次身份认证,就可以访问其被授权使用的资源而不需要再次认证。随着网络技术的不断完善,单点登录技术目前已经有不少比较成熟的解决方案。其中既有实现便捷,免费获取的开源方案,也有用户体验好、安全性高的商用解决方案。然而对于企业不同的业务需求,多样的网络架构,无论是开源的还是商用的单点登录解决方案,都需要根据企业的业务情况进行定制。以我国的航空设计制造业为例,我国的航空工业起步较晚,项目周期长,涉及范围广,业务模式复杂,用户的需求也随着产品的全生命周期过程而逐渐提出。包括预定义阶段、初步设计阶段,详细设计阶段、全面试制阶段、适航取证阶段,以及最后的试制、批产和售后阶段。这些阶段用户关注的内容都不尽相同,据此实施的各类信息化系统都需要跨专业、跨地域、多环境下的协调。尤其是在已有众多分散的应用系统的情况下,如何以最优的方案整合企业资源,实现统一的用户管理与单点登录,这是项目实施首要关注的问题。因此实施单点登录与统一用户管理面临着很大的挑战。本论文以航空设计制造业单点登录与统一用户管理作为研究对象进行探讨,以寻求一种通用的解决方案,为其他行业的信息化提供参考。论文研究了国内外单点登录技术的现状以及目前市场上成熟的商业产品,并比较其优缺点。同时对论文研究涉及的相关技术原理进行了探讨,包括单点登录技术、跨域访问原理、分布式系统。这些工作主要是为了根据论文的研究目标寻求解决方案,为分布式跨域单点登录模型的设计做技术准备。本论文的主要工作内容如下:1)分析航空设计制造业的信息化现状,提出系统需求:最大程度上利用现有资源实现统一用户管理,改善用户使用体验,保证数据安全,使其具备推广价值。2)从业务模型、系统需求与系统架构等方面使用UML统一建模语言进行建模,提炼出分布式跨域单点登录模型。论文提出模型实现的目标是:在异构的、跨域环境中,将现有应用系统整合起来,以最小的改造代价实现单点登录与统一用户管理。3)采用IBM的商用产品TAM(Tivoli Access Manager)实现跨域单点登录功能,以及多个认证中心间的认证互信,以确保良好的单点登录用户体验。组织、用户管理功能、用户信息同步功能均通过自行编码实现。论文利用Web Service技术来解决多个认证中心之间、以及认证中心与应用系统之间的组织、用户信息同步的问题。4)根据模型设计要求,选取一个业务系统进行实施,以验证本论文所提出的跨域单点登录模型的正确性与可行性。通过对系统进行功能测试和性能测试,模拟组织、用户信息的增删改操作,测试认证中心与分中心之间的实时同步功能,以及认证分中心与所要求的目标应用系统之间的定时同步功能是否达到设计要求。单点登录的性能在并发用户两百的情况下,CPU使用率小于70%,符合性能标准。测试结果表明该系统在功能及非功能方面均满足了用户需求。系统已上线运行,在运行期间,系统表现出良好的安全性与稳定性,用户满意度也有所提高。这说明分布式跨域单点登录模型在航空设计制造业实现统一用户管理和单点登录是适用的。
[Abstract]:With the development of the Internet, the application of the network has been popularized, and the degree of enterprise information is becoming more and more in-depth. Both the large and small enterprises and government agencies have started to use the information system to complete the daily work, including the office automation system (OA), the financial management system, the archives management system, the project management system and some specialized specialties. Information systems and so on. Because of the increase of information system, users need to remember more username and password. If using the same account password will bring security risks, single sign on and unified user management will inevitably become a development trend. Single sign on technology is a solution of one login and multiple access between different systems. Technology. Users only need to actively carry out an identity authentication to access their authorized resources without re authentication. With the continuous improvement of network technology, there are many mature solutions to single sign on technology. There are both convenient and free access to open source solutions, and user experience. Good, high security commercial solutions. However, for the different business needs of the enterprise, a variety of network architectures, both open source and commercial single sign on solutions, need to be customized according to the business conditions of the enterprise. For example, China's aviation industry is late and the project cycle is long. It has a wide range and complex business model, and the needs of users are also gradually proposed with the whole life cycle of the product. It includes predefined phase, preliminary design phase, detailed design phase, comprehensive trial stage, seaworthiness forensics stage, and final trial system, batch production and post sale stage. All kinds of information systems that are implemented need cross professional, cross regional and multi environment coordination. Especially in the case of many distributed application systems, how to integrate the enterprise resources with the best scheme and realize the unified user management and single sign on is the main concern of the project. Therefore, the implementation of single sign on and unification is carried out. One user management is facing a great challenge. This paper is based on the research object of single sign on and unified user management in aeronautical design and manufacturing, in order to seek a general solution and provide reference for other industries. The present situation of single sign on technology at home and abroad and the mature business on the market are studied in this paper. Industry products, and compare their advantages and disadvantages. At the same time, the paper discusses the relevant technical principles involved in the thesis research, including single sign on, cross domain access principle and distributed system. These work are mainly for the purpose of seeking solutions according to the research objectives of the paper. This paper is a technical preparation for the design of distributed cross domain single sign on model. The main contents are as follows: 1) analysis the information status of aviation design and manufacturing industry, and put forward the system requirements: to maximize the use of existing resources to realize unified user management, improve user experience, ensure data security, and make it have the popularization value.2) from the business model, system requirements and system architecture, such as the use of UML unified modeling. The goal of the model implementation is to integrate the existing application systems in the heterogeneous and cross domain environment, implement single sign on and unified user management.3 with the minimum cost of transformation, and use the IBM's commercial product TAM (Tivoli Access Manager) to realize cross domain single point boarding. Recording functions and authentication and mutual trust between multiple authentication centers to ensure a good single sign on user experience. Organization, user management functions, user information synchronization functions are implemented by self encoding. The paper uses Web Service technology to solve multiple authentication centers, as well as the organization between the authentication center and the application system, and user information Synchronization problem.4) according to the design requirements of the model, a business system is selected to implement the correctness and feasibility of the cross domain single sign on model proposed in this paper. Through the function test and performance test of the system, the simulation organization, the operation of user information, and the testing of the real time between the authentication center and the sub center. The synchronization function, as well as the timing synchronization function between the authentication sub center and the required target application system, meets the design requirements. The performance of single sign on is less than 70% in the case of concurrent user two hundred, which meets the performance standards. The test results show that the system meets the user requirements in both power and non functional aspects. The system has been running on line. During the operation, the system shows good security and stability, and the user satisfaction is improved. This shows that the distributed cross domain single sign on model is applicable to the implementation of unified user management and single sign on in the aviation design and manufacturing industry.
【学位授予单位】：上海交通大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】