CN104158818B - A kind of single-point logging method and system - Google Patents
A kind of single-point logging method and system Download PDFInfo
- Publication number
- CN104158818B CN104158818B CN201410422428.5A CN201410422428A CN104158818B CN 104158818 B CN104158818 B CN 104158818B CN 201410422428 A CN201410422428 A CN 201410422428A CN 104158818 B CN104158818 B CN 104158818B
- Authority
- CN
- China
- Prior art keywords
- user
- operation system
- log
- message
- browser
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 230000008569 process Effects 0.000 claims abstract description 5
- 230000007246 mechanism Effects 0.000 abstract description 6
- 238000012795 verification Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
Abstract
The invention discloses a kind of single-point logging method and systems, wherein single-point logging method includes:Operation system receives not after the Operational Visit for the user that the operation system logs in, the operation system obtains the log-on message of the user by the user browser of the user to single sign-on authentication center, if got, then the operation system is automatically performed the login process of the user using the log-on message, the page after notifying the user browser display to log in.Method and system provided by the invention carries no authentication information the scene of access service system, operation system is set to have the function of active inquiry user login information, the single-sign-on under the scene is realized, is more in line with the Internet service use habit of user, perfect single sign on mechanism.
Description
Technical field
The present invention relates to the communications fields, and in particular to a kind of single-point logging method and system.
Background technology
Single-sign-on (Single Sign On, referred to as SSO), refers in multiple application systems, user only needs to step on
Record can once access the application system of all mutual trusts.
In existing Single Sign-On Technology Used, to answering for browser/server (Browser/Server, abbreviation B/S) framework
With system, single-sign-on is mainly realized by bill transfer mode, is similar to " through ticket " form of tourist attractions, tourist once purchases
Ticket can enter multiple independent sight spots.The flow of bill transfer mode single-sign-on is specially:
(1) it when user accesses a B/S application system for the first time, is directed into Verification System and is logged in;
(2) log-on message provided according to user, Verification System carry out proof of identity, one are obtained by the user of verification
" certification authority " (such as billing information), the authority which can pass through verification as user;
(3) when user accesses another B/S application system, after which is connected to request, understand the bill that user is shown
Information is sent to Verification System and is verified, the legitimacy of the certification billing information;If by verification, user does not have to step on again
Record can access the B/S application systems.
Currently, the scene of access service system carries out specification when the prior art is mainly to there is authentication information carrying, i.e., it is logical
Crossing the billing information of user's carrying can log in multiple application systems.For example, user's registering service system A (business
System A has obtained user information), embedded operation system B links on click-to-call service system A, accessing, (operation system B can
By single sign on mechanism, the user information that operation system A is passed over is obtained).And it is accessed when being carried for no authentication information
The scene of operation system, such as:
(1) user does not log in other operation systems, and directly in browser incoming traffic system A network address, access (industry
Business system A can not know user information before user logs in);
(2) user registering service system A, directly in browser incoming traffic system B network address, access (the scene
Under, user is not redirected by operation system A, and therefore, operation system B can not know user information);
(3) user does not log in other operation systems, user access service system A, not when operation system A is logged in, point
Operation system B links embedded on operation system A are hit, accessing, (since user is not logged in, operation system A, B can not obtain
Know user information).
In the prior art, for above-mentioned 3 kinds of scenes, operation system in local search to when there is no user related information, just
According to the active behavior of user, corresponding browsing pages are shown to user, without initiatively to authentication center acquisition request user
Log-on message to can not judge whether that single-sign-on can be carried out, in fact, for the second situation, be that can carry out
Single-sign-on, so, currently, under the scene of above-mentioned " no authentication information carries ", there are no more mature lists for industry
Point logs in solution.
Invention content
The technical problem to be solved in the invention is to provide a kind of single-point logging method and system, realizes in no authentication information
Carry the single-sign-on under the scene of access service system.
In order to solve the above technical problem, the present invention provides a kind of single-point logging methods, including:
Operation system receives not after the Operational Visit for the user that the operation system logs in, and the operation system passes through
The user browser of the user obtains the log-on message of the user to single sign-on authentication center, described if got
Operation system is automatically performed the login process of the user using the log-on message, and the user browser display is notified to log in
The page afterwards.
Further, the operation system obtains institute by the user browser of the user to single sign-on authentication center
The log-on message of user is stated, including:
The operation system sends the instruction for obtaining the log-on message of the user, institute to the user browser of the user
State the redirect address that the operation system is carried in instruction;
The user browser sends the request for obtaining the log-on message of the user to the single sign-on authentication center,
The redirect address of the global session ID and the operation system of the user are carried in the request;
The single sign-on authentication center judges whether global session corresponding with the global session ID of the user,
If it is present according to the session information of global session corresponding with the global session ID of the user, by stepping on for the user
Record information is redirected by the user browser to the operation system, and redirect address is the redirection of the operation system
Address, the session information include the log-on message of the user.
Further, the method further includes:
The operation system obtains the user's by the user browser of the user to single sign-on authentication center
Log-on message, including:
The operation system sends the instruction for obtaining the log-on message of the user, institute to the user browser of the user
State the redirect address that the operation system is carried in instruction;
The user browser sends the request for obtaining the log-on message of the user to the single sign-on authentication center,
The redirect address of the operation system is only carried in the request;
The single sign-on authentication center is when judging not carrying the global session ID of user in the request, then the list
Point login authentication center redirects the result for obtaining user login information failure to the business by the user browser
System, redirect address are the redirect address of the operation system;
The method further includes:If do not got, the operation system is according to the acquisition user login information
The result of failure sends out the instruction back to user's current browse webpage to the user browser;The user browser is shown
Current browse webpage.
Further, the use is obtained to single sign-on authentication center by the user browser in the operation system
Before the log-on message at family, the method further includes:
When the user first logs into some operation system in single-node login system, some described operation system passes through
The user browser asks login letter of the user described in the single sign-on authentication central store when the operation system logs in
Breath.
Further, some described operation system asks to feel in the single sign-on authentication by the user browser
Log-on message of the user when the operation system logs in is stored up, including:
Some described operation system sends storage institute when by the login authentication of the user, to the user browser
The instruction of log-on message of the user when the operation system logs in is stated, the weight of some operation system is carried in described instruction
Vectoring address and operation system mark;
The user browser is sent to the single sign-on authentication center stores the user in operation system login
When log-on message request, redirect address, the operation system mark of some operation system are carried in the request
And log-on message of user when passing through login authentication;
After the single sign-on authentication center receives the request, it is complete when the operation system logs in generate the user
Office's session, and this login behavior for the user at single sign-on authentication center configures global session ID, in the global meeting
The operation system that some operation system is preserved in the session information of words identifies and the user is when the operation system logs in
Log-on message, and the global session ID is back to the user browser, and redirect by the user browser
To some described operation system, redirect address is the redirect address of some operation system.
In order to solve the above-mentioned technical problem, the present invention also provides a kind of single-node login systems, including:
Operation system, it is clear to user for receiving not after the Operational Visit for the user that the operation system logs in
Device of looking at sends the instruction for obtaining the log-on message of the user, by the user browser of the user into single sign-on authentication
The heart obtains the log-on message of the user, if got, the login of the user is automatically performed using the log-on message
Processing, and notify the page after the user browser display login;
User browser, for after the instruction for receiving the log-on message that the operation system obtains user, to single-point
Login authentication center sends the request for obtaining the log-on message of the user, and the institute that the single sign-on authentication center is returned
The log-on message for stating user is transferred to the operation system, and the page after logging in is shown after receiving the operation system notice;
Single sign-on authentication center, for after the request for receiving the user browser, being used described in local search
The log-on message at family is returned to the log-on message of the user inquired by the user browser if inquiring
The operation system.
Further, the operation system obtains in the instruction of the log-on message of the user and carries the operation system
Redirect address;
The user browser obtains the global session that the user is carried in the request of the log-on message of the user
The redirect address of ID and the operation system;
The single sign-on authentication center, for after the request for receiving the user browser, in local search institute
The log-on message of user is stated, if inquiring, the log-on message of the user inquired is returned by the user browser
To the operation system, including:
The single sign-on authentication center, for judging whether the overall situation corresponding with the global session ID of the user
Session, if it is present according to the session information of global session corresponding with the global session ID of the user, by the user
Log-on message redirected to the operation system by the user browser, redirect address is the weight of the operation system
Vectoring address, the session information include the log-on message of the user.
Further, the operation system obtains in the instruction of the log-on message of the user and carries the operation system
Redirect address;
The user browser obtains the weight that the operation system is only carried in the request of the log-on message of the user
Vectoring address;
The single sign-on authentication center is additionally operable to when judging not carrying the global session ID of user in the request,
The log-on message less than the user is inquired, then the result for obtaining user login information failure is passed through into the user browser weight
It is directed to the operation system, redirect address is the redirect address of the operation system;
The user browser is additionally operable to the acquisition user login information for returning to single sign-on authentication center failure
Result redirect to the operation system, and return to user's current browse webpage receive that the operation system sends out
Instruction after, show current browse webpage;
The operation system is additionally operable to the result to fail according to the acquisition user login information to the user browser
Send out the instruction back to corresponding browsing pages.
Further, further include some operation system in single-node login system that user first logs into;Wherein:
Some operation system in the single-node login system that the user first logs into, in stepping on by the user
When recording certification, the instruction for storing log-on message of the user when the operation system logs in is sent to the user browser,
User's stepping on when the operation system logs in described in the single sign-on authentication central store is asked by the user browser
Record information;
The user browser is additionally operable to receiving some operation system request storage user in the business
After the instruction of log-on message when system login, is sent to the single sign-on authentication center and store the user in the business system
The request of log-on message when system logs in;
The single sign-on authentication center, for after the request for receiving the user browser, the user to be existed
The log-on message when operation system logs in is stored.
Further, some described operation system stores the finger of log-on message of the user when the operation system logs in
The redirect address and operation system mark of some operation system single-node login system Nei are carried in order;
The user browser stores to be carried in the request of log-on message of the user when the operation system logs in
Login of the redirect address, operation system mark and the user of some operation system when the operation system logs in
Information;
The single sign-on authentication center, for after the request for receiving the user browser, the user to be existed
The log-on message when operation system logs in is stored, including:
After the single sign-on authentication center receives the request, it is complete when the operation system logs in generate the user
Office's session, and this login behavior for the user at single sign-on authentication center configures global session ID, in the global meeting
The operation system that some operation system is preserved in the session information of words identifies and the user is when the operation system logs in
Log-on message, and the global session ID is back to the user browser, and redirect by the user browser
To some described operation system, redirect address is the redirect address of some operation system;
The user browser is additionally operable to receiving and preserving the user's that the single sign-on authentication center returns
Global session ID, and pass to some described operation system.
Compared with prior art, single-point logging method provided by the invention and system carry no authentication information and access
The scene of operation system makes operation system have the function of active inquiry user login information, realizes the list under the scene
Point logs in, and is more in line with the Internet service use habit of user, perfect single sign on mechanism.
Description of the drawings
Fig. 1 is the flow chart of single-point logging method in embodiment;
Fig. 2 is the flow chart of the single-point logging method for scene (1) in an application example;
Fig. 3 is the flow chart of the single-point logging method for scene (2) in an application example;
Fig. 4 is the structure chart of single-node login system in embodiment.
Specific implementation mode
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention
Embodiment be described in detail.It should be noted that in the absence of conflict, in the embodiment and embodiment in the application
Feature mutually can arbitrarily combine.
Embodiment:
The application scenarios of the present embodiment are users carries the single-sign-on under browse service system scenarios without authentication information, such as
Shown in Fig. 1, a kind of single-point logging method is present embodiments provided, is included the following steps:
S101:Operation system receives the Operational Visit for the user not logged in the operation system;
Wherein, the user not logged in the operation system indicates that the user does not log in this operation system only, and having can
It can be logged in other operation systems for belonging to single-sign-on system;Whether operation system judges the user in this business system
It is by judging whether local session ID, if it does not, just illustrating that user is not logged in the operation system that system, which logs in,;
For scene (1), user does not log in other operation systems, directly in browser incoming traffic system A network address, into
Row accesses, and under the scene, user is not logged in other operation systems and operation system A;
For scene (2), registering service system A is visited user directly in browser incoming traffic system B network address
It asks, under the scene, user is not redirected by operation system A, and therefore, operation system B can not know user information, Yong Huwei
It is logged in operation system B;
For scene (3), user does not log in other operation systems, user access service system A, not in operation system A
When login, embedded operation system B links, access, user is in other operation systems and business system on click-to-call service system A
It is not logged on system A, B.
S102:After operation system receives the Operational Visit of the user, by the user browser of the user to list
Point login authentication center obtains the log-on message of the user;Log-on message includes the account name and login password of the user;
S103:If got, it is automatically performed the login process of the user using the log-on message, described in notice
The page after user browser display login.
Wherein, in step s 102, correspond to scene (2), user has logged in other operation systems, directly defeated in browser
The network address for entering the operation system, accesses, for this scene:The operation system is browsed by the user of the user
Device obtains the log-on message of the user to single sign-on authentication center, specifically includes:
1) operation system sends the instruction for obtaining the log-on message of the user to the user browser of the user,
The redirect address of the operation system is carried in described instruction;
2) user browser sends asking for the log-on message for obtaining the user to the single sign-on authentication center
It asks, the redirect address for identifying the global session ID and the operation system of the user is carried in the request;
Wherein, global session ID is once logged in other operation systems for identity user, in single sign-on authentication
The heart identifies the user by global session ID, if some operation system of user in single-node login system first logs into,
Then single sign-on authentication is centrally generated global session, and global session ID is told by browser the business system first logged into
System, at this moment, the global session (containing global session ID) are just stored in file of the browser mounted on computer local and have suffered that (this is clear
Device of looking at preserves the fundamental mechanism of session, is the attribute of browser).
After user accesses other systems, other operation systems are initiated to ask by the browser to single sign-on authentication center
Ask the request of user information, browser that can inquire and locally preserve automatically after finding to ask to be directed toward single sign-on authentication center
Global session (contains ID), and the global session ID inquired is carried in the request, issues single sign-on authentication center, at this moment single-point
Login authentication center is it is determined that user.
3) the single sign-on authentication center judges whether global meeting corresponding with the global session ID of the user
Words, if it is present according to global session corresponding with the global session ID of the user, the log-on message of the user is led to
It crosses the user browser to redirect to the operation system, redirect address is the redirect address of the operation system, institute
State the log-on message that session information includes the user.
In addition, the mark of operation system is also carried in the instruction that the operation system described in step 1) is sent, in step
2) operation system mark is carried by browser in and is sent to single sign-on authentication center in the request, in single sign-on authentication
The heart is used to be authenticated authentication to the request for carrying operation system mark, i.e. judgement is the request which system is sent.
During single-sign-on, if user has logged in other operation systems, user browser and operation system
Between acquiescence be directed to the user, that is to say, that be cannot have two users simultaneously to exist in the standard system of single-sign-on
Website is accessed in one browser.For example, it is login status that the operation system that user A was accessed, which is all A, if changed at this time
The account of user B logs in, then needs the login account for exiting A, then the log-on message of A is expired, at this time the global session of A
Failure.So in single-sign-on system, different users is impossible to be in login status in a browser simultaneously,
That is under this file of a browser, effective global session can only there are one, during single-sign-on, single-point
Operation system and browser in login system only identify a user.
In addition, for scene (1) and (3), user does not log in other operation systems, directly inputs the industry in browser
The network address of business system, accesses, and, user does not log in other operation systems, user access service system A, not in industry
When business system A is logged in, the link of the embedded operation system, accesses, for both fields on click-to-call service system A
Scape, operation system the case where there is also the log-on messages that the user is not obtained from single sign-on authentication center;
The operation system obtains the redirection that the operation system is carried in the instruction of the log-on message of the user
Address;
The user browser obtains the weight that the operation system is only carried in the request of the log-on message of the user
Vectoring address;
The method further includes:
When the single sign-on authentication center is judged not carrying the global session ID of user in the request, then the list
Point login authentication center redirects the result for obtaining user login information failure to the business by the user browser
System, redirect address are the redirect address ULR of the operation system;
The global session ID for not carrying user in the request illustrates the user before logging in the operation system not
There are other operation systems in single-sign-on system to log in, therefore, without being established for the user in single sign-on authentication center
The record of global session, so also would not also store the log-on message of the user without distributing global session ID for the user.
The operation system sends out to the user browser according to the result of the acquisition user login information failure and returns
Return to the instruction of user's current browse webpage;The user browser shows current browse webpage.
In addition, for scene (2), when user first logs into single-node login system, logged in some operation system, it is single
Point login authentication center can preserve log-on message, so that user can get the user in operation system login
Log-on message the use is therefore obtained to single sign-on authentication center by the user browser in the operation system
Before the log-on message at family, the method further includes:Some operation system passes through the user browser in single-node login system
Ask log-on message of the user when the operation system logs in described in single sign-on authentication central store;
It specifically includes:
1) some described operation system is when by the login authentication of the user, some described operation system is to the use
Family browser sends the instruction for storing log-on message of the user when passing through login authentication, is carried in described instruction described
The redirect address and operation system of some operation system identify;
2) when the user browser passes through login authentication to the single sign-on authentication center transmission storage user
Log-on message request, carried in the request redirect address, the operation system mark of some operation system with
And log-on message of user when passing through login authentication;
3) after the single sign-on authentication center receives the request, this when user passes through login authentication is generated
The global session of login, and this login behavior for the user at single sign-on authentication center configures global session ID, in institute
It states the operation system mark for preserving some operation system in the session information of global session and the user is recognized by logging in
Log-on message when card, and this global session ID logged in the when user is passed through login authentication is back to the user
Browser, and the stored handling result of log-on message is redirected by the user browser to some described business system
System, redirect address are the redirect address of some operation system.
In single-sign-on system, the operation system where only user first logs into is responsible for storing log-on message, other
Operation system is all the inquiry of single sign-on authentication center, is no longer stored.
At one in application example, a kind of single-point logging method is provided for application scenarios (1), as shown in Fig. 2, including
Following steps:
S201:User passes through browser access operation system A;
S202:Operation system A receives the Operational Visit request of the user, and operation system A judges no local session, i.e., not
Registering service system A;
If before user after operation system A is logged in, operation system A can locally create local session, and distribute this
Ground session id, while returning to the local session ID of user browser operation system A;In user access service system A again
When, browser can be according to the local session ID of operation system A, to the login situation of operation system A inquiry active users;
If do not logged in operation system A before user, local session ID is not present.
S203:Operation system A sends the instruction for obtaining the log-on message of the user to the user browser of the user,
The redirect address of operation system A is carried in described instruction;
The redirect address is for after the single sign-on authentication center inquires the log-on message of user, by the use
The log-on message at family is redirected to operation system A by user browser.
S204:The user browser sends the log-on message for obtaining the user to the single sign-on authentication center
Request, carries the service identification of the redirect address and the operation system A of the operation system A in the request;
For scene (1), since user is logged not in other operation systems, single sign-on authentication center
It is user distribution global session ID, so, without carrying global session ID in the request;
S205:When single sign-on authentication center is judged not carrying the global session ID of user in the request, illustrate this
User is not logged in other operation systems, and the result for obtaining user login information failure is passed through the user browser weight
It is directed to the operation system, redirect address is the redirect address of the operation system;
S206:Operation system A is according to the result and own service logic of the acquisition user login information failure to described
User browser sends out the instruction back to user's current browse webpage, and user browser shows corresponding browsing pages to user
Or login page.
At one in application example, a kind of single-point logging method is provided for application scenarios (2), as shown in figure 3, including
Following steps:
S301:User logs in operation system A;
For user when operation system A is logged in, single sign-on authentication center can establish global session ID for the user, and
The log-on message of the user is preserved.
S302:User is directly in the network address of browser incoming traffic system B, access service system B;
S303:Operation system B judges whether there is local session according to local session ID, i.e., whether registering service system B;If
There is local session, thens follow the steps S304, it is no to then follow the steps S305;
If before user after operation system B is logged in, operation system B can locally create local session, and distribute this
Ground session id, while returning to the local session ID of user browser operation system B;In user access service system B again
When, browser can be according to the local session ID of operation system B, to the login situation of operation system B inquiry active users;
If do not logged in operation system B before user, local session ID is not present.
S304:If there is local session, operation system B sends the finger that the page after login is presented to user to user browser
It enables, the page after logging in is presented to user for user browser;
S305:If without local session, operation system B sends to the user browser of the user and obtains the user's
The instruction of log-on message carries the redirect address of operation system B in described instruction;
The redirect address is for after the single sign-on authentication center inquires the log-on message of user, by the use
The log-on message at family is redirected to operation system B by user browser.
S306:The user browser sends the log-on message for obtaining the user to the single sign-on authentication center
Request carries the redirect address of the global session ID, the operation system B that identify the user and described in the request
The mark of operation system B;
S307:Single sign-on authentication center judges there is global session corresponding with the global session ID of the user, will
The log-on message of the user is redirected by the user browser gives operation system B, and redirect address is operation system B's
Redirect address, the session information of the global session include the log-on message of the user;
S308:Operation system B carries out subsequent single-sign-on flow according to the log-on message of the user.
Single-sign-on flow is existing procedure, is specifically included:Operation system B is stepped on according to the log-on message of the user to single-point
Recording authentication center asks the certification log-on message, the success of single sign-on authentication center certification successful to operation system B return authentications
Information, operation system B creates local session, and logins successfully information to browser return.
At one in application example, for application scenarios (3), user does not log in other operation systems, and user accesses industry
Business system A can first trigger the user browser by the user into single sign-on authentication not when operation system A is logged in
The heart obtains the log-on message (log-on message of registering service system A) of the user, with the corresponding flow of application scenarios (1) (as walked
Rapid S202~S206) it is similar, since user is logged not in other operation systems, single sign-on authentication center does not have yet
The promising user distributes global session ID, so, without carrying global session ID in the request;Sentence at single sign-on authentication center
Break the global session ID in the request not carrying user when, illustrate that the user is not logged in other operation systems, will
The result for obtaining user login information failure is redirected by the user browser to the operation system A, operation system A roots
It is sent out to the user browser back to user according to the result and own service logic of the acquisition user login information failure
The instruction of current browse webpage, user browser show corresponding browsing pages or login page, user's click-to-call service to user
When system B links, then triggering obtains the login of the user by the user browser of the user to single sign-on authentication center
Information (log-on message of registering service system B), according to the correspondence flow (such as step S202~S206) of application scenarios (1), industry
Business system B sends out to the user browser and returns according to the result and own service logic of the acquisition user login information failure
The instruction of user's current browse webpage is returned to, user browser shows corresponding browsing pages or login page to user.
In the present embodiment, scene (1) and (3) also belong to the scene in single-sign-on system, because there is also actives to list
Point login authentication center obtains the mechanism of user login information.Due to not belonging to appointing for single sign-on authentication system before user
It is logged in what operation system, so global session ID is not had in the request initiated to single sign-on authentication center, so
The log-on message of the user is also not present in single sign-on authentication center.Need user main in the operation system of access under the scene
Dynamic to log in, then the operation system just becomes the operation system that user first logs into, and has to single sign-on authentication central store and uses
The obligation of family log-on message.
As shown in figure 4, a kind of single-node login system is present embodiments provided, including:User browser, one or more industry
Business system and single sign-on authentication center, wherein:
Operation system, it is clear to user for receiving not after the Operational Visit for the user that the operation system logs in
Device of looking at sends the instruction for obtaining the log-on message of the user, by the user browser of the user into single sign-on authentication
The heart obtains the log-on message of the user, if got, the login of the user is automatically performed using the log-on message
Processing, and notify the page after the user browser display login;
User browser, for after the instruction for receiving the log-on message that the operation system obtains user, to single-point
Login authentication center sends the request for obtaining the log-on message of the user, and the institute that the single sign-on authentication center is returned
The log-on message for stating user is transferred to the operation system, and the page after logging in is shown after receiving the operation system notice;
Single sign-on authentication center, for after the request for receiving the user browser, being used described in local search
The log-on message at family is returned to the log-on message of the user inquired by the user browser if inquiring
The operation system.
For scene (2), user has logged in other operation systems, and the net of the operation system is directly inputted in browser
Location accesses, for this scene:
The operation system obtains the redirection that the operation system is carried in the instruction of the log-on message of the user
Address;
The user browser obtains the global session that the user is carried in the request of the log-on message of the user
The redirect address of ID and the operation system;
The single sign-on authentication center, for after the request for receiving the user browser, in local search institute
The log-on message of user is stated, if inquiring, the log-on message of the user inquired is returned by the user browser
Back to the operation system, including:
The single sign-on authentication center, for judging whether the overall situation corresponding with the global session ID of the user
Session, if it is present according to the session information of global session corresponding with the global session ID of the user, by the user
Log-on message redirected to the operation system by the user browser, redirect address is the weight of the operation system
Vectoring address, the session information include the log-on message of the user.
In addition, the mark of operation system is also carried in the instruction that the operation system is sent, it should by user browser
The mark carrying of operation system is sent to single sign-on authentication center in the request, and the single sign-on authentication center is used for taking
The request of mark with operation system is authenticated authentication, i.e. judgement is the request which system is sent.
In addition, for scene (1) and (3), user does not log in other operation systems, directly inputs the industry in browser
The network address of business system, accesses, and, user does not log in other operation systems, user access service system A, not in industry
When business system A is logged in, the link of the embedded operation system, accesses, for both fields on click-to-call service system A
Scape, operation system the case where there is also the log-on messages that the user is not obtained from single sign-on authentication center:
The operation system obtains the redirection that the operation system is carried in the instruction of the log-on message of the user
Address;
The user browser obtains the weight that the operation system is only carried in the request of the log-on message of the user
Vectoring address;
The single sign-on authentication center is additionally operable to when judging not carrying the global session ID of user in the request,
The log-on message less than the user is inquired, then the result for obtaining user login information failure is passed through into the user browser weight
It is directed to the operation system, redirect address is the redirect address of the operation system;
The global session ID for not carrying user in the request illustrates the user before logging in the operation system not
There is other operation systems login in single-node login system, it is therefore, complete without being established for the user in single sign-on authentication center
The record of office's session, so also would not also store the log-on message of the user without distributing global session ID for the user.
The user browser is additionally operable to the acquisition user login information for returning to single sign-on authentication center failure
Result redirect to the operation system, and return to user's current browse webpage receive that the operation system sends out
Instruction after, show current browse webpage;
The operation system is additionally operable to the result to fail according to the acquisition user login information to the user browser
Send out the instruction back to corresponding browsing pages.
In addition, for scene (2), user is when first logging into some operation system in single-node login system, the business
System can ask single sign-on authentication center that can preserve log-on message by user browser, so that user steps in single-point
Operation system in recording system logs in the log-on message that can get the user, wherein:
Some operation system in the single-node login system that the user first logs into, in stepping on by the user
When recording certification, the instruction for storing log-on message of the user when the operation system logs in is sent to the user browser,
User's stepping on when the operation system logs in described in the single sign-on authentication central store is asked by the user browser
Record information;
The user browser is additionally operable to receiving some operation system request storage user in the business
After the instruction of log-on message when system login, is sent to the single sign-on authentication center and store the user in the business system
The request of log-on message when system logs in;
I.e. the user before browsing the operation system when some operation system logs in, by the log-on message of the user
It preserves;
The single sign-on authentication center, for after the request for receiving the user browser, the user to be existed
The log-on message when operation system logs in is stored.
Specifically, some described operation system stores the instruction of log-on message of the user when the operation system logs in
In carry some operation system single-node login system Nei redirect address and operation system mark;
The user browser stores to be carried in the request of log-on message of the user when the operation system logs in
Login of the redirect address, operation system mark and the user of some operation system when the operation system logs in
Information;
The single sign-on authentication center, for after the request for receiving the user browser, the user to be existed
The log-on message when operation system logs in is stored, including:
After the single sign-on authentication center receives the request, it is complete when the operation system logs in generate the user
Office's session, and this login behavior for the user at single sign-on authentication center configures global session ID, in the global meeting
The operation system that some operation system is preserved in the session information of words identifies and the user is when the operation system logs in
Log-on message, and the global session ID is back to the user browser, and redirect by the user browser
To some described operation system, redirect address is the redirect address of some operation system;
The user browser is additionally operable to receiving and preserving the user's that the single sign-on authentication center returns
Global session ID, and pass to some described operation system.
From above-described embodiment as can be seen that compared with the existing technology, the single-point logging method that is provided in above-described embodiment and
System carries no authentication information the scene of access service system, and operation system is made to have active inquiry user login information
Function, realize the single-sign-on under the scene, be more in line with the Internet service use habit of user, perfect single-point
Login mechanism.
One of ordinary skill in the art will appreciate that all or part of step in the above method can be instructed by program
Related hardware is completed, and described program can be stored in computer readable storage medium, such as read-only memory, disk or CD
Deng.Optionally, all or part of step of above-described embodiment can also be realized using one or more integrated circuits.Accordingly
Ground, the form that hardware may be used in each module/unit in above-described embodiment are realized, the shape of software function module can also be used
Formula is realized.The present invention is not limited to the combinations of the hardware and software of any particular form.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the scope of the present invention.According to
The invention content of the present invention, can also there is other various embodiments, without deviating from the spirit and substance of the present invention, be familiar with
Those skilled in the art makes various corresponding change and deformations in accordance with the present invention, all in the spirit and principles in the present invention
Within, any modification, equivalent replacement, improvement and so on should all be included in the protection scope of the present invention.
Claims (4)
1. a kind of single-point logging method, including:
When user first logs into the first operation system in single-node login system, first operation system is browsed by user
Device asks log-on message of the user when first operation system logs in described in single sign-on authentication central store;
The second operation system in the login single-node login system receives the user not logged in second operation system
Operational Visit after, second operation system is obtained by the user browser of the user to the single sign-on authentication center
The log-on message of the user is taken, if got, second operation system is automatically performed described using the log-on message
The login process of user, the page after notifying the user browser display to log in;
Second operation system obtains the use by the user browser of the user to the single sign-on authentication center
The log-on message at family, including:
Second operation system sends the instruction for obtaining the log-on message of the user, institute to the user browser of the user
State the redirect address that second operation system is carried in instruction;
The user browser sends the request for obtaining the log-on message of the user to the single sign-on authentication center, described
The redirect address of the global session ID and second operation system of the user are carried in request;
The single sign-on authentication center judges whether global session corresponding with the global session ID of the user, if
In the presence of then according to the session information of global session corresponding with the global session ID of the user, by the login letter of the user
Breath is redirected by the user browser to second operation system, and redirect address is the weight of second operation system
Vectoring address, the session information include the log-on message of the user;
First operation system asks user described in the single sign-on authentication central store to exist by the user browser
Log-on message when first operation system logs in, including:
First operation system sends to the user browser when by the login authentication of the user and stores the use
The instruction of log-on message of the family when first operation system logs in carries first operation system in described instruction
Redirect address and operation system mark;
The user browser sends the storage user to the single sign-on authentication center and is stepped in first operation system
The request of log-on message when record carries redirect address, the operation system mark of first operation system in the request
Knowledge and the user pass through log-on message when login authentication;
After the single sign-on authentication center receives the request, the user is generated when first operation system logs in
Global session, and this login behavior for the user at single sign-on authentication center configures global session ID, in the overall situation
The operation system mark and the user that first operation system is preserved in the session information of session are logged in the operation system
When log-on message, and the global session ID is back to the user browser, and reset by the user browser
To first operation system, redirect address is the redirect address of first operation system.
2. the method as described in claim 1, it is characterised in that:The method further includes:
Second operation system obtains the user's by the user browser of the user to single sign-on authentication center
Log-on message, including:
Second operation system sends the instruction for obtaining the log-on message of the user, institute to the user browser of the user
State the redirect address that second operation system is carried in instruction;
The user browser sends the request for obtaining the log-on message of the user to the single sign-on authentication center, described
The redirect address of second operation system is only carried in request;
When the single sign-on authentication center judges not carrying the global session ID of user in the request, user will be obtained and logged in
The result of information failure is redirected by the user browser to second operation system, and redirect address is described second
The redirect address of operation system;
The method further includes:If do not got, second operation system is according to the acquisition user login information
The result of failure sends out the instruction back to user's current browse webpage to the user browser;The user browser is shown
Current browse webpage.
3. a kind of single-node login system, including:
First operation system, for when by the login authentication of user, being sent to user browser and storing the user in institute
The instruction for stating log-on message when the first operation system logs in asks to feel in single sign-on authentication by the user browser
Store up log-on message of the user when the first operation system logs in;
The user browser, for being stepped in the operation system receiving first operation system request and store the user
After the instruction of log-on message when record, is sent to the single sign-on authentication center and store the user in first business system
The request of log-on message when system logs in;
The single sign-on authentication center, for after the request for receiving the user browser, by the user described
Log-on message when first operation system logs in is stored;
Second operation system, for receiving not after the Operational Visit for the user that second operation system logs in, Xiang Yong
Family browser sends the instruction for obtaining the log-on message of the user, is stepped on to the single-point by the user browser of the user
Record authentication center obtains the log-on message of the user, if got, the use is automatically performed using the log-on message
The login process at family, and notify the page after the user browser display login;
The user browser is additionally operable to after the instruction for receiving the log-on message that second operation system obtains user,
The request for obtaining the log-on message of the user is sent to the single sign-on authentication center, and will be in the single sign-on authentication
The log-on message for the user that the heart returns is transferred to second operation system, after receiving the second operation system notice
The page after display login;
The single sign-on authentication center, is additionally operable to after the request for receiving the user browser, described in local search
The log-on message of user is returned to the log-on message of the user inquired by the user browser if inquiring
To second operation system;
The weight of second operation system is carried in the instruction for the log-on message that second operation system obtains the user
Vectoring address;
The user browser obtain the global session ID that the user is carried in the request of the log-on message of the user and
The redirect address of the operation system;
The single sign-on authentication center judges whether global session corresponding with the global session ID of the user, if
In the presence of then according to the session information of global session corresponding with the global session ID of the user, by the login letter of the user
Breath is redirected by the user browser to second operation system, and redirect address is the weight of second operation system
Vectoring address, the session information include the log-on message of the user;
First operation system stores to be carried in the instruction of log-on message of the user when first operation system logs in
There are the redirect address of the first operation system and operation system mark in the single-node login system;
The user browser stores to be carried in the request of log-on message of the user when first operation system logs in
The redirect address of first operation system, operation system mark and the user are when first operation system logs in
Log-on message;
The single sign-on authentication center, for after the request for receiving the user browser, by the user this
Log-on message when one operation system logs in is stored, including:
After the single sign-on authentication center receives the request, it is complete when first operation system logs in generate the user
Office's session, and this login behavior for the user at single sign-on authentication center configures global session ID, in the global meeting
The operation system mark and the user that first operation system is preserved in the session information of words are stepped in first operation system
Log-on message when record, and the global session ID is back to the user browser, and pass through the user browser weight
It is directed to first operation system, redirect address is the redirect address of first operation system;
The user browser is additionally operable in the overall situation for receiving and preserving the user that the single sign-on authentication center returns
Session id, and pass to first operation system.
4. system as claimed in claim 3, which is characterized in that further include:
The weight of second operation system is carried in the instruction for the log-on message that second operation system obtains the user
Vectoring address;
The user browser obtains the weight that second operation system is only carried in the request of the log-on message of the user
Vectoring address;
When the single sign-on authentication center judges not carrying the global session ID of user in the request, user will be obtained and logged in
The result of information failure is redirected by the user browser to second operation system, and redirect address is described second
The redirect address of operation system;
The user browser resets the result for the acquisition user login information failure that the single sign-on authentication center returns
To second operation system, and receiving that second operation system sends out back to user's current browse webpage
After instruction, current browse webpage is shown;
Second operation system sends out to the user browser according to the result of the acquisition user login information failure and returns
Return to the instruction of corresponding browsing pages.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410422428.5A CN104158818B (en) | 2014-08-25 | 2014-08-25 | A kind of single-point logging method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410422428.5A CN104158818B (en) | 2014-08-25 | 2014-08-25 | A kind of single-point logging method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104158818A CN104158818A (en) | 2014-11-19 |
| CN104158818B true CN104158818B (en) | 2018-09-11 |
Family
ID=51884223
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410422428.5A Active CN104158818B (en) | 2014-08-25 | 2014-08-25 | A kind of single-point logging method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104158818B (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105592031B (en) * | 2014-11-25 | 2019-07-19 | 中国银联股份有限公司 | The user log-in method and system of identity-based certification |
| CN106331042B (en) * | 2015-07-01 | 2020-04-07 | 阿里巴巴集团控股有限公司 | Single sign-on method and device for heterogeneous user system |
| CN106899615A (en) * | 2017-04-18 | 2017-06-27 | 北京思特奇信息技术股份有限公司 | A kind of single sign-on authentication method and system |
| CN107040543B (en) * | 2017-04-26 | 2020-08-04 | 埃摩森网络科技(上海)有限公司 | Single sign-on method, terminal and storage medium |
| CN109729045B (en) * | 2017-10-30 | 2021-01-05 | 腾讯科技(深圳)有限公司 | Single sign-on method, system, server and storage medium |
| CN109145039B (en) * | 2017-12-25 | 2022-01-28 | 北极星云空间技术股份有限公司 | UI bridging method suitable for federal workflow integration |
| CN108289101B (en) * | 2018-01-25 | 2021-02-12 | 中企动力科技股份有限公司 | Information processing method and device |
| CN110213356B (en) * | 2019-05-21 | 2021-11-12 | 深圳壹账通智能科技有限公司 | Login processing method based on data processing and related equipment |
| CN110336828A (en) * | 2019-07-15 | 2019-10-15 | 中国联合网络通信集团有限公司 | A kind of information synchronization method and first server |
| CN110765443A (en) * | 2019-10-24 | 2020-02-07 | 深圳前海环融联易信息科技服务有限公司 | Single sign-on method and device, computer equipment and storage medium |
| CN113011695A (en) * | 2020-10-20 | 2021-06-22 | 上海仪电鑫森科技发展有限公司 | Big data ecological environment system based on SOA technology |
| CN112632491A (en) * | 2020-12-15 | 2021-04-09 | 读书郎教育科技有限公司 | Method for realizing account system shared by multiple information systems |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101026481A (en) * | 2006-02-21 | 2007-08-29 | 华为技术有限公司 | Integrated user safety management method and device |
| CN102857484A (en) * | 2011-07-01 | 2013-01-02 | 阿里巴巴集团控股有限公司 | Method, system and device for implementing single sign-on |
-
2014
- 2014-08-25 CN CN201410422428.5A patent/CN104158818B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101026481A (en) * | 2006-02-21 | 2007-08-29 | 华为技术有限公司 | Integrated user safety management method and device |
| CN102857484A (en) * | 2011-07-01 | 2013-01-02 | 阿里巴巴集团控股有限公司 | Method, system and device for implementing single sign-on |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104158818A (en) | 2014-11-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104158818B (en) | A kind of single-point logging method and system | |
| CN106096343B (en) | Message access control method and equipment | |
| CN102098158B (en) | Cross-domain name single sign on and off method and system as well as corresponding equipment | |
| CN105007280B (en) | A kind of application login method and device | |
| CN109413032A (en) | A kind of single-point logging method, computer readable storage medium and gateway | |
| CN104735066B (en) | A kind of single-point logging method of object web page application, device and system | |
| CN102171984B (en) | Service provider access | |
| CN1852094B (en) | Method and system for protecting account of network business user | |
| CN103428179B (en) | A kind of log in the method for many domain names website, system and device | |
| US7237030B2 (en) | System and method for preserving post data on a server system | |
| EP2633667B1 (en) | System and method for on the fly protocol conversion in obtaining policy enforcement information | |
| CN108322461A (en) | Method, system, device, equipment and the medium of application program automated log on | |
| CN104519050B (en) | Login method and login system | |
| CN109635550B (en) | Permission verification method, gateway and system for cluster data | |
| CN105072123B (en) | A kind of single sign-on under cluster environment exits method and system | |
| CN109413000B (en) | Anti-stealing-link method and anti-stealing-link network relation system | |
| CN104113549A (en) | Platform authorization method, platform server side, application client side and system | |
| WO2016173199A1 (en) | Mobile application single sign-on method and device | |
| CN101388773A (en) | Identity management platform, service server, uniform login system and method | |
| CN102104483B (en) | Single sign-on method, system and load balancing equipment based on load balance | |
| CN108259431A (en) | The method, apparatus and system of account information are shared between applying more | |
| CN103475743B (en) | A kind of method, apparatus and system for cloud service | |
| CN108289101A (en) | Information processing method and device | |
| CN103220261A (en) | Proxy method, device and system of open authentication application program interface | |
| JP2011100489A (en) | User confirmation device and method, and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |