对企业至关重要的遗留系统,是单点登录集成的重要组成部分。然而由于遗留系统开发环境变动、技术过时等原因,导致遗留系统的升级困难。传统的基于脚本的单点登录方案存在凭证传输安全风险、无法实现包含动态信息的登录、凭证同步代价高等缺陷。提出一种基于过滤器的遗留系统单点登录方案,在模拟登录和自动凭证同步过程中实现基于SAML标准的凭证安全传输,以及包含动态信息的模拟登录。最后通过具体应用的单点登录集成验证其有效性和实用性。 Legacy systems,which are critical to enterprises,are the important components in single sign-on integrating process.However, due to the changes in development environment,outdated technology and so on,it’s difficult to upgrade legacy systems.Traditional single sign-on solution based on script has the defects including security risk in credentials transmission,cannot achieve login with dynamic information and costing high in credential synchronisation.Therefore we propose a filter-based secure single sign-on solution for legacy systems to implement the SAML standard-based secure credentials transmission in synchronisation process of the simulated sign-on and the automatic credential,as well as the simulated sign-on with dynamic information.It turns out to be effective and practical through specific applied SSO integration.