零改造的认证迁移方案设计与实现OA
Design and Implementation of a Zero-modification Authentication Migration Scheme
文章提出一种基于网关的零改造认证迁移方案,旨在解决复杂系统环境下向新商用认证平台平滑升级的难题.其核心在于通过服务网关动态路由作为枢纽,适配CAS协议请求,结合白名单机制将流量逐步从旧认证系统切换至新商用认证平台,同时利用统一LDAP目录服务实现新旧系统的认证.通过多副本网关部署、灰度流量切换和完备回滚机制,确保用户无感知迁移,将业务系统逐步引入新的认证平台.该方案具有普适性,为高校认证系统升级提供了可复用的技术框架,显著降低了迁移成本和业务风险.
This paper proposes a zero-modification authentication migration scheme based on gateways,aimed at addressing the challenge of seamlessly upgrading to a new commercial authentication platform in complex system environments.Its core lies in using a service gateway with dynamic routing capabilities as the central hub,which adapts to CAS protocol requests and progressively shifts traffic from the legacy authentication system to the new commercial platform through a whitelist mechanism.Simultaneously,unified LDAP directory services enable authentication across both old and new systems.Through multi-replica gateway deployment,gray scale traffic switching,and comprehensive rollback mechanisms,it ensures a user-transparent migration process,progressively phasing business systems into the new authentication platform.This scheme is universally applicable,providing a reusable technical framework for upgrading university authentication systems,significantly reducing migration costs and business risks.
王旭;许桂满;关伟豪
中山大学 网络与信息中心,广东 广州 510275中山大学 网络与信息中心,广东 广州 510275中山大学 网络与信息中心,广东 广州 510275
信息技术与安全科学
CAS认证服务网关单点登录LDAP协议
CAS authenticationservice gatewaySingle Sign-On(SSO)LDAP protocol
《现代信息科技》 2026 (3)
122-126,132,6
评论