Single Sign-On Assistant: An Authentication Broker for Web Applications

Web-based systems are now widely used in many fields. Users are usually required to conduct identity authentication separately when logging in different systems before getting service. For the sake of security, it is improper to use a global identifier and password among several systems. Many approaches are proposed to solve the problem, among which single sign-on (SSO) is most popular schema with which a user logs in once and gains access to all systems without having to log in again. We put up a single sign-on assistant, called SSOA, for web-based applications. SSOA is an authentication broker and is implemented as plug-in installed in client side. When a user visits a web-based system using explorer, SSOA distills HTTP POST data, HTTP header used for login, reference address and authorization URI, and then constructs HTTP POST compatible data used for validation using the data returned by authentication broker server. Once a user is validated by SSOA, he can use systems and resources registered in SSOA by means of cached credential list. Due to the cached credential list, SSOA avoid adding excessive additional overhead and response time. SSOA communicates with authentication server via web service by SSL, thus obtaining as much generality as possible. SSOA achieves uniform identity authentication among heterogeneous systems, and attains most generality, simplicity and scalability with least cost as well.