A Practical Implementation of Single Sign-On using LDAP for Web-Based Applications

Abstract

Traditionally, users have to sign-on to multiple systems, each of which may involve different usernames and authentication techniques. Consequently, such web applications force users to mange multiple user names and passwords daily and cause great inconvenience. In contrast, with single sign-on, users authenticate themselves just once to access information on any of several systems. Single sign-on has the following advantages: convenience to the user, improved security, administrative convenience, and reduced expenditure. LDAP(Lightweight Directory Access Protocol), the clear directory standard, leverage a single, master directory that owns all user, group and access control information. In this paper, we propose a practical web single sign-on implementation in CHT’s EIP(Enterprise Information portal) system for integrating web-based information systems together. This approach is based on HTTP cookie and the unified LDAP server. Compared with the existing methods, our approach has the benefits:1)simple to be implemented, 2) it is not necessary to modify the LDAP server’s configuration substantially, 3) integration of the existing web-based systems and LDAP server, 4) no extra relational database is needed.