Sistem enkratne prijave Shibboleth
| Autor: | Železnik, Klemen |
|---|---|
| Přispěvatelé: | Brodnik, Andrej |
| Jazyk: | slovinština |
| Rok vydání: | 2015 |
| Předmět: |
computer and information science
računalništvo visokošolski strokovni študij ponudnik identitet single sign-in computer science enkratna prijava SAML računalništvo in informatika identity provider diploma ponudnik storitev Shibboleth protokol diplomske naloge service provider Shibboleth protocol udc:004.7.057.4(043.2) |
| Popis: | Cilj protokola Shibboleth je predvsem razbremenitev večkratne avtentikacije uporabnikov znotraj na primer večjih javnih ali zasebnih ustanov, kot so univerze, podjetja, ki imajo razne aplikacije ali storitve, ki potrebujejo avtentikacijo. Protokol Shibboleth deluje na principu enkratne prijave, kar pomeni, da bi uporabnik potreboval le eno uporabniško ime in geslo za prijavo v vse aplikacije znotraj neke ustanove. V delu bomo najprej opisali koncepte protokola Shibboleth in njegove povezave z drugimi mehanizmi predvsem z mehanizmom enkratne prijave (SSO). Poudarek bomo dali na SAML (Security Assertion Markup Language), tj. protokol, na katerem se Shibboleth bazira in sklicuje. Opisali bomo delovanje IDP (ponudnik identitete) in SP (ponudnik storitev) ter potek prijave med njimi. V drugem delu diplomskega dela bomo opisali potek postavitve in konfiguracijo prototipa protokola Shibboleth v lokalnem omrežju, temelječega na operacijskem sistemu Windows. The aim of Shibboleth protocol is mainly to relieve users within, for example, large public or private institutions such as universities, companies that have a variety of different applications or services that require authentication. Shibboleth protocol operates on the principle of single sign-on, which means that the user needs only one username and password to log in to all applications within an institution. In the first part, we will describe the research and concepts of the Shibboleth protocol and its links with other mechanisms, in particular with the mechanism single sign-on. The emphasis will be placed on SAML (Security Assertion Markup Language) protocol which Shibboleth is based on and referred to. We will also describe the operation of the IDP (identity provide), SP (service provider) and the steps that take part between them in the registration process. In the second part of the thesis, we will describe the course of implementation and configuration of the prototype Shibboleth protocol on a local network based on Windows systems. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|