Nothing Special   »   [go: up one dir, main page]

CN110519296A - A kind of single-sign-on of isomery web system and publish method - Google Patents

A kind of single-sign-on of isomery web system and publish method Download PDF

Info

Publication number
CN110519296A
CN110519296A CN201910874265.7A CN201910874265A CN110519296A CN 110519296 A CN110519296 A CN 110519296A CN 201910874265 A CN201910874265 A CN 201910874265A CN 110519296 A CN110519296 A CN 110519296A
Authority
CN
China
Prior art keywords
application
web
login
sign
main
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910874265.7A
Other languages
Chinese (zh)
Other versions
CN110519296B (en
Inventor
丁金龙
钱诗住
钱兆良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Focus Technology Co Ltd
Original Assignee
Focus Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Focus Technology Co Ltd filed Critical Focus Technology Co Ltd
Priority to CN201910874265.7A priority Critical patent/CN110519296B/en
Publication of CN110519296A publication Critical patent/CN110519296A/en
Application granted granted Critical
Publication of CN110519296B publication Critical patent/CN110519296B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a kind of single-sign-on of isomery web system and publish method, it is characterized in that, in isomery web system environment, by Single Sign On center configuration MS master-slave application matching list and log in publish operation table, it is obtained to single sign-on authentication center requests from application message after main application is completed to log in and publish, and actively inform that synchronous execute of each son application logs in and publish, including single-point logging method and Single Sign Out method.It can achieve and son application is avoided to need that request authentication center is gone to execute login when logging in, reducing different isomerization system reduces the load of SSO authentication center with the frequent interaction of SSO authentication center;Under conditions of not changing original isomery web system, the effect of the web heterogeneous system Single Sign of more account systems is solved with minimum code revision amount.

Description

A kind of single-sign-on of isomery web system and publish method
Technical field
The invention belongs to Internet technical fields, and in particular to a kind of single-sign-on of isomery web system and publish method.
Background technique
With the development of enterprise, system is more and more, and in order to facilitate user's operation, needing solution, " login can once be visited Ask the application system of other mutual trusts " the problem of, single-node login system comes into being.Single-sign-on (the Single Sign On, abbreviation SSO), refer in multiple application systems, it is only necessary to log in the primary application system that may have access to other mutual trusts System.Existing most of system for realizing single-sign-on is all isomorphism system, i.e., homologous ray does not possess the same account system, usually Realization process is: login is integrated in Verification System, when user access application system 1 for the first time, because stepping on not yet Record, can be directed into Verification System and be logged in;According to the log-on message that user provides, Verification System carries out proof of identity, If passing through verification, it should return to authority -- the ticket of user one certification;When user visits again other application This ticket will be taken, as the authority of oneself certification, application system can send ticket to after receiving request Verification System is verified, and checks the legitimacy of ticket.If user can be in the feelings for not having to log on by verification Application system 2 and application system 3 are accessed under condition.However this universal approved method is not synchronization truly Log in because system 2 and system 3 only access log in when from Verification System request be just able to achieve and step on to account number cipher Record, login each time require request Verification System, and frequent request undoubtedly increases the load factor of Verification System;Furthermore such as If being directed to the single-sign-on of different account systems, not only needs to configure in Verification System and recognize suitable for the login of different accounts Card, and the change of account system all brings heavy modification each time.
Rarely has proposition about the single-point logging method between heterogeneous system on the market, patent " step on by a kind of isomery WEB system single-point The method of record " can be advantageously integrated this advantage of WEB system under various Technical Architectures using CAS client, and step has: step S1: single sign-on client-side reads ST information from user's request URL, if reading successfully, executes step S5;If reading failure, Execute step S2;Step S2: single sign-on client-side reads TGT information from browser Cookie, and if it exists, executes step S4;If it does not exist, step S3 is executed;Step S3: single-sign-on services end verifying user's ID authentication information simultaneously generates TGT;Step Rapid S4: single-sign-on services end certification TGT simultaneously generates ST;Step S5: single-sign-on services end authenticates ST and loading page content. Although the patent is transformed based on traditional CAS, solves existing isomery WEB system single-sign-on difficulty height, system is stablized Property difference problem, but still be not avoided that isomery web application logs in access to the frequent requests of authentication center every time, and without real yet Now synchronous login truly;If patented technology application to be solved to the single-sign-on of different account systems, transformation is difficult Degree is also quite big.
To sum up, how under conditions of not modifying former web heterogeneous system, the active single-sign-on of more account systems is supported It is the problem that current value must probe into the method for publishing.
Summary of the invention
The technical problem to be solved by the present invention is to overcome the deficiencies of the prior art and provide a kind of list of isomery web system Point log in publish method: in isomery web system environment, by Single Sign On center configuration MS master-slave application matching list with Operation table is logged in/is published, is obtained to single sign-on authentication center requests from application message after main application completion is logged in/published, And actively inform that the synchronous execution of each son application is logged in/published, it needs that request authentication center is gone to execute when logging in avoid son application It logs in, reducing different isomerization system reduces the load of SSO authentication center with the frequent interaction of SSO authentication center;Another party Face solves the web isomery system of more account systems with minimum code revision amount under conditions of not changing original isomery web system System Single Sign.
In order to solve the above technical problems, the present invention provides a kind of single-sign-on of isomery web system and publishes method, it is special Sign is, in isomery web system environment, by Single Sign On center configuration MS master-slave application matching list and log in and publish Table is operated, is obtained to single sign-on authentication center requests from application message after main application is completed to log in and publish, and actively accuse Know that synchronous execute of each son application logs in and publish, including single-point logging method and Single Sign Out method;The single-point logging method It is for the active single-point logging method under different account systems, the Single Sign Out method is under different account systems Active Single Sign Out method, implement step:
Step 1: obtaining the login account information that the same user applies in different web, answered according to the single-sign-on of delimitation With group, user's login account binding relationship based on application is established, forms MS master-slave application matching list, literary name section includes: main application The address web, main application login username, main application User ID, from application the address web, from application login username, from application use Family ID;The MS master-slave application matching list is stored in single sign-on authentication center, and (the single sign-on authentication center is referred to as SSO Authentication center);
The main application is the application that user actively logs in or publishes;It is described from application, be associated with main application and together Complete the application logged in;
The SSO authentication center applies based on being used for and provides single-sign-on services and login authentication service from application;It is main It is logged in using and from synchronizing between application and is both needed to carry out authentication through SSO authentication center;
It is determining to apply with main at one according to the login account of main application based on the record value of MS master-slave application matching list Single-sign-on using in group other are all from application and corresponding login account;
Step 2: user sends the request for accessing main application by browser, responds wait request through main application background server It completes after logging in, requests single-sign-on services to SSO authentication center;According to the MS master-slave application matching of SSO authentication center storage Table is found from application and the user from the login account information in application;Slave application message of the main application according to acquisition, notice The account information that need to currently log in respectively actively is obtained from SSO authentication center from application, executes login in the account system of oneself Logic, specifically:
Step 2-1: the URL that main analytic application user requests access to, it include the main address application web and user in URL request Login account, by authentication in the account system of main application, completes the login of main application after URL request response;Master answers After completing login, it is packaged user information, main application message and access cookie information and is sent to the request of SSO authentication center together Single sign-on authentication;
The user information includes: the ID users and User IP of the login username of the login user, main application registration Address;The application message includes: the main address application web;
The cookie information is recorded for precise positioning with primary request;
Step 2-2:SSO authentication center according to single sign-on authentication request in user information and main application message, scanning MS master-slave application matching list record according to, login username and main participates in all of this single-sign-on using web address extraction From the information of application, including from the application address Web, from application User ID and login username, and utilize md5 encryption algorithm random It generates identifying code (the identifying code abbreviation Token code), for verifying the login authentication from application;
Step 2-3: for each be matched to from application, generate an operation note and charge to single-sign-on operation table, Table content include the main address application web, main application login username, from the application address web, from using login username, from answering With User ID, Token code, Token state value;The Token state value be for identify Token code state it is normal whether, Value is divided into " 0 " and " 1 ", wherein 0 is identified as Token code normally, i.e., explanation is not carried out login from application;Wherein 1 it is identified as The failure of Token code, i.e. explanation have executed login from application;Token state value is defaulted as " 0 " when generating for the first time;
Step 2-4:SSO authentication center obtains respectively from single-sign-on operation table from using the address web, assembled message URL are as follows: Main application domain name .setCookie url=is sent to main application from web Di Zhi &token=token code is applied;
Step 2-5: main application receives message and extracts in message from the address web of application and Token code;
Step 2-6: there is different domain name addresses due to main application and from application, asynchronous logging request is write based on JSONP Message URL, main contents are as follows: login. is sent to and respectively visits from application execution from the address web .com/login/Token code is applied It asks;
Step 2-7: responding logging request from application, and Token code is extracted from request message and is sent to SSO authentication center;SSO Login authentication center single-sign-on operation table positioning single-sign-on operation record is scanned according to Token code;If navigating to corresponding Record, SSO login authentication center completes that the single sign-on authentication from application is extracted and fed back from application User ID and user name To from application;Token state value in single-sign-on operation table is updated to 1 simultaneously;
Step 2-8: to obtain User ID and user name from application, from background data base calling and obtaining user logon account information, And, by authentication, the login from application is being executed out of application Accounting system;
Step 3: exiting single-sign-on using any web in group in application, being answered by the master that user actively exits to user Request is exited with single-point is issued to SSO authentication center;SSO authentication center respond request simultaneously returns all from using the address web;It is main Using, from web address is applied, being notified all to publish logic from application execution according to acquisition.
The main application and belong to 2 independent application systems from application, and there is different account systems, i.e., master answers With with from application login account and password it is inconsistent.
The Single Sign Out step of the step 3 specifically includes:
Step 301: after main application completion is published, requesting Single Sign Out to SSO authentication center;It is responded to SSO authentication center The main single-point issued using user exits request, based on MS master-slave application matching list obtain that all and main application binds from application The address web;
Step 302:SSO authentication center is packaged into all message and is sent to main application from using the address web;
Step 303: based on JSONP write it is asynchronous publish request message, message content is main are as follows: login. from apply web Address .com/logout, main application will publish request message and be sent to from application;It is directly executed after receiving message from application and publishes behaviour Make.
If newly-increased web application is added single-sign-on and applies group, the new former account system of web application is not being modified not Under the premise of modifying, new web is increased newly in the MS master-slave application matching list of SSO authentication center using stepping on what other web were applied Account binding relationship is recorded, establishes same user in the matching of different web application login accounts;
Group is applied if cancelling a web application and participating in single-sign-on, directly in the MS master-slave application of SSO authentication center The binding relationship between the application and other web application is deleted in matching list.
The main application further includes mobile APP from application, and under the mobile listed state of APP, mobile app goes to obtain Other have logged in the login account information of web application, establish movement APP login account and other have logged in web application and have logged in The binding relationship of account, and will be in the binding relationship typing MS master-slave application matching list;Due to the web edition of application and mobile app it Between share login account, therefore the mobile APP login account recorded in matching list and other application web edition login account are bound, It is also using the account binding between web edition;Then according to single-sign-on implementation process between isomery web application, notify this using web Version executes register.
Advantageous effects of the invention:
(1) present invention establishes the account between web heterogeneous system by establishing MS master-slave application matching list in SSO authentication center Relevance, realize when it is main apply to SSO authentication center request login service when can get association from the login account of application believe Breath is supported single-sign-on between different account systems and is published, and is reduced to the trouble that different account systems design access entrances, subtracts The work of few a large amount of artificial code compilations;
(2) it is fed back to main application from application related information in the present invention by SSO authentication center, applies proactive notification by main Obtain account information from SSO authentication center from application, execute and logged in together with main apply, significantly improve single-sign-on efficiency and It is negative to mitigate SSO authentication center height caused by need to frequently interacting with SSO authentication center because of different isomerization system login for response speed It carries.
Detailed description of the invention
Fig. 1 is a kind of single-sign-on flow chart of isomery web system in the embodiment of the present invention;
Fig. 2 is a kind of Single Sign Out flow chart of isomery web system in the embodiment of the present invention;
Fig. 3 single-sign-on flow chart between APP and Web application mobile in the embodiment of the present invention;
Fig. 4 is a kind of single-sign-on simplified schematic diagram of isomery web system in the embodiment of the present invention.
Specific embodiment
The present invention is further illustrated with exemplary embodiment with reference to the accompanying drawing:
In embodiments of the present invention, it is applied based on AA.com, BB.com is from application, login account of the user W in AA system Number information is: User ID: UA-1;User name: user135;Login account information of the user W in BB system: user name: UB-2; User name: user246;
A kind of single-sign-on flow chart of isomery web system as shown in Figure 1, specific steps include:
Step S101: in the account corresponding relationship of MS master-slave application matching list binding AA.com and BB.com, table content includes The main address application web, main application login username, main application User ID, from application the address web, from application login username, from Using User ID, such as the following table 1;MS master-slave application matching list is stored in SSO authentication center, for obtaining in single-sign-on process In with main application execute together register from application;
Table 1
Step S102: user W sends the request URL for logging in AA.com by browser, and AA.com parses user's request URL, the login account information for extracting user W are verified in account system a, complete user W to the sign-on access of AA.com;
Step S103:AA.com obtains the User ID and user name of user W from background data base, together with User IP, answers It is transmitted together with name and cookie information to SSO authentication center and requests single sign-on authentication;
Step S104: according to User ID, user name and Apply Names, SSO authentication center obtains from MS master-slave application matching list Take the corresponding all information from application of AA.com, including from application the address Web and user W in the User ID registered from application And user name, the match information got in embodiments of the present invention are as follows: BB.com, B-2, user_B2 are calculated using md5 encryption Method generates identifying code (referred to hereinafter as: Token code) at random, for verifying the login authentication of BB.com;
Step S105: by AA.com, A-1, user_A1, BB.com, B-2, user_B2, Token code, Token state value Together be inserted into single-sign-on operation table, wherein Token state value be for identify Token code state it is normal whether, value is divided into " 0 " and " 1 ", wherein 0 is identified as Token code normally, i.e., explanation is not carried out login from application;Wherein 1 it is identified as the mistake of Token code Effect, i.e. explanation have executed login from application;Token state value is defaulted as " 0 " when generating for the first time;
Step S106:SSO authentication center obtains the address web of BB.com, assembled message from single-sign-on operation table are as follows: SetCookie url=BB.com&token=toke code is sent to main using AA.com;
Step S107:AA.com receives message and extracts the address web in message from application BB.com and Token code, base Asynchronous login request message, main contents are write in JSONP are as follows: login.BB.com/login/Token code is notified from application BB.com executes login;
Step S108:BB.com extracts Token code from request message and is sent to SSO authentication center;SSO authentication center according to Token code scanning single-sign-on operation table navigates to corresponding single-sign-on operation record, obtains the User ID logged in from application (B-2) it and user name (user_B2) and feeds back to from application;Simultaneously by the single-sign-on operation currently navigated to record Token state value is updated to 1, shows that this Token code is no longer valid, is held with preventing malicious access user from forging identical Token code Row logs in;
Step S109:BB.com is according to User ID: B-2 and user name: user_B2 obtains user from background data base Login password, and user name and login password are sent to account system b verifying, being verified through account system b can complete to step on Record;
It is intended to exit main in application, main apply to the sending of SSO authentication center exits request: SSO authentication center response to user It requests and returns all from using the address web;Main application execution exits, and stops the logical of access to other all send from application Know;
A kind of Single Sign Out flow chart of isomery web system as shown in Figure 2, specific steps include:
Step S201: after main application completion is published, Single Sign Out is requested to SSO authentication center;It is responded to SSO authentication center The main single-point issued using user exits request, based on MS master-slave application matching list obtain that all and main application binds from application The address web;
Step S202:SSO authentication center is packaged into all message and is sent to main application from using the address web;
Step S203: based on JSONP write it is asynchronous publish request message, message content is main are as follows: login. from apply web Address .com/logout, main application will publish request message and be sent to from application;It is directly executed after receiving message from application and publishes behaviour Make;
Single-sign-on flow chart between mobile APP as shown in Figure 3 and Web application, in embodiments of the present invention, web system CC has web edition (referred to as: CC.com) and mobile edition (mobile edition abbreviation: mobile CC), does not deposit between current CC.com and BB.com In binding relationship, single-sign-on process specifically:
Step S301: the same user executes register in main application and out of application APP respectively: the account of mobile CC System responds logging request, by verifying account information, completes user W in the login of mobile CC;The account system of BB.com is rung Logging request is answered, by verifying account information, completes user W in the login of BB.com
Step S302: obtain it is main application and from application app account information, SSO authentication center registration it is main application and from Using the account binding relationship of app: BB.com obtains entrance with the open account information of quick response code form, and mobile CC passes through scanning two The login account information that code obtains BB.com is tieed up, the typing in MS master-slave application matching list of the login account information of the two is established The account binding relationship of BB.com and CC.com is configured at SSO authentication center;
Step S303: based on the account binding relationship in the typing of SSO authentication center, according to the reality of step 203- step 209 Process is applied, complete from application (such as CC.com) and from the single-sign-on between application APP (mobile CC): BB.com is authenticated from SSO Simultaneously remote request CC.com is logged in the network address and Token code that center obtains CC.com;According to Token code, CC.com is authenticated from SSO Center obtains the login account that user W logs in CC.com, and the account system verifying through CC.com is completed to log in.
A kind of single-node login system deployment diagram of isomery web system as shown in Figure 4, including web system AA.com, SSO Authentication center, web system BB.com, it is to be mutually related that wherein AA.com and BB.com, which belongs to a single-sign-on using group, Web application, but respectively possess mutually independent account system and login interface, such as account system a in figure and account system b;
In single-sign-on environment, user actively logs in/publishes and applies based on application, for example user W is logged at first AA.com, AA.com then based on apply, be associated with AA.com complete together log in application be from application;AA.com and BB.com Matching relationship configure SSO authentication center, two web application single-sign-on need to be verified through SSO authentication center.
The present invention is the single-sign-on of isomery web system and publishes method, achieved to have the beneficial effect that
(1) present invention establishes the account between web heterogeneous system by establishing MS master-slave application matching list in SSO authentication center Relevance, realize when it is main apply to SSO authentication center request login service when can get association from the login account of application believe Breath is supported single-sign-on between different account systems and is published, and is reduced to the trouble that different account systems design access entrances, subtracts The work of few a large amount of artificial code compilations;
(2) it is fed back to main application from application related information in the present invention by SSO authentication center, applies proactive notification by main Obtain account information from SSO authentication center from application, execute and logged in together with main apply, significantly improve single-sign-on efficiency and It is negative to mitigate SSO authentication center height caused by need to frequently interacting with SSO authentication center because of different isomerization system login for response speed It carries.
Above embodiments do not limit the present invention in any way, all to be made in a manner of equivalent transformation to above embodiments Other improvement and application, belong to protection scope of the present invention.

Claims (5)

1. a kind of single-sign-on of isomery web system and publishing method, which is characterized in that in isomery web system environment, pass through It in Single Sign On center configuration MS master-slave application matching list and logs in and publishes operation table, after main application is completed to log in and publish It obtains to single sign-on authentication center requests from application message, and actively informs that synchronous execute of each son application logs in and publish, wrap Include single-point logging method and Single Sign Out method;The single-point logging method is for the active single-point under different account systems Login method, the Single Sign Out method are for the active Single Sign Out method under different account systems, specific implementation step It is rapid:
Step 1: the login account information that the same user applies in different web is obtained, group is applied according to the single-sign-on of delimitation, User's login account binding relationship based on application is established, MS master-slave application matching list is formed, literary name section includes: main application web Location, main application login username, main application User ID, from application the address web, from application login username, from apply User ID; The MS master-slave application matching list is stored in single sign-on authentication center, and (the single sign-on authentication center is referred to as in SSO certification The heart);
The main application is the application that user actively logs in or publishes;It is described from application, be associated with main application and complete together The application of login;
The SSO authentication center applies based on being used for and provides single-sign-on services and login authentication service from application;Main application And it is both needed to carry out authentication through SSO authentication center from synchronous log between application;
It is determining to apply with main in a single-point according to the login account of main application based on the record value of MS master-slave application matching list Log in using in group other are all from application and corresponding login account;
Step 2: user sends the request for accessing main application by browser, completes wait request to respond through main application background server After login, single-sign-on services are requested to SSO authentication center;According to the MS master-slave application matching list that SSO authentication center stores, look for To from application and the user from the login account information in application;Main application according to the slave application message of acquisition, notice respectively from The account information that need to currently log in is obtained from SSO authentication center using active, is executed in the account system of oneself and logs in logic, Specifically:
Step 2-1: the URL that main analytic application user requests access to, it include the main address application web and user's login in URL request Account, by authentication in the account system of main application, completes the login of main application after URL request response;It is main to have applied After login, it is packaged user information, main application message and access cookie information and is sent to SSO authentication center request single-point together Login authentication;
The user information includes: the ID users and IP address of the login username of the login user, main application registration; The application message includes: the main address application web;
The cookie information is recorded for precise positioning with primary request;
Step 2-2:SSO authentication center according to single sign-on authentication request in user information and main application message, scan MS master-slave It is recorded using matching list, according to, login username and main participates in all from application of this single-sign-on using web address extraction Information, including from the address Web is applied, from User ID and login username is applied, and generated and tested at random using md5 encryption algorithm It demonstrate,proves code (the identifying code abbreviation Token code), for verifying the login authentication from application;
Step 2-3: for each be matched to from application, generate an operation note and charge to single-sign-on operation table, in table Hold include the main address application web, main application login username, from application the address web, from apply login username, from using use Family ID, Token code, Token state value;The Token state value be for identify Token code state it is normal whether, value point For " 0 " and " 1 ", wherein 0 is identified as Token code normally, i.e., explanation is not carried out login from application;Wherein 1 it is identified as Token code Failure, i.e. explanation have executed login from application;Token state value is defaulted as " 0 " when generating for the first time;
Step 2-4:SSO authentication center obtains respectively from single-sign-on operation table from using the address web, assembled message URL are as follows: master answers With domain name .setCookie url=is sent to main application from web Di Zhi &token=token code is applied;
Step 2-5: main application receives message and extracts in message from the address web of application and Token code;
Step 2-6: there is different domain name addresses due to main application and from application, asynchronous login request message is write based on JSONP URL, main contents are as follows: login. is sent to and respectively accesses from application execution from the address web .com/login/Token code is applied;
Step 2-7: responding logging request from application, and Token code is extracted from request message and is sent to SSO authentication center;SSO is logged in Single-sign-on operation table positioning single-sign-on operation record is scanned according to Token code in authentication center;If navigating to corresponding note Record, SSO login authentication center are completed to the single sign-on authentication from application, extract from application User ID and user name feed back to from Using;Token state value in single-sign-on operation table is updated to 1 simultaneously;
Step 2-8: to obtain User ID and user name from application, from background data base calling and obtaining user logon account information, and By authentication out of application Accounting system, the login from application is executed;
Step 3: exit single-sign-on using any web in group to user in application, from the main application that user actively exits to SSO authentication center issues single-point and exits request;SSO authentication center respond request simultaneously returns all from using the address web;Main application According to acquisition from web address is applied, notify all to publish logic from application execution.
2. a kind of single-sign-on of isomery web system as described in claim 1 and publishing method, it is characterised in that: the master Belong to 2 independent application systems using and from application, and there is different account systems, i.e., main application and stepping on from application It records account and password is inconsistent.
3. a kind of single-sign-on of isomery web system as claimed in claim 2 and publishing method, it is characterised in that: the step Rapid 3 Single Sign Out step specifically includes:
Step 301: after main application completion is published, requesting Single Sign Out to SSO authentication center;It is answered to SSO authentication center response master Exit request with the single-point that user issues, based on MS master-slave application matching list obtain it is all bind with main application from applying web Location;
Step 302:SSO authentication center is packaged into all message and is sent to main application from using the address web;
Step 303: based on JSONP write it is asynchronous publish request message, message content is main are as follows: login. from apply the address web .com/logout, main application will publish request message and be sent to from application;It is directly executed after receiving message from application and publishes operation.
4. a kind of single-sign-on of isomery web system as claimed in claim 3 and publishing method, it is characterised in that: if new Increase web application and single-sign-on is added using group, in the premise not modifying the new former account system of web application and being not modified Under, it increases new web newly in the MS master-slave application matching list of SSO authentication center and the login account binding applied with other web is applied to close System, establishes same user in the matching of different web application login accounts;
Group is applied if cancelling a web application and participating in single-sign-on, directly in the MS master-slave application matching of SSO authentication center The binding relationship between the application and other web application is deleted in table.
5. a kind of single-sign-on of isomery web system as claimed in claim 4 and publishing method, it is characterised in that: the master It further include mobile APP using or from application, under the mobile listed state of APP, mobile app, which goes to obtain other, has logged in web The login account information of application, establishes movement APP login account and other bindings for having logged in web application login account are closed System, and will be in the binding relationship typing MS master-slave application matching list;Account is logged in due to sharing between the web edition and mobile app of application Number, therefore the mobile APP login account recorded in matching list and other application web edition login account are bound, and apply web edition Between account binding;Then according to single-sign-on implementation process between isomery web application, notify this is executed using web edition to log in behaviour Make.
CN201910874265.7A 2019-09-17 2019-09-17 Single sign-on and sign-off method of heterogeneous web system Active CN110519296B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910874265.7A CN110519296B (en) 2019-09-17 2019-09-17 Single sign-on and sign-off method of heterogeneous web system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910874265.7A CN110519296B (en) 2019-09-17 2019-09-17 Single sign-on and sign-off method of heterogeneous web system

Publications (2)

Publication Number Publication Date
CN110519296A true CN110519296A (en) 2019-11-29
CN110519296B CN110519296B (en) 2021-10-15

Family

ID=68631096

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910874265.7A Active CN110519296B (en) 2019-09-17 2019-09-17 Single sign-on and sign-off method of heterogeneous web system

Country Status (1)

Country Link
CN (1) CN110519296B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111586054A (en) * 2020-05-09 2020-08-25 山东健康医疗大数据有限公司 Single sign-on implementation method based on Internet architecture
CN112199659A (en) * 2020-12-03 2021-01-08 湖北亿咖通科技有限公司 Access method, system and electronic device for multi-service platform of vehicle
CN112887331A (en) * 2021-02-26 2021-06-01 政采云有限公司 Bidirectional authentication method, device and equipment between different single sign-on systems
CN112948804A (en) * 2021-03-05 2021-06-11 腾讯科技(深圳)有限公司 Program control method, device and computer readable storage medium
CN114257431A (en) * 2021-12-13 2022-03-29 以萨技术股份有限公司 Login session management method, system and storage medium
CN114978728A (en) * 2022-05-27 2022-08-30 中国银行股份有限公司 Login method, device, equipment and medium based on multiple applications
CN117290385A (en) * 2023-11-27 2023-12-26 成都天用唯勤科技股份有限公司 Data read-write method, device and medium based on transaction inquiry application layer separation

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1732465A (en) * 2002-12-31 2006-02-08 国际商业机器公司 Method and system for consolidated sign-off in a heterogeneous federated environment
US20110225426A1 (en) * 2010-03-10 2011-09-15 Avaya Inc. Trusted group of a plurality of devices with single sign on, secure authentication
CN104052746A (en) * 2014-06-18 2014-09-17 华为技术有限公司 Heterogeneous application single sign-on system and method
CN104394133A (en) * 2014-11-14 2015-03-04 百度在线网络技术(北京)有限公司 Login method and login system
CN105812350A (en) * 2016-02-03 2016-07-27 北京中搜云商网络技术有限公司 Cross-platform single-point registration system
CN106534143A (en) * 2016-11-28 2017-03-22 上海斐讯数据通信技术有限公司 Method and system capable of realizing cross-application authentication authorization
US20170149867A1 (en) * 2015-11-19 2017-05-25 Electronics And Telecommunications Research Institute Method and apparatus for communication between heterogeneous platforms

