CN103227799A - Implementing method of unified user management and single sign-on platform based on multiple application systems - Google Patents
Implementing method of unified user management and single sign-on platform based on multiple application systems Download PDFInfo
- Publication number
- CN103227799A CN103227799A CN2013101749179A CN201310174917A CN103227799A CN 103227799 A CN103227799 A CN 103227799A CN 2013101749179 A CN2013101749179 A CN 2013101749179A CN 201310174917 A CN201310174917 A CN 201310174917A CN 103227799 A CN103227799 A CN 103227799A
- Authority
- CN
- China
- Prior art keywords
- platform
- application system
- user
- single sign
- token
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention relates to an implementing method of a unified user management and single sign-on platform based on multiple application systems. The implementing method comprises a unified user management step and a single sign-on step, namely, when user information of the platform changes, automatically sending the user information to each application system; and when clicking the link of each application system, if the platform is verified, directly signing on without inputting a password. Existing independent application systems are integrated for enterprises. By means of the implementing method provided by the invention, responsibility can be positioned for information leakage of enterprises so as to provide a basis for responsibility investigation of enterprises. Meanwhile, the application systems of enterprises are integrated to one platform, and the functions of single sign-on, unified right and safety control to the systems of enterprises by users are provided, so that the risk of information leakage is reduced, the convenience is provided for the user's operation, and the office efficiency of enterprises and public institutions is improved.
Description
Technical field
The present invention relates to a kind ofly unify the implementation method of user management and single sign-on platform, belong to the computer software integration field based on many application systems.
Background technology
Along with development of computer and application, many company and enterprises, public institution have all used the extensive application system to come the every business of management company, the daily operation of support company is with fast-developing, these systems disperse and isolated operation independently, each system all is the system of independent operating, needs each system is logined separately.Because each system has independently rights management, so enterprise can not unify control to the safety of logining each system, so enterprise information security may can not get effective assurance because the distribution of carelessness or user right is improper.
There is following several problem in the information system of enterprise now:
1, the complicated trouble of system operation.Because the login different system will be used different user names, so the user must remember to login the user name and the password of each system; While user's task may need to login a plurality of systems just can be finished, and has brought the trouble of using to system operators.
2, information security issue.Each system is the system of isolated operation, need carry out independent rights management to the user of each system, certainly will cause the security risk of information to increase.Information security is that company and enterprise, public institution focus the consruction on content now, the special information security of paying attention to such as large enterprise, scientific research institution, security department.
3, information leakage is difficult locatees and investigates.Every day, enterprise personnel all used application systems a large amount of, because login personnel difference, login system difference, login place difference, caused enterprise that in a single day information security takes place and revealed and just be difficult to carry out the responsibility location and investigate.Owing to can not carry out responsibility location and investigate, so the general personnel of enterprises and institutions think little of information security issue, and information leakage is difficult to be stopped and control.
Summary of the invention
In order to overcome the shortcoming that above-mentioned prior art exists, the object of the present invention is to provide a kind of implementation method of unifying user management and single sign-on platform based on many application systems.
In order to address the above problem, the present invention by the following technical solutions: unify the implementation method of user management and single sign-on platform based on many application systems, it is characterized in that, may further comprise the steps:
A, unified user management step:
A1, be the XML formatted data with the platform user finish message of change;
A2, the XML formatted data is pushed to the application system that each has passed through platform validation;
A3, each application system basis demand separately read the XML formatted data;
B, single sign-on step:
B1, platform generate a token for the user that need log on other application systems;
B2, platform are with token, platform service address and the application system displayed page parameter as access application system specific webpage;
After B3, application system receive parameter, use the token that gets access to as parameter request access platform service page;
After B4, the platform service page receive request, carry out token authentication,, then return user name, otherwise will not pass through, and carry out corresponding prompting by the application system page to application system if checking is passed through;
B5, application system carry out logon operation after obtaining user name automatically, directly jump into the displayed page that platform before imports into after operate successfully.
Further, described token authentication adopts the verification mode of user name+password and/or based on the mode of digital certificate.
The invention has the beneficial effects as follows: the present invention can integrate each self-existent existing application system of enterprise by unify the implementation method of user management and single sign-on platform based on many application systems.By method provided by the invention, can reveal company information well and carry out the responsibility location, investigating for business accountability provides foundation, simultaneously, because each application system integration to one of enterprise platform, and, reduced the information leakage risk, made things convenient for user's operation, improved the office efficiency of enterprises and institutions for each system provides single-sign-on, unified authority and user to the function that each system of enterprise carries out security control.
Description of drawings
The present invention is described further below in conjunction with drawings and Examples:
Fig. 1 is a platform simultaneous user's of the present invention concise and to the point schematic flow sheet;
Fig. 2 is the schematic flow sheet of platform single sign-on of the present invention;
Fig. 3 is the authentication system structural representation of platform of the present invention;
Fig. 4 is the implementation schematic diagram of platform of the present invention based on unified user management and authentication service;
Fig. 5 is the Log Administration System interface schematic diagram of platform of the present invention.
Embodiment
As shown in Figure 1, platform simultaneous user flow process of the present invention comprises that monitoring information changes, calls the application system service and confirms successfully to wait synchronously three key links.
Monitoring information changes link: increase newly in platform, revise, delete the user, system can monitor automatically, is the data of xml form with the finish message that changes.
Call application system service link: user's sync cap that each application system of recursive call provides pushes the XML formatted data in the past.
Determine synchronous successful link: determine that the data that send have been employed system and have successfully received also typing.If data are not received or the typing failure, then platform is noted and is prepared to push for the second time, pushes successfully until data.
As shown in Figure 2, the single-sign-on flow process of platform of the present invention is as follows:
One, the user is in the protected property resource while of visit, and platform can obtain local sign (token, URL etc.) automatically and call the single-sign-on client.
Two, the client application system judges whether to have local information.
If 1 client application system does not have local log-on message, then judge whether contain token in the markup character string.
1), then is redirected to the service end checking page and obtains token if do not contain token in the local character string.
2) if contain token in the markup character string, then whether checking indicates consistent.
2.1) if the unanimity of sign verifies to service end with token that then service for checking credentials checking token also returns the checking result, judges whether token is effective, if the invalid login page that then is redirected to of token.If effectively, local log-on message then is set and verifies mandate, the resource access mandate is protected.
2.2) if inconsistent, then be redirected to the service end checking page and obtain token.
If there is local log-on message in 2 client application systems, then use the checking of token login service end, service for checking credentials checking token also returns user's sign.Judge whether token is effective,, then be redirected to login page if token is invalid; If token is effective, judge then whether the user indicates consistent with local information.If it is consistent with local beacon information that the user indicates, local log-on message then is set and verifies mandate, the resource access mandate is protected; Otherwise, return the service end checking page.
Fig. 3 is the authentication system structural representation of platform of the present invention.As shown in Figure 3, the authentication system of platform of the present invention comprises unified subscriber identity authentication system, CRL download system, the in good time verification system of certificate status, interface module and user name+password storehouse.
Unified subscriber identity authentication system: for application system provides the subscriber authentication service, this system is based on unified Subscriber Management System, for the user provides selectable authentication mode, as the mode that can select user name+password or based on the mode of digital certificate.
The CRL download system: this system mainly is downloadable authentication cancellation regularly automatically.
Tabulation is for subscriber authentication provides base support.
The in good time verification system of certificate status: this system mainly is mutual with the OCSP system generation of PKI system, obtains the in good time state of certificate.
Interface module: this assembly mainly is the service of obtaining that user's trusted identity is provided for application system.
Whether user name+password storehouse: what this database was mainly stored is the user name+password of user in the respective application system, correctly use as checking user user name+password.
Fig. 4 is the implementation schematic diagram of platform of the present invention based on unified user management and authentication service.As shown in Figure 4, platform of the present invention is as follows based on the implementation of unified user management and authentication service:
1, the user uses the username and password in the unified certification service registry to land the unified certification service, and password has then used the HASH value of Base64 coded representation; The unified certification service-creation session, will return to the user with the access registrar authority of this session association simultaneously, in soap message, access registrar authority uses the Base64 coding.
2, the user uses this access registrar authority access application system, but the user does not directly give application system with request message, but pass to unified user management and authentication service, in message, identified the ID of application system, as: " C1ACF26D-9672-4404-9D70-39B756E62AB4 ".
3, unified certification service access application system registry (UDDI Registry), obtained application system access entrance (the unified certification service can be buffered in this locality with this access entrance, with after reducing with the interaction times of application system registry).And confirm this application system support unified user management and authentication service really.
4, suppose that specified service access inlet access Point is the http address in the binding Template structure that the service Detail in the return messages comprised.
5, the unified certification service is transmitted to the application system of appointment with request message, if this application system is used the custom system of oneself, this message should comprise the username and password that is associated that pre-defines etc. so.
6, application system returns to the unified certification service with request results, and last unified certification service returns to the user with response message, complete call.
Fig. 5 is the Log Administration System interface schematic diagram of platform of the present invention.As shown in Figure 5, after a certain application system had been done a certain operation that produces daily record, system call webservice sent to platform with log information.After platform receives log information by interface, resolve log information and preserve according to the application system classification.
Describe in detail by above scheme, can find that the present invention by unify the implementation method of user management and single sign-on platform based on many application systems, can integrate each self-existent existing application system of enterprise.By method provided by the invention, can reveal company information well and carry out the responsibility location, investigating for business accountability provides foundation, simultaneously, because each application system integration to one of enterprise platform, and, reduced the information leakage risk, made things convenient for user's operation, improved the office efficiency of enterprises and institutions for each system provides single-sign-on, unified authority and user to the function that each system of enterprise carries out security control.
For some details known in the present technique field; the present invention does not make a detailed description; under situation about not departing from the scope of the present invention with spirit, those skilled in the art can make modification to the present invention, and these modifications all should be included within protection scope of the present invention.
Claims (2)
1. unify the implementation method of user management and single sign-on platform based on many application systems, it is characterized in that, may further comprise the steps:
A, unified user management step:
A1, be the XML formatted data with the platform user finish message of change;
A2, the XML formatted data is pushed to the application system that each has passed through platform validation;
A3, each application system basis demand separately read the XML formatted data;
B, single sign-on step:
B1, platform generate a token for the user that need log on other application systems;
B2, platform are with token, platform service address and the application system displayed page parameter as access application system specific webpage;
After B3, application system receive parameter, use the token that gets access to as parameter request access platform service page;
After B4, the platform service page receive request, carry out token authentication,, then return user name, otherwise will not pass through, and carry out corresponding prompting by the application system page to application system if checking is passed through;
B5, application system carry out logon operation after obtaining user name automatically, directly jump into the displayed page that platform before imports into after operate successfully.
2. according to claim 1ly unify the implementation method of user management and single sign-on platform based on many application systems, it is characterized in that, described token authentication adopts the verification mode of user name+password and/or based on the mode of digital certificate.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013101749179A CN103227799A (en) | 2013-05-13 | 2013-05-13 | Implementing method of unified user management and single sign-on platform based on multiple application systems |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013101749179A CN103227799A (en) | 2013-05-13 | 2013-05-13 | Implementing method of unified user management and single sign-on platform based on multiple application systems |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103227799A true CN103227799A (en) | 2013-07-31 |
Family
ID=48838060
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013101749179A Pending CN103227799A (en) | 2013-05-13 | 2013-05-13 | Implementing method of unified user management and single sign-on platform based on multiple application systems |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103227799A (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104301316A (en) * | 2014-10-13 | 2015-01-21 | 中国电子科技集团公司第二十八研究所 | Single sign-on system and implementation method thereof |
| CN104639548A (en) * | 2015-02-03 | 2015-05-20 | 北京羽乐创新科技有限公司 | Method and device for logging into application |
| CN104917727A (en) * | 2014-03-12 | 2015-09-16 | 中国移动通信集团福建有限公司 | Account authentication method, system and apparatus |
| CN105354482A (en) * | 2015-12-09 | 2016-02-24 | 浪潮(北京)电子信息产业有限公司 | Single sign-on method and device |
| CN106712977A (en) * | 2017-01-17 | 2017-05-24 | 泰康保险集团股份有限公司 | User authority configuration method and device |
| CN107528697A (en) * | 2017-09-28 | 2017-12-29 | 山西特信环宇信息技术有限公司 | Electronic certificate checking terminal system and operating method based on biological identification technology |
| CN107820689A (en) * | 2015-06-29 | 2018-03-20 | 安维智有限公司 | Certification key is distributed to application program installation |
| CN107835181A (en) * | 2017-11-16 | 2018-03-23 | 泰康保险集团股份有限公司 | Right management method, device, medium and the electronic equipment of server cluster |
| CN109040030A (en) * | 2018-07-17 | 2018-12-18 | 北京奇安信科技有限公司 | Single-point logging method and system |
| CN109120596A (en) * | 2018-07-18 | 2019-01-01 | 河北中科恒运软件科技股份有限公司 | A kind of more single sign-on Integrated Solutions |
| CN109787976A (en) * | 2019-01-17 | 2019-05-21 | 深圳壹账通智能科技有限公司 | Information updating method, device, computer equipment and storage medium |
| CN110535652A (en) * | 2019-07-01 | 2019-12-03 | 广州昆仑科技有限公司 | A kind of system and method by each operation system data integration displaying and unified login |
| CN111079129A (en) * | 2019-12-11 | 2020-04-28 | 中国电子科技集团公司第三十八研究所 | Smart city integrated management command system |
| CN111243715A (en) * | 2019-12-23 | 2020-06-05 | 福建亿能达信息技术股份有限公司 | Login method for unifying business system to integrated platform |
| CN111988275A (en) * | 2020-07-15 | 2020-11-24 | 宏图智能物流股份有限公司 | Single sign-on method, single sign-on server cluster and electronic equipment |
| CN112446016A (en) * | 2020-12-01 | 2021-03-05 | 深圳市中博科创信息技术有限公司 | Method for realizing single sign-on of enterprise service portal platform |
| CN115085944A (en) * | 2022-08-22 | 2022-09-20 | 四川蜀天信息技术有限公司 | Multi-space scene RESTful API unified user authentication management method and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101277193A (en) * | 2008-05-05 | 2008-10-01 | 北京航空航天大学 | One-point entry and access system based on authentication service acting information facing to service architecture |
| CN101355527A (en) * | 2008-08-15 | 2009-01-28 | 深圳市中兴移动通信有限公司 | Method for implementing single-point LOG striding domain name |
| CN102045171A (en) * | 2010-12-30 | 2011-05-04 | 北京世纪互联工程技术服务有限公司 | Unified authentication system and login method based on same |
-
2013
- 2013-05-13 CN CN2013101749179A patent/CN103227799A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101277193A (en) * | 2008-05-05 | 2008-10-01 | 北京航空航天大学 | One-point entry and access system based on authentication service acting information facing to service architecture |
| CN101355527A (en) * | 2008-08-15 | 2009-01-28 | 深圳市中兴移动通信有限公司 | Method for implementing single-point LOG striding domain name |
| CN102045171A (en) * | 2010-12-30 | 2011-05-04 | 北京世纪互联工程技术服务有限公司 | Unified authentication system and login method based on same |
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104917727A (en) * | 2014-03-12 | 2015-09-16 | 中国移动通信集团福建有限公司 | Account authentication method, system and apparatus |
| CN104301316A (en) * | 2014-10-13 | 2015-01-21 | 中国电子科技集团公司第二十八研究所 | Single sign-on system and implementation method thereof |
| CN104639548A (en) * | 2015-02-03 | 2015-05-20 | 北京羽乐创新科技有限公司 | Method and device for logging into application |
| CN104639548B (en) * | 2015-02-03 | 2018-09-18 | 北京羽乐创新科技有限公司 | A kind of method and apparatus logging in application |
| CN107820689A (en) * | 2015-06-29 | 2018-03-20 | 安维智有限公司 | Certification key is distributed to application program installation |
| CN107820689B (en) * | 2015-06-29 | 2021-10-26 | 安维智有限公司 | System and method for distributing authentication keys to application installations |
| CN105354482B (en) * | 2015-12-09 | 2018-05-01 | 浪潮(北京)电子信息产业有限公司 | A kind of single-point logging method and device |
| CN105354482A (en) * | 2015-12-09 | 2016-02-24 | 浪潮(北京)电子信息产业有限公司 | Single sign-on method and device |
| CN106712977A (en) * | 2017-01-17 | 2017-05-24 | 泰康保险集团股份有限公司 | User authority configuration method and device |
| CN107528697A (en) * | 2017-09-28 | 2017-12-29 | 山西特信环宇信息技术有限公司 | Electronic certificate checking terminal system and operating method based on biological identification technology |
| CN107528697B (en) * | 2017-09-28 | 2023-10-31 | 山西特信环宇信息技术有限公司 | Electronic certificate verification terminal system based on biological recognition technology and operation method |
| CN107835181A (en) * | 2017-11-16 | 2018-03-23 | 泰康保险集团股份有限公司 | Right management method, device, medium and the electronic equipment of server cluster |
| CN107835181B (en) * | 2017-11-16 | 2020-06-30 | 泰康保险集团股份有限公司 | Authority management method, device and medium of server cluster and electronic equipment |
| CN109040030A (en) * | 2018-07-17 | 2018-12-18 | 北京奇安信科技有限公司 | Single-point logging method and system |
| CN109120596A (en) * | 2018-07-18 | 2019-01-01 | 河北中科恒运软件科技股份有限公司 | A kind of more single sign-on Integrated Solutions |
| CN109120596B (en) * | 2018-07-18 | 2021-06-11 | 河北中科恒运软件科技股份有限公司 | Multi-single sign-on integration method |
| CN109787976A (en) * | 2019-01-17 | 2019-05-21 | 深圳壹账通智能科技有限公司 | Information updating method, device, computer equipment and storage medium |
| CN109787976B (en) * | 2019-01-17 | 2021-11-16 | 深圳壹账通智能科技有限公司 | Information updating method and device, computer equipment and storage medium |
| CN110535652A (en) * | 2019-07-01 | 2019-12-03 | 广州昆仑科技有限公司 | A kind of system and method by each operation system data integration displaying and unified login |
| CN111079129A (en) * | 2019-12-11 | 2020-04-28 | 中国电子科技集团公司第三十八研究所 | Smart city integrated management command system |
| CN111243715A (en) * | 2019-12-23 | 2020-06-05 | 福建亿能达信息技术股份有限公司 | Login method for unifying business system to integrated platform |
| CN111988275A (en) * | 2020-07-15 | 2020-11-24 | 宏图智能物流股份有限公司 | Single sign-on method, single sign-on server cluster and electronic equipment |
| CN112446016A (en) * | 2020-12-01 | 2021-03-05 | 深圳市中博科创信息技术有限公司 | Method for realizing single sign-on of enterprise service portal platform |
| CN115085944A (en) * | 2022-08-22 | 2022-09-20 | 四川蜀天信息技术有限公司 | Multi-space scene RESTful API unified user authentication management method and system |
| CN115085944B (en) * | 2022-08-22 | 2022-11-01 | 四川蜀天信息技术有限公司 | Multi-space scene RESTful API unified user authentication management method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103227799A (en) | Implementing method of unified user management and single sign-on platform based on multiple application systems | |
| US11134071B2 (en) | Data exchange during multi factor authentication | |
| US9021570B2 (en) | System, control method therefor, service providing apparatus, relay apparatus and computer-readable medium | |
| EP2860906B1 (en) | Identity authentication method and device | |
| US20160248752A1 (en) | Multi factor user authentication on multiple devices | |
| CN104378376A (en) | SOA-based single-point login method, authentication server and browser | |
| CN103986584A (en) | Double-factor identity verification method based on intelligent equipment | |
| WO2013101358A1 (en) | System and method for secure network login | |
| CN103560888A (en) | Digital certificate-based unified authentication login method for integrating multiple application systems | |
| US10601809B2 (en) | System and method for providing a certificate by way of a browser extension | |
| CN102739678B (en) | Single-sign-on treatment system and single-sign-on processing method | |
| US10681035B1 (en) | Cryptographic services engine | |
| CN109067785A (en) | Cluster authentication method, device | |
| CN105075219A (en) | Network system comprising a security management server and a home network, and method for including a device in the network system | |
| CN103581143A (en) | User authority authentication method, system, client side and server side | |
| CN104580081A (en) | Integrated SSO (single sign on) system | |
| CN102420808B (en) | Method for realizing single signon on telecom on-line business hall | |
| CN105100068A (en) | System and method for realizing single sign-on | |
| CN105447747A (en) | Tax declaration method based on C/S (client/Server) framework | |
| EP2915309A1 (en) | Utilizing x.509 authentication for single sign-on between disparate servers | |
| CN104461537A (en) | Browser kernel based multi-service integration system | |
| CN101064611B (en) | Application integration method based on register and call control | |
| US20130191538A1 (en) | Managing cross-premises resources through integrated view | |
| US10735399B2 (en) | System, service providing apparatus, control method for system, and storage medium | |
| CN202059439U (en) | Cross-service-platform comprehensive authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130731 |