The login and authentication of multiple application systems are unified to a large extent, achieving unified authentication and single-point login, and has practical application results. User verification is a mechanism by which user's personal information is identified and recognized by the verification system, including verification sources and verification responses. Unified authentication (verification) means that multiple heterogeneous systems perform user verification in a unified authentication system, which can ensure the consistency of users and their permissions. The so-called Single Sign-On (spof) is a systematic user management mechanism. It allows users to access all authorized computers and systems through a single user authentication and authorization, without having to provide passwords for multiple times.
This service must meet the following functions and goals:
- Supports the Web Services technical framework, so that the Uniform Identity Authentication Service can be used for identity authentication when Web Services-based application integration is implemented for each application system.
- It is easy to use and can use the identity authentication module of the existing system as much as possible, as well as the existing user settings and permission settings, to protect existing investment as much as possible, and reduce the cost of re-setting user settings and permission settings, at the same time, avoid large-scale modifications to the existing system.
- It is highly scalable and integrated. It not only supports existing application systems and their existing user systems, but also supports deployment or development of new enterprise applications, this uniform identity authentication service can work as its identity authentication module, that is, new enterprise applications can not bring their own user systems, you can implement equivalent functions by integrating the service.
- Flexible and convenient use mode should be provided, and users can freely use the Uniform Identity Authentication Service in multiple ways.
Solution
Based on the Goals and initial functional definitions of this uniform identity authentication service, we design this service as follows:
This service has three main functions:
- User Management: A User registers an account in the Uniform Identity Authentication Service. This account can be used in all application systems that use the Uniform Identity Authentication Service (including system registration and department management, role management ).
- User Authentication: the application system uses the Uniform Identity Authentication Service as its user system. The user interacts with the application system for logon, the application system forwards the user name/password provided by the user to the Uniform Identity Authentication Service to check whether the user has been authorized. The user first logs on to the Uniform Identity Authentication Service and obtains the permission token. Later, the user can use this permission token to access other application systems, when receiving the permission token, the application system should interact with the Uniform Identity Authentication Service to check the validity of the access.
- Permission verification: For applicationsProgramPerform operations such as adding, modifying, deleting, and viewing data to Verify validity.
I,DatabaseUML
II,Functions required by the Verification Center
A) System Registration
All applications use the current verification center to register application information here, used to associate with the Single Sign-on system, and switch between multiple applications. It records information such as the Single Sign-On entry address, access address, server address, and application name in Chinese and English.
B) function menu management
Record the application system menu and functional elements that require operation permissions, and select the corresponding operation role.
C) role management
Manage all roles of the system.
D) Department management
Information Management of all organizations and departments of an organization.
E) User Management
Contains the basic information and account information of the user, and you need to select the corresponding system role.
III,WebService Interface
Based on the descriptions in the previous sections, We can summarize the external interfaces of the Uniform Identity Authentication Service, which consists of six parts:
A) system function menu Service (ifunction): a user logs on to the system menu and verifies permissions.
B) Role Service (iroles): Role verification and role information.
C) organization Information Service (iagencies): obtains organization information.
D) User Information Service (iusers): obtains user information.
E) login verification service (ilogin): login verification, password change, login token and other methods.
F) Log Service (ilog): System Operation Log, exception LOG method.
-----------------------------------
Welcome to: Workshop.
-----------------------------------