CN101127603B - A method for single point login of portal website and IMS client - Google Patents
A method for single point login of portal website and IMS client Download PDFInfo
- Publication number
- CN101127603B CN101127603B CN2007101439656A CN200710143965A CN101127603B CN 101127603 B CN101127603 B CN 101127603B CN 2007101439656 A CN2007101439656 A CN 2007101439656A CN 200710143965 A CN200710143965 A CN 200710143965A CN 101127603 B CN101127603 B CN 101127603B
- Authority
- CN
- China
- Prior art keywords
- authentication
- portal
- ims client
- user
- website
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The utility model discloses a method of realizing single sign on for portal website and an IMS client side, which adopts the technical proposal that: after a user signs on the IMS client side, the authentication request of the user is sent to a authentication portal of portals which is the same as of the IMS client side in authentication information using a portal website address and an access branch which are pre-configured in own configuration file by the IMS client side; after the returned authentication response of the authentication portal is received, the user password is encrypted before sent to the authentication portal for authenticating; if the authentication passes, the returned authentication of the portals is written into the cookie area of a web browser through the cookie information; the IMS client side comprises a firstly authenticating module and an encrypt module. The utility model solves the problem that the authentication information needs to be written into again when the portal website is the same as the IMS client side in the authentication information is needed to be signed on after the IMS client side is signed on. The utility model also decreases the possibility of the user information leakage at the same time.
Description
Technical field
The present invention relates to computer networking technology, relate in particular to a kind of method and IMS client that realizes portal website's single-sign-on.
Background technology
IMS (IP Multimedia Subsystem, IP Multimedia System) is all quite wide system of a scale and range of application, from user's expenditure, relate to the application that not only comprises PC, pocketPC (palmtop PC) client and personal mobile phone side in the application of IMS, also comprise the application of system of portal website etc. simultaneously.As if in a word, so long as people's electronic information environment that can touch now, the ground of using of IMS is arranged all.
Relation between the IMS of every field uses in the prior art is inseparable, and the IMS of different field has close relevance between using sometimes, therefore has the system of close association for these, and the user can use same authentication information to enter.Just because of this, can bring a place that allows the user feel inconvenience: if promptly a user's authority or demand are many, he should login the IMS client probably, logining system of certain portal website (as Enterprise Portal Website Development) again operates, in this case, the user needs input authentication information when login IMS client, when system of login portal website, need again to import same authentication information once more, thereby cause the user on same terminal, to need the same authentication information of frequent input to login different IMS application systems.
More seriously, if the integrated interface of part portal website in the IMS client, in this case, when in the IMS client, clicking the linking button of this portal website, need import one time authentication information equally again, thereby seriously reduce user's experience.
Summary of the invention
The invention provides a kind of method and IMS client that realizes portal website's single-sign-on, in order to solve user in the prior art after login IMS client if when needing the login portal website identical with this IMS client certificate information, the problem of input authentication information once more.
A kind of method that realizes portal website's single-sign-on comprises step:
After A, user logined the IMS client, the IMS client was utilized portal website address pre-configured in self configuration file and visit branch, sent this user's authentication request to the verification portal of the portal website identical with IMS client certificate information;
After B, IMS client are received the authentication response that verification portal returns, mail to verification portal after user cipher encrypted and authenticate;
C, if the authentication pass through, then the cookie information passed through of IMS client authentication that portal website is returned writes the cookie district of web browser, and the maximum that the record verification portal requires authenticates duration at interval, described IMS client is provided with authentication duration at interval according to maximum authentication interval duration, regularly user cipher being sent to the verification portal side authenticates, obtain the cookie information that the authentication upgraded is passed through, it is write the cookie district of web browser, wherein, described authentication at interval duration be less than or equal to maximum authentication duration at interval.
Also comprise step behind the described step C:
D, when the user logins website, cervical orifice of uterus family under described portal website or the described portal website by the IMS client, the cookie information that web browser passes through the authentication of record in the cookie district sends to the Website server side;
E, Website server are redirected to described verification portal with described cookie information, and verification portal is determined this user authentication by described portal website, then with page reorientation to the website that the user asks to login.
Among the described step B, user cipher is encrypted through SHA1 (Secure Hash Algorithm 1, Secure Hash Algorithm) earlier, encrypted through MD5 (Message-Digest Algorithm 5, md5-challenge) again.
A kind of IMS client comprises authentication module, timing authentication module and encrypting module first, wherein,
Authentication module first, after the user logins the IMS client, be used for utilizing pre-configured portal website address of IMS client configuration file and visit branch, send this user's authentication request to the verification portal of the portal website identical with IMS client certificate information, and the user cipher after will encrypting after receiving authentication response mails to verification portal and authenticates, and the cookie district that the cookie information that the authentication that portal website returns is passed through is write web browser;
The timing authentication module, after authentication is passed through, the maximum authentication interval duration that is used for to be less than or equal to portal website is an authentication duration at interval, regularly user cipher being sent to the verification portal side authenticates, obtaining the cookie information that the authentication upgraded is passed through, and it is write the cookie district of web browser.
Encrypting module is used for user cipher is carried out encryption.
In the technical scheme of the present invention, after the user logins the IMS client, the IMS client sends this user's authentication request to the verification portal of the portal website identical with IMS client certificate information, after receiving the authentication response that verification portal returns, authenticate mailing to verification portal after the user cipher encryption, if authentication is passed through, then the cookie information passed through of the authentication that portal website is returned writes the cookie district of web browser, thereby solved the user after login IMS client if when needing the login portal website identical with this IMS client certificate information, need the problem of input authentication information once more, reduced the possibility that user profile is revealed, allowed the integrated web portal access of IMS client really become a kind of facility.
Further; the IMS client can write down the maximum authentication interval duration that verification portal requires when the cookie information that the authentication that portal website is returned is passed through writes the cookie district of web browser; thereby make the IMS client authentication duration at interval to be set according to maximum authentication interval duration; regularly user cipher being sent to the verification portal side authenticates; to obtain the cookie information that the authentication upgraded is passed through; guarantee as long as the user is online; just can not cause authenticating overtime situation takes place; and unusual if the IMS client takes place, also can allow authentication information lose efficacy in the short period of time with the safety of protection user profile.
Description of drawings
Fig. 1 realizes the flow chart of the method for portal website's single-sign-on for the present invention;
Fig. 2 is the structured flowchart of IMS client of the present invention.
Embodiment
Below in conjunction with each accompanying drawing specific implementation process of the present invention is further described in detail.
See also Fig. 1, this figure is the flow chart that the present invention realizes the method for portal website's single-sign-on, and its main implementation procedure is:
After step 10, user login the IMS client, the IMS client in IMS HSS (HomeSubscriber Server, home subscriber server) and GM (Group Management, management and group) server in register.
Step 11, IMS client are utilized portal website address pre-configured in self configuration file and visit branch, send this user's authentication request to the verification portal of the portal website identical with IMS client certificate information, URI (the Uniform Resource Identifier that comprises the user in the described authentication request, unified resource sign) and Nounce (random number) obtain request, " UE " field in the authentication request is got 1000 value, represents the request of this http stream for beginning to authenticate.
The conditional code that step 12, IMS client are returned from verification portal is to obtain the Nonce that verification portal distributes 401 the http stream.
Step 13, IMS client are encrypted user cipher earlier with the SHA1 cryptographic algorithm after again through the md5 encryption algorithm for encryption, the Nonce of the user cipher after encrypting and step 12 acquisition is mail to verification portal in the lump to be authenticated, " UE " field is got 1001 value at this moment, represents that this http stream is with going up real authentication information.
Step 14, if authentication is passed through, then verification portal is 200 a http stream to IMS client return state sign indicating number.
The conditional code that step 15, IMS client are returned from verification portal is to obtain 200 the http stream in cookie information that authentication passes through and the cookie district that writes web browser, comprises user's URI and token Token etc. in the content of described cookie information.After this user can directly visit the center door and need not import username and password in the Cookie term of validity.
In this step, the IMS client need write down the maximum authentication interval duration that verification portal requires when the cookie information that the authentication that portal website is returned is passed through writes the cookie district of web browser.
In the method for the invention, described IMS client is reference with the maximum authentication interval duration that verification portal requires, authentication duration at interval is set to be less than or equal to the maximum authentication value of duration at interval, the IMS client according to this authentication at interval the requirement of duration regularly user cipher is sent to the verification portal side and authenticates, the detailed process of authentication as above-mentioned step 11 as described in the step 15, the IMS client is after the cookie information that the authentication of having obtained renewal is passed through, it is write the cookie district of web browser, this process can rerun with the form of timer under the online situation of IMS client, validity with assurance cookie also is the lasting effectiveness that the IMS client authenticates under online situation, " UE " field value when sending in this process is 1002, is expressed as the authentication request that timing mechanism sends.
Step 16, when the user logins website, cervical orifice of uterus family under described portal website or the described portal website by the IMS client, the cookie information that web browser passes through the authentication of record in the cookie district sends to the Website server side.
Step 17, Website server are redirected to described verification portal with described cookie information, and verification portal authenticates this user according to the content of cookie information, pass through if authenticate, and execution in step 18, otherwise, execution in step 19.
On the Website page that step 18, verification portal ask that page reorientation login to the user.
To login page, the user imports log-on message in login page after, Website server authenticates page reorientation once more to verification portal with page reorientation for step 19, verification portal, pass through if authenticate, and execution in step 18, otherwise repeat this step.
Corresponding to said method of the present invention, the present invention and then disclose a kind of IMS client sees also Fig. 2, and this figure is the structured flowchart of IMS client of the present invention, it mainly comprises authentication module, encrypting module and timing authentication module first, and wherein the main effect of each module is as follows:
Authentication module first, after the user logins the IMS client, be used for utilizing pre-configured portal website address of IMS client configuration file and visit branch, send this user's authentication request to the verification portal of the portal website identical with IMS client certificate information, and the user cipher after will encrypting after receiving authentication response mails to verification portal and authenticates, and the cookie district that the cookie information that the authentication that portal website returns is passed through is write web browser;
Encrypting module is used for user cipher is carried out encryption, after user cipher is encrypted with the SHA1 cryptographic algorithm earlier again through the md5 encryption algorithm for encryption;
The timing authentication module, after authentication is passed through, the maximum authentication interval duration that is used for to be less than or equal to portal website is an authentication duration at interval, regularly user cipher being sent to the verification portal side authenticates, obtaining the cookie information that the authentication upgraded is passed through, and it is write the cookie district of web browser.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (4)
1. a method that realizes portal website's single-sign-on is characterized in that, comprises step:
After A, user login IMS and are the IP Multimedia System client, the IMS client is utilized portal website address pre-configured in self configuration file and visit branch, sends this user's authentication request to the verification portal of the portal website identical with IMS client certificate information;
After B, IMS client are received the authentication response that verification portal returns, mail to verification portal after user cipher encrypted and authenticate;
C, if the authentication pass through, then the cookie information passed through of IMS client authentication that portal website is returned writes the cookie district of web browser, and the maximum that the record verification portal requires authenticates duration at interval, described IMS client is provided with authentication duration at interval according to maximum authentication interval duration, regularly user cipher being sent to the verification portal side authenticates, obtain the cookie information that the authentication upgraded is passed through, it is write the cookie district of web browser, wherein, described authentication at interval duration be less than or equal to maximum authentication duration at interval.
2. the method for claim 1 is characterized in that, also comprises step behind the described step C:
D, when the user logins website, cervical orifice of uterus family under described portal website or the described portal website by the IMS client, the cookie information that web browser passes through the authentication of record in the cookie district sends to the Website server side;
E, Website server are redirected to described verification portal with described cookie information, and verification portal is determined this user authentication by described portal website, then with page reorientation to the website that the user asks to login.
3. the method for claim 1 is characterized in that, among the described step B, is that Secure Hash Algorithm is encrypted through SHA1 earlier with user cipher, is that md5-challenge is encrypted through MD5 again.
4. an IMS client is characterized in that, comprises authentication module, timing authentication module and encrypting module first, wherein,
Authentication module first, after the user logins the IMS client, be used for utilizing pre-configured portal website address of IMS client configuration file and visit branch, send this user's authentication request to the verification portal of the portal website identical with IMS client certificate information, and the user cipher after will encrypting after receiving authentication response mails to verification portal and authenticates, and the cookie district that the cookie information that the authentication that portal website returns is passed through is write web browser;
The timing authentication module, after authentication is passed through, the maximum authentication interval duration that is used for to be less than or equal to portal website is an authentication duration at interval, regularly user cipher being sent to the verification portal side authenticates, obtaining the cookie information that the authentication upgraded is passed through, and it is write the cookie district of web browser;
Encrypting module is used for user cipher is carried out encryption.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101439656A CN101127603B (en) | 2007-08-16 | 2007-08-16 | A method for single point login of portal website and IMS client |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101439656A CN101127603B (en) | 2007-08-16 | 2007-08-16 | A method for single point login of portal website and IMS client |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101127603A CN101127603A (en) | 2008-02-20 |
| CN101127603B true CN101127603B (en) | 2010-08-04 |
Family
ID=39095540
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101439656A Active CN101127603B (en) | 2007-08-16 | 2007-08-16 | A method for single point login of portal website and IMS client |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101127603B (en) |
Families Citing this family (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101262350B (en) * | 2008-04-23 | 2012-02-08 | 杭州华三通信技术有限公司 | A realization method, system and device for Portal dual host hot swap |
| CN101286843B (en) * | 2008-06-03 | 2010-08-18 | 江西省电力信息通讯有限公司 | Single-point login method under point-to-point model |
| CN101296085B (en) * | 2008-06-23 | 2011-07-13 | 中兴通讯股份有限公司 | Authentication method and system based on bifurcation, and bifurcation authentication system |
| CN101741817B (en) * | 2008-11-21 | 2013-02-13 | 中国移动通信集团安徽有限公司 | System, device and method for multi-network integration |
| CN101662475B (en) * | 2009-09-24 | 2012-06-13 | 中兴通讯股份有限公司 | Authentication method of accessing WAPI terminal into IMS network, system thereof and terminal thereof |
| EP2506615B1 (en) * | 2009-11-26 | 2019-07-24 | China Mobile Communications Corporation | Authentication system, method and device |
| CN101827112B (en) * | 2010-05-25 | 2016-05-11 | 中兴通讯股份有限公司 | The method and system of recognizing client software through network authentication server |
| CN102347964B (en) * | 2010-07-27 | 2016-02-24 | 腾讯科技(深圳)有限公司 | Log in the method for website, system, information aggregation platform and website |
| CN102447670A (en) * | 2010-09-30 | 2012-05-09 | 鸿富锦精密工业(深圳)有限公司 | Account verification method |
| CN102591889A (en) * | 2011-01-17 | 2012-07-18 | 腾讯科技(深圳)有限公司 | Method and device for assisting user input based on browser of mobile terminal |
| WO2012129985A1 (en) * | 2011-03-29 | 2012-10-04 | 中兴通讯股份有限公司 | Method and system for single sign-on |
| CN102404392A (en) * | 2011-11-10 | 2012-04-04 | 山东浪潮齐鲁软件产业股份有限公司 | Integration type registering method for web application or website |
| CN103200159B (en) * | 2012-01-04 | 2016-06-22 | 中国移动通信集团公司 | A kind of Network Access Method and equipment |
| CN103379105A (en) * | 2012-04-23 | 2013-10-30 | 金蝶软件(中国)有限公司 | Access method and system for enterprise information system in application platform |
| CN103491062B (en) * | 2012-06-13 | 2017-03-22 | 北京新媒传信科技有限公司 | Method and device for generating password |
| CN102739678B (en) * | 2012-06-28 | 2015-09-02 | 用友软件股份有限公司 | Single-sign-on treatment system and single-sign-on processing method |
| CN104065674A (en) * | 2013-03-18 | 2014-09-24 | 联想(北京)有限公司 | Terminal device and information processing method |
| CN103179125B (en) * | 2013-03-25 | 2016-08-31 | 北京奇虎科技有限公司 | The display methods of website authentication information and browser |
| CN103179134A (en) * | 2013-04-19 | 2013-06-26 | 中国建设银行股份有限公司 | Single sign on method and system based on Cookie and application server thereof |
| CN103647746A (en) * | 2013-11-01 | 2014-03-19 | 北京奇虎科技有限公司 | User login method, device and system |
| CN104917728A (en) * | 2014-03-13 | 2015-09-16 | 盈止道明(北京)科技发展有限公司 | Implementation method of cross-terminal single sign-on system |
| SE538485C2 (en) * | 2014-08-08 | 2016-08-02 | Identitrade Ab | Method and system for authenticating a user |
| CN104270391B (en) * | 2014-10-24 | 2018-10-19 | 中国建设银行股份有限公司 | A kind of processing method and processing device of access request |
| CN105812314B (en) * | 2014-12-29 | 2019-11-29 | 北京新媒传信科技有限公司 | A kind of user logs in the method and unification authentication platform of internet application |
| CN107220260B (en) | 2016-03-22 | 2020-07-24 | 阿里巴巴集团控股有限公司 | Page display method and device |
| CN113726772B (en) * | 2021-08-30 | 2023-07-07 | 深圳平安智慧医健科技有限公司 | Method, device, equipment and storage medium for realizing online inquiry session |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1416072A (en) * | 2002-07-31 | 2003-05-07 | 华为技术有限公司 | Method for realizing portal authentication based on protocols of authentication, charging and authorization |
| CN1478348A (en) * | 2000-11-30 | 2004-02-25 | �Ҵ���˾ | Secure session management and authentication for WEB sites |
| CN1556634A (en) * | 2004-01-05 | 2004-12-22 | 中兴通讯股份有限公司 | Comprehensive business platform and its business flow path control method |
| US7089310B1 (en) * | 2000-06-13 | 2006-08-08 | Tellme Networks, Inc. | Web-to-phone account linking using a linking code for account identification |
| CN1946022A (en) * | 2006-10-31 | 2007-04-11 | 华为技术有限公司 | Method and system for switching third party landing and third party network and service server |
-
2007
- 2007-08-16 CN CN2007101439656A patent/CN101127603B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7089310B1 (en) * | 2000-06-13 | 2006-08-08 | Tellme Networks, Inc. | Web-to-phone account linking using a linking code for account identification |
| CN1478348A (en) * | 2000-11-30 | 2004-02-25 | �Ҵ���˾ | Secure session management and authentication for WEB sites |
| CN1416072A (en) * | 2002-07-31 | 2003-05-07 | 华为技术有限公司 | Method for realizing portal authentication based on protocols of authentication, charging and authorization |
| CN1556634A (en) * | 2004-01-05 | 2004-12-22 | 中兴通讯股份有限公司 | Comprehensive business platform and its business flow path control method |
| CN1946022A (en) * | 2006-10-31 | 2007-04-11 | 华为技术有限公司 | Method and system for switching third party landing and third party network and service server |
Non-Patent Citations (1)
| Title |
|---|
| 全文. |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101127603A (en) | 2008-02-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101127603B (en) | A method for single point login of portal website and IMS client | |
| CN101507233B (en) | Method and apparatus for providing trusted single sign-on access to applications and internet-based services | |
| CN1323508C (en) | A Single Sign On method based on digital certificate | |
| CN103685282B (en) | A kind of identity identifying method based on single-sign-on | |
| Huang et al. | Further observations on smart-card-based password-authenticated key agreement in distributed systems | |
| CN101938473B (en) | Single-point login system and single-point login method | |
| CN101282222B (en) | Digital signature method based on CSK | |
| CN104767731B (en) | A kind of Restful move transactions system identity certification means of defence | |
| CN110995418B (en) | Cloud storage authentication method and system, edge computing server and user router | |
| CN101212293B (en) | Identity authentication method and system | |
| CN102739658B (en) | A kind of offline verification method of single-sign-on | |
| CN104753881B (en) | A kind of WebService safety certification access control method based on software digital certificate and timestamp | |
| CN109361508B (en) | Data transmission method, electronic device and computer readable storage medium | |
| US20120254622A1 (en) | Secure Access to Electronic Devices | |
| CN102647461A (en) | Communication method, server and terminal based on HTTP (Hypertext Transfer Protocol) | |
| CN101925910B (en) | License authentication system and authentication method | |
| CN110225050B (en) | JWT token management method | |
| CN101022337A (en) | Network identification card realizing method | |
| CN103312691A (en) | Method and system for authenticating and accessing cloud platform | |
| Mukhopadhyay et al. | An Anti-Phishing mechanism for single sign-on based on QR-code | |
| CN101702647B (en) | Management method of Cookie information and Cookie server | |
| CN101772024A (en) | User identification method, device and system | |
| CN104683306A (en) | Safe and controllable internet real-name certification mechanism | |
| WO2009053818A3 (en) | Method and apparatus for providing secure linking to a user identity in a digital rights management system | |
| CN114731273A (en) | Cryptographically secure data protection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |