| Summary: | The Web application development indirectly demanding user applications to
manage user accounts and passwords application system as well, so as not to be
abused by parties not authorized. So many user account security methods have
been tried to solve the problem. Including by implementing Authentication
Service on Single Sign On (SSO) network by building a CAS Server as
authentication center and with a variety of programming languages.
This research was conducted in the offices of PSDI UGM by analyzing the
CAS Server (existing) built with JSP (Java Server Page), and CAS Server
(replica) that was built with the PHP programming language. Aside from that, this
thesis also discusses how to test the level of security and performance of the CAS
Server (existing as well as replica) using hacking application. Whereas the
methods used in this testing is white box and black box.
The results showed that the CAS Server (existing as well as replica) can not
be penetrated by hacking applications used above, if the CAS Server on both the
security protocol using SSL. However, the security protocol SSL is used on the
CAS Server (existing) still doubted the security level until there is clarification
directly from the Office of PSDI UGM. While the level of performance (response
time and load test) maximum on the CAS Server (existing)=4.480.000 user with
total time request=3.839,421 ms. While on the CAS Server (replica)= 4.490.000
user with total time request=5.406,568 ms.
Keywords - Single Sign On (SSO), Authentication, CAS Server, PHP, Hacking.
|
|---|