CN102571762A - Method and device for single sign-on - Google Patents
Method and device for single sign-on Download PDFInfo
- Publication number
- CN102571762A CN102571762A CN2011104320382A CN201110432038A CN102571762A CN 102571762 A CN102571762 A CN 102571762A CN 2011104320382 A CN2011104320382 A CN 2011104320382A CN 201110432038 A CN201110432038 A CN 201110432038A CN 102571762 A CN102571762 A CN 102571762A
- Authority
- CN
- China
- Prior art keywords
- request
- sign
- configuration parameter
- access request
- network server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a device for single sign-on. The method includes that a gateway receives a request that a client accesses an intranet server, when the access request is a single sign-on request, whether a local end stores corresponding configuration parameters of the access request is inquired. The configuration parameters comprise user names, passwords and input box parameters. When the configuration parameters are stored, the intranet server of the access request is logged in according to the configuration parameters. The method and the device for the single sign-on reduce workload of administrators and maintenance cost.
Description
Technical field
The present invention relates to communication field, specially refer to a kind of method and apparatus of single-sign-on.
Background technology
Single-sign-on (Single Sign On; SSO) be one of solution of integrating of the at present popular all kinds of organization businesses that comprise enterprise; Make that in a plurality of application systems the user only need login other application system that once just can visit all mutual trusts.
At present, very general based on the office system of WEB technology, along with organizing the more and more huger of web office system; Brought convenience for everybody work; But because each system is independent mutually, system of the every use of user all will login corresponding platform and just can operate, and this uses to the user and brings a lot of extra and repeated operation; Accordingly a little modifications to be made by system in order addressing this problem much to organize all, even to build a system that is specifically designed to the realization single-sign-on.With reference to Fig. 1, shown in Figure 1 is traditional single-node login system application scenarios, and existing technology is through service end configuration registry parameter such as user name, password and input frame parameter; Be issued to client then; Press the arrangement list by client and submit to, the simulation request, thus realize single-sign-on.This scheme need all dispose login parameters accurately in each system, and is loaded down with trivial details and a lot of limitation are arranged, and must formulate unified rule like username and password, is convenient to unified management etc., brings bigger workload and maintenance cost to the keeper.
Summary of the invention
Main purpose of the present invention is the method and apparatus that a kind of single-sign-on is provided, and has reduced keeper's workload and maintenance cost.
The present invention proposes a kind of method of single-sign-on, comprising:
Gateway is received the request of network server in the client-access, and this access request is when being the single-sign-on request, and whether the inquiry local terminal stores said access request configuration parameter corresponding; Said configuration parameter comprises user name, password and input frame parameter;
When storing said configuration parameter, login the interior network server of said access request according to said configuration parameter.
Preferably, said method also comprises:
When not storing said configuration parameter, resend the access request of carrying said configuration parameter through said Intranet server prompts user;
Catch said configuration parameter, and be stored in local terminal.
Preferably, before whether execution in step inquiry local terminal stores said access request configuration parameter corresponding, also comprise:
Attribute field through preset checks whether said access request is the single-sign-on request.
Preferably, said method also comprises:
When the non-single-sign-on request of said access request, obtain the configuration parameter in this access request, and be stored in local terminal.
Preferably, the said single-sign-on request single-sign-on request that is http protocol.
The present invention also proposes a kind of equipment of single-sign-on, comprising:
Enquiry module is used to receive the request of network server in the client-access, and this access request is when being the single-sign-on request, and whether the inquiry local terminal stores said access request configuration parameter corresponding; Said configuration parameter comprises user name, password and input frame parameter;
The single-sign-on module is used for when storing said configuration parameter, according to the interior network server of the said access request of said configuration parameter single-sign-on.
Preferably, said device also comprises:
Trapping module is used for when not storing said configuration parameter, resends the access request of carrying said configuration parameter through said Intranet server prompts user; And catch said configuration parameter, and be stored in local terminal.
Preferably, said device also comprises:
The inspection module is used for checking through preset attribute field whether said access request is the single-sign-on request.
Preferably, said trapping module also is used for:
When the non-single-sign-on request of said access request, obtain the configuration parameter in this access request, and be stored in local terminal.
Preferably, the said single-sign-on request single-sign-on request that is http protocol.
The method and apparatus of the single-sign-on that the present invention proposes; Through catching the configuration parameter of each server of Intranet resource in the logging request, and be stored in gateway, when next user clicks resource and connects; Gateway can use the configuration parameter of having preserved directly to send request to the Intranet Resource Server; Because the configuration parameter of login usefulness is included in the request all, so Unsupervised member's configuration has reduced keeper's workload and maintenance cost.
Description of drawings
Fig. 1 is the application scenarios sketch map of the single-node login system of prior art;
Fig. 2 is the schematic flow sheet of method one embodiment of single-sign-on of the present invention;
Fig. 3 is the structural representation of equipment one embodiment of single-sign-on of the present invention.
The realization of the object of the invention, functional characteristics and advantage will combine embodiment, further specify with reference to accompanying drawing.
Embodiment
Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
With reference to Fig. 2, method one embodiment of single-sign-on of the present invention is proposed, comprising:
Step S101, configuration single-sign-on request address.According to the setting of keeper on the backstage; VPN (Virtual Private Network; VPN) gateway device such as server configuration single-sign-on request address tabulation; Other non-access request address through configuration directly is sent in the purpose network server by gateway and handles according to common login process.
Step S102, in receiving the visit that client is sent during the request of network server, judge the whether single-sign-on request of said access request.
When the WEB resource of user through network server in the client-access; Client is sent access request to gateway; Gateway checks that whether this access request carry a preset attribute field (this attribute field is used to distinguish the request of network server in each) with the form of post or get, as receives this attribute field, explains that above-mentioned access request is the client single-sign-on request that sending and receiving go out according to single-sign-on request address chain of lists; Then get into step S103, otherwise get into step S106.
Whether step S103, inquiry local terminal store said access request configuration parameter corresponding; Said configuration parameter comprises user name, password and input frame parameter;
Gateway local terminal inquiry whether preserve this single-sign-on request the configuration parameter of the interior network server that will visit, be then to get into step S104; Otherwise get into step S105.
Step S104: submit network server in said access request to the purpose to, carry out single-sign-on, and get into step S108 according to said configuration parameter.
Step S105, with said access request directly send to said in network server, and get into step S108.
Whether the address of step S106, the said access request of detection is the pre-configured logging request address of gateway, is then to get into step S107, otherwise gets into step S105.
Step S107, gateway are caught configuration parameter, are stored in and send access request to interior network server behind the local terminal.
Step S108, interior network server receive the access request that gateway sends, and to this access request authentication, for the access request of carrying configuration parameter, allow single-sign-on.Do not belong to the access request of the logging request address of configuration for reference address, directly handle by common login process.
For the access request of not carrying configuration parameter, this access request is directly sent to interior network server, Intranet server notification this moment client turns back to the single-sign-on page, requires the user to pass through username and password and logins again, sends access request.After the user had submitted log-on message to, gateway was intercepted and captured this access request, and configuration parameters such as the user name in the said access request, password, input frame parameter are noted, and accomplished catching of configuration parameter.When the user once more through single-sign-on address list visit should in during network server, just need not to import once more username and password, can accomplish single-sign-on through the username and password of gateway stored.
Present embodiment is through catching the configuration parameter of each server of Intranet resource in the logging request, and preserves gateway, and when next user clicked resource and connects, gateway can use the configuration parameter of having preserved directly to send request to the Intranet Resource Server.Therefore; When the configuration parameter of network server changes in a certain; Also need not reconfigure once at gateway, only needing the user to login again once should get final product by interior network server, greatly reduces keeper's requirement and keeper's workload and maintenance work.
Present embodiment is particularly useful for the single-node login system based on http protocol.Because in the single-node login system that adopts the WEB system, when client login first a certain in during network server, the access request of the http protocol that client is sent has all been carried configuration parameters such as user name, password, input frame.Therefore can be so that gateway be caught the configuration parameter of network server in each easily.
With reference to Fig. 3, equipment one embodiment of single-sign-on of the present invention is proposed, comprising:
Whether inspection module 10, being used for through preset attribute field inspection access request is the single-sign-on request.
Enquiry module 20 is used to receive the request of network server in the client-access, and this access request is when being the single-sign-on request, and whether the inquiry local terminal stores said access request configuration parameter corresponding; Said configuration parameter comprises user name, password and input frame parameter;
Single-sign-on module 30 is used for when storing said configuration parameter, according to the interior network server of the said access request of said configuration parameter single-sign-on.
Trapping module 40 is used for when not storing said configuration parameter, resends the access request of carrying said configuration parameter through said Intranet server prompts user; And catch said configuration parameter, and be stored in local terminal.
The equipment of the single-sign-on of present embodiment can be gateway devices such as vpn server, also can be equipment or the acting server that is internal or external at gateway.At first, according to the setting of keeper on the backstage, the tabulation of gateway configuration single-sign-on request address, client is carried out single-sign-on through the link of this tabulation.
When the WEB resource of user through network server in the client-access; Client is sent access request to gateway; Inspection module 10 checks that whether this access request carry a preset attribute field (this attribute field is used to distinguish the request of network server in each) with the form of post or get; As receive this attribute field, explain that above-mentioned access request is the client single-sign-on request that sending and receiving go out according to single-sign-on request address chain of lists, otherwise be common logging request.For common logging request, gateway directly sends to network server in the correspondence in the WEB Intranet resource with this access request, and network server responds after handling by common login process in this, is accepted the response of interior network server and is fed back to client by gateway.
For the single-sign-on request; Enquiry module 20 local terminal inquiry whether preserve this single-sign-on request the configuration parameter of the interior network server that will visit; Be that then single-sign-on module 30 is submitted network server in said single-sign-on request to the purpose to, should interior network server according to said configuration parameter single-sign-on.Otherwise trapping module 40 directly sends to interior network server with this single-sign-on request; After this single-sign-on request of Intranet discovering server this moment does not have and carries relevant configured parameter; The notice client turns back to login page, requires the user to pass through username and password and logins again, sends access request.After the user had submitted log-on message to, trapping module 40 was intercepted and captured this access request, and configuration parameters such as the user name in the said access request, password, input frame parameter are noted, and accomplished catching of configuration parameter.When the user once more through single-sign-on address list visit should in during network server, just need not to import once more username and password, can accomplish single-sign-on through the username and password of gateway stored.
Present embodiment is through catching the configuration parameter of each server of Intranet resource in the logging request, and is stored in gateway, and when next user clicked resource and connects, gateway can use the configuration parameter of having preserved directly to send request to the Intranet Resource Server.Therefore; When the configuration parameter of network server changes in a certain; Also need not reconfigure once at gateway, only needing the user to login again once should get final product by interior network server, greatly reduces keeper's requirement and keeper's workload and maintenance work.
Present embodiment is particularly useful for the single-node login system based on http protocol.Because in the single-node login system that adopts the WEB system, when client login first a certain in during network server, the access request of the http protocol that client is sent has all been carried configuration parameters such as user name, password, input frame.Therefore can be so that gateway be caught the configuration parameter of network server in each easily.
The above is merely the preferred embodiments of the present invention; Be not so limit claim of the present invention; Every equivalent structure or equivalent flow process conversion that utilizes specification of the present invention and accompanying drawing content to be done; Or directly or indirectly be used in other relevant technical fields, all in like manner be included in the scope of patent protection of the present invention.
Claims (10)
1. the method for a single-sign-on is characterized in that, comprising:
Gateway is received the request of network server in the client-access, and this access request is when being the single-sign-on request, and whether the inquiry local terminal stores said access request configuration parameter corresponding; Said configuration parameter comprises user name, password and input frame parameter;
When storing said configuration parameter, login the interior network server of said access request according to said configuration parameter.
2. the method for claim 1 is characterized in that, also comprises:
When not storing said configuration parameter, resend the access request of carrying said configuration parameter through said Intranet server prompts user;
Catch said configuration parameter, and be stored in local terminal.
3. according to claim 1 or claim 2 method is characterized in that, before whether execution in step inquiry local terminal stores said access request configuration parameter corresponding, also comprises:
Attribute field through preset checks whether said access request is the single-sign-on request.
4. according to claim 1 or claim 2 method is characterized in that, also comprises:
When the non-single-sign-on request of said access request, obtain the configuration parameter in this access request, and be stored in local terminal.
5. like each described method in the claim 1 to 3, it is characterized in that the single-sign-on request that said single-sign-on request is a http protocol.
6. the equipment of a single-sign-on is characterized in that, comprising:
Enquiry module is used to receive the request of network server in the client-access, and this access request is when being the single-sign-on request, and whether the inquiry local terminal stores said access request configuration parameter corresponding; Said configuration parameter comprises user name, password and input frame parameter;
The single-sign-on module is used for when storing said configuration parameter, according to the interior network server of the said access request of said configuration parameter single-sign-on.
7. equipment as claimed in claim 6 is characterized in that, also comprises:
Trapping module is used for when not storing said configuration parameter, resends the access request of carrying said configuration parameter through said Intranet server prompts user; And catch said configuration parameter, and be stored in local terminal.
8. like claim 6 or 7 described equipment, it is characterized in that, also comprise:
The inspection module is used for checking through preset attribute field whether said access request is the single-sign-on request.
9. like claim 6 or 7 described equipment, it is characterized in that said trapping module also is used for:
When the non-single-sign-on request of said access request, obtain the configuration parameter in this access request, and be stored in local terminal.
10. like claim 6 or 7 described equipment, it is characterized in that the single-sign-on request that said single-sign-on request is a http protocol.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011104320382A CN102571762A (en) | 2011-12-21 | 2011-12-21 | Method and device for single sign-on |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011104320382A CN102571762A (en) | 2011-12-21 | 2011-12-21 | Method and device for single sign-on |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102571762A true CN102571762A (en) | 2012-07-11 |
Family
ID=46416241
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011104320382A Pending CN102571762A (en) | 2011-12-21 | 2011-12-21 | Method and device for single sign-on |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102571762A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103384246A (en) * | 2013-06-20 | 2013-11-06 | 广州赛姆科技资讯有限公司 | Safety supervision system login assistant method |
| CN103856493A (en) * | 2012-11-28 | 2014-06-11 | 纽海信息技术(上海)有限公司 | Cross domain login system and method |
| CN103888430A (en) * | 2012-12-21 | 2014-06-25 | 鸿富锦精密工业(深圳)有限公司 | Single-point registration system and method |
| CN104168304A (en) * | 2013-05-16 | 2014-11-26 | 三星Sds株式会社 | System and method for single-sign-on in virtual desktop infrastructure environment |
| CN104333557A (en) * | 2014-11-19 | 2015-02-04 | 成都卫士通信息安全技术有限公司 | Single sign on system and method based on VPN gateway |
| CN104618449A (en) * | 2014-12-31 | 2015-05-13 | 北京神州绿盟信息安全科技股份有限公司 | Web singe-point login implementing method and device |
| CN104836782A (en) * | 2014-04-03 | 2015-08-12 | 腾讯科技(北京)有限公司 | Server, client slide, data access method and data access system |
| CN105634683A (en) * | 2014-10-30 | 2016-06-01 | 阿里巴巴集团控股有限公司 | Data transmission method and device |
| CN107948148A (en) * | 2017-11-21 | 2018-04-20 | 北京天融信网络安全技术有限公司 | It is a kind of to simulate for the method and device filled out |
| CN108650209A (en) * | 2018-03-06 | 2018-10-12 | 北京信安世纪科技股份有限公司 | A kind of method of single-sign-on, system, device and authentication method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060271689A1 (en) * | 2005-05-26 | 2006-11-30 | Katsuro Kikuchi | System and method for single sign-on |
| CN101572608A (en) * | 2009-06-17 | 2009-11-04 | 杭州华三通信技术有限公司 | Method and device for acquiring once-login parameters |
| CN101588348A (en) * | 2008-05-22 | 2009-11-25 | 中国电信股份有限公司 | System logging method and system logging device based on Web |
-
2011
- 2011-12-21 CN CN2011104320382A patent/CN102571762A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060271689A1 (en) * | 2005-05-26 | 2006-11-30 | Katsuro Kikuchi | System and method for single sign-on |
| CN101588348A (en) * | 2008-05-22 | 2009-11-25 | 中国电信股份有限公司 | System logging method and system logging device based on Web |
| CN101572608A (en) * | 2009-06-17 | 2009-11-04 | 杭州华三通信技术有限公司 | Method and device for acquiring once-login parameters |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103856493A (en) * | 2012-11-28 | 2014-06-11 | 纽海信息技术(上海)有限公司 | Cross domain login system and method |
| CN103856493B (en) * | 2012-11-28 | 2019-02-12 | 北京京东尚科信息技术有限公司 | Cross-domain login system and method |
| CN103888430A (en) * | 2012-12-21 | 2014-06-25 | 鸿富锦精密工业(深圳)有限公司 | Single-point registration system and method |
| CN104168304A (en) * | 2013-05-16 | 2014-11-26 | 三星Sds株式会社 | System and method for single-sign-on in virtual desktop infrastructure environment |
| CN104168304B (en) * | 2013-05-16 | 2018-03-23 | 三星Sds株式会社 | Single-node login system and method under VDI environment |
| CN103384246B (en) * | 2013-06-20 | 2017-02-08 | 广州赛姆科技资讯有限公司 | Safety supervision system login assistant method |
| CN103384246A (en) * | 2013-06-20 | 2013-11-06 | 广州赛姆科技资讯有限公司 | Safety supervision system login assistant method |
| CN104836782B (en) * | 2014-04-03 | 2018-07-20 | 腾讯科技(北京)有限公司 | Server, client and data access method and system |
| CN104836782A (en) * | 2014-04-03 | 2015-08-12 | 腾讯科技(北京)有限公司 | Server, client slide, data access method and data access system |
| CN105634683A (en) * | 2014-10-30 | 2016-06-01 | 阿里巴巴集团控股有限公司 | Data transmission method and device |
| CN105634683B (en) * | 2014-10-30 | 2019-03-15 | 阿里巴巴集团控股有限公司 | Data transmission method and device |
| CN104333557A (en) * | 2014-11-19 | 2015-02-04 | 成都卫士通信息安全技术有限公司 | Single sign on system and method based on VPN gateway |
| CN104618449B (en) * | 2014-12-31 | 2018-02-16 | 北京神州绿盟信息安全科技股份有限公司 | A kind of method and device for realizing web single-sign-ons |
| CN104618449A (en) * | 2014-12-31 | 2015-05-13 | 北京神州绿盟信息安全科技股份有限公司 | Web singe-point login implementing method and device |
| CN107948148A (en) * | 2017-11-21 | 2018-04-20 | 北京天融信网络安全技术有限公司 | It is a kind of to simulate for the method and device filled out |
| CN107948148B (en) * | 2017-11-21 | 2021-05-07 | 北京天融信网络安全技术有限公司 | Method and device for simulating replacement filling |
| CN108650209A (en) * | 2018-03-06 | 2018-10-12 | 北京信安世纪科技股份有限公司 | A kind of method of single-sign-on, system, device and authentication method |
| CN108650209B (en) * | 2018-03-06 | 2021-05-14 | 北京信安世纪科技股份有限公司 | Single sign-on method, system, device and authentication method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102571762A (en) | Method and device for single sign-on | |
| CN104158808B (en) | Portal authentication method and its device based on APP applications | |
| CN103905497B (en) | Realize the method, apparatus and application platform of third-party application business website log | |
| CN102143177B (en) | Portal authentication method, Portal authentication device,Portal authentication equipment and Portal authentication system | |
| EP2961132B1 (en) | Subscriber management using a restful interface | |
| US20130191920A1 (en) | Dynamically scanning a web application through use of web traffic information | |
| CN102843437A (en) | Conversion method and device for webpage application and network device | |
| CN102739684B (en) | Portal authentication method based on virtual IP address, and server thereof | |
| CN102984169A (en) | Single sign-on method, equipment and system | |
| US20060206614A1 (en) | Processing requests transmitted using a first communication directed to an application that uses a second communication protocol | |
| CN101160773A (en) | Method and system of obtaining secure shell host key of managed device | |
| CN103825881A (en) | Method and apparatus for realizing redirection of WLAN user based on wireless access controller (AC) | |
| CN105516171B (en) | Portal keep-alive system and method, Verification System and method based on authentication service cluster | |
| CN106878135A (en) | A kind of connection method and device | |
| CN103220161A (en) | Method and device for detecting server status | |
| JP2016111711A (en) | Access control method and system and access point | |
| CN107465666A (en) | A kind of client ip acquisition methods and device | |
| CN105516981A (en) | Intelligent WiFi authentication system | |
| WO2015131524A1 (en) | Remote access server method and web server | |
| CN101656609A (en) | Single sign-on method, system and device thereof | |
| CN104852919A (en) | Method and apparatus for realizing portal authentication | |
| CN102638472B (en) | Portal authentication method and equipment | |
| CN101465763A (en) | Method for monitoring and analyzing user terminal network appliance flux | |
| CN102647432A (en) | Authentication information transmission method, device and authentication middleware | |
| CN103384246A (en) | Safety supervision system login assistant method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120711 |