CN111949955B - Single sign-on method, device and equipment for web system and readable storage medium - Google Patents
Single sign-on method, device and equipment for web system and readable storage medium Download PDFInfo
- Publication number
- CN111949955B CN111949955B CN202010751199.7A CN202010751199A CN111949955B CN 111949955 B CN111949955 B CN 111949955B CN 202010751199 A CN202010751199 A CN 202010751199A CN 111949955 B CN111949955 B CN 111949955B
- Authority
- CN
- China
- Prior art keywords
- web system
- single sign
- request
- login
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000012795 verification Methods 0.000 claims abstract description 30
- 230000009191 jumping Effects 0.000 claims description 18
- 238000012545 processing Methods 0.000 claims description 9
- 230000000977 initiatory effect Effects 0.000 claims description 8
- 238000000605 extraction Methods 0.000 claims description 7
- 238000004590 computer program Methods 0.000 claims description 4
- 239000000284 extract Substances 0.000 claims description 4
- 230000007246 mechanism Effects 0.000 abstract description 9
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 12
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000011664 signaling Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application discloses a single sign-on method of a web system, which initiates single sign-on access to a second web system in a first web system through a newly-built tab page, converts cross-domain access from the first web system to the second web system into direct access, has no influence on the first web system, does not need to close cross-domain verification, and can avoid cross-domain interception of a safety mechanism of a browser; meanwhile, the login information is spliced into the URL in the new tab page, and a single sign-on request for the second web system is initiated in the new tab page according to the URL, so that the safety check of the second web system on account information can be realized, and the integrity and the safety of an access mechanism of the second web system are ensured. The application also provides a single sign-on device and equipment of the web system and a readable storage medium, and the web system single sign-on device and the equipment have the beneficial effects.
Description
Technical Field
The present application relates to the field of electronic technologies, and in particular, to a method, an apparatus, a device, and a readable storage medium for single sign-on of a web system.
Background
The single sign-on belongs to a common operation in multi-system management, and the single sign-on refers to that a plurality of systems use the same set of account numbers and can be mutually authenticated, or refers to that the system B can be accessed without logging in after logging in the system A (the system B can be accessed after logging in normally).
In order to facilitate the unified management of multiple web systems, single sign-on between multiple web systems is used more frequently, and the security problem generated therewith is also getting more serious, wherein the cross-domain problem is more prominent. In order to realize cross-domain access, some web systems abandon cross-domain security verification, and can directly log in a system B after the system A is verified, so that certain hidden danger exists for the security of the system B; the cross-domain of some web systems is realized on the basis of sub-domain names, and the method changes the independence of the original system and has certain threat to the operation stability of the original system.
Therefore, how to ensure the cross-domain security and avoid the operational impact on the original system in the single sign-on is an urgent problem to be solved by those skilled in the art.
Disclosure of Invention
The method can ensure cross-domain security in single sign-on and simultaneously avoid the operation influence on the original system; another object of the present application is to provide a web system single sign-on apparatus, a device and a readable storage medium.
In order to solve the above technical problem, the present application provides a single sign-on method for a web system, including:
after receiving a login request, the first web system carries out security verification on a login requester;
after the security verification is passed, if a second web system access request initiated by the request login person is received, a new tab page is created;
splicing the login information into a URL in the new tab page, and initiating a single sign-on request for the second web system in the new tab page according to the URL so that the second web system can perform security check on the account information; the login information comprises account information and a target page URL in the second web system.
Optionally, after the security check is passed, if a second web system access request initiated by the request login user is received, creating a new tab page, including:
after the security check is passed, if a second web system access request initiated by the login request is received, setting a target _ blank in an access link of the first web system.
Optionally, splicing the login information into a URL in the new tab page, and initiating a single sign-on request for the second web system according to the URL in the new tab page, so that the second web system performs security check on the account information, including:
and after the login information is encrypted in the new tab page, splicing the encrypted login information into a URL (uniform resource locator), and initiating a single-point login request for the second web system in the new tab page according to the URL so that the second web system can perform security verification on the account information.
The application also provides a single sign-on device of the web system, which is applied to a first web system server and comprises:
the first checking unit is used for carrying out security checking on a login requester after receiving a login request;
the creating unit is used for creating a new tab page if a second web system access request initiated by the request login person is received after the security check is passed;
the request unit is used for splicing the login information into a URL in the new tab page, and initiating a single sign-on request for the second web system in the new tab page according to the URL so that the second web system can perform security verification on the account information; and the login information comprises account information and a target page URL in the second web system.
The application also provides a single sign-on method of the web system, which comprises the following steps:
after receiving the single sign-on request, the second web system extracts the login information in the URL corresponding to the single sign-on request; wherein the single sign-on request is initiated by the first web system on the created new tab page;
performing security verification on account information in the login information; the login information comprises account information and a target URL;
and after the safety check is passed, jumping to a page corresponding to the target page URL.
Optionally, the login information further includes: generating time of login information;
correspondingly, after the second web system receives the single sign-on request, the method further comprises the following steps:
determining a request receiving time;
extracting the login information generation time from the login information;
judging whether the time difference between the request receiving time and the login information generating time exceeds a threshold value or not;
if the time difference exceeds a threshold value, judging that the request is invalid;
and if the time difference does not exceed the threshold value and the safety check is passed, executing a step of jumping to a page corresponding to the target page URL.
The application also provides a single sign-on device of the web system, which is applied to a second web system server and comprises the following components:
the device comprises an extraction unit, a registration unit and a processing unit, wherein the extraction unit is used for extracting login information in a URL (uniform resource locator) corresponding to a single sign-on request after the single sign-on request is received; wherein the single sign-on request is initiated by the first web system on the created new tab page;
the second verification unit is used for performing security verification on the account information in the login information; the login information comprises account information and a target URL;
and the jumping unit is used for jumping to the page corresponding to the target page URL after the safety check is passed.
Optionally, the login information further includes: generating time of login information;
correspondingly, the web system single sign-on device further comprises: the time checking unit is used for determining the request receiving time after the second web system receives the single sign-on request; extracting the login information generation time from the login information; judging whether the time difference between the request receiving time and the login information generating time exceeds a threshold value or not; if the time difference exceeds a threshold value, judging that the request is invalid; and if the time difference does not exceed a threshold value and the safety check is passed, triggering the jumping unit to execute a step of jumping to a page corresponding to the target page URL.
The present application further provides a web system single sign-on device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the first web system based web system single sign-on method and/or the second web system based web system single sign-on method when executing the computer program.
The present application further provides a readable storage medium having stored thereon a program which, when executed by a processor, performs the steps of a first web system based web system single sign-on method and/or a second web system based web system single sign-on method.
In the web system single sign-on method provided by the application, single sign-on access to the second web system is initiated in the first web system through the newly-built tab page, cross-domain access from the first web system to the second web system is converted into direct access, the first web system is not influenced, cross-domain verification is not required to be closed, and cross-domain interception of a safety mechanism of a browser can be avoided; meanwhile, the login information is spliced into the URL in the new tab page, and a single-point login request for the second web system is initiated in the new tab page according to the URL, so that the safety check of the second web system on account information can be realized, and the integrity and the safety of an access mechanism of the second web system are ensured.
The application also provides a single sign-on device, equipment and a readable storage medium of the web system, which have the beneficial effects and are not described herein again.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a signaling diagram of a single sign-on method for a web system according to an embodiment of the present application;
fig. 2 is a schematic processing flow diagram of a first web system according to an embodiment of the present application;
FIG. 3 is a schematic processing flow diagram of a second web system according to an embodiment of the present disclosure;
fig. 4 is a block diagram illustrating a structure of a web system single sign-on apparatus applied to a first web system server according to an embodiment of the present disclosure;
fig. 5 is a block diagram illustrating a structure of a web system single sign-on apparatus applied to a second web system server according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of a single sign-on device of a web system according to an embodiment of the present application.
Detailed Description
The core of the application is to provide a web system single sign-on method, which can ensure cross-domain security in single sign-on and avoid the operation influence on the original system; at the other core of the application, a web system single sign-on device, equipment and a readable storage medium are provided.
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a signaling diagram of a single sign-on method for a web system according to the present embodiment, the method mainly includes the following steps:
step s110, after the first web system receives the login request, performing security verification on the login requester;
in this embodiment, the first web system and the second web system are two web systems that can implement single sign-on, and the first web system and the second web system are only used for distinguishing.
If a user currently requests to log in a first web system, the first web system performs security check on a login request person, wherein the first web system may further store account and password information of a second web system in addition to account and password information of the first web system, so as to implement single sign-on, the first web system performs security check on the login request person, and then validity verification of the account and the password information may be performed according to the account and the password information of the first web system and the second web system, and a specific implementation process of performing security check on the login request person by the first web system is not limited in this embodiment, and may be set according to an implementation manner in related technologies, which is not described in this embodiment again.
Step s120, after the security verification of the first web system is passed, if a second web system access request initiated by a request login person is received, creating a new tab page;
optionally, an implementation manner of creating a new tab page is specifically as follows: after the security check is passed, if a second web system access request initiated by a request login party is received, a target _ blank is set in an access link of the first web system.
Html of a second web system page B _ tmp is accessed in the first web system, and target _ blank is set in the link, so that the html of the second web system page B _ tmp can be opened in a new tab page, and a tab page is newly created to access the second web system, thereby avoiding cross-domain interception of a safety mechanism of a browser. In this embodiment, only the above implementation manner is described as an example, and other specific implementation manners for creating a new tab page may refer to the description of this embodiment, and are not described herein again.
In the embodiment, when single sign-on is realized, access to the second web system is initiated in the login system through the newly-built tab page, and cross-domain access from the first web system to the second web system is converted into direct access, so that cross-domain interception of a security mechanism of a browser can be avoided, and the integrity and the security of the access mechanism of the second web system can be ensured.
Step s130, the first web system initiates a single sign-on request for the second web system in the new tab page according to the URL, so that the second web system performs security check on the account information; the login information comprises account information and a target page URL in the second web system.
When a target page (for example, a B _ tmp. html page) in the second web system is accessed, the login information including the account information and the target URL is spliced into the URL, the type of information included in the login information is not limited in this embodiment, and besides the account information and the target URL, the method may further include: and the current time, so that the second web system performs validity verification on the generation time of the single sign-on request to ensure the login security of the second web system.
And in order to ensure the security of the login information, the login information can be spliced into the URL after being encrypted. For example, the login information is: { account: 'test', password: '123456', time: '1594102579', target: 'B _ target. html' }, after AES encryption (encryption mode is not limited), the ciphertext is '23 ewdsdffwwdads 3dsa2d34 fdfdfghgjjswesd 2edesr3De 3', the access url is spliced into the final address through js, and var url? "+" 23 ewdsdfwwads 3dsa2d34 fdfdfdfgfhjwesd 2edesr3De3 ", and the final address is B _ tmp. html23ewdsfwdsdsdsdsads 3dsa2d 34fdfdfgjwesd2edesr 3 De3.
In order to deepen understanding of the processing flow of the first web system, taking the first web system as the system a and the second web system as the system B as an example, a schematic diagram of the processing flow of the first web system is provided in this embodiment, as shown in fig. 2.
Step s210, after receiving the single sign-on request, the second web system extracts the login information in the URL corresponding to the single sign-on request;
and after receiving the single sign-on request, the second web system extracts the login information in the URL so as to facilitate the second web system to carry out login verification.
However, the specific information extraction manner is not limited in this embodiment, and taking the second web system as the system B as an example, the information extraction manner may be: html (target URL) of B system get "? "get information loginninfo after, can use js method window. The numbers are removed. Html sends an authentication login information request using js with loglnfo as a parameter.
Step s220, the second web system performs security verification on account information in the login information; the login information comprises account information and a target URL;
the specific implementation process of the second web system for performing security check on the account information in the login information may refer to an implementation manner in the related art, which is not specifically limited in this embodiment.
And step s230, after the security verification is passed, the second web system jumps to the page corresponding to the target page URL.
After the security verification of the second web system is passed, the user is considered as the authorized user of the second web system, and the user can jump to the target page according to the user request.
If the security check of the second web system fails or the security check of the first web system fails, the login request of the user may be rejected, and the login failure is prompted.
Furthermore, the login information may further include: generating time of login information; accordingly, after the second web system receives the single sign-on request, the following steps may be further performed:
(1) determining a request receiving time;
(2) extracting login information generation time from the login information;
(3) judging whether the time difference between the request receiving time and the login information generating time exceeds a threshold value or not;
(4) if the time difference exceeds the threshold value, the request is judged to be invalid;
(5) and if the time difference does not exceed the threshold and the safety verification is passed, executing a step of jumping to a page corresponding to the target page URL.
In the method, the overtime and invalidity judgment is carried out on the generation time of the login information, if the difference value between the generation time (namely the sending time of the single sign-on request) and the receiving time of the login information exceeds the threshold value, the security of the single sign-on request is difficult to guarantee, and in order to protect the security of the second web system, the time authentication of the login request can be further arranged besides the login information authentication of the second web system, so that the login security of the second web system is doubly guaranteed.
In this embodiment, the value setting of the threshold is not limited, the threshold is 1min, the second web system is a system B, for example, the accuracy of time is verified in the system B, the difference between sending time and receiving time is more than 1 minute, the request is considered invalid, the user name and the password are correct when the time check is passed, the target page B _ target.html is returned when the verification is successful, the page jumps to the target page B _ target.html, and the login failure can be prompted when the verification fails.
In order to deepen understanding of the processing flow of the second web system, taking the second web system as the system B as an example, a schematic diagram of the processing flow of the second web system is provided in this embodiment, as shown in fig. 3.
Based on the above description, in the web system single sign-on method provided in this embodiment, a new tab page is used in the first web system to initiate a single sign-on access to the second web system, and a cross-domain access from the first web system to the second web system is converted into a direct access, which has no influence on the first web system, does not need to close cross-domain authentication, and can avoid cross-domain interception of a security mechanism of a browser itself; meanwhile, the login information is spliced into the URL in the new tab page, and a single-point login request for the second web system is initiated in the new tab page according to the URL, so that the safety check of the second web system on account information can be realized, and the integrity and the safety of an access mechanism of the second web system are ensured.
Referring to fig. 4, fig. 4 is a block diagram of a single sign-on apparatus of a web system according to the present embodiment; the device is applied to a first web system server and mainly comprises: a first checking unit 110, a creating unit 120 and a requesting unit 130. The single sign-on device for the web system provided by the embodiment can be mutually contrasted with the single sign-on method for the web system.
The first verification unit 110 is mainly configured to perform security verification on a person requesting login after receiving a login request;
the creating unit 120 is mainly configured to create a new tab page if a second web system access request initiated by a request logger is received after the security check is passed;
the requesting unit 130 is mainly configured to splice the login information into a URL in a new tab page, and initiate a single sign-on request for the second web system according to the URL in the new tab page, so that the second web system performs security check on the account information; the login information comprises account information and a target page URL in the second web system.
Referring to fig. 5, fig. 5 is a block diagram of a single sign-on device of a web system according to the present embodiment; the device is applied to a second web system server and mainly comprises: an extraction unit 210, a second check unit 220, and a jumping unit 230. The single sign-on apparatus of the web system provided by this embodiment can be compared with the single sign-on method of the web system.
The extracting unit 210 is mainly configured to extract login information in a URL corresponding to a single sign-on request after receiving the single sign-on request; wherein the single sign-on request is initiated by the first web system on the created new tab page;
the second checking unit 220 is mainly used for performing security checking on account information in the login information; the login information comprises account information and a target URL;
the jumping unit 230 is mainly used for jumping to a page corresponding to the URL of the target page after the security check is passed.
Optionally, the login information further includes: generating time of login information;
correspondingly, the web system single sign-on device further comprises: the time checking unit is used for determining the request receiving time after the second web system receives the single sign-on request; extracting login information generation time from the login information; judging whether the time difference between the request receiving time and the login information generating time exceeds a threshold value or not; if the time difference exceeds the threshold value, the request is judged to be invalid; and if the time difference does not exceed the threshold and the safety check is passed, triggering the jumping unit to execute a step of jumping to the page corresponding to the target page URL.
The embodiment provides a single sign-on device for a web system, which mainly includes: a memory and a processor.
Wherein, the memory is used for storing programs;
when the processor is used to execute the program, the steps of the web system single sign-on method described in the above embodiments may be implemented, and specific reference may be made to the description of the web system single sign-on method.
Referring to fig. 6, a schematic structural diagram of a web system single sign-on device provided in this embodiment is shown, where the web system single sign-on device may have a relatively large difference due to different configurations or performances, and may include one or more processors (CPUs) 322 (e.g., one or more processors), a memory 332, and one or more storage media 330 (e.g., one or more mass storage devices) for storing an application 342 or data 344. Memory 332 and storage media 330 may be, among other things, transient storage or persistent storage. The program stored on the storage medium 330 may include one or more modules (not shown), each of which may include a series of instructions operating on a data processing device. Still further, the central processor 322 may be configured to communicate with the storage medium 330 to execute a series of instruction operations in the storage medium 330 on the web system single sign-on device 301.
The web system single sign-on device 301 may also include one or more power supplies 326, one or more wired or wireless network interfaces 350, one or more input output interfaces 358, and/or one or more operating systems 341, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, and the like.
The steps in the web system single sign-on method described in fig. 1 above can be implemented by the structure of the web system single sign-on device introduced in this embodiment.
The present embodiment discloses a readable storage medium, on which a program is stored, and the program, when being executed by a processor, implements the steps of the web system single sign-on method described in the foregoing embodiment, which may be referred to in the description of the web system single sign-on method in the foregoing embodiment.
The readable storage medium may be a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and various other readable storage media capable of storing program codes.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The web system single sign-on method, apparatus, device and readable storage medium provided by the present application are described in detail above. The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
Claims (10)
1. A single sign-on method for a web system, comprising:
after receiving a login request, the first web system carries out security verification on a login requester;
after the security verification is passed, if a second web system access request initiated by the request login person is received, a new tab page is created, wherein the account number and the password information of the second web system are stored in the first web system in addition to the account number and the password information of the system of the first web system;
splicing the login information into a URL in the new tab page, and initiating a single sign-on request for the second web system in the new tab page according to the URL so that the second web system can perform security check on the account information; and the login information comprises account information and a target page URL in the second web system.
2. The method of claim 1, wherein after the security check is passed, if a second web system access request from the login requester is received, creating a new tab page, comprising:
after the security check is passed, if a second web system access request initiated by the login request is received, setting target = _ blank in an access link of the first web system.
3. The web system single sign-on method of claim 1, wherein the splicing of the login information into a URL in the new tab page, initiating a single sign-on request for the second web system in accordance with the URL in the new tab page for the second web system to securely check the account information comprises:
and after the login information is encrypted in the new tab page, splicing the encrypted login information into a URL (uniform resource locator), and initiating a single-point login request for the second web system in the new tab page according to the URL so that the second web system can perform security verification on the account information.
4. A single sign-on device of a web system is applied to a first web system server, and the device comprises:
the first checking unit is used for carrying out security checking on a login requester after receiving a login request;
a creating unit, configured to create a new tab page if a second web system access request initiated by the login requester is received after the security check is passed, where the first web system stores account information and password information of a system of the first web system, and also stores account information and password information of the second web system;
the request unit is used for splicing the login information into a URL in the new tab page, and initiating a single sign-on request for the second web system in the new tab page according to the URL so that the second web system can perform security verification on the account information; and the login information comprises account information and a target page URL in the second web system.
5. A single sign-on method for a web system, comprising:
after receiving the single sign-on request, the second web system extracts the login information in the URL corresponding to the single sign-on request; the single sign-on request is initiated by a first web system on a created new tab page, and the first web system stores account information and password information of a second web system in addition to account information and password information of the first web system;
carrying out security verification on account information in the login information; the login information comprises account information and a target URL;
and after the safety check is passed, jumping to a page corresponding to the target page URL.
6. The web system single sign-on method of claim 5, wherein the sign-on information further comprises: generating time of login information;
correspondingly, after the second web system receives the single sign-on request, the method further comprises the following steps:
determining a request receiving time;
extracting the login information generation time from the login information;
judging whether the time difference between the request receiving time and the login information generating time exceeds a threshold value or not;
if the time difference exceeds a threshold value, judging that the request is invalid;
and if the time difference does not exceed the threshold value and the safety check is passed, executing a step of jumping to a page corresponding to the target page URL.
7. A single sign-on device of a web system is applied to a second web system server, and the device comprises:
the device comprises an extraction unit, a registration unit and a processing unit, wherein the extraction unit is used for extracting login information in a URL (uniform resource locator) corresponding to a single sign-on request after the single sign-on request is received; the single sign-on request is initiated by a first web system on a created new tab page, and the first web system stores account information and password information of a second web system in addition to account information and password information of the first web system;
the second verification unit is used for performing security verification on the account information in the login information; the login information comprises account information and a target URL;
and the jumping unit is used for jumping to a page corresponding to the target page URL after the safety check is passed.
8. The web system single sign-on apparatus of claim 7, wherein the login information further comprises: generating time of login information;
correspondingly, the web system single sign-on device further comprises: the time checking unit is used for determining the request receiving time after the second web system receives the single sign-on request; extracting the login information generation time from the login information; judging whether the time difference between the request receiving time and the login information generating time exceeds a threshold value or not; if the time difference exceeds a threshold value, judging that the request is invalid; and if the time difference does not exceed the threshold value and the safety check is passed, triggering the jumping unit to execute a step of jumping to a page corresponding to the target page URL.
9. A web system single sign-on device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the web system single sign-on method of any one of claims 1 to 3 and/or the web system single sign-on method of any one of claims 5 to 6 when executing the computer program.
10. A readable storage medium, characterized in that the readable storage medium has stored thereon a program which, when being executed by a processor, realizes the steps of the web system single sign-on method according to any one of claims 1 to 3 and/or the web system single sign-on method according to any one of claims 5 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010751199.7A CN111949955B (en) | 2020-07-30 | 2020-07-30 | Single sign-on method, device and equipment for web system and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010751199.7A CN111949955B (en) | 2020-07-30 | 2020-07-30 | Single sign-on method, device and equipment for web system and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111949955A CN111949955A (en) | 2020-11-17 |
| CN111949955B true CN111949955B (en) | 2022-06-17 |
Family
ID=73338593
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010751199.7A Active CN111949955B (en) | 2020-07-30 | 2020-07-30 | Single sign-on method, device and equipment for web system and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111949955B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113055186B (en) * | 2021-03-29 | 2023-04-07 | 中国建设银行股份有限公司 | Cross-system service processing method, device and system |
| CN113965357B (en) * | 2021-09-28 | 2023-10-17 | 网宿科技股份有限公司 | Cross-domain website login state synchronization method, electronic equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104735066A (en) * | 2015-03-18 | 2015-06-24 | 百度在线网络技术(北京)有限公司 | Single sign-on method, device and system oriented to web page applications |
| CN107070880A (en) * | 2017-02-16 | 2017-08-18 | 济南浪潮高新科技投资发展有限公司 | A kind of method and system of single-sign-on, a kind of authentication center's server |
| CN108092870A (en) * | 2016-11-21 | 2018-05-29 | 深圳联友科技有限公司 | A kind of single-point logging method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4779444B2 (en) * | 2005-05-26 | 2011-09-28 | 株式会社日立製作所 | Single sign-on implementation method |
-
2020
- 2020-07-30 CN CN202010751199.7A patent/CN111949955B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104735066A (en) * | 2015-03-18 | 2015-06-24 | 百度在线网络技术(北京)有限公司 | Single sign-on method, device and system oriented to web page applications |
| CN108092870A (en) * | 2016-11-21 | 2018-05-29 | 深圳联友科技有限公司 | A kind of single-point logging method and device |
| CN107070880A (en) * | 2017-02-16 | 2017-08-18 | 济南浪潮高新科技投资发展有限公司 | A kind of method and system of single-sign-on, a kind of authentication center's server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111949955A (en) | 2020-11-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110493202B (en) | Login token generation and verification method and device and server | |
| US9112828B2 (en) | Method for defending against session hijacking attacks and firewall | |
| CN112000951B (en) | Access method, device, system, electronic equipment and storage medium | |
| US9553865B2 (en) | Protecting websites from cross-site scripting | |
| CN107046544B (en) | Method and device for identifying illegal access request to website | |
| CN108075888B (en) | Dynamic URL generation method and device, storage medium and electronic equipment | |
| CN106790238A (en) | It is a kind of to forge CSRF defence authentication method and device across station request | |
| CN111949955B (en) | Single sign-on method, device and equipment for web system and readable storage medium | |
| CN111639327A (en) | Authentication method and device for open platform | |
| CN110071917B (en) | User password detection method, device, apparatus and storage medium | |
| CN111431753A (en) | Asset information updating method, device, equipment and storage medium | |
| CN111092910A (en) | Database security access method, device, equipment, system and readable storage medium | |
| CN111143822A (en) | Application system access method and device | |
| CN112491776A (en) | Security authentication method and related equipment | |
| US11411947B2 (en) | Systems and methods for smart contract-based detection of authentication attacks | |
| US10657234B2 (en) | Method, computer program, and system to realize and guard over a secure input routine based on their behavior | |
| CN113239308A (en) | Page access method, device, equipment and storage medium | |
| CN112953720A (en) | Network request processing method, device, equipment and storage medium | |
| CN113935008B (en) | User authentication method, device, electronic equipment and computer readable storage medium | |
| CN115459929A (en) | Security verification method, apparatus, electronic device, system, medium, and product | |
| CN113672888A (en) | Cloud platform access method, device and system and cloud platform server | |
| CN111193708A (en) | Code scanning login method and device based on enterprise browser | |
| Riesch et al. | Audit based privacy preservation for the OpenID authentication protocol | |
| CN107483466B (en) | User login verification method and device in Web application | |
| CN113938323B (en) | JWT (Java virtual machine-based) based replay attack prevention method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |