CN111600837A - Login management system and method based on multi-data center cloud management platform - Google Patents

Login management system and method based on multi-data center cloud management platform Download PDF

Info

Publication number
CN111600837A
CN111600837A CN202010277610.1A CN202010277610A CN111600837A CN 111600837 A CN111600837 A CN 111600837A CN 202010277610 A CN202010277610 A CN 202010277610A CN 111600837 A CN111600837 A CN 111600837A
Authority
CN
China
Prior art keywords
login
authentication
bill
login request
cmp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010277610.1A
Other languages
Chinese (zh)
Inventor
高会娟
曾兵
何牧君
刘润峰
孙洪涛
代苓苓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dawning Information Industry Beijing Co Ltd
Original Assignee
Dawning Information Industry Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dawning Information Industry Beijing Co Ltd filed Critical Dawning Information Industry Beijing Co Ltd
Priority to CN202010277610.1A priority Critical patent/CN111600837A/en
Publication of CN111600837A publication Critical patent/CN111600837A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a login management system and method based on a multi-data center cloud management platform. Wherein, login management system based on multi-data center cloud management platform includes: the cloud management platform comprises a data center portal CMP and a cloud partition manager CMZ, the CMP corresponds to a plurality of CMZs, the CMP receives a login request of a user, the login request comprises a user name and a password, the CMP judges whether a login-free bill consistent with the user name is cached locally or not, and if the login-free bill consistent with the user name is cached locally, the login-free bill and the login request are sent to an authentication server; the authentication server authenticates the login-free bill and the login request, and returns authentication passing information to the CMP after the login-free bill and the login request are authenticated; the CMP provides CMZ the corresponding cloud resource and/or cloud service to the user according to the authentication pass information.

Description

Login management system and method based on multi-data center cloud management platform
Technical Field
The invention relates to the technical field of cloud platform management, in particular to a login management system and method based on a multi-data center cloud management platform.
Background
With the development of cloud and mobility, enterprise applications are gradually migrated from private clouds to public clouds and from PC terminals to mobile terminals. What enterprise IT needs to manage is not only B/S application on a PC, but also SaaS software platform in public cloud, APP of mobile terminal, external third party interface, IOT internet of things device, and the like, and application management at each terminal becomes a serious challenge for the enterprise. Therefore, unified identity authentication is used for unified management of multiple data centers, unified portal entries are provided for users, and it is very important to get through the application of a multi-center cloud management platform. The conventional system has a plurality of subsystems which are respectively deployed in different servers, so that the problem of unified management of multiple data centers cannot be solved by adopting a conventional session mode.
Disclosure of Invention
The object of the present invention is to solve at least to some extent one of the above mentioned technical problems.
Therefore, a first object of the present invention is to provide a login management system based on a multi-data center cloud management platform, which can implement unified management of multiple data centers, provide a unified portal for a user, manage resources of multiple data centers more conveniently, and improve operation and maintenance management efficiency of the data centers.
The second purpose of the invention is to provide a login management method based on a multi-data center cloud management platform.
In order to achieve the above object, an embodiment of a first aspect of the present invention provides a login management system based on a multi-data center cloud management platform, where the system includes:
the cloud management platform comprises a data center portal CMP and a cloud partition manager CMZ, the CMP corresponds to a plurality of the CMZ, the CMP receives a login request of a user, the login request comprises a user name and a password, the CMP judges whether a login-free bill consistent with the user name is cached locally or not, and if the login-free bill consistent with the user name is cached locally, the login-free bill and the login request are sent to an authentication server;
the authentication server authenticates the login-free bill and the login request, and returns authentication passing information to the CMP after the login-free bill and the login request are authenticated;
and the CMP provides the cloud resources and/or cloud services corresponding to the CMZ to the user according to the authentication passing information.
Optionally, if the login-free ticket consistent with the user name is not cached, the CMP sends the login request to an authentication server; and the authentication server authenticates the login request, generates a login-free bill after the authentication is passed, and caches the generated login-free bill to the CMP.
Optionally, the CMZ is configured to manage the respective cloud resource and/or the cloud service.
Optionally, if any one of the login-free ticket and the login request fails to be authenticated, or both the login-free ticket and the login request fail to be authenticated, the authentication server returns authentication failure information to the CMP.
The login management system based on the multi-data center cloud management platform supports unified management of a plurality of data centers, supports cross-partition organization and automatic synchronization of user data, provides a unified portal entrance for a user, manages seamless switching of cloud partitions, and manages resources of the plurality of data centers more conveniently. The multiple data center management greatly improves the expansion capability of the system. The data centers are managed in a unified mode, a unified portal entrance is provided for a user, and resources of the data centers are managed more conveniently. By docking the plurality of cloud partition managers CMZ through the data center portal CMP, virtual infrastructures in a plurality of data centers can be managed, and the operation and maintenance management efficiency of the data centers is greatly improved.
In order to achieve the above object, an embodiment of a second aspect of the present invention provides a login management method based on a multi-data center cloud management platform, including:
receiving a login request of a user, wherein the login request comprises a user name and a password;
judging whether a bill consistent with the user name is cached locally;
if the bill which is consistent with the user name is cached, the bill and the login request are sent to an authentication server, so that the authentication server authenticates the bill and the login request;
and after the authentication server passes the authentication of the bill and the login request, receiving authentication passing information returned by the authentication server.
Optionally, if a ticket consistent with the user name is not cached, the login request is sent to an authentication server, so that the authentication server authenticates the login request;
and receiving the bill generated by the authentication server after the authentication of the login request by the authentication server is passed.
According to the login management method based on the multi-data center cloud management platform, disclosed by the embodiment of the invention, the login request of a user is received, whether a bill consistent with the user name is cached locally or not is judged, if the bill consistent with the user name is cached, the bill and the login request are sent to the authentication server, so that the authentication server authenticates the bill and the login request, and after the authentication server passes the authentication of the bill and the login request, the authentication passing information returned by the authentication server is received, so that the unified management of a plurality of data centers is realized, a unified portal is provided for the user, the resources of the plurality of data centers are managed more conveniently, and the operation and maintenance management efficiency of the data centers is greatly improved.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, are included to provide a further understanding of the invention, and are incorporated in and constitute a part of this specification, illustrate exemplary embodiments of the invention and together with the description serve to explain the invention and not to limit the invention. In the drawings:
fig. 1 is a schematic structural diagram of a login management system based on a multi-data center cloud management platform according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a login management system based on a multi-data center cloud management platform according to an embodiment of the present invention;
fig. 3 is a flowchart of a login management method based on a multi-data center cloud management platform according to an embodiment of the present invention;
FIG. 4 is a flowchart of a login management method based on a multi-data center cloud management platform according to an embodiment of the present invention;
fig. 5 is a flowchart of a login management method based on a multi-data center cloud management platform according to another embodiment of the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict. The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
The present invention is described in further detail below with reference to specific examples, which are not to be construed as limiting the scope of the invention as claimed.
The login management system and method based on the multi-data center cloud management platform according to the embodiments of the present invention are described below with reference to the accompanying drawings.
Fig. 1 is a schematic structural diagram of a login management system based on a multi-data center cloud management platform according to an embodiment of the present invention, and as shown in fig. 1, the system includes: a cloud management platform 100 and an authentication server 200. The cloud management platform 100 further includes a data center portal CMP 110 and a cloud partition manager CMZ 120, where the CMP 110 corresponds to a plurality of CMZ 120.
The CMP 110 receives a user's login request. The login request comprises a user name and a password. CMP 110 determines whether a login-free ticket consistent with the user name is cached locally. If the local cache has a login-free ticket that is consistent with the user name, CMP 110 sends the login-free ticket and a login request to authentication server 200.
The authentication server 200 authenticates the login-free ticket and the login request, and returns authentication pass information to the CMP 110 after both the login-free ticket and the login request pass the authentication.
The CMP 110 provides CMZ 120 the corresponding cloud resources and/or cloud services to the user according to the authentication pass information.
If the login-free ticket is not cached in accordance with the user name, the CMP 110 sends a login request to the authentication server 200. The authentication server 200 authenticates the login request, and after the authentication is passed, generates a login-free ticket, and caches the generated login-free ticket to the CMP 110.
CMZ 120 are used to manage the respective cloud resources and/or cloud services.
If either authentication of the login-free ticket and the login request fails or both authentication of the login-free ticket and the login request fails, the authentication server 200 returns authentication failure information to the CMP 110.
A detailed description is given below with a specific example.
The multi-data center cloud management platform system structure supports cross-partition organization, provides a uniform portal entrance for users, and realizes seamless switching of cloud partition management. Virtual infrastructures, including computing resources, storage resources, network resources, and the like, within a plurality of data centers may be managed by interfacing a plurality of cloud partition managers (CMZ) through a data center portal (CMP). The technical difficulty and key point of the multi-data center cloud management platform are the problem of single sign-on unified authentication between a unified portal and a plurality of subsystems and between the subsystems. In order to solve the technical difficulty, the scheme selects CAS (Central Authentication Service) to realize the Authentication of the single sign-on system.
The CAS is an open source project initiated by yale university and aims to provide a reliable single sign-on method for a Web application system. The method is one of the current popular solutions for serving enterprise single sign-on, and users can access all mutually trusted application systems only by logging on once. The method is an open source framework for single sign-on of Web application. The CAS server provides a set of user authenticator interfaces which are easy to customize, and users can customize own authentication logic according to the authentication mode of the online system of the enterprise of the users in a traditional user name/password mode or a security certificate-based mode. The CAS server provides the usual verifier template code, which can be used flexibly with only minor modifications. The CAS framework is mainly based on a spring framework, is written by using Java language, has strong expansibility and high safety, and can well integrate service modules.
As shown in fig. 2, the system-to-system structure for unified management by a multi-data center cloud management platform mainly includes two parts, a cloud partition manager CMZ and a data center portal CMP. CMZ is a basic partition for managing and scheduling cloud services and cloud resources by the system, and the cloud services and cloud resources are isolated between different cloud partitions. CMZ correspond to a stand-alone data center, and the unified management of distributed multiple data centers is realized by a unified portal CMP. The technical scheme architecture design is that the CAS comprises two parts of a CAS Server (authentication Server 200) and a CAS Client (cloud management platform 100). The CAS Server and the CAS Client are responsible for the authentication work of the user.
The specific authentication process can be as shown in fig. 3, where the CAS Client filters the access request of each protected resource sent by the user through the Client, and then analyzes whether the request includes the login-free ticket. If the request does not contain the login-free ticket, the user is not authenticated. The CAS Client redirects the access request to the CAS Server for authentication, and if the user logs in once, the user can be free from logging in. The CAS Server is responsible for the authentication work of the user, when the user logs in for the first time, the CASSERVER generates a login-free bill according to a user name/password, and then caches the login-free bill. Thereafter, the user authenticates that he or she does not need to log in again when logging in to other systems.
The main improvements in the CAS Client include:
1) the CAS Client configures the certificate to support HTTPS access protocol, and the main command for generating the certificate is as follows:
keytool-genkey-alias cmz227-keyalg RSA-keypass changeit-storepasschangeit
setting a certificate name, specifying an RSA public-private key algorithm, and specifying a key bank password and a private key password.
-keystore server.kystore-validity 3600-ext san=ip:10.0.33.227-dname
Setting a certificate validity period and setting an extension parameter as an IP address.
"CN=$host_name,OU=Cloudview,O=SVM,L=BJ,ST=BJ,C=ZH"。
Information specifying the certificate owner.
The problem that a domain name and a domain name server need to be configured due to the fact that the domain name is used in the SSL certificate is solved, therefore, 10.0.33.227 is used when the certificate is generated, the SSO single-point login authentication process can be achieved through the IP address, and the problem that an implementer configures the domain name and the domain name server on the spot of a user is solved.
2) CMZ add shiro-cas maven dependencies.
In the process of security authentication, in order to avoid dynamic import of the certificate library, the logic which can be executed after the project is started is added, and the logic can enable the client to trust and access the accessed resources. The method is enabled to be executed and completed when the spring container is initialized by @ PostConstrut.
3) Xml, and the default ROLE after the configuration authentication is passed is ' property name ═ defaultrollers ' value ═ ROLE _ USER '/>.
4) Configuring a cas server prefix address of < performance name ═ casServerUrlPrefix "value ═ $ { cas.
5) The application service address is configured to receive a CAS Server login-free ticket < performance name ═ case "value ═ $ shiro.
6) And configuring a single sign-on verification error and a finished jump page.
<property name="successUrl"value='/index'/>
And jumping to a system home page after the single sign-on is successful.
<property name="failureUrl"value='/casLoginfailure'></property>
And jumping to a failure page after the single sign-on fails, and prompting that the system fails to sign on.
(II) the main improvements in CAS Server include:
1) and modifying the configuration file applicationContext and trusting the client accessing the CAS Server.
<bean id="certifacationConfig" init-method="trustAllHosts" class="org.jasig.cas.web.CertifacationConfig"/>
And modifying the configuration file application context of webapp of the CAS Server to enable the CAS Server to execute the logic code after starting, so that the CAS Server trusts the client accessing the CAS Server resources.
2) Authentication service improvements by CAS default:
@Override
protected final boolean authenticateUsernamePasswordInternal(finalUsernamePasswordCredentials credentials)
final String dbPassword=getJdbcTemplate().queryForObject(this.sql,String.class,username);
and acquiring the password of the user stored in the database according to the user name.
final String salt=getJdbcTemplate().queryForObject(this.sqlSalt,String.class,username);
And acquiring the salt of the user stored in the database according to the user name.
String encryptedPassword=new SimpleHash("md5",password,ByteSource.Util.bytes(username+salt),hashIterations).toHex();
The encrypted password is generated by using the encryption mode of the MD 5.
return dbPassword.equals(encryptedPassword);
And matching the password stored in the database with the encrypted password, and returning true if the matching is successful, otherwise false.
The method improves the encryption mode of user name plus salt md5 by simple password authentication, improves the security of system login authentication, returns true if the user login authentication is successful, and returns false if the user login authentication is failed.
The CAS Server strengthens the function of user login verification for the user login authentication logic of the cloud partition manager CMZ, thereby improving system security.
3) And logging out the problem after the CAS Server session fails, modifying CAS-servlet.
<bean id="terminateWebSessionListener" class="org.jasig.cas.web.flow.TerminateWebSessionListener"
p:serviceManagerUrl="${cas.securityContext.serviceProperties.service}"
p:timeToDieInSeconds="18000"/>
The CAS session in the CAS Server and the session timeout time in the project are set to be consistent, and the problem of failure of the CASSESSIon timeout setting function is solved.
The login management system based on the multi-data center cloud management platform supports unified management of a plurality of data centers, supports cross-partition organization and automatic synchronization of user data, provides a unified portal entrance for a user, manages seamless switching of cloud partitions, and manages resources of the plurality of data centers more conveniently. The multiple data center management greatly improves the expansion capability of the system. The data centers are managed in a unified mode, a unified portal entrance is provided for a user, and resources of the data centers are managed more conveniently. By docking the plurality of cloud partition managers CMZ through the data center portal CMP, virtual infrastructures in a plurality of data centers can be managed, and the operation and maintenance management efficiency of the data centers is greatly improved.
In order to implement the embodiment, the invention further provides a login management method based on the multi-data center cloud management platform.
Fig. 4 is a flowchart of a login management method based on a multi-data center cloud management platform according to an embodiment of the present invention.
As shown in fig. 4, in the login management method based on the multi-data center cloud management platform, an execution subject of the method is the cloud management platform, and the method includes the following steps:
s1, a login request of the user is received.
The login request comprises a user name and a password.
And S2, judging whether the ticket consistent with the user name is cached locally.
And S3, if the bill is matched with the user name, the bill and the login request are sent to the authentication server, so that the authentication server can authenticate the bill and the login request.
S4, after the authentication server passes the authentication of the ticket and the login request, receives the authentication passing information returned by the authentication server.
In another embodiment of the present invention, as shown in fig. 5, the method further comprises:
and S5, if the bill which is consistent with the user name is not cached, the login request is sent to the authentication server so that the authentication server can authenticate the login request.
S6, after the authentication server passes the authentication of the login request, receives the ticket generated by the authentication server.
It should be understood that the login management method based on the multiple data center cloud management platform in this embodiment is consistent with the login management system based on the multiple data center cloud management platform in the previous embodiment, and details are not repeated in this embodiment.
According to the login management method based on the multi-data center cloud management platform, disclosed by the embodiment of the invention, the login request of a user is received, whether a bill consistent with a user name is cached locally or not is judged, if the bill consistent with the user name is cached, the bill and the login request are sent to the authentication server, so that the authentication server authenticates the bill and the login request, and after the authentication server passes the authentication of the bill and the login request, authentication passing information returned by the authentication server is received, so that the unified management of a plurality of data centers is realized, a unified portal entrance is provided for the user, the resources of the plurality of data centers are managed more conveniently, and the operation and maintenance management efficiency of the data centers is greatly improved.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The logic and/or steps represented in the flowcharts or otherwise described herein, e.g., an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It should be noted that in the description of the present specification, reference to the description of the term "one embodiment", "some embodiments", "an example", "a specific example", or "some examples", etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.

Claims (6)

1. A login management system based on a multi-data center cloud management platform is characterized by comprising:
the cloud management platform comprises a data center portal CMP and a cloud partition manager CMZ, the CMP corresponds to a plurality of the CMZ, the CMP receives a login request of a user, the login request comprises a user name and a password, the CMP judges whether a login-free bill consistent with the user name is cached locally or not, and if the login-free bill consistent with the user name is cached locally, the login-free bill and the login request are sent to an authentication server;
the authentication server authenticates the login-free bill and the login request, and returns authentication passing information to the CMP after the login-free bill and the login request are authenticated;
and the CMP provides the cloud resources and/or cloud services corresponding to the CMZ to the user according to the authentication passing information.
2. The system of claim 1, further comprising:
if the login-free bill consistent with the user name is not cached, the CMP sends the login request to an authentication server;
and the authentication server authenticates the login request, generates a login-free bill after the authentication is passed, and caches the generated login-free bill to the CMP.
3. The system of claim 1, further comprising:
the CMZ is for managing the respective cloud resources and/or the cloud services.
4. The system of claim 1, further comprising:
and if any authentication of the login-free ticket and the login request fails or both the authentication of the login-free ticket and the authentication of the login request fail, the authentication server returns authentication failure information to the CMP.
5. A login management method based on a multi-data center cloud management platform is characterized by comprising the following steps:
receiving a login request of a user, wherein the login request comprises a user name and a password;
judging whether a bill consistent with the user name is cached locally;
if the bill which is consistent with the user name is cached, the bill and the login request are sent to an authentication server, so that the authentication server authenticates the bill and the login request;
and after the authentication server passes the authentication of the bill and the login request, receiving authentication passing information returned by the authentication server.
6. The method of claim 5, further comprising:
if the bill which is consistent with the user name is not cached, the login request is sent to an authentication server, so that the authentication server authenticates the login request;
and receiving the bill generated by the authentication server after the authentication of the login request by the authentication server is passed.
CN202010277610.1A 2020-04-08 2020-04-08 Login management system and method based on multi-data center cloud management platform Pending CN111600837A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010277610.1A CN111600837A (en) 2020-04-08 2020-04-08 Login management system and method based on multi-data center cloud management platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010277610.1A CN111600837A (en) 2020-04-08 2020-04-08 Login management system and method based on multi-data center cloud management platform

Publications (1)

Publication Number Publication Date
CN111600837A true CN111600837A (en) 2020-08-28

Family

ID=72188660

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010277610.1A Pending CN111600837A (en) 2020-04-08 2020-04-08 Login management system and method based on multi-data center cloud management platform

Country Status (1)

Country Link
CN (1) CN111600837A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113805880A (en) * 2021-09-06 2021-12-17 南京联创信息科技有限公司 Method for solving request failure of https protocol under shiro framework
CN116112550A (en) * 2022-12-29 2023-05-12 上海芯赛云计算科技有限公司 Data processing method and device, storage medium and electronic device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113805880A (en) * 2021-09-06 2021-12-17 南京联创信息科技有限公司 Method for solving request failure of https protocol under shiro framework
CN116112550A (en) * 2022-12-29 2023-05-12 上海芯赛云计算科技有限公司 Data processing method and device, storage medium and electronic device

Similar Documents

Publication Publication Date Title
US10505733B2 (en) Generating and managing a composite identity token for multi-service use
US10171455B2 (en) Protection of application passwords using a secure proxy
CN112597472B (en) Single sign-on method, device and storage medium
US11201778B2 (en) Authorization processing method, device, and system
US9178865B2 (en) Serialized authentication and authorization services
US11522720B1 (en) Dynamic object creation and certificate management
CN112995219B (en) Single sign-on method, device, equipment and storage medium
US20080320566A1 (en) Device provisioning and domain join emulation over non-secured networks
US8528057B1 (en) Method and apparatus for account virtualization
US11888856B2 (en) Secure resource authorization for external identities using remote principal objects
US11552956B2 (en) Secure resource authorization for external identities using remote principal objects
US11245577B2 (en) Template-based onboarding of internet-connectible devices
US11012495B1 (en) Remote service credentials for establishing remote sessions with managed devices
CN111600837A (en) Login management system and method based on multi-data center cloud management platform
CN114363165A (en) Configuration method of electronic equipment, electronic equipment and server
CN111031074A (en) Authentication method, server and client
CN113761509B (en) iframe verification login method and device
Nakandala et al. Apache Airavata security manager: Authentication and authorization implementations for a multi-tenant escience framework
US20220200998A1 (en) Management of user authentication between enterprise-level authentication protocol and cloud-native authentication protocol
US11589227B2 (en) Multilevel authentication using a mobile device
US7831999B2 (en) System and method for single security administration
US10432584B1 (en) Managing lame delegated domains within a managed DNS service
RU2589333C2 (en) Back end limited delegation model
US10033535B2 (en) Multifaceted assertion directory system
EP3766221B1 (en) Relying party certificate validation when client uses relying party&#39;s ip address

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination