CN104281801A - Single sign-on control method and device - Google Patents

Single sign-on control method and device Download PDF

Info

Publication number
CN104281801A
CN104281801A CN201410588512.4A CN201410588512A CN104281801A CN 104281801 A CN104281801 A CN 104281801A CN 201410588512 A CN201410588512 A CN 201410588512A CN 104281801 A CN104281801 A CN 104281801A
Authority
CN
China
Prior art keywords
application system
bill
sub
master note
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410588512.4A
Other languages
Chinese (zh)
Other versions
CN104281801B (en
Inventor
李年平
俞翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
HANGZHOU DONGFANG COMMUNICATION SOFTWARE TECHNOLOGY Co Ltd
Original Assignee
HANGZHOU DONGFANG COMMUNICATION SOFTWARE TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by HANGZHOU DONGFANG COMMUNICATION SOFTWARE TECHNOLOGY Co Ltd filed Critical HANGZHOU DONGFANG COMMUNICATION SOFTWARE TECHNOLOGY Co Ltd
Priority to CN201410588512.4A priority Critical patent/CN104281801B/en
Publication of CN104281801A publication Critical patent/CN104281801A/en
Application granted granted Critical
Publication of CN104281801B publication Critical patent/CN104281801B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations

Abstract

The invention relates to a single sign-on control method and a single sign-on control device. The method comprises the following steps: receiving a user name, a password and an authentication mode of a first application system by a bill agency center, authenticating the user name and the password, generating a main bill when authentication passes and roaming the main bill to the first application system so as to roam the main bill to a second application system by the first application system, wherein the second application system is the system where a target functional page is located, the first application system is the system for the second application system logging in to skip to, and the main bill is saved in cookies of the bill agency center; receiving a main bill analyzing request of the second application system to analyze the main bill so as to generate a first sub bill and roaming the first bill to the second application system; and receiving a sub bill analyzing request of the second application system to analyze the first sub bill to generate a first user identifier so that the second application system can log in the target functional page of the second application system according to the first user identifier.

Description

Single-sign-on control method and device
Technical field
The present invention relates to computer realm, particularly relate to a kind of single-sign-on control method and device.
Background technology
Single-sign-on (Single Sign On, SSO) technology range of application is more and more wider, in prior art, realize single-sign-on, enterprises or any two methods system between enterprise and enterprise need to carry out mutual certification, can independent of the unified method controlled of application system but lack now, and namely lacking can independent of the Single Sign On control method of enterprise, and when authentication mode changes, directly authentication mode can not be switched.
Summary of the invention
The object of this invention is to provide a kind of single-sign-on control method and system, to solve mutual authentication method ununified between enterprises or enterprise, when authentication mode changes, directly can not switch the problem of the authentication mode between any system.
First aspect, embodiments provide a kind of single-sign-on control method, described method comprises:
The user name of bill agency receive centre first application system, password and authentication mode, and username and password is verified, when being verified, generate master note, and described master note is roamed to described first application system, to make described first application system, described master note is roamed to described second application system, wherein, second application system is the system at objective function page place, described first application system is the system that described second application system jumps to when logging in, and preserves master note in the cookies at described bill agency center;
The master note analysis request of described bill agency receive centre second application system, to resolve described master note, generates the first sub-bill, and roams to described second application system by described first sub-bill;
The sub-bill analysis request of the second application system described in described bill agency receive centre, to resolve described first sub-bill, generation first user identifies, and signs in the objective function page of described second application system in order to the second application system according to described first user mark.
Preferably, described method comprises: if the 3rd application system jumps to the first application system when logging in, the master note analysis request of bill agency receive centre the 3rd application system, master note is extracted from the cookies of this locality, and the master note of described first application system is roamed into the 3rd application system, wherein, described 3rd application system and the first application system are not same application systems;
The master note analysis request of bill agency receive centre the 3rd application system, to resolve described master note, generates the second sub-bill, and roams to described 3rd application system by described second sub-bill;
The sub-bill analysis request of bill agency receive centre the 3rd application system, to resolve described second sub-bill, generate the second user ID, and described second user ID is roamed to described 3rd application system, sign in the objective function page of the 3rd application system according to described second user ID in order to described 3rd application system.
Preferably, described first application system and the second application system are not same application systems.
Preferably, whether whether described first application system utilizes scripted code to judge the first application system and the second application system to be same application system and the first application system and the 3rd application system is same application system.
Preferably, described authentication mode comprises 4A certification, EOMS certification and Portal certification.
Second aspect, embodiments provide a kind of single-sign-on control device, described device comprises: receiving element, resolution unit;
Described receiving element, for receiving the user name of the first application system, password and authentication mode, and username and password is verified, when being verified, generate master note, and described master note is roamed to described first application system, to make described first application system, described master note is roamed to described second application system, wherein, second application system is the system at objective function page place, described first application system is the system that described second application system jumps to when logging in, and preserves master note in the cookies at described bill agency center;
Described resolution unit, for receiving the master note analysis request of the second application system, resolving described master note, generating the first sub-bill, and roaming to described second application system by described first sub-bill;
Described resolution unit also for, receive the sub-bill analysis request of described second application system, to resolve described first sub-bill, generate first user mark, sign in the objective function page of described second application system in order to the second application system according to described first user mark.
Preferably, described receiving element also for, if the 3rd application system jumps to the first application system when logging in, receive the master note analysis request of the 3rd application system, master note is extracted from the cookies of this locality, and the master note of described first application system is roamed into the 3rd application system, wherein, described 3rd application system and the first application system are not same application systems;
Described resolution unit also for, receive the master note analysis request of the 3rd application system, to resolve described master note, generate the second sub-bill, and described second sub-bill is roamed to described 3rd application system;
Described resolution unit also for, receive the sub-bill analysis request of the 3rd application system, to resolve described second sub-bill, generate the second user ID, and described second user ID is roamed to described 3rd application system, sign in the objective function page of the 3rd application system according to described second user ID in order to described 3rd application system.
Preferably, described first application system and the second application system are not same application systems.
Preferably, described authentication mode comprises 4A certification, EOMS certification and Portal certification.
The present invention is by single-sign-on control method and device, solve mutual authentication method ununified between enterprises or enterprise, when authentication mode changes, directly can not switch the problem of the authentication mode between any system, achieve that unified that each needs the application system of single-sign-on controls, switching arbitrarily between application system and when authentication mode changes, the object of this single-point control system of auto-update.
Accompanying drawing explanation
The single-sign-on control method process flow diagram that Fig. 1 provides for the embodiment of the present invention one;
The certification interaction figure at the first application system that Fig. 2 provides for the embodiment of the present invention one, the second application system and bill agency center;
The bill roaming interaction figure at the first application system that Fig. 3 provides for the embodiment of the present invention one, the 3rd application system and bill agency center;
The bill roaming interaction figure at the 3rd application system that Fig. 4 provides for the embodiment of the present invention one and bill agency center;
The certification interaction figure at the first application system that Fig. 5 provides for the embodiment of the present invention one and bill agency center;
The single-sign-on control device schematic diagram that Fig. 6 provides for the embodiment of the present invention two;
Embodiment
In order to make the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing, the present invention is described in further detail, and obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making other embodiments all obtained under creative work prerequisite, belong to the scope of protection of the invention.
The single-sign-on control method process flow diagram that Fig. 1 provides for the embodiment of the present invention one.In the present embodiment, subject of implementation is bill agency center, and bill agency center can be the module operated on network, and this module can be software module, and as shown in Figure 1, the present embodiment comprises the following steps:
S110, the user name of bill agency receive centre first application system, password and authentication mode, and username and password is verified, when being verified, generate master note, and described master note is roamed to described first application system, to make described first application system, described master note is roamed to described second application system, wherein, second application system is the system at the objective function page (i.e. objective function page) place, described first application system is the system that described second application system jumps to when logging in, master note is preserved in the cookies at described bill agency center,
Particularly, when user thinks the objective function page of access second application system, user browser enters into the second application system and logs in, and now, the second application system jumps to the first application system when logging in.
By script (Script) code, first application system judges whether the second application system and the first application system are same application system, in S110, first application system and the second application system are different application systems, such as, first application system can be " QQ ", and the second application system can be " store, Jingdone district ".
The user name of the first application system of bill agency receive centre user input, password and authentication mode, verify, when being verified, bill agency center generates master note, and is stored in by this master note in local cookies.When checking is obstructed out-of-date, bill agency center can point out user to re-enter user name, password, and selective authenticate mode.Wherein, example and non-limiting, authentication mode can be Account Administration, certification, mandate and audit (Account, Authentication, Authorization, Audit, 4A) certification, any one in (Electric Operation Maintenance System, the EOMS) certification of electronic operation and maintenance system and introduction (Portal) certification.
S120, the master note analysis request of bill agency receive centre second application system, to resolve described master note, generates the first sub-bill, and roams described first sub-bill to described second application system.
S130, the sub-bill analysis request of the second application system described in described bill agency receive centre, to resolve described first sub-bill, generate first user mark, sign in the objective function page of described second application system in order to the second application system according to described first user mark.
The master note at bill agency center is lasting effective, and this master note is just for applying for interim sub-bill, and this sub-bill is just for generating user name when the second custom system logs in.
The example of the network address that the second application system finally generates can be: " http: the // the second application system/objective function page? user ID ".
Alternatively, comprise after S130:
S140, if the 3rd application system jumps to the first application system when logging in, the master note analysis request of bill agency receive centre the 3rd application system, master note is extracted from the cookies of this locality, and the master note of described first application system is roamed into the 3rd application system, wherein, described 3rd application system and the first application system are not same application systems;
Particularly, when the 3rd system will sign in the objective function page of the 3rd system by the first system, by scripted code, first application system judges whether the 3rd application system and the first application system are same application system, such as, when the first application system is " QQ ", if the 3rd application system is " QQ space ", then the 3rd application system and the first application system are same application systems, if the 3rd application system is " popular comment ", then the 3rd application system and the first application system are not same application systems.
When according to scripted code, the first application system judges that the 3rd application system and the first application system are same application systems, then show same login window and carry out this locality login.
When according to scripted code, the first application system judges that the 3rd application system and the first application system are not same application systems, then the 3rd application system sends master note analysis request, to obtain the master note of the first application system stored in the cookies at bill agency center directly to bill agency center.
S150, the master note analysis request of bill agency receive centre the 3rd application system, to resolve described master note, generates the second sub-bill, and roams to described 3rd application system by described second sub-bill;
Particularly, after master note roams into the 3rd application system, the 3rd application system sends master note analysis request to bill agency center, according to the second sub-bill of this acquisition request to oneself.
S160, the sub-bill analysis request of bill agency receive centre the 3rd application system, to resolve described second sub-bill, generate the second user ID, and described second user ID is roamed to described 3rd application system, sign in the objective function page of the 3rd application system according to described second user ID in order to described 3rd application system.
It should be noted that, first application system is the arbitrary application system in multiple application system, second application system is the application system in described multiple application system except crossing the first application system, and the 3rd application system removes the application system outside the first application system, the second application system in multiple application system.
The single-sign-on control method that the application embodiment of the present invention provides, achieve the unified certification management between application system, and changed at authentication mode and authentication center, access the application system at bill agency center, will it goes without doing any change completely, can upgrading completely automatically.
The certification interaction figure at the first application system that Fig. 2 provides for the embodiment of the present invention one, the second application system and bill agency center.As shown in Figure 2, in the present embodiment, objective function page belongs to the second application system, entrance system log in page belongs to the first application system, and sub-bill parsing page, center certification bill session terminal, center certification bill adapter, bill generate and belong to bill agency center with analysis service, account number cipher authentication service.Below, each module specific to the first application system, the second application system, bill agency center is set forth its reciprocal process.As shown in Figure 2, the present embodiment comprises:
S201, user browser sends logging request to entrance system log in page, and this request carries username and password;
S202, entrance system log in page sends master note request to center certification bill adapter, and this request carries user name, password and authentication mode;
Particularly, the S110 in this S201 and step S202 corresponding diagram 1, it is by the center certification bill adapter of the function at bill agency center in S110 specific to bill agency center.
S203, username and password sends to bill to generate and resolution server by center certification bill adapter, and request generates master note;
S204, bill generates and sends username and password with resolution server to account number cipher authentication service, and account number cipher authentication service, according to authentication mode, is verified username and password;
Particularly, authentication mode can be any one in 4A certification, EOMS certification and Portal certification.
S205, authentication result sends to bill to generate and analysis service by account number cipher authentication service, and bill generates with analysis service according to authentication result, generates master note;
S206, bill generates and master note is sent to center certification bill adapter with analysis service;
S207, master note is roamed and is logged in page to entrance system by center certification bill adapter;
S208, portal login page is to the request of center certification session ticket terminal;
S209, user browser sends master note analysis request to center certification session ticket terminal;
S210, center certification bill session terminal sends the network address of master note analysis request and goal systems page function to center certification bill adapter;
S211, center certification bill adapter generates to bill and sends master note with analysis service;
S212, bill generates to be roamed to center certification bill adapter with analysis service by the sub-bill parsed;
S213, sub-bill is roamed to center certification session ticket terminal by center certification bill adapter;
S214, center certification session ticket terminal registration master note is in cookies, and request redirect to sub-bill and resolves page;
S215, user browser is resolved page to sub-bill and is sent sub-bill analysis request;
S216, sub-bill is resolved page and is sent sub-bill analysis request to center certification bill adapter, and request analysis goes out user ID;
S217, center certification bill adapter generates to bill and sends sub-bill analysis request, request analysis user name with analysis service, and bill generates and parses user ID with analysis service;
S218, bill generates and sends user ID with analysis service to center certification bill adapter;
S219, center certification bill adapter is resolved page to sub-bill and is sent user ID;
S220, user browser request redirect to objective function page.So far, entrance system log in page and center certification session ticket terminal complete session cookies and register.
Second application system can utilize this user ID to sign in the objective function page of oneself.
The bill roaming interaction figure at the first application system that Fig. 3 provides for the embodiment of the present invention one, the 3rd application system and bill agency center.As shown in Figure 3, in the present embodiment, 3rd application system comprises goal systems page function, first application system comprises goal systems log in page, bill agency center comprises the sub-bill of goal systems and resolves page, center certification session ticket terminal, center certification bill adapter, bill generates and analysis service.Below, each module specific to the first application system, the 3rd application system, bill agency center being set forth the 3rd application system utilizes the master note of the first application system in the heart in bill agency to carry out the process of single-sign-on.The present embodiment comprises the following steps:
Wherein, user browser is the browser of the 3rd application system when logging in, and goal systems page function is the page in the 3rd application system that will access of the 3rd application system, and the first application system is the page that the 3rd application system jumps to when logging in.
S301, user browser sends the request redirecting to goal systems log in page to goal systems page function;
S302, the request of goal systems log in page redirect to the request of goal systems log in page;
S303, user browser sends the logging request of goal systems page function to goal systems log in page;
Now, goal systems log in page utilize scripted code to judge whether reffer derives from external system, herein, external system namely, do not belong to same application system with the first application system, when the first application system judges that the 3rd application system is external system, jump to S304.
S304, goal systems logs in page request and redirect to center certification session ticket terminal;
S305, user browser sends sub-ticket requests to center certification session ticket terminal;
S306, (prerequisite of extraction is that it has master note to extract master note in the cookies master note that center certification session ticket terminal extracts under master note or gmcc.net domain name automatically from the cookies of registration, if master note does not exist, then jump to the flow process of Fig. 2), and the network address of the master note of extraction and goal systems page function is sent to center certification bill adapter;
S307, center certification bill adapter generates to bill and sends master note with analysis service, and bill generates and parses sub-bill with analysis service according to master note;
S308, bill generates and sends sub-bill with analysis service to center certification bill adapter;
S309, center certification bill adapter sends sub-bill to center certification bill session terminal;
S310, the request of center certification bill session terminal redirect to sub-bill and resolves page;
S311, user browser is resolved page to the sub-bill of goal systems and is sent goal systems page function network address and sub-bill analysis request;
S312, the sub-bill of goal systems is resolved page and is sent sub-bill to center certification bill adapter;
S313, center certification bill adapter generates to bill and sends sub-bill with analysis service, and bill generates and parses user ID with analysis service according to sub-bill;
S314, bill generates and sends user ID with analysis service to center certification bill adapter;
S315, center certification bill adapter is resolved page to the sub-bill of goal systems and is sent user name mark, and assembles application system session cookies;
S316, the sub-bill of goal systems is resolved page and is sent request log-on session cookies and turn to the request of goal systems page function, to realize user browser direct access destination systemic-function page.
3rd application system, according to the master note of the first application system stored in the cookies of bill agency center, signs in the goal systems function pages of the 3rd application system.
The bill roaming interaction figure at the 3rd application system that Fig. 4 provides for the embodiment of the present invention one and bill agency center.As shown in Figure 4, in this embodiment, the 3rd application system comprises objective function page, and bill agency center comprises the sub-bill of goal systems and resolves page, center certification bill session terminal, center certification bill adapter, bill generation and analysis service.Below, each module specific to the 3rd application system, bill agency center being set forth the 3rd application system utilizes bill agency center to carry out the process of single-sign-on.The present embodiment comprises the following steps:
S401, user browser resolves to the sub-bill of goal systems the network address that page sends goal systems page function;
S402, the sub-bill of goal systems is resolved page and is sent request the request redirecting to center certification session ticket terminal;
S403, user browser sends goal systems page function network address to center certification session ticket terminal and page network address resolved by sub-bill, and request generates sub-bill;
S404, center certification session ticket terminal extracts master note automatically from the cookies master note the cookies master note of registration or gmcc.net domain name, and (prerequisite of extraction is that it has master note, if master note does not exist, then jump to the flow process of Fig. 2), and the network address of the master note of extraction and goal systems page function is sent to center certification bill adapter;
S405, center certification bill adapter generates to bill and sends master note with analysis service, and described bill generates and parses sub-bill with analysis service according to master note;
S406, bill generates and sends sub-bill with analysis service to center certification bill adapter;
S407, center certification bill adapter sends sub-bill to center certification session ticket terminal;
S408, the request of center certification session ticket terminal redirect to the sub-bill of goal systems and resolves page;
S409, user browser is resolved page to the sub-bill of goal systems and is sent the network address of goal systems page function and sub-bill;
S410, the sub-bill of goal systems is resolved page and is sent the network address of goal systems page function and sub-bill to center certification bill adapter;
S411, center certification bill adapter generates to bill and sends sub-bill with analysis service, and bill generates and parses user ID with analysis service according to this sub-bill;
S412, bill generates and sends user ID with analysis service to center certification bill adapter;
S413, center certification bill adapter is resolved page to the sub-bill of goal systems and is sent this user ID, and page assembling application system session cookies resolved by the sub-bill of goal systems;
S414, the sub-bill of goal systems is resolved page and is sent request the request redirecting to goal systems page function, and login sessions cookies, to realize user browser direct access destination systemic-function page.
Eliminate through bill agency central authentication in Fig. 4, and generate the system of master note, such as, first application system, be convenient to see that the 3rd application system (also can be the 4th application system intuitively, 5th application system etc., 3rd application system acute pyogenic infection of finger tip is all herein can need the system of being carried out single-sign-on by the first application system) and the reciprocal process at bill agency center, so, 3rd application system can utilize the roaming function of master note in the heart in bill agency, carries out the objective function page signing in the 3rd application system.Achieve the unified certification of multiple application system, when authentication mode changes, directly can switch the authentication mode between any application system, achieve that unified that each needs the application system of single-sign-on controls, switching arbitrarily between application system and when authentication mode changes, the object of this single-point control system of auto-update.
The certification interaction figure at the first application system that Fig. 5 provides for the embodiment of the present invention one and bill agency center.As shown in Figure 5, in the present embodiment, the second application system comprises objective function page (only occurring in part steps in Fig. 5), bill agency center comprises sub-bill and generates page, and the sub-bill of goal systems resolves page, log in page, bill generates and analysis service, account number cipher authentication service.Below, each module specific to the first application system, the second application system, bill agency center being set forth the second application system utilizes the master note of the first application system in the heart in bill agency to carry out the process of single-sign-on.As shown in Figure 5, the present embodiment comprises the following steps:
S501, user browser sends user name, password and authentication mode to logging in page;
S502, logs in page and sends username and password to bill generation with analysis service;
S503, bill generates and sends username and password with analysis service to account number cipher authentication service, when being verified, generates master note;
S504, account number cipher and the service for checking credentials generate to bill and send master note with analysis service;
S505, bill generates and sends master note to log in page, log in page log-on session cookies and master note cookies with analysis service;
S506, log in page sends request the request redirecting to goal systems page function, user browser log-on session cookies;
S507, user browser generates to sub-bill the network address that page sends goal systems page function;
S508, sub-bill generates page and automatically extracts master note cookies, and is sent to by master note bill to generate and analysis service;
S509, bill generation generates page with analysis service to sub-bill and sends sub-bill;
Bill generates resolves master note with analysis service, generates sub-bill.
S510, sub-bill generates page and sends request the request redirecting to goal systems sub-bill parsing page;
S511, user browser is resolved page to the sub-bill of goal systems and is sent the network address of goal systems page function and sub-bill;
S512, the sub-bill of goal systems is resolved page and is sent sub-bill to bill generation with analysis service;
S513, bill generates and parses user ID with analysis service according to sub-bill, and user ID is sent to the sub-bill of goal systems to resolve page;
S514, page log-on session cookies resolved by the sub-bill of goal systems, and sends request log-on session cookies and redirect to the request of goal systems page function.
The reciprocal process at the second application system and bill agency center is eliminated in Fig. 5, emphasis to set forth in the first application system and bill agency the roam procedure of master note in the heart, sub-bill, user ID, wherein, roam into sub-bill and the user ID of the first application system, finally also can roam into the second application system by the first application system.So, the second application system can utilize user ID, signs in the objective function page of the second application system.Achieve the unified certification of multiple application system, when authentication mode changes, directly can switch the authentication mode between any application system, achieve that unified that each needs the application system of single-sign-on controls, switching arbitrarily between application system and when authentication mode changes, the object of this single-point control system of auto-update.
The single-sign-on control device schematic diagram that Fig. 6 provides for the embodiment of the present invention two, as shown in Figure 6, bill agency center comprises: receiving element 610 and resolution unit 620;
Described receiving element 610, for receiving the user name of the first application system, password and authentication mode, and username and password is verified, when being verified, generate master note, and described master note is roamed to described first application system, to make described first application system, described master note is roamed to described second application system, wherein, second application system is the system at objective function page place, described first application system is the system that described second application system jumps to when logging in, master note is preserved in the cookies at described bill agency center,
Described resolution unit 620, for receiving the master note analysis request of the second application system, resolving described master note, generating the first sub-bill, and roaming to described second application system by described first sub-bill;
Described resolution unit 620 also for, receive the sub-bill analysis request of described second application system, to resolve described first sub-bill, generate first user mark, sign in the objective function page of described second application system in order to the second application system according to described first user mark.
Alternatively, described receiving element 610 also for, if the 3rd application system jumps to the first application system when logging in, receive the master note analysis request of the 3rd application system, master note is extracted from the cookies of this locality, and the master note of described first application system is roamed into the 3rd application system, wherein, described 3rd application system and the first application system are not same application systems;
Described resolution unit 620 also for, receive the master note analysis request of the 3rd application system, to resolve described master note, generate the second sub-bill, and described second sub-bill is roamed to described 3rd application system;
Described resolution unit 620 also for, receive the sub-bill analysis request of the 3rd application system, to resolve described second sub-bill, generate the second user ID, and described second user ID is roamed to described 3rd application system, sign in the objective function page of the 3rd application system according to described second user ID in order to described 3rd application system.
Alternatively, described first application system and the second application system are not same application systems.
Alternatively, described authentication mode comprises 4A certification, EOMS certification and Portal certification.
The single-sign-on control device that the application embodiment of the present invention provides, achieve the unified certification management between application system, and changed at authentication mode and authentication center, access the application system at bill agency center, will it goes without doing any change completely, can upgrading completely automatically.
Professional should recognize further, in conjunction with unit and the algorithm steps of each example of embodiment disclosed herein description, can realize with electronic hardware, computer software or the combination of the two, in order to the interchangeability of hardware and software is clearly described, generally describe composition and the step of each example in the above description according to function.These functions perform with hardware or software mode actually, depend on application-specific and the design constraint of technical scheme.Professional and technical personnel can use distinct methods to realize described function to each specifically should being used for, but this realization should not thought and exceeds scope of the present invention.
The software module that the method described in conjunction with embodiment disclosed herein or the step of algorithm can use hardware, processor to perform, or the combination of the two is implemented.Software module can be placed in the storage medium of other form any known in random access memory (RAM), internal memory, ROM (read-only memory) (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technical field.
Above-described embodiment; object of the present invention, technical scheme and beneficial effect are further described; be understood that; the foregoing is only the specific embodiment of the present invention; the protection domain be not intended to limit the present invention; within the spirit and principles in the present invention all, any amendment made, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (9)

1. a single-sign-on control method, is characterized in that, described method comprises:
The user name of bill agency receive centre first application system, password and authentication mode, and username and password is verified, when being verified, generate master note, and described master note is roamed to described first application system, to make described first application system, described master note is roamed to described second application system, wherein, second application system is the system at objective function page place, described first application system is the system that described second application system jumps to when logging in, and preserves master note in the cookies at described bill agency center;
The master note analysis request of described bill agency receive centre second application system, to resolve described master note, generates the first sub-bill, and roams to described second application system by described first sub-bill;
The sub-bill analysis request of the second application system described in described bill agency receive centre, to resolve described first sub-bill, generation first user identifies, and signs in the objective function page of described second application system in order to the second application system according to described first user mark.
2. the method for claim 1, it is characterized in that, described method comprises: if the 3rd application system jumps to the first application system when logging in, the master note analysis request of bill agency receive centre the 3rd application system, master note is extracted from the cookies of this locality, and the master note of described first application system is roamed into the 3rd application system, wherein, described 3rd application system and the first application system are not same application systems;
The master note analysis request of bill agency receive centre the 3rd application system, to resolve described master note, generates the second sub-bill, and roams to described 3rd application system by described second sub-bill;
The sub-bill analysis request of bill agency receive centre the 3rd application system, to resolve described second sub-bill, generate the second user ID, and described second user ID is roamed to described 3rd application system, sign in the objective function page of the 3rd application system according to described second user ID in order to described 3rd application system.
3. the method for claim 1, is characterized in that, described first application system and the second application system are not same application systems.
4. the method for claim 1, it is characterized in that, whether whether described first application system utilizes scripted code to judge the first application system and the second application system to be same application system and the first application system and the 3rd application system is same application system.
5. the method for claim 1, is characterized in that, described authentication mode comprises account management, certification, mandate and audit 4A certification, electronic operation and maintenance system EOMS certification and introduction Portal certification.
6. a single-sign-on control device, is characterized in that, described device comprises: receiving element, resolution unit;
Described receiving element, for receiving the user name of the first application system, password and authentication mode, and username and password is verified, when being verified, generate master note, and described master note is roamed to described first application system, to make described first application system, described master note is roamed to described second application system, wherein, second application system is the system at objective function page place, described first application system is the system that described second application system jumps to when logging in, and preserves master note in the cookies at described bill agency center;
Described resolution unit, for receiving the master note analysis request of the second application system, resolving described master note, generating the first sub-bill, and roaming to described second application system by described first sub-bill;
Described resolution unit also for, receive the sub-bill analysis request of described second application system, to resolve described first sub-bill, generate first user mark, sign in the objective function page of described second application system in order to the second application system according to described first user mark.
7. device according to claim 6, it is characterized in that, described receiving element also for, if the 3rd application system jumps to the first application system when logging in, receive the master note analysis request of the 3rd application system, from the cookies of this locality, extract master note, and the master note of described first application system is roamed into the 3rd application system, wherein, described 3rd application system and the first application system are not same application systems;
Described resolution unit also for, receive the master note analysis request of the 3rd application system, to resolve described master note, generate the second sub-bill, and described second sub-bill is roamed to described 3rd application system;
Described resolution unit also for, receive the sub-bill analysis request of the 3rd application system, to resolve described second sub-bill, generate the second user ID, and described second user ID is roamed to described 3rd application system, sign in the objective function page of the 3rd application system according to described second user ID in order to described 3rd application system.
8. device according to claim 6, is characterized in that, described first application system and the second application system are not same application systems.
9. device according to claim 6, is characterized in that, described authentication mode comprises 4A certification, EOMS certification and Portal certification.
CN201410588512.4A 2014-10-28 2014-10-28 Single-sign-on control method and device Active CN104281801B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410588512.4A CN104281801B (en) 2014-10-28 2014-10-28 Single-sign-on control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410588512.4A CN104281801B (en) 2014-10-28 2014-10-28 Single-sign-on control method and device

Publications (2)

Publication Number Publication Date
CN104281801A true CN104281801A (en) 2015-01-14
CN104281801B CN104281801B (en) 2018-07-13

Family

ID=52256664

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410588512.4A Active CN104281801B (en) 2014-10-28 2014-10-28 Single-sign-on control method and device

Country Status (1)

Country Link
CN (1) CN104281801B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105991602A (en) * 2015-02-26 2016-10-05 北京神州泰岳信息安全技术有限公司 Data access method and data access system
CN107294916A (en) * 2016-03-31 2017-10-24 北京神州泰岳软件股份有限公司 Single-point logging method, single-sign-on terminal and single-node login system
CN110008669A (en) * 2019-03-28 2019-07-12 深兰科技(上海)有限公司 A kind of platform login method, system, device, terminal device and storage medium
CN110381084A (en) * 2019-08-07 2019-10-25 北京三快在线科技有限公司 Single-node login system and method, storage medium and electronic equipment

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060248577A1 (en) * 2005-04-29 2006-11-02 International Business Machines Corporation Using SSO processes to manage security credentials in a provisioning management system
CN101159557A (en) * 2007-11-21 2008-04-09 华为技术有限公司 Single point logging method, device and system
CN101207482A (en) * 2007-12-13 2008-06-25 深圳市戴文科技有限公司 System and method for implementation of single login
CN101355527A (en) * 2008-08-15 2009-01-28 深圳市中兴移动通信有限公司 Method for implementing single-point LOG striding domain name
CN101399671A (en) * 2008-11-18 2009-04-01 中国科学院软件研究所 Cross-domain authentication method and system thereof
CN101902329A (en) * 2009-05-31 2010-12-01 西门子(中国)有限公司 Method and device for single sign on
CN102045329A (en) * 2009-10-22 2011-05-04 中国移动通信集团公司 Single point login method, login initiating terminal, target terminal and verification center
CN102065141A (en) * 2010-12-27 2011-05-18 广州欢网科技有限责任公司 Method and system for realizing single sign-on of cross-application and browser

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060248577A1 (en) * 2005-04-29 2006-11-02 International Business Machines Corporation Using SSO processes to manage security credentials in a provisioning management system
CN101159557A (en) * 2007-11-21 2008-04-09 华为技术有限公司 Single point logging method, device and system
CN101207482A (en) * 2007-12-13 2008-06-25 深圳市戴文科技有限公司 System and method for implementation of single login
CN101355527A (en) * 2008-08-15 2009-01-28 深圳市中兴移动通信有限公司 Method for implementing single-point LOG striding domain name
CN101399671A (en) * 2008-11-18 2009-04-01 中国科学院软件研究所 Cross-domain authentication method and system thereof
CN101902329A (en) * 2009-05-31 2010-12-01 西门子(中国)有限公司 Method and device for single sign on
CN102045329A (en) * 2009-10-22 2011-05-04 中国移动通信集团公司 Single point login method, login initiating terminal, target terminal and verification center
CN102065141A (en) * 2010-12-27 2011-05-18 广州欢网科技有限责任公司 Method and system for realizing single sign-on of cross-application and browser

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105991602A (en) * 2015-02-26 2016-10-05 北京神州泰岳信息安全技术有限公司 Data access method and data access system
CN107294916A (en) * 2016-03-31 2017-10-24 北京神州泰岳软件股份有限公司 Single-point logging method, single-sign-on terminal and single-node login system
CN107294916B (en) * 2016-03-31 2019-10-08 北京神州泰岳软件股份有限公司 Single-point logging method, single-sign-on terminal and single-node login system
CN110008669A (en) * 2019-03-28 2019-07-12 深兰科技(上海)有限公司 A kind of platform login method, system, device, terminal device and storage medium
CN110381084A (en) * 2019-08-07 2019-10-25 北京三快在线科技有限公司 Single-node login system and method, storage medium and electronic equipment

Also Published As

Publication number Publication date
CN104281801B (en) 2018-07-13

Similar Documents

Publication Publication Date Title
US10419418B2 (en) Device fingerprint based authentication
US20200099677A1 (en) Security object creation, validation, and assertion for single sign on authentication
CN108462704B (en) Login validation method, device, computer equipment and storage medium
CN104378376B (en) Single-point logging method, certificate server and browser based on SOA
EP2984589B1 (en) System and method for mobile single sign-on integration
US10348721B2 (en) User authentication
CN109684799A (en) Account logon method, entering device, Account Logon equipment and storage medium
CN103795731A (en) User account login method
CN102752116B (en) A kind of method and device realizing multiple identity of network user
CN104753960B (en) A kind of system configuration management method based on single-sign-on
CN105828329B (en) Mobile terminal authentication management method
CN106331003B (en) The access method and device of application door system on a kind of cloud desktop
CN103347020B (en) A kind of system and method across application authorization access
CN104281801A (en) Single sign-on control method and device
CN104618369A (en) Method, device and system for unique authorization of Internet-of-Things equipment based on OAuth
CN103227786A (en) Method and device for filling in website login information
CN103200159A (en) Network access method and equipment
CN105162774A (en) Virtual machine login method and device used for terminal
CN104065674A (en) Terminal device and information processing method
Hu et al. Implementation of social engineering attack at institution of higher education
CN102065421B (en) Method, device and system for updating key
US20160156610A1 (en) Message Pushing System And Method
CN103428161A (en) Phone authentication service system
CN103179564A (en) Network application logging in method based on mobile terminal authentication
CN110034979A (en) A kind of proxy resources monitoring method, device, electronic equipment and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant