首页|期刊导航|现代信息科技|零改造的认证迁移方案设计与实现

零改造的认证迁移方案设计与实现OA

Design and Implementation of a Zero-modification Authentication Migration Scheme

中文摘要英文摘要

文章提出一种基于网关的零改造认证迁移方案,旨在解决复杂系统环境下向新商用认证平台平滑升级的难题.其核心在于通过服务网关动态路由作为枢纽,适配CAS协议请求,结合白名单机制将流量逐步从旧认证系统切换至新商用认证平台,同时利用统一LDAP目录服务实现新旧系统的认证.通过多副本网关部署、灰度流量切换和完备回滚机制,确保用户无感知迁移,将业务系统逐步引入新的认证平台.该方案具有普适性,为高校认证系统升级提供了可复用的技术框架,显著降低了迁移成本和业务风险.

This paper proposes a zero-modification authentication migration scheme based on gateways,aimed at addressing the challenge of seamlessly upgrading to a new commercial authentication platform in complex system environments.Its core lies in using a service gateway with dynamic routing capabilities as the central hub,which adapts to CAS protocol requests and progressively shifts traffic from the legacy authentication system to the new commercial platform through a whitelist mechanism.Simultaneously,unified LDAP directory services enable authentication across both old and new systems.Through multi-replica gateway deployment,gray scale traffic switching,and comprehensive rollback mechanisms,it ensures a user-transparent migration process,progressively phasing business systems into the new authentication platform.This scheme is universally applicable,providing a reusable technical framework for upgrading university authentication systems,significantly reducing migration costs and business risks.

王旭;许桂满;关伟豪

中山大学 网络与信息中心,广东 广州 510275中山大学 网络与信息中心,广东 广州 510275中山大学 网络与信息中心,广东 广州 510275

信息技术与安全科学

CAS认证服务网关单点登录LDAP协议

CAS authenticationservice gatewaySingle Sign-On(SSO)LDAP protocol

《现代信息科技》 2026 (3)

122-126,132,6

10.19850/j.cnki.2096-4706.2026.03.023

评论