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1732465A (en) * 2002-12-31 2006-02-08 国际商业机器公司 Method and system for consolidated sign-off in a heterogeneous federated environment
US20110225426A1 (en) * 2010-03-10 2011-09-15 Avaya Inc. Trusted group of a plurality of devices with single sign on, secure authentication
CN104052746A (en) * 2014-06-18 2014-09-17 华为技术有限公司 Heterogeneous application single sign-on system and method
CN104394133A (en) * 2014-11-14 2015-03-04 百度在线网络技术(北京)有限公司 Login method and login system
US20170149867A1 (en) * 2015-11-19 2017-05-25 Electronics And Telecommunications Research Institute Method and apparatus for communication between heterogeneous platforms
CN105812350A (en) * 2016-02-03 2016-07-27 北京中搜云商网络技术有限公司 Cross-platform single-point registration system
CN106534143A (en) * 2016-11-28 2017-03-22 上海斐讯数据通信技术有限公司 Method and system capable of realizing cross-application authentication authorization

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111586054A (en) * 2020-05-09 2020-08-25 山东健康医疗大数据有限公司 Single sign-on implementation method based on Internet architecture
CN112199659A (en) * 2020-12-03 2021-01-08 湖北亿咖通科技有限公司 Access method, system and electronic device for multi-service platform of vehicle
CN112887331A (en) * 2021-02-26 2021-06-01 政采云有限公司 Bidirectional authentication method, device and equipment between different single sign-on systems
CN112948804A (en) * 2021-03-05 2021-06-11 腾讯科技(深圳)有限公司 Program control method, device and computer readable storage medium
CN112948804B (en) * 2021-03-05 2022-11-04 腾讯科技(深圳)有限公司 Program control method, device and computer readable storage medium
CN114257431A (en) * 2021-12-13 2022-03-29 以萨技术股份有限公司 Login session management method, system and storage medium
CN114257431B (en) * 2021-12-13 2024-04-30 以萨技术股份有限公司 Login session management method, system and storage medium
CN114978728A (en) * 2022-05-27 2022-08-30 中国银行股份有限公司 Login method, device, equipment and medium based on multiple applications
CN117290385A (en) * 2023-11-27 2023-12-26 成都天用唯勤科技股份有限公司 Data read-write method, device and medium based on transaction inquiry application layer separation
CN117290385B (en) * 2023-11-27 2024-01-19 成都天用唯勤科技股份有限公司 Data read-write method, device and medium based on transaction inquiry application layer separation

Also Published As

Publication number Publication date
CN110519296B (en) 2021-10-15

Similar Documents

Publication Publication Date Title
CN110519296A (en) A kind of single-sign-on of isomery web system and publish method
US7860882B2 (en) Method and system for distributed retrieval of data objects using tagged artifacts within federated protocol operations
US7631346B2 (en) Method and system for a runtime user account creation operation within a single-sign-on process in a federated computing environment
US7860883B2 (en) Method and system for distributed retrieval of data objects within multi-protocol profiles in federated environments
US7657639B2 (en) Method and system for identity provider migration using federated single-sign-on operation
US9143502B2 (en) Method and system for secure binding register name identifier profile
JP4782986B2 (en) Single sign-on on the Internet using public key cryptography
US8607322B2 (en) Method and system for federated provisioning
US8181225B2 (en) Specializing support for a federation relationship
US8042162B2 (en) Method and system for native authentication protocols in a heterogeneous federated environment
JP4579546B2 (en) Method and apparatus for handling user identifier in single sign-on service
CN112995219B (en) Single sign-on method, device, equipment and storage medium
AU2016349477A1 (en) Systems and methods for controlling sign-on to web applications
KR20050088320A (en) Method and system for consolidated sign-off in a heterogeneous federated environment
JP2005538434A (en) Method and system for user-based authentication in a federated environment
CN110213223A (en) Business management method, device, system, computer equipment and storage medium
CN113411324B (en) Method and system for realizing login authentication based on CAS and third-party server
CN109962892A (en) A kind of authentication method and client, server logging in application
JP4932154B2 (en) Method and system for providing user authentication to a member site in an identity management network, method for authenticating a user at a home site belonging to the identity management network, computer readable medium, and system for hierarchical distributed identity management
JP2000106552A (en) Authentication method
JP5955106B2 (en) Mapping server and single sign-on system, mapping function providing method
CN112632491A (en) Method for realizing account system shared by multiple information systems
CN116055147B (en) Cloud service light-weight identity authentication method based on identification
CN114422229A (en) WEB application single sign-on proxy method and device, sign-on method and server
KR20070041504A (en) Method and apparatus for providing federated functionality within a data processing system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant