Research And Realization Of Single Sign-on In The Military Software System

The developing of world military software system are in the trend of autonizationand intergration, however, it faces the problems of “information island” and“information barries”. This paper applys the single sign-on method in military system,since this method has the advantages of once login, multi-party certification, andrepeated access, and also gives some reseach work on the related problems. The mainwork are as follows:First, a BA-SSL-based(Broker-Agent-SSL-based) implemental model for SingleSign-On in military system is proposed and designed, and the model properlyintergrates SSL protocol, digital signatures and the digital envelope technologytogether, which helps to solve the proplems of password attack and revealing, andmeanwhile to assure the safety of military information channel. On the basis of themodel, the paper gives the general work flow and architecture of the Single Sign-On,and also provides some solutions of technology for the main function modules, referringto J2EE standards, therefore, the single sign-on authentication, authorization, and proxyfunctions can be widely supported by the various databases and heterogeneousapplications in Web Service.Second, the CA certificates and ticket notes are designed and explored. And basedon the X.509digital certificate standard, content standards, the generation process,storage management and the function of the CA certificates and ticket notes arespecified. Besides,it applys a double encryption algorithm,which combines RSA and theBase64algorithm, into the digital signature and igital envelope technology, so as toavoid the soldier information revealing in the notes.Third, the mudules of authentication, authorization, and proxy are designed. Basedon the mechanism of LDAP unified user information management system certification,the “authentication conundrum” is solved, then the functions of unified authenticationand distribution of authorization in the existing software are implemented. The securityof the authentication is ensured via the CA certificate and encryption technologies. Theproxy module is designed by using Server Filter method, and it provides the functionsof intercept, parse and redirect for the access request, which can assure the integrity and security of single sign-on in military systems.