  • 學位論文


A Web-Based Single Sign-On System based on Existing Equipment

指導教授 : 劉俞志


一個企業因為應用系統開發時間的先後差異或是負責的部門不同,相同的使同者,對於不同的應用系統就會存在不同的身份認證機制,使用者想要使用不同的應用系統,就必須記住每個系統的登入帳號及密碼等相關資訊,這對於使用者來說不僅難以記憶,登入錯誤次數過多造成的帳號鎖碼,也為管理人員必須一再處理客戶鎖碼的情形增加無謂的成本。 本研究提出一個架構,利用既有、現存的網際網路應用伺服器設備,設計一套單一簽入管理系統,以添加與URL改寫的方式,於網頁上動態產生其他系統的超連結附加使用者登入識別資訊,客戶透過超連結,連結至其他應用系統,單一簽入程式模組即為使用者進行代登入的動作,達到單一簽入的目的。


Due to the fact that departments in one corporation have different schedules for establishing their application systems, a user will be forced to have many distinct user login identities in those systems. When the user attempts to enter any of the application systems, he or she has to supply the corresponding name and password of the account of that system. This is challenging not only for the user who needs to memorize all the sign-in information, but also for the system administrator who constantly handle the problem of the locked accounts caused from the user’s incorrect repeated entries, which would be responsible for the increase on the cost of management. This research has proposed a single-login management system. This system utilizes the method of URL rewriting on an activated web page to produce the hyperlinks connecting to the login web page of each application system, and it sends the user login data through the connection. Because of its data transmitting, the system will be able to help the user log in all the application systems with the same sign-in information.


1. Parker, T.A., "Single sign-on systems-the technologies and the products", European Convention on Security and Detection, 16-18 May 1995, pp. 151-155.
6. Dave Happell, Java Web Services, O’Reilly, USA, 2002.
7. X. Yang, D. Chohan, X.D. Wang, R. Allen, "A Web portal for the National Grid Service", Proc.UK e-Science All Hands Meeting 2005, available on CDROM, Nottingham, UK, September 2005, pp. 1156-1162.
9. E. Maler, P. Mishra, and R. Philpott, "Assertion and Protocol for the OASIS Security Assertion Markup Language (SAML) V1.1", OASIS, September 2003.
14. Thomas Groβ, "Security Analysis of the SAML Single Sign-on Browser/Artifact Profile", Proceedings of the 19th Annual Computer Security Applications Conference, p.298, December 08-12 2003.


