Software Journal:
Theory and Applications

Send article

Entrance Registration

Our congratulations to Aleksandr Nikolaevich Sotnikov on his 70th anniversary!


Sotnikov Aleksandr Nikolaevich - Dr.Sc. (Physics and Mathematics), Professor, an Honored Scientist of the Russian Federation, a Deputy Director of the Interdepartmental Supercomputer Center of RAS, the Editor-in-Chief of the “Software Journal: Theory and Applications”, a member of the Editorial Board of journal “Software & Systems”, an author, a permanent expert and a great friend of the Editorial Board. We wish you the best of health, prosperity, achievement of the most cherished goals!

Thank you so much for your advertency, sensitivity and help.

All ads...

Developing a single sign-on for information systems

I.I. Kholod ( Saint Petersburg Electrotechnical University “LETI” (Professor, Dean of the Faculty of Faculty of Computer Science and Technology), St. Petersburg, Russian Federation, ph.d;
M.V. Kovynev ( aint Petersburg Electrotechnical University “LETI” (Student), St. Petersburg, Russian Federation;
I.S. Grigoryev ( Saint Petersburg Electrotechnical University “LETI” (Student), St. Petersburg, Russian Federation;
P.V. Korytov ( Saint Petersburg Electrotechnical University “LETI” (Student), St. Petersburg, Russian Federation;

The paper discusses the problem of creating a single authorization system for university information systems. The number of information systems is constantly growing, therefore, there is a question of providing the user with a centralized single sign-on to such systems. The authors studied the existing solu-tions. After analyzing the solutions, they have selected the fastest growing systems, such as the Blitz Iden-tity Provider and IBM Security Access Manager for Enterprise Single Sign-On, and considered their key advantages and basic restrictions. The solutions were compared according to the following criteria: cost, availability of an open source code, restrictions on connected systems.

The authors review the existing university subsidiary systems and propose the implementation of their own single sign-on system. The paper describes certain aspects of the system implementation in detail, in-cluding the authorization process in subsidiary systems and displaying of subsidiary system pages; they consider the system architecture and the authorization mechanism. The security issue and developed solu-tion testing is studied, the main advantages of the resulting solution are revealed: cross-platform, central-ized display of the subsidiary system menu in one place, cost. During testing of the developed system, no XSS vulnerabilities, SQL injections, etc. are identified. The system supports authorization through VKon-takte, other subsidiary systems and the basic version by name and password. The developed information system is used at ETU “LETI”.