政府機關、大型企業及教育機構等中大型組織普遍都已將相關服務及作業推展至網際網路,在推動組織內所屬單位之既有網站導入單一登入機制時,時常因為各網站使用不同的技術及機制,修改原有技術及機制對系統衝擊太大,導致難以順利整合部份既有網站。現有單一登入之相關研究及實務大多是採單一介接方式之設計,在實務應用上有許多限制,必須透過建立多套單一登入系統以增加整合的範圍。本研究在原有以ASP.NET建立之「重導式單一登入」系統的基礎上,提出一個以識別提供者(IdP)端通信協定套件為基礎,設計與實作一個可延伸之網頁重導式單一登入服務架構,解決單一介接方式之限制,提供既有網站更多的介接方式,而且能依據既有網站之需要提供客製化的介接方式,讓既有網站有更多選擇與彈性,降低既有網站在單一登入介接時程式修改之幅度及難度,進而增加既有網站單一登入介接成功之機會。 Most Organizations, such as government agencies, large enterprises and educational institutions, have extended their services and operations to the internet. When they try to bring in Single-Sign-On architecture for legacy web sites of affiliated units, they tend to face complicated issues in modifying systems that were built by various types of technologies and mechanisms. Most of existing Single-Sign-On mechanisms support only one interface protocol. That has produced restrictions on their practice and applications. Systems must establish multiple sets of Single-Sign-On mechanisms to increase the scope of consolidation. This research, based on an already established Single-Sign-On mechanism constructed in the ASP.NET architecture, designs and implements a scalable web-based redirect-model Single-Sign-On architecture based on a multiple Identify Provider (IdP) protocol suite. The architecture makes it feasible to create a flexible environment that could reduce the magnitude of difficulties and increase the chances for legacy web sites to adopt Single-Sign-On mechanism.
