Unified Portal Management System Construction Plancatalogue1. Unified Portal Management 31.1 Func

Unified Portal Management System Construction Plan
catalogue
1. Unified Portal Management 3
1.1 Function Description 3
1.2 Unified Portal Architecture 3
1.3 Functional Requirements and Preliminary Design 4
1.3.1 Unified User and Permission Management 4
1.3.2 Unified Single Sign On Management 4
1.3.3 Unified to-do list management 5
1.3.4 Centralized Deployment Configuration Management 5
1.3.5 Interface services for connecting business modules 5
1.4 Unified Portal and CA Services 7
1.4.1 CA System Composition 7
1.4.2 Service Requirements for Unified Portal and CA 8
1.5 Unified Portal Support and Preparation for Project Related Business 8
1. Unified portal management
1.1 Function Description
With the continuous improvement of informationization level in financial office, there are also more and more business systems. A user may need to use multiple systems, and they need to switch between different systems during the office process. Moreover, each system has its own username and password, which will inevitably bring inconvenience to work. Platform based unified portal management requires unified allocation and hierarchical management of accounts and permissions for various business subsystems included in the integrated system; Implement single sign on, where each operator in the system uses a unified login method and interface to access various business subsystems, and implements a unified business transaction reminder function. The portal should have a CA authentication interface to facilitate connection with the CA system developed by the Ministry of Finance.
1.2 Unified Portal Architecture
By implementing single sign on and to-do reminders through the portal, users only need to log in to the portal once to access the business modules they have permission to operate. This solves the problem of multiple logins when users need to switch between different modules before using multiple modules, and each module has its own username and password, which brings inconvenience to work operations.
The overall architecture of unified portal management is as follows:
Figure 1.2 1: Overall Architecture of Portal Management
1.3 Functional Requirements and Preliminary Design
1.3.1 Unified user and permission management
The construction of unified user and permission management is the foundation of application integration, which can be said to determine the success or failure of application integration construction and is a key step in application integration construction. At present, the construction of business systems is not a unified technical platform. User management, system login, and other systems are self-contained, and each system has independent user management, which brings complexity and increased costs to system use and management. Unified user management serves as the entry point for user authentication, unified modification of user information, and password modification, including management of users, application allocation, synchronization, and more. Firstly, it is necessary to unify and merge the accounts of a person in different business systems. The unified merged user table is stored on the platform, and daily user maintenance is managed by the platform. The business system synchronizes users based on the platform. The platform user data only maintains the common attributes of each business system, while the special attributes of business system users are maintained by the business system.
At present, if there is a change in employee positions, the business system needs to do a lot of tedious work such as rebuilding and adjusting users and user permissions. The solution to this problem is to separate employee accounts and positions. When adjusting positions, only the relationship between employees and positions needs to be modified. The only change is the personnel information on the position, which is relatively fixed. When maintaining users, it is necessary to establish portal users, positions, the relationship between portal users and positions, and the relationship between positions and business systems, so that the relationship between employees and positions can be detached. Portal users can be understood as personnel, and positions can be understood as unified business system accounts. At the same time, it also requires user version management, which time period, which employee, and which position are bound. The business system needs to synchronize position information and the effective time period of employees in the current position, and the position is the user for the business system. When a person has multiple positions in the same business system, the business system performs identification processing in its own system. In this case, when logging into the system, in addition to the year, account set, and database, the login page also requires the user's position role for selection.
The specific functional requirements are as follows:
Unified user maintenance;
Unified job management;
User version management;
User Business Module Maintenance: Create and remove business systems that users have access to.
1.3.2 Unified Single Sign On Management
Building unified user management and single sign on is an essential major initiative in information technology construction. By building a unified information portal and granting unified authorization to various business systems, risks can be reduced, and the complexity of usage and management can be reduced. Single sign on is one of the solutions for business integration in multiple application systems, where users only need to log in once to access all authorized and trusted application systems.
Login process:
Users log in to the portal through a browser, and after successful login, they receive to-do lists and business systems based on their information. After starting the business system, a parameter information page will pop up for users to choose from, such as account set, year, database information, etc. After selecting these parameters, users will enter the business system operation area.
1.3.3 Unified to-do list management
The business system updates the to-do list of the platform in real-time. After successfully logging into the portal, you can see your own to-do list, clearly understand the work to be processed, and then log in to the business system to process it. The category of to-do items is the name of the business system. To do status: pending review, pending printing, etc.
The display information style for to-do items is as follows: 2 items to be reviewed and 3 items to be printed. Click on the name of the to-do item business system to enter the business system login interface; For the B/S system, click on the to-do list to enter the corresponding operation interface of the business system, and for the C/S system, click on the to-do list to enter the homepage of the business system.
1.3.4 Centralized deployment configuration management
Business system configuration: Add/remove integrated business systems, configure business system information for future expansion.
Configurable business system information: system name, code, architecture type, URL of B/S application, displayed in order.
To do configuration: To do status definition.
Business system parameter configuration: such as the current year. The system's accounting parameters, database parameters, etc.
1.3.5 Interface services for connecting business modules
The interfaces provided by the portal to business modules include:
Determine whether the user is logging into the portal interface:
Table 1.3 1: Defining Application System Interface
Interface name determines whether the user is logging into the portal interface
Function description to determine whether the user is logging into the portal
Transport Protocol Web Service
Accessing URLs such as: http://Domain name: Port/security/authServlet? uid=100&sid
Input Definition
#Name Type Description
1 Uid String The user ID recognized by the application system
The session number generated by the portal after logging in to the 3 Sid String user
Output Definition
Verify if Session exists
Verify correct return 0
Verification failure returns 1
The interfaces that the B/S application system needs to implement:
Table 1.32: Implementation Interface
Interface Name BS Application System User Login Interface
Function description: The portal provides a login link for the application system on the page.
After logging in to the portal, users can click on the link to directly enter the application system
Transport Protocol HTTP
Accessing URLs such as: http://Domain name: Port/web/Servlet? uid=1000& sid=
Input Definition
#Name Type Description
1 Uid String is the unique identifier of the logged in user
The session number generated by the portal after logging in to the 2 Sid String user
Output Definition
After the user clicks on the application system link on the portal, the portal redirects the user's browser to the application login portal. After the application system determines that the login is valid, it returns to the user's homepage after logging in to the application system
The interfaces that the C/S application system needs to implement:
Table 1.3 3: Implementation Interface
Interface Name CS Application System User Login Interface
Function Description: The portal calls the executable file xxx.exe of the local financial application system on the page through an Applet client mini program
Transport protocol local call
Accessing URLs such as: c: \ Treasury Centralized Payment \ xxx.exe uid=100 sid=
Input Definition
#Name Type Description
1 Uid String is the unique identifier of the logged in user
The session number generated by the portal after logging in to the 2 Sid String user
Output Definition
After the user clicks on the application system button on the portal, the portal will call the local CS client application program to start the local client program. After the application system determines that the login is valid, it returns to the user's homepage after logging in to the application system
1.4 Unified Portal and CA Services
1.4.1 CA system composition
The CA system consists of the following components:
USB smart card: responsible for the digital signature and encryption/decryption of the client, and also serves as the carrier for the user's digital certificate and private key. At the same time, the private key cannot be released from the card and cannot be copied.
Client security authentication component: responsible for providing client application program interfaces, completing the driving and access of USB smart cards, and generating client user authentication requests. For B/S structured application systems, provide browser security plugins that seamlessly integrate with browsers; For C/S structured application systems, provide COM components.
Authentication server: responsible for providing server-side application program interfaces, authenticating user authentication requests submitted by clients, identifying user identities, and controlling user access to application systems.
Management server: includes modules such as user management, certificate management, and USB smart card management, to complete user authorization, certificate application, and USBKey creation, and provide comprehensive system management and audit functions.
1.4.2 Service Requirements for Unified Portal and CA
The integrated project strengthens the security control of the system and ensures secure data access through the CA system promoted by the Ministry of Finance.
There should be two types of interfaces between the platform and CA:
The first type is identity authentication for accessing users.
When users log in through the portal, they use the key disk inserted into the computer to access the CA server, obtain identity authentication, and then the system checks the user's permissions and other matters with the portal.
The processing flow involved in this interface is as follows:
1) Users insert a SecurSecureKey containing their own certificate and private key into the computer USB interface to access the system login page;
2) The server accepts login requests and generates a temporary random number, which is sent to the client;
3) The user enters the SecurSecureKey access password and clicks the "Login" button;
4) The client encrypts the random numbers and user identity information sent by the server using SecurSecureKey hardware, digitally signs the encryption results, and sends the results to the server;
5) After receiving the data sent by the client, the application server performs the following verification process:
a) Verify the validity of the user's digital certificate, including the issuer certificate chain, time period, etc;
b) After the certificate is verified, call the authentication server to verify the digital signature information of the received data;
c) Call the authentication server encryption and decryption function module again to decrypt the received data, obtain random numbers and user identity information;
d) Verify user identity information and compare whether the random number is the same as when sending started;
e) Determine whether the verification is successful based on the above verification steps;
6) The application server determines whether the login is successful based on the return result from the authentication server.
The second type uses digital certificates to digitally sign data for critical operations.
These key operations include: direct payment vouchers, authorized payment vouchers, etc., which can be determined according to the needs of the business system during specific implementation.
The main functions of digital signatures are to ensure the integrity of information transmission, authenticate the sender's identity, and prevent denial in transactions. In the payment system, the digital signature interface program provided by CA can be called to digitally sign the payment voucher. After sending it to the bank, the bank then calls the digital signature verification interface program provided by CA to verify the signature of the payment voucher.
1.5 Unified portal support and preparation for project related businesses
The unified portal has established a unified user management, permission processing, single sign on, and to-do reminder mechanism, and provides interface programs with business systems. For example, in payment systems, salary systems, etc., entering the unified portal system requires the following tasks:
Sort out its relevant information items, such as budget units, and deploy them uniformly to the platform;
Sort out its users and user codes, and deploy them to a unified portal;
Sort out its relevant permissions and deploy them to a unified portal;
Transform its login program by calling the interface provided by the unified portal, enabling users who log in from the unified portal to automatically obtain relevant permissions for the business system and enter the system automatically. This may also involve supplementing and improving the relevant interface programs of the unified portal.