CN103078932A - Method, device and system for realizing universal single sign-on - Google Patents
Method, device and system for realizing universal single sign-on Download PDFInfo
- Publication number
- CN103078932A CN103078932A CN201210589796XA CN201210589796A CN103078932A CN 103078932 A CN103078932 A CN 103078932A CN 201210589796X A CN201210589796X A CN 201210589796XA CN 201210589796 A CN201210589796 A CN 201210589796A CN 103078932 A CN103078932 A CN 103078932A
- Authority
- CN
- China
- Prior art keywords
- sign
- authentication
- connecting system
- request
- intermediate layer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a method, a device and a system for realizing universal single sign-on. A service middle layer universal to different single sign-on products is arranged between an access system and a single sign-on authentication server; and when the service middle layer carries out authority authentication on the access system in a single sign-on mode, the service middle layer receives the access request of a user browser, the identity token contained in the visit request is submitted to the single sign-on authentication server for verification, and in addition, the authentication results returned by the single sign-on authentication server are received. Through the method, the device and the system, the interaction between each access system and the service middle layer is not the direct interaction with the single sign-on products, and in addition, the service middle layer provides the universal single sign-on mode, so the universality of the single sign-on is ensured, and the authority authentication can be carried out on each access system in a unified way.
Description
Technical field
The present invention relates to the communications field, be specifically related to a kind of methods, devices and systems of realizing general single-sign-on.
Background technology
As a kind of general business event integrated scheme, single-sign-on (Single Sign On, SSO) is used widely in the enterprises information system.Realize that single-sign-on needs one to overlap unified Verification System, the user must pass through authentication in Verification System first before access access application system.Verification System is the recording user logging status after the user is by authentication, and to user browser nuclear puberty part token (Token).During certain application system, application system is obtained first described identity token to user browser in access, then to the legitimacy of this identity token of certificate server verification and obtain user identity, responds according to check results at last.
Realize that above-mentioned single-sign-on process need connecting system does certain transformation, concrete mode is according to the different of the product of single-point access and technical scheme and to some extent difference.Part scheme need to be installed at the server of access application system and be disposed plug-in unit, plug-in unit can be intercepted and captured the HTTP request Concurrency in advance toward certificate server, certificate server can extract identity token to verify, application system can directly obtain user identity from HTTP request (such as the HTTP head) afterwards; Other schemes need connecting system to finish to extract identity token and mail to the work of certificate server verification.In the above-mentioned two schemes, the single-sign-on product of front a kind of scheme needs to provide the plug-in unit support to all systems; The workload that rear a kind of scheme can produce when carrying out described the transformation.
Because the continuous lifting of information level of the enterprise, the application of Single Sign-On Technology Used in the enterprises information system is very extensive, but uses single-sign-on to be faced with following problem:
1, enterprises information system circumstance complication, single-sign-on product differ and support surely all systems.Current a lot of single-sign-on products need at the connecting system server deployment plug-in unit etc. to be installed, although plug-in unit is abundant, but operating system and server product needed for variety classes and version are disposed specific plug-in unit, although and the plug-in unit that is provided by manufacturer is various in style but quantity is still limited, in case the application that connecting system has used the single-sign-on product not support can't realize single-sign-on so in the situation of not changing the connecting system framework.
Transformation is difficult when 2, changing the single-sign-on product, workload is large.Because odjective cause change single-sign-on product (as change the entrance of Enterprise Informatization system), generally also can with entrance product together change sometimes by the single-sign-on product for the enterprises information system.In case change the single-sign-on product, then all systems that are linked into this single-sign-on product need again to transform according to the requirement of new single-sign-on product, the thing followed is a large amount of development﹠ testing work, these work must bring impact to system's operation, have also brought a lot of uncontrollable factors simultaneously.
3, be unfavorable in time locating fault.Most of matured product all is that plugin card installation is deployed on the Web server of connecting system, has tackled all requests that Web server receives, and therefore the fault of connecting system appearance all may be relevant with the single-sign-on product in theory.Because the communication between plug-in unit and certificate server is invisible for connecting system, thus the operating personnel of connecting system whether be difficult to simply to judge fault when breaking down relevant with the single-sign-on product.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of methods, devices and systems of realizing general single-sign-on, guarantees the versatility of single-sign-on.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of system that realizes general single-sign-on, this system comprise service intermediate layer, connecting system; Wherein,
Described service intermediate layer is common to different single-sign-on products, is arranged between connecting system and the single-sign-on certificate server, and being used for based on general single-sign-on mode is that connecting system carries out Authority Verification;
Described connecting system is used for sending authentication request according to the access request of user browser to the service intermediate layer; And receive from the authentication result of serving the intermediate layer, and finish mandate work according to the authentication result that obtains.
Described service intermediate layer comprises common authentication server, certified processor and authentication adapter; Wherein,
Described common authentication server is used for providing authentication service, receives the authentication request of connecting system and authentication result is fed back to connecting system;
Described certified processor is for the treatment of the authentication request of connecting system and feed back authentication result;
Described authentication adapter carries out abstract and encapsulation for the character data of the authentication request that different single sign-on products are provided, and shields the otherness between the different single-sign-on certificate servers, and provides authentication service to call for certified processor.
A kind of device of realizing general single-sign-on, this device are common to different single-sign-on products, are arranged between connecting system and the single-sign-on certificate server, and being used for based on general single-sign-on mode is that connecting system carries out Authority Verification; Described device comprises common authentication server, certified processor and authentication adapter; Wherein,
Described common authentication server is used for providing authentication service, receives the authentication request of connecting system and authentication result is fed back to connecting system;
Described certified processor is for the treatment of the authentication request of connecting system and feed back authentication result;
Described authentication adapter carries out abstract and encapsulation for the character data of the authentication request that different single sign-on products are provided, and shields the otherness between the different single-sign-on certificate servers, and provides authentication service to call for certified processor.
Described common authentication server is used for:
When processing the authentication request of connecting system, extract and put in order the data of the request character string in the authentication request, reduced data is mail to the single-sign-on certificate server authenticate; And/or,
When the feedback authentication result, according to the request character string of authentication request and the feedback result of single-sign-on certificate server, arrangement needs the data of feedback, and reduced data is fed back to connecting system.
Described device is connecting system when carrying out Authority Verification based on general single-sign-on mode, and described common authentication server is used for:
By the access request of connecting system reception user browser, the identity token that wherein comprises is submitted to the single-sign-on certificate server verify, and receive the authentication result that the single-sign-on certificate server returns.
Described device is supported HTTP.
A kind of method that realizes general single-sign-on, the service intermediate layer that is common to different single-sign-on products is set between connecting system and single-sign-on certificate server, the method also comprises: be that connecting system is when carrying out Authority Verification in described service intermediate layer based on general single-sign-on mode, the service intermediate layer receives the access request of user browser by connecting system, the identity token that wherein comprises is submitted to the single-sign-on certificate server verify, and receive the authentication result that the single-sign-on certificate server returns.
Before carrying out described Authority Verification, the method also comprises: user browser is initiated authentication request to the single-sign-on certificate server, receives the identity token of providing, and initiates to comprise the access request of this identity token to connecting system; And/or,
After carrying out described Authority Verification, the method also comprises: the service intermediate layer returns to connecting system with authentication result, and connecting system is finished mandate work according to the authentication result that obtains.
Described service intermediate layer is connecting system when carrying out Authority Verification based on general single-sign-on mode, and the character data of the authentication request that different single sign-on products are provided is carried out abstract and encapsulation, shields the otherness between the different single-sign-on certificate servers.
Connecting system carries out communication by the HTTP mode with XML data format and service intermediate layer.
The invention enables each connecting system mutual with the service intermediate layer, rather than directly and the single-sign-on product mutual, and the service intermediate layer provides general single-sign-on mode, thereby has guaranteed the versatility between the single-sign-on product, can unify to carry out Authority Verification for each connecting system.
Description of drawings
Fig. 1 is the single-node login system schematic diagram of the embodiment of the invention;
Fig. 2 is the single-sign-on flow chart of the embodiment of the invention;
Fig. 3 is the single-sign-on general flow chart of the embodiment of the invention.
Embodiment
In actual applications, the character data of the authentication request that can provide the single-sign-on product (as: character data of the authentication request that existing ripe a plurality of single-sign-on products provide) is carried out abstract, encapsulation, and increase general service intermediate layer (as: HTTP serves the intermediate layer, and the below is described as an example of HTTP service intermediate layer example).Each connecting system is mutual with the service intermediate layer, rather than directly and the single-sign-on product mutual; And the service intermediate layer provides general single-sign-on mode (as: HTTP single-sign-on mode), in order to carry out Authority Verification for each connecting system.
Below in conjunction with accompanying drawing and use instantiation and describe the present invention.
Referring to Fig. 1, among Fig. 1, HTTP service intermediate layer is between connecting system and the single-sign-on certificate server, can carry out alternately with connecting system and single-sign-on certificate server respectively, with the direct interaction between shielding connecting system and the single-sign-on certificate server.HTTP service intermediate layer can comprise three parts: common authentication server (such as the HTTP certificate server, the below is described as an example of the HTTP certificate server example), certified processor and authentication adapter.
1) HTTP certificate server
The HTTP certificate server can provide authentication service, receive the authentication request of connecting system and authentication result is fed back to connecting system, the data format comparable data interface specification that receives, HTTP certificate server and connecting system can follow alternately present general agreement, such as http protocol.
2) certified processor
Certified processor can be processed the authentication request of connecting system and feed back authentication result.
When processing the authentication request of connecting system, certified processor can extract and put in order the data of the request character string in the authentication request, reduced data is mail to the single-sign-on certificate server authenticate.
During the feedback authentication result, certified processor can be according to the request character string of authentication request and the feedback result of single-sign-on certificate server, and arrangement needs the data of feedback, and reduced data is fed back to connecting system.
3) authentication adapter
The character data of the authentication request that the authentication adapter can provide different single sign-on products is carried out abstract and encapsulation, shields the otherness between the different single-sign-on certificate servers, provides simple authentication service to call for certified processor.When the product up-gradation of single-sign-on certificate server or change, only need the authentication adapter is carried out corresponding customized development, do not relate to the transformation of connecting system.
Connecting system refers to the types of applications system.User browser does not need to finish checking by the input user authentication information when each application system of access, but utilizes the single-sign-on function to login by completion system.
Connecting system can carry out communication based on general communication protocol with specific data format and service intermediate layer according to the data-interface standard, can finish the single-point access, as: carry out communication by the HTTP mode with XML data format and HTTP service intermediate layer.
Based on above-mentioned situation, connecting system is not direct and the single-sign-on certificate server is mutual, and the single-sign-on certificate server does not affect the framework of connecting system when changing.
In the present embodiment, the common authentication server only provides authentication service for HTTP service intermediate layer and the direct access of user.
Employed browser when user browser refers to user's access application system.
Aforesaid data-interface normalized definition the communication criterion between connecting system and HTTP service intermediate layer during single-sign-on, comprise request character string and response character string, both all can encapsulate and leave in the HTTP body (Body) by the XML mode.
1) request character string
The request character string is connecting system initiates to verify character string from defined XML form when asking to HTTP service intermediate layer, mainly comprises two parts of token and employee number (employeeNumber), and the specific definition form is as follows:
<request>
<token>$token</token>
<employeeNumber/>
</request>
Wherein, the token field is a string character string of recording user log-on message on the common authentication server, and connecting system can extract the information of token field from user's HTTP request.Usually, the token field must be filled in.
EmployeeNumber is the value of pointing to the employee number of HTTP service intermediate layer application.The employeeNumber field can not filled in, and does not then apply for analog value when not filling in the employeeNumber field.
2) response character string
The response character string is that HTTP serves the intermediate layer according to the request of connecting system, feeds back to the XML character string of connecting system, and concrete form is as follows:
Wherein, state (status) field represents the single-point the result, and value is correct (ok) or wrong (error).Described ok explanation identity token has respective user at the common authentication server, and this user's current state is normal login, and user ID (uid) and employeeNumber value are returned to connecting system in HTTP service intermediate layer.Described error indicate identification token is incorrect or lost efficacy.Return the message value.
Described uid comprises the sign of current login user.
Be that ok and connecting system return employeeNumber when having required employee's job number information during in request at the single-point the result, wherein comprise the job number of current login user.
Comprise error code among the described message.
Need to prove that the mapping relations of accounts information need to be arranged during single-sign-on, consider the account disunity of connecting system, allow connecting system request user's multiple attribute (such as employee's job number etc.) to carry out the user identity mapping.Connecting system need to increase the attribute that needs in the request character string, HTTP service intermediate layer can be after obtaining user id, the attribute that inquiry needs from the account database (such as Light Directory Access Protocol (Lightweight DirectoryAccess Protocol, LDAP)) of common authentication server also returns.
Based on setting shown in Figure 1, can carry out flow process as shown in Figure 2, this flow process may further comprise the steps:
Step 1: user's user application browser login door, initiate authentication request to single-sign-on certificate server (specific single sign-on product).
Step 2: the logging status of single-sign-on certificate server recording user browser, and to user browser granting identity token, user browser is kept at this locality with identity token.
Step 3: certain connecting system of user's user application browser access (each connecting system can use identical domain name suffix), the identity token that the middle acquiescence of access request (HTTP request) that user browser is initiated to the connecting system of access has been preserved with upper this locality.
Step 4: connecting system extracts identity token from user's HTTP request, according to the data-interface standard identity token is encapsulated as the request character string and submits to HTTP service intermediate layer in the mode of authentication request.
After step 5:HTTP service intermediate layer received the authentication request of connecting system, the identity token that wherein request character string is comprised was submitted to the single-sign-on certificate server and is verified.
Step 6: the identity token that single-sign-on certificate server (specific single sign-on product) verification is received, and to HTTP service intermediate layer return authentication result.
Step 7:HTTP service intermediate layer is encapsulated as authentication result the response character string and returns to connecting system.
Step 8: connecting system is finished mandate work according to the authentication information in the response character string that obtains.
In the above-mentioned flow process, step 1 and step 2 are that connecting system utilizes the single-sign-on function successfully to login the precondition of connecting system, and connecting system repeating step 3 can be finished single-sign-on to step 8.
In conjunction with above description as seen, the present invention realizes that the operation thinking of general single-sign-on can represent flow process as shown in Figure 3, and this flow process may further comprise the steps:
Step 310: the service intermediate layer that is common to different single-sign-on products is set between connecting system and single-sign-on certificate server;
Step 320: be that connecting system is when carrying out Authority Verification based on general single-sign-on mode in described service intermediate layer, the service intermediate layer receives the access request of user browser by connecting system, the identity token that wherein comprises is submitted to the single-sign-on certificate server verify, and receive the authentication result that the single-sign-on certificate server returns.
In sum as seen, no matter be method, still realize device, the system of the method, the present invention realizes the technology of general single-sign-on, has the following advantages:
1, reduces dependence to the single-sign-on product, can reduce expensive, the excessive risk that cause because changing the single-sign-on product.Undertaken alternately by the service intermediate layer that makes up and concrete single-sign-on product, when changing the single-sign-on product, only need to transform the service intermediate layer and get final product, can save a large amount of costs and workload, reduce the impact of uncertain factor.
2, to the support of connecting system more comprehensively.All connecting systems all only need to carry out having guaranteed the versatility of single-sign-on alternately, the problem of having avoided connecting system can't access because system architecture is incompatible with the service intermediate layer.
3, development and maintenance cost is low.Avoided the repeated workload that causes because of the connecting system environmental difference, and the operating personnel of connecting system do not need to understand too much single-sign-on product, saved maintenance cost.
The above is preferred embodiment of the present invention only, is not for limiting protection scope of the present invention.
Claims (10)
1. a system that realizes general single-sign-on is characterized in that, this system comprises service intermediate layer, connecting system; Wherein,
Described service intermediate layer is common to different single-sign-on products, is arranged between connecting system and the single-sign-on certificate server, and being used for based on general single-sign-on mode is that connecting system carries out Authority Verification;
Described connecting system is used for sending authentication request according to the access request of user browser to the service intermediate layer; And receive from the authentication result of serving the intermediate layer, and finish mandate work according to the authentication result that obtains.
2. system according to claim 1 is characterized in that, described service intermediate layer comprises common authentication server, certified processor and authentication adapter; Wherein,
Described common authentication server is used for providing authentication service, receives the authentication request of connecting system and authentication result is fed back to connecting system;
Described certified processor is for the treatment of the authentication request of connecting system and feed back authentication result;
Described authentication adapter carries out abstract and encapsulation for the character data of the authentication request that different single sign-on products are provided, and shields the otherness between the different single-sign-on certificate servers, and provides authentication service to call for certified processor.
3. a device of realizing general single-sign-on is characterized in that this device is common to different single-sign-on products, is arranged between connecting system and the single-sign-on certificate server, and being used for based on general single-sign-on mode is that connecting system carries out Authority Verification; Described device comprises common authentication server, certified processor and authentication adapter; Wherein,
Described common authentication server is used for providing authentication service, receives the authentication request of connecting system and authentication result is fed back to connecting system;
Described certified processor is for the treatment of the authentication request of connecting system and feed back authentication result;
Described authentication adapter carries out abstract and encapsulation for the character data of the authentication request that different single sign-on products are provided, and shields the otherness between the different single-sign-on certificate servers, and provides authentication service to call for certified processor.
4. device according to claim 3 is characterized in that, described common authentication server is used for:
When processing the authentication request of connecting system, extract and put in order the data of the request character string in the authentication request, reduced data is mail to the single-sign-on certificate server authenticate; And/or,
When the feedback authentication result, according to the request character string of authentication request and the feedback result of single-sign-on certificate server, arrangement needs the data of feedback, and reduced data is fed back to connecting system.
5. according to claim 3 or 4 described devices, it is characterized in that described device is connecting system when carrying out Authority Verification based on general single-sign-on mode, described common authentication server is used for:
By the access request of connecting system reception user browser, the identity token that wherein comprises is submitted to the single-sign-on certificate server verify, and receive the authentication result that the single-sign-on certificate server returns.
6. device according to claim 3 is characterized in that, described device is supported HTTP.
7. method that realizes general single-sign-on, it is characterized in that, the service intermediate layer that is common to different single-sign-on products is set between connecting system and single-sign-on certificate server, the method also comprises: be that connecting system is when carrying out Authority Verification in described service intermediate layer based on general single-sign-on mode, the service intermediate layer receives the access request of user browser by connecting system, the identity token that wherein comprises is submitted to the single-sign-on certificate server verify, and receive the authentication result that the single-sign-on certificate server returns.
8. method according to claim 7 is characterized in that,
Before carrying out described Authority Verification, the method also comprises: user browser is initiated authentication request to the single-sign-on certificate server, receives the identity token of providing, and initiates to comprise the access request of this identity token to connecting system; And/or,
After carrying out described Authority Verification, the method also comprises: the service intermediate layer returns to connecting system with authentication result, and connecting system is finished mandate work according to the authentication result that obtains.
9. method according to claim 7, it is characterized in that, described service intermediate layer is that connecting system is when carrying out Authority Verification based on general single-sign-on mode, the character data of the authentication request that different single sign-on products are provided is carried out abstract and encapsulation, shields the otherness between the different single-sign-on certificate servers.
10. according to claim 7 to 9 each described methods, it is characterized in that connecting system carries out communication by the HTTP mode with XML data format and service intermediate layer.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210589796.XA CN103078932B (en) | 2012-12-31 | 2012-12-31 | A kind of methods, devices and systems realizing universal single sign-on |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210589796.XA CN103078932B (en) | 2012-12-31 | 2012-12-31 | A kind of methods, devices and systems realizing universal single sign-on |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103078932A true CN103078932A (en) | 2013-05-01 |
CN103078932B CN103078932B (en) | 2016-01-27 |
Family
ID=48155334
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210589796.XA Active CN103078932B (en) | 2012-12-31 | 2012-12-31 | A kind of methods, devices and systems realizing universal single sign-on |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103078932B (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103685741A (en) * | 2013-12-03 | 2014-03-26 | 方正国际软件有限公司 | Single-point-login and single-point-logout method and single-point-login and single-point-logout system for mobile terminal |
CN103929421A (en) * | 2014-04-03 | 2014-07-16 | 深圳英飞拓科技股份有限公司 | Single sign-on system and method of security and protection system |
CN105187434A (en) * | 2015-09-24 | 2015-12-23 | 歌尔声学股份有限公司 | User account control method and system on the basis of multi-application systems |
CN107787576A (en) * | 2015-06-26 | 2018-03-09 | 施耐德电器工业公司 | Security system for industrial control system |
CN107862198A (en) * | 2017-11-17 | 2018-03-30 | 浪潮软件股份有限公司 | One kind accesses verification method, system and client |
CN108259435A (en) * | 2016-12-29 | 2018-07-06 | 中国移动通信集团浙江有限公司 | Access the implementation method and device of the mixing application of Web components |
CN108933767A (en) * | 2017-05-26 | 2018-12-04 | 南宁富桂精密工业有限公司 | Server and webpage authentication method |
CN109462577A (en) * | 2018-10-16 | 2019-03-12 | 同伦拍拍科技服务有限公司 | A kind of third party communicates the inside login system and method for SSO in time |
CN109905365A (en) * | 2019-01-14 | 2019-06-18 | 江苏第二师范学院(江苏省教育科学研究院) | It is a kind of can distributed deployment single-sign-on and authorization of service system and method |
CN110266722A (en) * | 2019-07-05 | 2019-09-20 | 深圳市浩科电子有限公司 | A kind of method and system of multipath access server |
CN110572388A (en) * | 2019-09-05 | 2019-12-13 | 北京宝兰德软件股份有限公司 | method for connecting unified authentication server and unified authentication adapter |
CN113553569A (en) * | 2021-07-06 | 2021-10-26 | 猪八戒股份有限公司 | Single sign-on method, system and terminal of Syngnathus system based on proxy server |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040123144A1 (en) * | 2002-12-19 | 2004-06-24 | International Business Machines Corporation | Method and system for authentication using forms-based single-sign-on operations |
US20060248598A1 (en) * | 2005-04-29 | 2006-11-02 | Microsoft Corporation | Security claim transformation with intermediate claims |
US20060259776A1 (en) * | 2005-05-13 | 2006-11-16 | Microsoft Corporation | Extensible account authentication system |
CN101719960A (en) * | 2009-12-01 | 2010-06-02 | 中国电信股份有限公司 | Communication device and cdma terminal |
CN102238148A (en) * | 2010-04-22 | 2011-11-09 | 中兴通讯股份有限公司 | Identity management method and system |
CN102469075A (en) * | 2010-11-09 | 2012-05-23 | 中科正阳信息安全技术有限公司 | Integration authentication method based on WEB single sign on |
US20120167185A1 (en) * | 2010-12-23 | 2012-06-28 | Microsoft Corporation | Registration and network access control |
-
2012
- 2012-12-31 CN CN201210589796.XA patent/CN103078932B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040123144A1 (en) * | 2002-12-19 | 2004-06-24 | International Business Machines Corporation | Method and system for authentication using forms-based single-sign-on operations |
US20060248598A1 (en) * | 2005-04-29 | 2006-11-02 | Microsoft Corporation | Security claim transformation with intermediate claims |
US20060259776A1 (en) * | 2005-05-13 | 2006-11-16 | Microsoft Corporation | Extensible account authentication system |
CN101719960A (en) * | 2009-12-01 | 2010-06-02 | 中国电信股份有限公司 | Communication device and cdma terminal |
CN102238148A (en) * | 2010-04-22 | 2011-11-09 | 中兴通讯股份有限公司 | Identity management method and system |
CN102469075A (en) * | 2010-11-09 | 2012-05-23 | 中科正阳信息安全技术有限公司 | Integration authentication method based on WEB single sign on |
US20120167185A1 (en) * | 2010-12-23 | 2012-06-28 | Microsoft Corporation | Registration and network access control |
Non-Patent Citations (2)
Title |
---|
郭玲: "一种企业应用中的单点登录系统的设计", 《计算机与数字工程》, vol. 38, no. 7, 31 July 2010 (2010-07-31), pages 84 - 88 * |
黄琛,李忠献,杨义先,徐国胜: "一种新的兼容多种身份认证方式的web单点登录方案", 《北京邮电大学学报》, vol. 29, no. 5, 30 October 2006 (2006-10-30), pages 130 - 134 * |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103685741A (en) * | 2013-12-03 | 2014-03-26 | 方正国际软件有限公司 | Single-point-login and single-point-logout method and single-point-login and single-point-logout system for mobile terminal |
CN103685741B (en) * | 2013-12-03 | 2015-09-23 | 方正国际软件有限公司 | The method and system that a kind of mobile terminal single-sign-on and single-point are nullified |
CN103929421A (en) * | 2014-04-03 | 2014-07-16 | 深圳英飞拓科技股份有限公司 | Single sign-on system and method of security and protection system |
CN107787576A (en) * | 2015-06-26 | 2018-03-09 | 施耐德电器工业公司 | Security system for industrial control system |
CN105187434A (en) * | 2015-09-24 | 2015-12-23 | 歌尔声学股份有限公司 | User account control method and system on the basis of multi-application systems |
CN108259435A (en) * | 2016-12-29 | 2018-07-06 | 中国移动通信集团浙江有限公司 | Access the implementation method and device of the mixing application of Web components |
CN108933767A (en) * | 2017-05-26 | 2018-12-04 | 南宁富桂精密工业有限公司 | Server and webpage authentication method |
CN107862198A (en) * | 2017-11-17 | 2018-03-30 | 浪潮软件股份有限公司 | One kind accesses verification method, system and client |
CN109462577A (en) * | 2018-10-16 | 2019-03-12 | 同伦拍拍科技服务有限公司 | A kind of third party communicates the inside login system and method for SSO in time |
CN109905365A (en) * | 2019-01-14 | 2019-06-18 | 江苏第二师范学院(江苏省教育科学研究院) | It is a kind of can distributed deployment single-sign-on and authorization of service system and method |
CN110266722A (en) * | 2019-07-05 | 2019-09-20 | 深圳市浩科电子有限公司 | A kind of method and system of multipath access server |
CN110572388A (en) * | 2019-09-05 | 2019-12-13 | 北京宝兰德软件股份有限公司 | method for connecting unified authentication server and unified authentication adapter |
CN113553569A (en) * | 2021-07-06 | 2021-10-26 | 猪八戒股份有限公司 | Single sign-on method, system and terminal of Syngnathus system based on proxy server |
CN113553569B (en) * | 2021-07-06 | 2022-12-09 | 猪八戒股份有限公司 | Single sign-on method, system and terminal of Syngnathus system based on proxy server |
Also Published As
Publication number | Publication date |
---|---|
CN103078932B (en) | 2016-01-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103078932A (en) | Method, device and system for realizing universal single sign-on | |
CN103248699B (en) | Multi-account processing method of single sign on (SSO) information system | |
CN108200050A (en) | Single logging-on server, method and computer readable storage medium | |
US8769650B2 (en) | Establishing and maintaining an improved single sign-on (SSO) facility | |
US10412091B2 (en) | Systems and methods for controlling sign-on to web applications | |
CN108600203A (en) | Secure Single Sign-on method based on Cookie and its unified certification service system | |
CN104052746B (en) | Heterogeneous applications single-node login system and its single-point logging method | |
CN102739658B (en) | A kind of offline verification method of single-sign-on | |
CN106685771A (en) | Unified access method for all service channels of electric power marketing | |
CN104468550B (en) | A kind of user login method of windows desktop, equipment and system | |
CN103986584A (en) | Double-factor identity verification method based on intelligent equipment | |
CN105007280A (en) | Application sign-on method and device | |
CN106713271A (en) | Web system log in constraint method based on single sign-on | |
CN102984169A (en) | Single sign-on method, equipment and system | |
CN106529979A (en) | Enterprise identity authentication method and system | |
CN101193027A (en) | A single-point login system and method for integrated isomerous system | |
CA2724739A1 (en) | Methods and systems for single sign on with dynamic authentication levels | |
CN107070894A (en) | A kind of software integrating method based on enterprise's cloud service platform | |
CN104580211B (en) | SOA architecture-based intrusive system | |
CN105812350A (en) | Cross-platform single-point registration system | |
CN105162775A (en) | Logging method and device of virtual machine | |
CN104994064A (en) | Authorization authentication method and system based on client end plug-in | |
CN109005159A (en) | The data processing method and certificate server of terminal access system server | |
CN105141580B (en) | A kind of resource access control method based on the domain AD | |
CN104579681A (en) | Identity authentication system for mutual-trust application systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |