针对多应用系统下用户需多次进行身份认证导致工作效率较低及系统安全性差的问题,提出了一种基于Cookie的跨域单点登录方案.用户可以在不同域内的应用系统间安全有效地实现“一处登录,多处访问”.给出了方案的总体模型,分析了登录流程,解释了跨域的实现,详细地说明了双向认证过程,保证通信双方的身份合法性.引入角色认证管理,降低了单点登录系统与应用系统的耦合.%Aiming at the problem of low efficiency and poor system security due to the multiple authentication of users under multiple application systems,we propose a cookie-based cross-domain single sign-on scheme.Users can login once but access multiple systems in different domains.We provide the overall model of the scheme,analyze the login process and explain the implementation of the cross-domain.The mutual authentication is explained in details,which ensures the legitimate identity of both sides of communication.The management of role-identity is added to reduce the coupling between single sign-on systems and web application systems.
展开▼