CN104301418A - Cross-domain single point login system and method based on SAML - Google Patents
Cross-domain single point login system and method based on SAML Download PDFInfo
- Publication number
- CN104301418A CN104301418A CN201410570561.5A CN201410570561A CN104301418A CN 104301418 A CN104301418 A CN 104301418A CN 201410570561 A CN201410570561 A CN 201410570561A CN 104301418 A CN104301418 A CN 104301418A
- Authority
- CN
- China
- Prior art keywords
- user
- domain
- cross
- territory
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a cross-domain single point login system and method based on the SAML. The cross-domain single point login system comprises a cross-domain access center module, an inside-domain single point login sub-system module, a user management sub-system module and an inside-domain single point login control center module, wherein the cross-domain access center module comprises a cross-domain user data mapping synchronizing module, a multi-stage domain ID generating module and a multi-stage domain access authentication interface module. According to the cross-domain single point login system, the inside-domain authentication of multi-stage domains is improved to the unified cross-domain authentication among the multi-stage domains by establishing a cross-domain access center, inlets of the multi-stage domains are integrated by integrating unified authentication sources, the cross-domain single point login system becomes more efficient, the time for having access to the multi-stage domains is saved for users, and the authentication efficiency is improved.
Description
Technical field
The invention belongs to the integration management technical field to Web application, relate to a kind of cross-domain single login system based on SAML, also relate to the cross-domain single login method of above-mentioned cross-domain single login system.
Background technology
Single sign on mechanism by single-sign-on server end (server) and be integrated in the client (client) participating in single-sign-on application end and form.Known single sign on mechanism adopts the form of bill substantially, store the relevant information of user after certification is first passed through, concrete operations flow process is: for multi-application system, when user accesses certain application first, be first directed into authentication center and carry out system login, according to user login information, authentication center carries out authentication; If the verification passes, authentication center is to user's surrender of bills (ticket); Can automatically carry this bill when so user accesses other application again, as the authority of certification, after application receives the access request of user, first ticket be delivered to authentication center carry out effect, check that whether ticket is legal; If it is legal to verify, user does not need again to log in i.e. other application addressable, is referred to as " once logging in, in many ways certification ".
At present, the popular solution in single-sign-on field is the Verification System that Yale university initiates, and be called CAS, be Center Authentication Service, its principle is identical with above-mentioned single sign on mechanism.The deficiencies in the prior art are the single-sign-on that can only solve in territory, do not propose the integration for multi-domain authentication, when multilevel field, there is the situation that user not only belongs to subdomain A but also belongs to subdomain B.And user is when accessing the application in A, B territory had, need to be conducted interviews by different A, B realm entries.And the judgement of authority is not put in single-sign-on by existing technology, be namely exactly that user can enter application, but the fine granularity that user enters application can not be controlled.
Summary of the invention
The object of this invention is to provide a kind of cross-domain single login system based on SAML, solve the same user existed in prior art access not same area time need to be logged in respectively by different realm entries and the fine-grained technical problem that user enters application can not be controlled.
The present invention also provides the cross-domain single login method of above-mentioned cross-domain single login system.
First technical scheme provided by the invention is, a kind of cross-domain single login system based on SAML, comprises single-sign-on subsystem module in cross-domain access center module, territory, user management subsystem module and Yu Nei single-sign-on control centre module; Cross-domain access center module, for the management of synchronizing user data, territory ID generation, multilevel field access registrar interface; Single-sign-on subsystem in territory, carries out certification to user for carrying out user when multilevel field logs in, and returns several multilevel fields that user can access; User management subsystem module is used for user in territory during access application, carry out the distribution of applying access rights in territory, and the HTTP access request of user is tackled, the authority information in request content and user's bill is compared, realizes the control for access privilege; Yu Nei single-sign-on control centre module is the module for configuring single-sign-on in territory, and it comprises the configuration to single-sign-on subsystem certification source in multilevel field ID registration, territory.
The feature of the first technical scheme of the present invention is also,
Cross-domain access center module comprises cross-domain user data-mapping synchronization module, multilevel field territory ID generation module, multilevel field access registrar interface module; Cross-domain user data-mapping synchronization module is the sync cap that user data is issued at cross-domain access center, for being encapsulated by the map information of territory id information and user, is synchronized to cross-domain access center in the lump; Multilevel field territory ID module is the unique identification for generating multilevel field, comprises the generation of multilevel field ID; Multilevel field access registrar interface module, for the unified certification source providing multilevel field unique, comprises comparing, Data Analysis, for the user of multilevel field being synchronized in unified certification source by the mode that user data maps.
Another technical scheme provided by the invention is, the method for the cross-domain single login of above-mentioned cross-domain single login system, comprises the following steps:
Step 1, cross-domain certification registration, detailed step is as follows,
1.1. single-node login system in territory is disposed: utilize user management subsystem module typing user data respectively, i.e. username and password, the user data of typing needs with the identification card number of user for unique identification information, be convenient to like this by user data synchronization to cross-domain access center time, providing can user's mapping relations of foundation;
1.2. be single-node login system application territory ID in the territory of distribution, this territory of ID module application, multilevel field territory single-node login system SSOID is utilized by single-node login system keeper in territory, the territory ID that multilevel field territory ID module is provided by cross-domain access center generates interface, territory ID is generated, be retained in the storage of cross-domain access center and subdomain simultaneously, be convenient to providing in data access, data synchronization process, represent the source of user data, the descriptor of single-sign-on subsystem in territory;
1.3. by single-node login system keeper in territory, the user data of single-sign-on subsystem in territory is carried out data syn-chronization, in the mapping (enum) data synchronizing process of user, the map information of territory id information and user is encapsulated, be synchronized to cross-domain access center in the lump, so just identify the Data Source of each user's mapping (enum) data at cross-domain access center, then received by the data-interface of cross-domain user data-mapping synchronization module, processes user data mapping relations;
1.4. in Yu Nei single-sign-on control centre module, the certification mode in territory is set to cross-domain single by certification in territory and logs in;
Step 2, carries out cross-domain authentication service, and realize user's cross-domain single and log in, concrete steps are as follows:
2.1. user SSO in territory logs in, input username and password, and in territory, first SSO will call the authentication service at cross-domain access center, verifies, after being proved to be successful, all domain browsing lists of having authorized of this user returned the information that user submits to;
2.2. user selects the subdomain needing access, cross-domain access center module leads user to go subdomain to verify, log in successfully when subdomain authentication of users is cross-domain, the method calling subdomain authority management module obtains user right information, authority information is encapsulated, issue the credential information of user's subdomain, and return the list of application of user's subdomain;
2.3. user selects the list of application needing access, subdomain SSO proxy user access application, after the validity by single-node login system checking subdomain voucher in territory, just returns application message.
The invention has the beneficial effects as follows, present invention employs the establishment at cross-domain access center, certification in the territory of multilevel field is risen to the cross-domain certification of unification between multilevel field, by the integration in unified certification source, the entrance of multilevel field is integrated together, become more efficient, save the time that user accesses multilevel field, improve authentication efficiency.In addition, to the optimization of single sign-on client-side in the present invention, have employed filter interception request content and bill is compared, control the granularity of user's access application, overcome the problem that original single-sign-on can only control to this one deck of access application, achieve for the more careful operation of user, application rights management.
Accompanying drawing explanation
Fig. 1 is cross-domain single login system general frame figure of the present invention;
Fig. 2 is cross-domain single login method of the present invention;
Fig. 3 is cross-domain authentication service flow process of the present invention.
Embodiment
Below in conjunction with drawings and Examples, the specific embodiment of the present invention is further described.
Cross-domain single login system of the present invention, as shown in Figure 1, comprises single-sign-on subsystem module in cross-domain access center module, territory, user management subsystem module and Yu Nei single-sign-on control centre module.
Cross-domain access center module is the module for synchronizing user data, territory ID generation, multilevel field access registrar interface management, it comprises cross-domain user data-mapping synchronization module, multilevel field territory ID generation module, multilevel field access registrar interface module, is described in detail as follows:
(1) cross-domain user data-mapping synchronization module is the sync cap that user data is issued at cross-domain access center, portal contents comprises synchronized update, amendment, deletion user data, be implemented as user and extract user data information, subdomain id information by subdomain interface from subdomain, encapsulate at subdomain, be then passed to cross-domain access center by Data synchronization interface.In the mapping (enum) data synchronizing process of user, the map information of territory id information and user can be encapsulated, be synchronized to cross-domain access center in the lump, so just identify the Data Source of each user's mapping (enum) data at cross-domain access center.
(2) multilevel field territory ID module is the unique identification for generating multilevel field, comprise the generation of multilevel field ID, for take part in cross-domain multilevel field allocation domain ID to each, after multilevel field has been disposed, keeper uses the territory ID systematic function of multilevel field, the territory ID provided by cross-domain access center generates interface, is generated by territory ID, is retained in the storage of cross-domain access center and subdomain simultaneously.
(3) multilevel field access registrar interface module is the unified certification source for providing multilevel field unique, comprise comparing, Data Analysis, for the user of multilevel field is synchronized in unified certification source by the mode that user data maps, realize this point, user in each subdomain of multilevel field has identical unique identification information, in the process of user data synchronization, under identical uniquely identified user profile is stored in same back end, under back end, store the username and password information that each subdomain of user is different.
Single-sign-on subsystem in territory, for for user is when carrying out multilevel field login authentication, need to provide the unique identification of user, user name, password (wherein username and password can be user name, the password of user at arbitrarily-shaped domain), user is after logining successfully, can return several multilevel fields that user can access, then user selects to need the multilevel field of access to conduct interviews.Namely user jumps in territory in single-node login system after selecting the multilevel field needing to access, and by resolving subscriber identity information, gets the list of application that can access.
User management subsystem module is that its structure applies the distribution of access rights in territory for carrying out user for during access application, providing the module of user's application access rights management in territory.User is in territory during single-sign-on subsystem access application, use the client end that single-sign-on configures for application system, the HTTP access request of user is tackled, compare with the authority information in user's bill, the request meeting authority information is let pass, thus, reach the control for access privilege.
Yu Nei single-sign-on control centre module is the module for configuring single-sign-on in territory, it comprises single-sign-on subsystem certification source configuration in multilevel field ID registration, territory, its structure is used for when carrying out multilevel field access, first need by web Service interface to cross-domain access center application multilevel field ID, return multilevel field ID after success, and territory ID is stored in local Ldap database; Secondly changing single-sign-on subsystem certification source in territory by the information in amendment configuration file is multilevel field access registrar source.Yu Nei single-sign-on control centre, transformation on framework has been carried out for single-sign-on in current territory, certification source selection can be carried out for multilevel field user, for multilevel field, user both can select the certification source in territory to carry out privately owned certification in territory, also can select cross-domain certification source, participate in the cross-domain certification of multilevel field.
Cross-domain login mode
User has two kinds of cross-domain login modes: territory logs in universe access and the access of client logs universe.
Territory logs in: user logs in any one territory SSO authentication success, and territory SSO will show this territory and the addressable application resource access list in other territories, provide the access that user has authorized;
Client logs: user, by client logs, lists the application resource access list in all territories of this user-accessible in client application list.User clicks application resource, and client browser is opened this application system interface, territory and provided user to enter this system to conduct interviews.
Cross-domain certification register flow path
Use user's unique identification to represent that account ID-intra domain user information MAP manages at podium level, wherein intra domain user information carries out synchrodata management by cross-domain access center and intra domain user management system.Each application layer authority is in charge of distribution by each subdomain, as shown in Figure 2,
Step 1, dispose single-node login system in territory: utilize user management subsystem module typing user data respectively, i.e. username and password, the user data of typing needs with the identification card number of user for unique identification information, be convenient to like this by user data synchronization to cross-domain access center time, providing can user's mapping relations of foundation;
Step 2, for single-node login system application territory ID in the territory of distribution, this territory of ID module application, multilevel field territory single-node login system SSOID is utilized by single-node login system keeper in territory, the territory ID that multilevel field territory ID module is provided by cross-domain access center generates interface, territory ID is generated, is retained in the storage of cross-domain access center and subdomain simultaneously, be convenient to providing in data access, data synchronization process, represent the source of user data, the descriptor of single-sign-on subsystem in territory;
Step 3, by single-node login system keeper in territory, the user data of single-sign-on subsystem in territory is carried out data syn-chronization, in the mapping (enum) data synchronizing process of user, the map information of territory id information and user is encapsulated, be synchronized to cross-domain access center in the lump, so just identify the Data Source of each user's mapping (enum) data at cross-domain access center, then received by the data-interface of cross-domain user data-mapping synchronization module, processes user data mapping relations;
Step 4, in Yu Nei single-sign-on control centre module, is set to cross-domain single by the certification mode in territory by certification in territory and logs in;
Cross-domain authentication service flow process
What participate in cross-domain authentication service follows in authentication service the certification arriving first and carry out user in cross-domain authentication service, reads user and to be correlated with cross-domain information; If cross-domain information does not do the association in other territories or network is obstructed etc. that reason does not have cross-domain information in cross-domain services, the user authentication carried out in territory and purview certification read by the authentication service in territory.With reference to Fig. 3, the method step of service procedure is as follows:
(1) user SSO in territory logs in, input username and password, and in territory, first SSO will call the authentication service at cross-domain access center, and all domain browsing lists of having authorized of this user is returned;
(2) user selects the subdomain needing access, and cross-domain access center module leads user to go subdomain to verify, logs in successfully, issue the credential information of subdomain, and return the list of application of user's subdomain when subdomain authentication of users is cross-domain;
(3) user selects the list of application needing access, and subdomain SSO proxy user access application, after single-node login system verifies the validity of subdomain voucher in territory, just returns application message.
The flow process of cross-domain certification access is as follows:
1. user proposes access domain application to territory SSO;
2. in territory, SSO application logs in, and submits user name, password to;
3. in the information that cross-domain access central authentication user submits to;
4., after being proved to be successful, return the list of the subdomain that user can access;
5. user selects the subdomain needing access, jumps to subdomain and carries out that checking is cross-domain to be logged in;
6., after being proved to be successful, the method calling subdomain authority management module obtains user right information;
7. authority information is encapsulated, issue user's subdomain access credentials;
8. return the addressable list of application of user's subdomain;
9. user's selective gist initiates application access;
10. the validity of subdomain authentication of users voucher;
11. be proved to be successful after, return to user's application message.
Present invention employs the establishment at cross-domain access center, the cross-domain certification of unification between multilevel field will have been risen in certification in the territory of multilevel field, by the integration in unified certification source, the entrance of multilevel field is integrated together, become more efficient, save the time that user accesses multilevel field, authentication efficiency, overcome original technical problem needing to be accessed by multiple subdomain the application had separately.
Claims (3)
1. based on a cross-domain single login system of SAML, it is characterized in that, comprise single-sign-on subsystem module in cross-domain access center module, territory, user management subsystem module and Yu Nei single-sign-on control centre module;
Cross-domain access center module, for the management of synchronizing user data, territory ID generation, multilevel field access registrar interface;
Single-sign-on subsystem in territory, carries out certification to user for carrying out user when multilevel field logs in, and returns several multilevel fields that user can access;
User management subsystem module is used for user in territory during access application, carry out the distribution of applying access rights in territory, and the HTTP access request of user is tackled, the authority information in request content and user's bill is compared, realizes the control for access privilege;
Yu Nei single-sign-on control centre module is the module for configuring single-sign-on in territory, and it comprises the configuration to single-sign-on subsystem certification source in multilevel field ID registration, territory.
2. a kind of cross-domain single login system based on SAML as claimed in claim 1, it is characterized in that, described cross-domain access center module comprises cross-domain user data-mapping synchronization module, multilevel field territory ID generation module, multilevel field access registrar interface module;
Cross-domain user data-mapping synchronization module is the sync cap that user data is issued at cross-domain access center, for being encapsulated by the map information of territory id information and user, is synchronized to cross-domain access center in the lump;
Multilevel field territory ID module is the unique identification for generating multilevel field, comprises the generation of multilevel field ID;
Multilevel field access registrar interface module, for the unified certification source providing multilevel field unique, comprises comparing, Data Analysis, for the user of multilevel field being synchronized in unified certification source by the mode that user data maps.
3. the cross-domain single login method based on SAML, it is characterized in that, adopt the cross-domain single login system based on SAML, comprise single-sign-on subsystem module in cross-domain access center module, territory, user management subsystem module and Yu Nei single-sign-on control centre module, wherein cross-domain access center module comprises cross-domain user data-mapping synchronization module, multilevel field territory ID generation module, multilevel field access registrar interface module;
Cross-domain single login method comprises the following steps:
Step 1, cross-domain certification registration, detailed step is as follows,
1.1. single-node login system in territory is disposed: utilize user management subsystem module typing user data respectively, i.e. username and password, the user data of typing needs with the identification card number of user for unique identification information, be convenient to like this by user data synchronization to cross-domain access center time, providing can user's mapping relations of foundation;
1.2. be single-node login system application territory ID in the territory of distribution, this territory of ID module application, multilevel field territory single-node login system SSOID is utilized by single-node login system keeper in territory, the territory ID that multilevel field territory ID module is provided by cross-domain access center generates interface, territory ID is generated, be retained in the storage of cross-domain access center and subdomain simultaneously, be convenient to providing in data access, data synchronization process, represent the source of user data, the descriptor of single-sign-on subsystem in territory;
1.3. by single-node login system keeper in territory, the user data of single-sign-on subsystem in territory is carried out data syn-chronization, in the mapping (enum) data synchronizing process of user, the map information of territory id information and user is encapsulated, be synchronized to cross-domain access center in the lump, so just identify the Data Source of each user's mapping (enum) data at cross-domain access center, then received by the data-interface of cross-domain user data-mapping synchronization module, processes user data mapping relations;
1.4. in Yu Nei single-sign-on control centre module, the certification mode in territory is set to cross-domain single by certification in territory and logs in;
Step 2, carries out cross-domain authentication service, and realize user's cross-domain single and log in, concrete steps are as follows:
2.1. user SSO in territory logs in, input username and password, and in territory, first SSO will call the authentication service at cross-domain access center, verifies, after being proved to be successful, all domain browsing lists of having authorized of this user returned the information that user submits to;
2.2. user selects the subdomain needing access, cross-domain access center module leads user to go subdomain to verify, log in successfully when subdomain authentication of users is cross-domain, the method calling subdomain authority management module obtains user right information, authority information is encapsulated, issue the credential information of user's subdomain, and return the list of application of user's subdomain;
2.3. user selects the list of application needing access, subdomain SSO proxy user access application, after the validity by single-node login system checking subdomain voucher in territory, just returns application message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410570561.5A CN104301418B (en) | 2014-10-23 | 2014-10-23 | A kind of cross-domain single login system and login method based on SAML |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410570561.5A CN104301418B (en) | 2014-10-23 | 2014-10-23 | A kind of cross-domain single login system and login method based on SAML |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104301418A true CN104301418A (en) | 2015-01-21 |
| CN104301418B CN104301418B (en) | 2017-12-12 |
Family
ID=52320981
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410570561.5A Active CN104301418B (en) | 2014-10-23 | 2014-10-23 | A kind of cross-domain single login system and login method based on SAML |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104301418B (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105072128A (en) * | 2015-08-27 | 2015-11-18 | 哈尔滨工程大学 | Cross-domain single sign-on model based on SAML |
| CN105610855A (en) * | 2016-01-21 | 2016-05-25 | 北京京东尚科信息技术有限公司 | Method and device for login verification of cross-domain system |
| CN106161361A (en) * | 2015-04-03 | 2016-11-23 | 北京神州泰岳软件股份有限公司 | The access method of a kind of cross-domain resource and device |
| CN106921678A (en) * | 2017-04-27 | 2017-07-04 | 中国舰船研究设计中心 | A kind of unified safety authentication platform of the carrier-borne information system of integrated isomery |
| CN107395609A (en) * | 2017-08-07 | 2017-11-24 | 成都汇智远景科技有限公司 | Data ciphering method |
| CN108173680A (en) * | 2017-12-22 | 2018-06-15 | 成都优易数据有限公司 | A kind of multiple domain name account management method and system based on browser label |
| CN108243164A (en) * | 2016-12-26 | 2018-07-03 | 航天信息股份有限公司 | A kind of E-Government cloud computing cross-domain access control method and system |
| US10171467B2 (en) | 2016-07-21 | 2019-01-01 | International Business Machines Corporation | Detection of authorization across systems |
| CN109150921A (en) * | 2018-11-05 | 2019-01-04 | 郑州云海信息技术有限公司 | A kind of login method of multi-node cluster, device, equipment and storage medium |
| CN109274681A (en) * | 2018-10-25 | 2019-01-25 | 深圳壹账通智能科技有限公司 | A kind of information synchronization method, device, storage medium and server |
| CN109327309A (en) * | 2018-11-08 | 2019-02-12 | 北京中电华大电子设计有限责任公司 | A kind of domain traversal key management method based on IBC Yu PKI mixed system |
| CN111274569A (en) * | 2019-12-24 | 2020-06-12 | 中国科学院电子学研究所苏州研究院 | Research, development, operation and maintenance integrated system for unified login authentication and login authentication method thereof |
| CN111464535A (en) * | 2020-03-31 | 2020-07-28 | 中国电子科技集团公司第三十研究所 | Cross-domain trust transfer method based on block chain |
| CN111651747A (en) * | 2020-05-11 | 2020-09-11 | 腾讯科技(深圳)有限公司 | Login bill synchronization system and method and related equipment |
| CN111984965A (en) * | 2020-08-31 | 2020-11-24 | 成都安恒信息技术有限公司 | Multi-source user management authentication system and method based on operation and maintenance audit system |
| CN112565189A (en) * | 2020-11-04 | 2021-03-26 | 国网安徽省电力有限公司信息通信分公司 | Access control system based on cloud computing data security |
| CN114422187A (en) * | 2021-12-21 | 2022-04-29 | 航天信息股份有限公司 | Method and system for supporting WEB mutual authentication |
| CN114944948A (en) * | 2022-05-16 | 2022-08-26 | 郑州小鸟信息科技有限公司 | Cross-domain user permission following method and system |
| CN115118454A (en) * | 2022-05-25 | 2022-09-27 | 四川中电启明星信息技术有限公司 | Cascade authentication system and method based on mobile application |
| CN111651747B (en) * | 2020-05-11 | 2024-05-24 | 腾讯科技(深圳)有限公司 | Login bill synchronization system and method and related equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101355527A (en) * | 2008-08-15 | 2009-01-28 | 深圳市中兴移动通信有限公司 | Method for implementing single-point LOG striding domain name |
| US20100154041A1 (en) * | 2008-12-16 | 2010-06-17 | Microsoft Corporation | Transforming claim based identities to credential based identities |
| CN102655494A (en) * | 2011-03-01 | 2012-09-05 | 广州从兴电子开发有限公司 | SAML (Security Assertion Markup Language)-based authentication platform designed in single log-in mode |
| US20130014243A1 (en) * | 2010-12-31 | 2013-01-10 | Ibm Corporation | Cross Domain Single Sign On |
| CN102882835A (en) * | 2011-07-13 | 2013-01-16 | 中国科学院声学研究所 | Method and system for implementing single sign on |
-
2014
- 2014-10-23 CN CN201410570561.5A patent/CN104301418B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101355527A (en) * | 2008-08-15 | 2009-01-28 | 深圳市中兴移动通信有限公司 | Method for implementing single-point LOG striding domain name |
| US20100154041A1 (en) * | 2008-12-16 | 2010-06-17 | Microsoft Corporation | Transforming claim based identities to credential based identities |
| US20130014243A1 (en) * | 2010-12-31 | 2013-01-10 | Ibm Corporation | Cross Domain Single Sign On |
| CN102655494A (en) * | 2011-03-01 | 2012-09-05 | 广州从兴电子开发有限公司 | SAML (Security Assertion Markup Language)-based authentication platform designed in single log-in mode |
| CN102882835A (en) * | 2011-07-13 | 2013-01-16 | 中国科学院声学研究所 | Method and system for implementing single sign on |
Non-Patent Citations (2)
| Title |
|---|
| WATANABE.ETC: ""A Seamless Connection for Authentication Required Web Sites by Shibboleth"", 《2011 THIRD INTERNATIONAL CONFERENCE ON INTELLIGENT NETWORKING AND COLLABORATIVE SYSTEMS》 * |
| 焦亚楠等: ""基于SAML的跨域单点登录的设计与实现"", 《计算机技术与发展》 * |
Cited By (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106161361A (en) * | 2015-04-03 | 2016-11-23 | 北京神州泰岳软件股份有限公司 | The access method of a kind of cross-domain resource and device |
| CN106161361B (en) * | 2015-04-03 | 2018-10-02 | 北京神州泰岳软件股份有限公司 | A kind of access method and device of cross-domain resource |
| CN105072128A (en) * | 2015-08-27 | 2015-11-18 | 哈尔滨工程大学 | Cross-domain single sign-on model based on SAML |
| CN105610855A (en) * | 2016-01-21 | 2016-05-25 | 北京京东尚科信息技术有限公司 | Method and device for login verification of cross-domain system |
| US10171467B2 (en) | 2016-07-21 | 2019-01-01 | International Business Machines Corporation | Detection of authorization across systems |
| CN108243164B8 (en) * | 2016-12-26 | 2021-10-15 | 航天网安技术(深圳)有限公司 | Cross-domain access control method and system for E-government cloud computing |
| CN108243164B (en) * | 2016-12-26 | 2021-09-10 | 航天信息股份有限公司 | Cross-domain access control method and system for E-government cloud computing |
| CN108243164A (en) * | 2016-12-26 | 2018-07-03 | 航天信息股份有限公司 | A kind of E-Government cloud computing cross-domain access control method and system |
| CN106921678A (en) * | 2017-04-27 | 2017-07-04 | 中国舰船研究设计中心 | A kind of unified safety authentication platform of the carrier-borne information system of integrated isomery |
| CN107395609B (en) * | 2017-08-07 | 2020-08-28 | 蔷薇大树科技有限公司 | Data encryption method |
| CN107395609A (en) * | 2017-08-07 | 2017-11-24 | 成都汇智远景科技有限公司 | Data ciphering method |
| CN108173680A (en) * | 2017-12-22 | 2018-06-15 | 成都优易数据有限公司 | A kind of multiple domain name account management method and system based on browser label |
| CN109274681A (en) * | 2018-10-25 | 2019-01-25 | 深圳壹账通智能科技有限公司 | A kind of information synchronization method, device, storage medium and server |
| CN109274681B (en) * | 2018-10-25 | 2021-11-16 | 深圳壹账通智能科技有限公司 | Information synchronization method and device, storage medium and server |
| CN109150921B (en) * | 2018-11-05 | 2021-06-29 | 郑州云海信息技术有限公司 | Login method, device, equipment and storage medium of multi-node cluster |
| CN109150921A (en) * | 2018-11-05 | 2019-01-04 | 郑州云海信息技术有限公司 | A kind of login method of multi-node cluster, device, equipment and storage medium |
| CN109327309A (en) * | 2018-11-08 | 2019-02-12 | 北京中电华大电子设计有限责任公司 | A kind of domain traversal key management method based on IBC Yu PKI mixed system |
| CN111274569A (en) * | 2019-12-24 | 2020-06-12 | 中国科学院电子学研究所苏州研究院 | Research, development, operation and maintenance integrated system for unified login authentication and login authentication method thereof |
| CN111464535A (en) * | 2020-03-31 | 2020-07-28 | 中国电子科技集团公司第三十研究所 | Cross-domain trust transfer method based on block chain |
| CN111651747A (en) * | 2020-05-11 | 2020-09-11 | 腾讯科技(深圳)有限公司 | Login bill synchronization system and method and related equipment |
| CN111651747B (en) * | 2020-05-11 | 2024-05-24 | 腾讯科技(深圳)有限公司 | Login bill synchronization system and method and related equipment |
| CN111984965A (en) * | 2020-08-31 | 2020-11-24 | 成都安恒信息技术有限公司 | Multi-source user management authentication system and method based on operation and maintenance audit system |
| CN112565189A (en) * | 2020-11-04 | 2021-03-26 | 国网安徽省电力有限公司信息通信分公司 | Access control system based on cloud computing data security |
| CN114422187A (en) * | 2021-12-21 | 2022-04-29 | 航天信息股份有限公司 | Method and system for supporting WEB mutual authentication |
| CN114944948A (en) * | 2022-05-16 | 2022-08-26 | 郑州小鸟信息科技有限公司 | Cross-domain user permission following method and system |
| CN114944948B (en) * | 2022-05-16 | 2024-01-09 | 郑州小鸟信息科技有限公司 | Cross-domain user permission following-based method and system |
| CN115118454A (en) * | 2022-05-25 | 2022-09-27 | 四川中电启明星信息技术有限公司 | Cascade authentication system and method based on mobile application |
| CN115118454B (en) * | 2022-05-25 | 2023-06-30 | 四川中电启明星信息技术有限公司 | Cascade authentication system and authentication method based on mobile application |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104301418B (en) | 2017-12-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104301418A (en) | Cross-domain single point login system and method based on SAML | |
| US9876799B2 (en) | Secure mobile client with assertions for access to service provider applications | |
| US8677451B1 (en) | Enabling seamless access to a domain of an enterprise | |
| CN103475666B (en) | A kind of digital signature authentication method of Internet of Things resource | |
| CN102006299B (en) | Trustworthy internet-oriented entity ID (Identity)-based ID authentication method and system | |
| US7117359B2 (en) | Default credential provisioning | |
| EP3226506B1 (en) | Sophisitcated preparation of an authorization token | |
| Carretero et al. | Federated identity architecture of the European eID system | |
| CN102647407B (en) | Information processing system, method for controlling information processing system | |
| CN104836803B (en) | Single-point logging method based on session mechanism | |
| CN101582769A (en) | Authority setting method of user access network and equipment | |
| CN101707594A (en) | Single sign on based grid authentication trust model | |
| CN103986734B (en) | Authentication management method and authentication management system applicable to high-security service system | |
| Berbecaru et al. | Providing login and Wi-Fi access services with the eIDAS network: A practical approach | |
| CN109962892A (en) | A kind of authentication method and client, server logging in application | |
| CN112039873A (en) | Method for accessing business system by single sign-on | |
| Pérez-Méndez et al. | Identity federations beyond the web: A survey | |
| CN102420808B (en) | Method for realizing single signon on telecom on-line business hall | |
| CN101567785B (en) | Method, system and entity for authenticating notes in network service | |
| US20060080730A1 (en) | Affiliations within single sign-on systems | |
| CN108243164B (en) | Cross-domain access control method and system for E-government cloud computing | |
| CN103118025A (en) | Single sign-on method based on network access certification, single sign-on device and certificating server | |
| CN101296245B (en) | Login method and system of service server | |
| Butkus | Identity management in m2m networks | |
| CN100596070C (en) | Method, system and identification server for configuring service channel after identification failure |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |