Campus network architecture based on identity authentication and roaming service

. In recent years, with the rapid development of computers, the university educational administration system has also undergone reforms. Under the framework of big data and other frameworks, how to handle campus information conveniently and efficiently has become a major difficulty for developers. In response to the above problems, this paper proposes a campus network structure of an identity authentication system, and on this basis, also designs a solution for applying roaming services. It is hoped that this structure can be promoted and applied in the campus services of colleges and universities, and contribute to the information construction of colleges and universities.


Introduction
With the in-depth construction of university campus networks, most universities have developed network applications that combine their actual conditions [1]. Network application development technology has undergone great development and changes in recent years, which has resulted in the coexistence of a large number of applications developed using different platforms, structures and technologies [2,3,4]. In this status quo, each application has its own set of authentication and access control mechanisms, and users have to enter different passwords when accessing multiple sets of application systems, which leads to frequent occurrences of forgotten and lost passwords. In order to avoid the trouble of remembering account numbers and passwords, many users use the same account numbers and passwords in multiple systems, which is not conducive to security construction [5].
The main idea of unified identity authentication is that a unique authentication service system in the whole school takes over the respective authentication modules of the application. Each application only needs to follow the unified authentication service call interface to realize the authentication process of user identity [6,7]. As for the security of user identity information, password storage and transmission on the network, the security authentication protocol provided by the identity authentication service is guaranteed [8]. This not only eliminates the repetitive work of application developers in this respect, but also avoids the use of various non-standard encryption methods in various applications. In addition, application roaming is an important application instance based on identity authentication services. The so-called application roaming means that in the application of the B/S structure based on the unified identity authentication service, the user directly enters the next application after logging in to an application, without requiring the user to enter the user name and password again. In an environment with good network conditions and a large number of applications, the application of roaming technology can greatly reduce the burden of users entering people and remembering various passwords and application addresses when using the system, and it has a better role in promoting the development of campus network applications [8,9,10].
Based on the above advantages, with the goal of identity authentication and application roaming, this paper proposes a new campus network architecture, hoping to make up for loopholes in practical applications, which is conducive to the construction of campus security.

Model structure
The design and implementation of identity authentication need to involve many technologies such as identity authentication, access control, encrypted communication and database, and its service objects include teachers and students in the whole school, teaching, academic affairs and scientific research departments of various faculties, as well as logistics, school-wide comprehensive departments such as finance and library. After analyzing the specific situation of campus network application, the unified identity authentication system of campus network is shown in Figure 1 below.

Design and implementation
The authentication server is the core of the entire unified authentication system. Therefore, for the authentication server program, the most important requirement is stability, that is, the ability to provide continuous and uninterrupted services. On this basis, high performance and fast response capabilities are also required. In order to meet this requirement, the main process monitoring is adopted in the design of the authentication server program, and the sub-processes queue up to request service structure. The main reason for adopting this structure is to divide the overall function into independent modules as much as possible, thereby simplifying the program logic inside each module. This means that the potential for problems is reduced, and the difficulty of code writing and debugging can also be reduced. The specific frame structure diagram is shown in Figure 2.

Application Roaming Service
The realization of application roaming is done by the ticket server. The main function of the ticket server is to receive the user name and password entered by the user. It is encapsulated into an authentication data packet structure according to the authentication protocol standard, and sent to the authentication server for verification. Receive the returned result of the authentication server, if successful, generate a legal ticket according to the user name, user login IP and login time, save it on the server side, and return the login success page to the user. All links on this page carry this ticket. When the user accesses the application using the link with the ticket, the application requests verification from the ticket server based on this ticket. If the login fails, no legal ticket will be generated. Even if an illegal user wants to gain unauthorized access by forging the ticket, as long as he cannot create the same ticket in the ticket server, the application server will not be deceived. The specific structural framework of the server is shown in Figure 3. The structure of the ticket server is relatively simple, and the design and implementation of the server program itself is not difficult. At the same time, for the structure design of Figure 3, the server program has a high demand for access, so the main goal in the program design is to design a good data structure and efficient algorithm to maximize the processing capacity of the ticket server.

Conclusion
The concept of unified certification service is put forward on the basis of summarizing the network application development practices of major universities in the past few years. After the system design is completed, it has been applied in some universities' systems. Application roaming technology can seamlessly combine various applications, not only can be used in campus networks, but also in the business field, providing users with more convenient and user-friendly service quality.