CN112751854A - SSO login method and system - Google Patents
SSO login method and system Download PDFInfo
- Publication number
- CN112751854A CN112751854A CN202011600115.6A CN202011600115A CN112751854A CN 112751854 A CN112751854 A CN 112751854A CN 202011600115 A CN202011600115 A CN 202011600115A CN 112751854 A CN112751854 A CN 112751854A
- Authority
- CN
- China
- Prior art keywords
- login
- openresty
- sso
- agent
- identity management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 15
- 230000009191 jumping Effects 0.000 claims description 6
- 238000012795 verification Methods 0.000 claims description 6
- 230000003068 static effect Effects 0.000 abstract description 3
- 235000014510 cooky Nutrition 0.000 description 2
- 238000003032 molecular docking Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a method and a system for SSO login.A user request of a subsystem page is intercepted by an OpenResty proxy terminal, and whether the current user state is a non-login state or not is judged, if yes, the unified identity management terminal is jumped to, and if not, a message is sent to a server terminal; the uniform identity management terminal performs SSO login; after login is successful, the OpenResty agent performs callback on login to complete login, the work load is reduced by directly integrating SSO in Nginx by using the method for logging in the Nginx universal SSO realized by the OpenResty agent, and the problem that access cannot be completed because a static site cannot write server logic in the prior art is solved.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method and a system for SSO login.
Background
SSO (single sign on) is a solution for unified login authentication. In the SSO system, by integrating a plurality of mutually trusted subsystems, a user can access all mutually trusted subsystems only after completing one-time login authentication in the SSO system, thereby realizing one-time login anywhere access in a real sense.
However, in the existing SSO login unified user identity system, when a subsystem needs to use SSO login, a certain code needs to be written to complete the docking with the unified user identity system, a certain amount of work needs to be consumed, bugs may occur during the docking, and for a static site, access cannot be completed because server logic cannot be written.
Disclosure of Invention
Technical problem to be solved
In order to solve the above problems in the prior art, the present invention provides a method and a system for SSO login, which can solve the above technical problems.
(II) technical scheme
In order to achieve the purpose, the invention adopts a technical scheme that:
a method of SSO login comprising the steps of:
s1, intercepting a user request of a subsystem page by the OpenResty agent side, judging whether the current user state is a non-login state, if so, jumping to a unified identity management side, otherwise, sending a message to a server side;
s2, the unified identity management terminal performs SSO login;
and S3, after the login is successful, the OpenResty agent calls back the login to complete the login.
In order to achieve the purpose, the invention adopts another technical scheme as follows:
a system for SSO login, the system comprising:
s1, intercepting a user request of a subsystem page by the OpenResty agent side, judging whether the current user state is a non-login state, if so, jumping to a unified identity management side, otherwise, sending a message to a server side;
s2, the unified identity management terminal performs SSO login;
and S3, after the login is successful, the OpenResty agent calls back the login to complete the login.
(III) advantageous effects
The invention has the beneficial effects that: intercepting a user request of a subsystem page through an OpenResty proxy end, and judging whether the current user state is an unregistered state, if so, skipping to a unified identity management end, otherwise, sending a message to a server end; the uniform identity management terminal performs SSO login; after login is successful, the OpenResty agent performs callback on login to complete login, the work load is reduced by directly integrating SSO in Nginx by using the method for logging in the Nginx universal SSO realized by the OpenResty agent, and the problem that access cannot be completed because a static site cannot write server logic in the prior art is solved.
Drawings
FIG. 1 is a flow chart of a method for SSO login according to an embodiment of the present invention;
fig. 2 is a schematic overall structure diagram of an SSO login system according to an embodiment of the present invention.
[ description of reference ]
1: a system for SSO login;
2: an OpenResty agent end;
3: and (5) unifying the identity management ends.
Detailed Description
For the purpose of better explaining the present invention and to facilitate understanding, the present invention will be described in detail by way of specific embodiments with reference to the accompanying drawings.
Example one
Referring to fig. 1, an SSO login method includes the steps of:
s1, intercepting a user request of a subsystem page by the OpenResty agent side, judging whether the current user state is a non-login state, if so, jumping to a unified identity management side, otherwise, sending a message to a server side;
the message includes a user request and a user ID.
S2, the unified identity management terminal performs SSO login;
step S2 specifically includes:
and the unified identity management end performs SSO login, and if the login is successful, the unified identity management end sends identification information to the OpenResty agent end.
Specifically, the identification information is specifically a temporary Code;
and S3, after the login is successful, the OpenResty agent calls back the login to complete the login.
Step S3 specifically includes:
and the OpenResty agent side verifies the received identification information, if the verification is successful, the OpenResty agent side is marked as logged-in, and jumps to the subsystem for access.
Specifically, if the verification is successful, the Cookie is set to be marked as logged in.
Further comprising the steps of:
and adding a callback path in the location configuration of the OpenResty agent end for callback.
Specifically, a callback path __ ids _ callback is added in the location configuration for SSO login callbacks.
Example two
Referring to fig. 2, an SSO login system 1 includes:
s1, intercepting the user request of the subsystem page by the OpenResty agent terminal 2, and judging whether the current user state is a non-login state, if so, jumping to the unified identity management terminal 3, otherwise, sending a message to the server;
the message includes a user request and a user ID.
S2, the unified identity management terminal 3 performs SSO login;
step S2 specifically includes:
and the unified identity management terminal 3 performs SSO login, and if the login is successful, sends identification information to the OpenResty agent terminal 2.
Specifically, the identification information is specifically a temporary Code;
and S3, after the login is successful, the OpenResty agent end 2 calls back the login to complete the login.
Step S3 specifically includes:
and the OpenResty agent end 2 verifies the received identification information, if the verification is successful, the identification information is marked as logged-in, and the system jumps to a subsystem for access.
Specifically, if the verification is successful, the Cookie is set to be marked as logged in.
Further comprising the steps of:
a callback path is added in the location configuration of the OpenResty agent 2 for callback.
Specifically, a callback path __ ids _ callback is added in the location configuration for SSO login callbacks.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all equivalent changes made by using the contents of the present specification and the drawings, or applied directly or indirectly to the related technical fields, are included in the scope of the present invention.
Claims (10)
1. A method for SSO login, characterized by comprising the steps of:
s1, intercepting a user request of a subsystem page by the OpenResty agent side, judging whether the current user state is a non-login state, if so, jumping to a unified identity management side, otherwise, sending a message to a server side;
s2, the unified identity management terminal performs SSO login;
and S3, after the login is successful, the OpenResty agent calls back the login to complete the login.
2. The method of SSO login according to claim 1, wherein the message comprises a user request and a user ID.
3. The SSO login method according to claim 1, wherein the step S2 specifically comprises:
and the unified identity management end performs SSO login, and if the login is successful, the unified identity management end sends identification information to the OpenResty agent end.
4. The SSO login method according to claim 1, wherein the step S3 specifically comprises:
and the OpenResty agent side verifies the received identification information, if the verification is successful, the OpenResty agent side is marked as logged-in, and jumps to the subsystem for access.
5. The method for SSO login according to claim 1, further comprising the steps of:
and adding a callback path in the location configuration of the OpenResty agent end for callback.
6. A system for SSO login, the system comprising:
s1, intercepting a user request of a subsystem page by the OpenResty agent side, judging whether the current user state is a non-login state, if so, jumping to a unified identity management side, otherwise, sending a message to a server side;
s2, the unified identity management terminal performs SSO login;
and S3, after the login is successful, the OpenResty agent calls back the login to complete the login.
7. The SSO login system according to claim 1, wherein the message comprises a user request and a user ID.
8. The SSO login system according to claim 1, wherein the step S2 specifically comprises:
and the unified identity management end performs SSO login, and if the login is successful, the unified identity management end sends identification information to the OpenResty agent end.
9. The SSO login system according to claim 1, wherein the step S3 specifically comprises:
and the OpenResty agent side verifies the received identification information, if the verification is successful, the OpenResty agent side is marked as logged-in, and jumps to the subsystem for access.
10. The SSO login system according to claim 1, further comprising the steps of:
and adding a callback path in the location configuration of the OpenResty agent end for callback.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011600115.6A CN112751854A (en) | 2020-12-30 | 2020-12-30 | SSO login method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011600115.6A CN112751854A (en) | 2020-12-30 | 2020-12-30 | SSO login method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112751854A true CN112751854A (en) | 2021-05-04 |
Family
ID=75646955
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011600115.6A Pending CN112751854A (en) | 2020-12-30 | 2020-12-30 | SSO login method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112751854A (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111444495A (en) * | 2020-05-20 | 2020-07-24 | 江苏易安联网络技术有限公司 | System and method for realizing single sign-on based on container |
CN111988360A (en) * | 2020-07-17 | 2020-11-24 | 西安抱朴通信科技有限公司 | Session management method in cloud platform, storage medium and electronic device |
-
2020
- 2020-12-30 CN CN202011600115.6A patent/CN112751854A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111444495A (en) * | 2020-05-20 | 2020-07-24 | 江苏易安联网络技术有限公司 | System and method for realizing single sign-on based on container |
CN111988360A (en) * | 2020-07-17 | 2020-11-24 | 西安抱朴通信科技有限公司 | Session management method in cloud platform, storage medium and electronic device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11750444B2 (en) | Implementation of compliance settings by a mobile device for compliance with a configuration scenario | |
US9692846B2 (en) | System, device and method for providing push service using feedback message | |
CN108900562B (en) | Login state sharing method and device, electronic equipment and medium | |
CN105354488A (en) | Application installation method, related apparatus and application installation system | |
CN112714158B (en) | Transaction processing method, relay network, cross-link gateway, system, medium and equipment | |
CN103888409A (en) | Distributed unified authentication method and system | |
CN105844146B (en) | Method and device for protecting driver and electronic equipment | |
CN112188493A (en) | Authentication method, system and related equipment | |
CN102752327A (en) | Method, system and device for performing interaction between terminals and cloud server | |
CN103164260B (en) | Application management system and method for mobile terminal | |
CN113221093B (en) | Single sign-on system, method, equipment and product based on block chain | |
CN112838951B (en) | Operation and maintenance method, device and system of terminal equipment and storage medium | |
CN111614548A (en) | Message pushing method and device, computer equipment and storage medium | |
CN112448956B (en) | Authority processing method and device of short message verification code and computer equipment | |
CN111092936A (en) | Application service authority management method and terminal based on cloud platform | |
WO2022042140A1 (en) | Data processing method and apparatus, electronic device, and storage medium | |
CN104767614A (en) | Information authentication method and device | |
CN113938886A (en) | Identity authentication platform test method, device, equipment and storage medium | |
CN110086827A (en) | A kind of SQL injection method of calibration, server and system | |
CN114124929A (en) | Cross-network data processing method and device | |
CN113542260B (en) | Voice transmission method for warehouse based on distribution mode | |
CN112751854A (en) | SSO login method and system | |
EP3975499A1 (en) | Authentication method and device, computing equipment and medium | |
CN105610855A (en) | Method and device for login verification of cross-domain system | |
US20150163178A1 (en) | Push notification-based remote control method and apparatus for the same |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210504 |
|
RJ01 | Rejection of invention patent application after publication |