零改造的认证迁移方案设计与实现

——以中山大学为例

打开文本图片集

中图分类号：TP393 文献标识码：A 文章编号：2096-4706（2026）03-0122-06

Design and Implementation of a Zero-modification Authentication Migration Scheme 一A Case of Sun Yat-sen University

WANGXu，XUGuiman，GUANWeihao （Network and Information Center， Sun Yat-sen University，Guangzhou 51o275，China）

Abstract： This paper proposes a zero-modification authentication migration scheme based on gateways，aimed at addressingthechallengeofseamleslyupgrading toanewcommercialauthenticationplatform incomplex system environments. Its corelies inusing aservice gateway with dynamic routing capabilities as the central hub，whichadapts toCAS protocol requests and progressvelyshifts taficfromthelegacyauthenticationsystem to thenewcommercial platform throughawhitelist mechanism. Simultaneously，unified LDAP directory services enable authentication acrosboth old and new systems.Through multi-replicagatewaydeployment，grayscaletraffcswitching，andcomprehensiverollback mechanisms，it ensures ausertransparent migrationprocess，progresively phasing businessystems into thenew authenticationplatform.This shemeis universallyapplicable，providingareusabletechnicalframeworkforupgadinguniversityauthenticationsystems，significantly reducing migration costs and business risks.

Keywords： CAS authentication; service gateway; Single Sign-On （SSO）： LDAP protocol

0 引言

随着高校信息化建设的快速发展和数字化转型的深入推进，信息系统正面临着前所未有的安全挑战和功能扩展需求。（剩余7076字）