CN105592026A - Multi-network-segment multi-system single sign on method - Google Patents

Multi-network-segment multi-system single sign on method Download PDF

Info

Publication number
CN105592026A
CN105592026A CN201410645753.8A CN201410645753A CN105592026A CN 105592026 A CN105592026 A CN 105592026A CN 201410645753 A CN201410645753 A CN 201410645753A CN 105592026 A CN105592026 A CN 105592026A
Authority
CN
China
Prior art keywords
cas
multi
method
single sign
ticket
Prior art date
Application number
CN201410645753.8A
Other languages
Chinese (zh)
Inventor
臧主峰
刘琳
李勤新
翟媛媛
陈勇
潘志敏
李明节
常青
李尹
李亚楼
田芳
Original Assignee
国家电网公司
中国电力科学研究院
国网浙江省电力公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 国家电网公司, 中国电力科学研究院, 国网浙江省电力公司 filed Critical 国家电网公司
Priority to CN201410645753.8A priority Critical patent/CN105592026A/en
Publication of CN105592026A publication Critical patent/CN105592026A/en

Links

Abstract

The invention relates to a multi-network-segment multi-system single sign on method. The method is realized based on CAS. The CAS comprises a CAS server and a CAS client. The method comprises the following steps: a user browser accessing the CAS client; redirectioning to the CAS server; performing user authentication; redirectioning to the CAS client and sending authentication parameters; confirming sign on success; and after the sign on success, redirectioning to a request address. The method can reduce the time consumed by a user in signing on different systems and reduces the possibility of sign on errors of the user; and while secure sign on is realized, the situation in which user authentication information of multiple systems is processed and preserved can also be avoided.

Description

一种多网段多系统单点登录方法 A multi-segment multi-system single sign-on method

技术领域 FIELD

: :

[0001] 本发明涉及一种单点登录方法,更具体涉及一种多网段多系统单点登录方法。 [0001] The present invention relates to a method of single sign, and more particularly, to a multi-system multisegment method of single sign.

背景技术 Background technique

: :

[0002] 单点登录(Single Sign On, SSO),是指基于用户/会话认证的一个过程,用户只需一次性提供凭证(仅一次登录),就可以访问多个应用。 [0002] Single sign-on (Single Sign On, SSO), refers to a process based on user / session authentication, the user for credentials only once (single sign-only), you can access multiple applications. 目前单点登录主要是基于Web的多种应用程序,即通过浏览器实现对多个B/S架构应用的统一账户认证。 Currently single sign-on is mainly based on a variety of Web applications, namely unified account authentication for multiple B / S architecture application through a browser.

[0003] 单点登录方案有效整合现有业务系统,解决多个业务系统的用户统一认证问题,实现单点登录及访问控制,并采用相关的安全机制增强用户身份认证过程的安全性。 [0003] Single sign-on solutions to effectively integrate existing business systems, business systems solve multiple user unified authentication problems and achieve single sign-on and access control, and the use of relevant security mechanisms enhance the security of user authentication process. 在某些特定领域,出于信息安全的考虑,会将所辖网络分为内网和外网,甚至分成多个网段。 In certain areas, for security reasons, will be under the jurisdiction of the network is divided into internal networks and the Internet, or even into a plurality of segments. 例如,国家电网调度中心的多个应用系统服务于不同网段的用户群,因此需要实现多个应用针对于不同网段的统一登录。 For example, multiple applications of the national grid dispatch center to serve different segments of users, and therefore need to achieve a unified login for multiple applications in different network segments.

[0004] 商业SSO —般适用于客户对SSO的需求很高,但商业SSO软件除了价格问题外,另一个重要问题就是对客户自己的应用系统支持未必十分完善;开源SSO基本不能满足对内外网及多网段应用统一登录的需求。 [0004] Commercial SSO - generally applicable to high customer demand for SSO, but commercial SSO software in addition to the price, another important issue is to support the customer's own application system is not perfect; open-source SSO can not meet the basic internal and external networks and multi-segment applications demand unified login. 故提出一种多网段多系统单点登录方法,以解决上述问题。 Therefore proposes a multi-segment multi-system single sign-on approach to solve the problem.

发明内容 SUMMARY

: :

[0005] 本发明的目的是提供一种多网段多系统单点登录方法,该方法减少系统冗余操作,降低实施部署难度,节省硬件资源成本。 [0005] The object of the present invention is to provide a multi-system multisegment single sign-on method to reduce system redundancy operation, to reduce the difficulty of deployment embodiment, hardware resources saving costs.

[0006] 为实现上述目的,本发明采用以下技术方案:一种多网段多系统单点登录方法,所述方法基于CAS实现;所述CAS包括CAS服务器和CAS客户端;所述方法包括以下步骤: [0006] To achieve the above object, the present invention employs the following technical solutions: A multisegment single sign multi-system, the method implemented based on CAS; and the CAS CAS CAS server comprises a client; the method comprising step:

[0007] (I)用户浏览器访问CAS客户端; [0007] (I) the user's browser to access CAS client;

[0008] (2)重新定向到CAS服务器; [0008] (2) redirecting the CAS server;

[0009] (3)用户认证; [0009] (3) user authentication;

[0010] (4)重定向到CAS客户端并发送认证参数; [0010] (4) and redirected to the CAS client sends an authentication parameter;

[0011] (5)确认登录成功; [0011] (5) to confirm the login is successful;

[0012] (6)登录成功后,重定向到请求地址。 [0012] (6) After a successful login, redirected to the requested address.

[0013] 本发明提供的一种多网段多系统单点登录方法,所述步骤(I)通过进入CAS的登录界面访问所述CAS客户端;所述登录界面通过启动其应用程序进入。 [0013] The present invention provides a multi-segment multisystem method of single sign, said step (I) by accessing the CAS client enters a login interface CAS; by starting the login interface into their applications.

[0014] 本发明提供的一种多网段多系统单点登录方法,所述CAS的登录界面要求用户输入用户名和密码。 [0014] The present invention provides a multi-segment multisystem method of single sign, the CAS login screen requires the user to enter a user name and password.

[0015] 本发明提供的另一优选的一种多网段多系统单点登录方法,所述步骤(3)通过所获得的用户名和密码,在认证机制进行认证。 Another preferred invention provides a multi-network [0015] The present method of single sign multi-system, the step (3), authenticating the authentication mechanism obtained by the user name and password.

[0016] 本发明提供的再一优选的一种多网段多系统单点登录方法,当用户已经成功地登录CAS时,所述CAS向浏览器送回一个内存cookie ;所述cookie并不是真的保存在内存中,而是当所述浏览器一关闭,所述cookie就自动过期。 [0016] A further preferred multisegment the present invention provides a multi-system method of single sign, when the user has successfully logged CAS, CAS said memory returns a cookie to the browser; the cookie is not true it is stored in memory, but a when the browser is closed, the cookie will automatically expire.

[0017] 本发明提供的又一优选的一种多网段多系统单点登录方法,当用户认证成功后,所述CAS服务器创建一个随机生成的字符串Ticket ;所述CAS将所述ticket、成功登录的用户和用户申请的服务联系在一起。 [0017] A further preferred multisegment present invention provides a multi-system method of single sign, when the user authentication is successful, the CAS Ticket server creates a randomly generated string; the CAS the Ticket, user and application service users to log in successfully linked.

[0018] 本发明提供的又一优选的一种多网段多系统单点登录方法,所述ticket是一次性使用的凭证,它只对成功登录的用户及其服务使用一次,使用过以后立刻失效。 [0018] A further preferred multisegment present invention provides a multi-system method of single sign, the ticket voucher is disposable, once only, and used for the user to use the service immediately after successful login failure.

[0019] 本发明提供的又一优选的一种多网段多系统单点登录方法,所述步骤(4)中所述CAS客户端在从其应用程序转向CAS的时候,根据其客户端请求来源,会将子系统的地址,转化为相应网段的地址URL来提交认证,并且将此URL记录起来;当CAS重定向的时候,将所述ticket作为一个参数传递回应用程序。 [0019] A further preferred multisegment present invention provides single sign multi-system, said step (4) in the CAS client at the time of turning from the CAS application, according to which client requests source address subsystem will be converted to the corresponding URL address to submit authentication network, and this URL recorded together; when CAS redirection when the ticket as a parameter passed back to the application.

[0020] 本发明提供的又一优选的一种多网段多系统单点登录方法,所述步骤(5)通过所述参数验证是否成功登录;当所述应用程序收到ticket之后,需要验证ticket ;所述ticket是通过传递给CAS服务器提供的URL来实现校验的。 [0020] A further preferred multisegment present invention provides a multi-system method of single sign, said step (5) by said parameter to verify successfully logged; When the application receives the Ticket, needs to be verified ticket; the ticket validation is achieved by passing a URL CAS server.

[0021] 本发明提供的又一优选的一种多网段多系统单点登录方法,是所述CAS获得ticket后,通过CAS服务器对其进行判断:如果判断所述ticket是有效的,则返回一个标识给其应用程序;随后CAS将ticket作废,并且在客户端留下一个cookie ;其他应用程序就使用该cookie进行认证,而不再需要输入用户名和密码。 [0021] A further preferred multisegment present invention provides a multi-system method of single sign, is obtained after the CAS ticket, judged by its CAS server: determining if the ticket is valid, returns a logo to their applications; CAS will subsequently voided ticket, and the client left a cookie; other applications will use the cookie authentication without the need to enter a user name and password.

[0022] 和最接近的现有技术相比,本发明提供技术方案具有以下优点: [0022] compared to the closest prior art and to provide technical solutions of the present invention has the following advantages:

[0023] 1、本发明减少用户在不同系统中登录耗费的时间,减少用户登录出错的可能性; [0023] 1, the present invention reduces user logged in different systems takes time, reducing the likelihood of user error log;

[0024] 2、本发明实现安全的同时避免了处理和保存多套系统用户的认证信息; [0024] 2, while the present invention is to achieve a safe avoids handling and storage system sets the user authentication information;

[0025] 3、本发明减少了系统管理员增加、删除用户和修改用户权限的时间; [0025] 3, the present invention reduces the system administrator to increase, modify, and delete users time user rights;

[0026] 4、本发明增加了安全性:系统管理员有了更好的方法管理用户,例如可以通过直接禁止和删除用户来取消该用户对所有系统资源的访问权限; [0026] 4, the present invention increases the security: System administrators have a better way to manage user, for example, to cancel the user access to all system resources through direct ban and delete users;

[0027] 5、本发明对需要统一认证的各子系统没有侵入性,同时不需要额外的编程; [0027] 5, the present invention is not invasive for each authentication subsystem requires uniform, while no additional programming;

[0028] 6、本发明有较好的扩展性,支持多种认证机制及加密算法;通过系统相关命令自定义证书,能将普通的传输协议转化为更安全的https协议。 [0028] 6, the present invention has good scalability, support for multiple authentication mechanisms and encryption algorithms; custom certificates, can common transport protocol into a more secure system-related commands via https protocol.

附图说明 BRIEF DESCRIPTION

[0029] 图1为本发明的方法流程图。 [0029] FIG. 1 is a flowchart of a method of the present invention.

具体实施方式 Detailed ways

[0030] 下面结合实施例对发明作进一步的详细说明。 [0030] below with reference to examples illustrate the invention in further detail.

[0031] 实施例1: [0031] Example 1:

[0032] 如图1所示,本例的发明一种多网段多系统单点登录方法,所述方法基于CAS实现;该单点登录分为“服务端(CAS Server)”和“客户端(CAS Client)”。 [0032] 1, the embodiment of the present invention is a multi-multisegment single sign-on system, the method implemented based on CAS; single sign into the "server (CAS Server)", and "Client (CAS Client) ". 服务端为单点登录服务器,而客户端是类库插件包。 Server as a single sign-on server, and the client is a library add-on package. 使用单点登录的应用程序,需要把客户端类库插件包集成到自己的系统中。 Use single sign-on applications that require the client library plug-in package integrated into their systems. 单点登录的客户端通常简单实现插件包提供的认证接口,替换了原来应用程序的认证部分代码。 Single sign-on authentication client is usually a simple implementation of the interface provides plug-in package, replacing the authentication part of the code of the original application.

[0033] 某个应用程序首先要发起第一次认证的情况下,应用程序中嵌入的客户端类库包会把应用程序原来的登录画面拦截掉,而直接转到单点登录服务器的登录页面;输入正确的用户名和密码后即可进入原应用程序系统,其他子系统在该客户端亦可直接访问。 [0033] First, an application to initiate a case of the first certified application embedded client library will package the original application login screen interception off, go directly to the single sign-on server login page ; you can enter the system after the original application to enter the correct user name and password, and other subsystems can directly access the client.

[0034] 安全性: [0034] Safety:

[0035] 电网相关的软件系统往往需要较高的安全性。 [0035] grid-related software systems often require higher security. 应用多网段多系统单点登录实现方案用户只须在单点登录服务器输入正确的用户名和密码,服务端生成用户登录的唯一凭证ticket,在客户端浏览器与各子系统及认证服务器之间,通过ticket校验与通讯,并不会直接传输用户的相关信息,安全性相对较高。 Application of multi-segment multi-system users a single sign-on implementation only in single sign-on server enter the correct user name and password, the server generates a unique user login credentials ticket, between the various subsystems and the authentication server in the client browser by ticket checking and communication, and not directly related to the transfer of user information, security is relatively high.

[0036]原理:1 个cookie+N 个sess1n [0036] Principle: a cookie + N th sess1n

[0037] 点登录服务器会在客户端创建一个加密的Cookie,其中保存了用户登录的信息,供所有子应用在登录时使用。 [0037] Sign-On server creates an encrypted Cookie on the client, which holds information about the user's login, all sub-applications for use at login. 如果用户此时希望进入其他Web应用程序,则集成在这些应用程序中的单点登录客户端,首先仍然会重定向到CAS服务器。 If you wish to enter at this time other Web applications, the integrated single sign-on client in these applications, first of all will still be redirected to the CAS server. 不过此时CAS服务器不再要求用户输入用户名和密码,而是首先自动寻找Cookie,根据Cookie中保存的信息,进行登录。 But this time the CAS server no longer requires the user to enter a user name and password, but first of all automatically find Cookie, Cookie based on the information stored in log. 成功校验之后,CAS重定向回到用户的应用程序,各应用程序通过客户端浏览器创建和使用自己的Sess1n。 After a successful check, CAS redirect back to the user application, each application to create and use your own Sess1n by the client browser.

[0038] CAS登录时处理: [0038] CAS login process:

[0039] •应用程序一开始,通常跳过原来的登陆界面,而将登录拦截到CAS的登录界面(如果用户喜欢的话,也可以手工直接进入CAS的登录界面,先进行登录,在启动其他的应用程序)。 [0039] • applications beginning, usually skip the original login screen, but the login interception to the CAS login page (If you prefer, you can also manually go directly to CAS login screen, first log in, start the other application).

[0040].CAS的登录界面处理所谓的“主体认证”。 [0040] .CAS login screen process called "body of certification." 它要求用户输入用户名和密码,就像普通的登录界面一样。 It requires the user to enter a user name and password, just like a normal login screen the same.

[0041] •主体认证时,CAS获取用户名和密码,然后通过某种认证机制进行认证。 [0041] • When the subject certification, CAS obtain a user name and password, and then authenticated by some sort of authentication mechanism. 通常认证机制是LDAP (或者使用一些标准的认证方法,例如LDAP或者数据库等),在协同平台中采用自定义加密算法结合数据库进行认证。 LDAP authentication mechanism usually is (or using some standard authentication methods, such as LDAP database, or the like), using custom encryption algorithm database for authentication in conjunction with collaborative platform.

[0042] •为了进行以后的单点登录,CAS向浏览器送回一个所谓的“内存cookie”。 [0042] • For future single sign-on, CAS returned to a so-called "memory cookie" to the browser. 这种cookie并不是真的保存在内存中,而只是浏览器一关闭,cookie就自动过期。 This cookie is not really kept in memory, but only a browser is closed, cookie will automatically expire. 这个cookie称为“ticket-granting cookie” (即TGC),用来表明用户已经成功地登录。 This cookie is called "ticket-granting cookie" (ie TGC), to indicate that the user has successfully logged.

[0043] •认证成功后,CAS服务器创建一个很长的、随机生成的字符串,称为“Ticket”。 After the [0043] • authentication is successful, CAS server creates a long, randomly generated string, called "Ticket". 随后,CAS将这个ticket和成功登录的用户,以及服务联系在一起。 Subsequently, CAS will this ticket and the user logs in successfully, and service together. 这个ticket是一次性使用的一种凭证,它只对登录成功的用户及其服务使用一次。 This ticket is a single-use certificate, only users and their use of the service to log successful one. 使用过以后立刻失效。 Used immediately after failure.

[0044] •主体认证完成后,CAS将用户的浏览器重定向,回到原来的应用。 [0044] • After completion of certification body, CAS will redirect the user's browser, return to the original application. CAS客户端,在从应用转向CAS的时候,根据客户端请求来源,会将子系统的地址,转化为相应网段的地址URL来提交认证,并且将此URL记录起来,因此CAS知道谁在调用自己。 CAS client, when turning from the CAS application, depending on the client request source subsystem will address, URL into the address corresponding to the segment submitted for certification, and the URL this record together, so the CAS know who is calling themselves. CAS重定向的时候,将ticket作为一个参数传递回去。 CAS redirection when the ticket passed back as a parameter.

[0045] •收到ticket之后,应用程序需要验证ticket。 [0045] • After receipt of ticket, the application needs to verify the ticket. 这是通过将ticket传递给一个校验URL来实现的。 This is done by checking the ticket is passed to a URL to achieve. 校验URL也是CAS服务器提供的。 CAS also check URL provided by the server.

[0046].CAS通过校验路径获得了ticket之后,通过服务器内部对其进行判断。 [0046] .CAS obtained after the ticket by checking the path, it is determined by the internal server. 如果判断为有效,则返回一个标识给应用程序。 If determined to be valid, an identifier is returned to the application.

[0047] •随后CAS将ticket作废,并且在客户端留下一个cookie。 [0047] • CAS will subsequently voided ticket, and the client left a cookie.

[0048] 以后其他应用程序就使用这个cookie进行认证,而不再需要输入用户名和密码。 [0048] After another application on the use of this cookie authentication without the need to enter a user name and password.

[0049] 最后应当说明的是:以上实施例仅用以说明本发明的技术方案而非对其限制,所属领域的普通技术人员尽管参照上述实施例应当理解:依然可以对本发明的具体实施方式进行修改或者等同替换,这些未脱离本发明精神和范围的任何修改或者等同替换,均在申请待批的本发明的权利要求保护范围之内。 [0049] Finally, it should be noted that: the above embodiments are intended to illustrate the present invention rather than limiting, those of ordinary skill in the art with reference to the embodiments described above although it should be understood that: still may be made to specific embodiments of the present invention. modifications or equivalent replacements without departing from the spirit and scope of any modifications or equivalents of the present invention are claimed in the copending application of the present invention within the scope of the claims.

Claims (10)

1.本方法是一种多网段多系统单点登录方法,所述方法基于CAS实现;所述CAS包括CAS服务器和CAS客户端;其特征在于:所述方法包括以下步骤: (1)用户浏览器访问CAS客户端; (2)重新定向到CAS服务器; (3)用户认证; (4)重定向到CAS客户端并发送认证参数; (5)确认登录成功; (6)登录成功后,重定向到请求地址。 1. The present process is a multi-multi-system network single sign-on method, the method is implemented based on CAS; and the CAS CAS CAS server comprises a client; characterized in that: said method comprises the steps of: (1) user CAS client browser access; (2) redirected to the CAS server; (3) user authentication; (4) and redirected to the CAS client sends an authentication parameters; (5) to confirm the login is successful; (6) after a successful login, redirect the request address.
2.如权利要求1所述的一种多网段多系统单点登录方法,其特征在于:所述步骤(I)通过进入CAS的登录界面访问所述CAS客户端;所述登录界面通过启动其应用程序进入。 2. The network of claim 1 a multi-multi-system method of single sign claim, wherein: said step (I) to access the CAS CAS client by entering a login interface; the login screen by activating their applications to enter.
3.如权利要求2所述的一种多网段多系统单点登录方法,其特征在于:所述CAS的登录界面要求用户输入用户名和密码。 A multi-network system according to more than two single sign-on method as claimed in claim 3, wherein: said CAS login screen requires the user to enter a user name and password.
4.如权利要求3所述的一种多网段多系统单点登录方法,其特征在于:所述步骤(3)通过所获得的用户名和密码,在认证机制进行认证。 A multi-network system according to more than three single sign 4. The method as claimed in claim, wherein: said step (3), the authentication mechanism to authenticate via username and password obtained.
5.如权利要求4所述的一种多网段多系统单点登录方法,其特征在于:当用户已经成功地登录CAS时,所述CAS向浏览器送回一个内存cookie ;所述cookie并不是真的保存在内存中,而是当所述浏览器一关闭,所述cookie就自动过期。 4 5. A multi-system multisegment method of single sign claim, wherein: when the user has successfully logged CAS, CAS said return a cookie to the browser memory; and the cookie not really kept in memory, but a when the browser is closed, the cookie will automatically expire.
6.如权利要求5所述的一种多网段多系统单点登录方法,其特征在于:当用户认证成功后,所述CAS服务器创建一个随机生成的字符串Ticket ;所述CAS将所述ticket、成功登录的用户和用户申请的服务联系在一起。 5 6. A multi-system multisegment single sign-on method as claimed in claim, wherein: when the user authentication is successful, the CAS Ticket server creates a randomly generated string; the CAS the ticket, users and service user application successfully logged linked.
7.如权利要求6所述的一种多网段多系统单点登录方法,其特征在于:所述ticket是一次性使用的凭证,它只对成功登录的用户及其服务使用一次,使用过以后立刻失效。 7. A multi-multi-system network single sign-on method as claimed in claim 6, wherein: said ticket certificate is a single-use, only users and their services using a successful login, used immediately after the failure.
8.如权利要求7所述的一种多网段多系统单点登录方法,其特征在于:所述步骤(4)中所述CAS客户端在从其应用程序转向CAS的时候,根据其客户端请求来源,会将子系统的地址,转化为相应网段的地址URL来提交认证,并且将此URL记录起来;当CAS重定向的时候,将所述ticket作为一个参数传递回应用程序。 8. A multi-segment 7 of the multi-system method of single sign claim, wherein: said step (4) in the CAS client at the time of turning from the CAS application, according to which the customer request source terminal, the sub-address will be converted to the corresponding URL address to submit authentication network, and this URL recorded together; when CAS redirection when the ticket as a parameter passed back to the application.
9.如权利要求8所述的一种多网段多系统单点登录方法,其特征在于:所述步骤(5)通过所述参数验证是否成功登录;当所述应用程序收到ticket之后,需要验证ticket ;所述ticket通过传递给CAS服务器提供的URL来实现校验的。 9. A multi-segment 8 of the multi-system method of single sign claim, wherein: said step (5) of the parameter is verified by a successful login; When the application receives the Ticket, It requires authentication ticket; ticket by passing the URL to the CAS server to achieve parity.
10.如权利要求9所述的一种多网段多系统单点登录方法,其特征在于:所述CAS获得ticket后,通过CAS服务器对其进行判断;如果判断所述ticket是有效的,则返回一个标识给其应用程序;随后CAS将ticket作废,并且在客户端留下一个cookie ;其他应用程序就可以使用该cookie进行认证,而不再需要输入用户名和密码。 A multi-segment as claimed in claim 9 single sign multi-system method, wherein: obtaining CAS after the ticket, to judge by its CAS server; determining if the ticket is valid, then returns an identifier to their applications; CAS will subsequently voided ticket, and the client left a cookie; other applications can use the cookie authentication without the need to enter a user name and password.
CN201410645753.8A 2014-11-14 2014-11-14 Multi-network-segment multi-system single sign on method CN105592026A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410645753.8A CN105592026A (en) 2014-11-14 2014-11-14 Multi-network-segment multi-system single sign on method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410645753.8A CN105592026A (en) 2014-11-14 2014-11-14 Multi-network-segment multi-system single sign on method

Publications (1)

Publication Number Publication Date
CN105592026A true CN105592026A (en) 2016-05-18

Family

ID=55931244

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410645753.8A CN105592026A (en) 2014-11-14 2014-11-14 Multi-network-segment multi-system single sign on method

Country Status (1)

Country Link
CN (1) CN105592026A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101355527A (en) * 2008-08-15 2009-01-28 深圳市中兴移动通信有限公司 Method for implementing single-point LOG striding domain name
CN101631052A (en) * 2009-08-25 2010-01-20 杭州华三通信技术有限公司 Method and device for detecting number of access terminals
CN102571822A (en) * 2012-02-27 2012-07-11 杭州闪亮科技有限公司 Single sign-on system and implementation method thereof
CN103179134A (en) * 2013-04-19 2013-06-26 中国建设银行股份有限公司 Single sign on method and system based on Cookie and application server thereof
CN103188248A (en) * 2011-12-31 2013-07-03 卓望数码技术(深圳)有限公司 Identity authentication system and method based on single sign-on
CN103428191A (en) * 2012-05-18 2013-12-04 无锡指网生物识别科技有限公司 Single sign on method based on combination of CAS framework and fingerprint
US8713658B1 (en) * 2012-05-25 2014-04-29 Graphon Corporation System for and method of providing single sign-on (SSO) capability in an application publishing environment
US20140189839A1 (en) * 2012-12-31 2014-07-03 Michal Jezek Single sign-on methods and apparatus therefor

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101355527A (en) * 2008-08-15 2009-01-28 深圳市中兴移动通信有限公司 Method for implementing single-point LOG striding domain name
CN101631052A (en) * 2009-08-25 2010-01-20 杭州华三通信技术有限公司 Method and device for detecting number of access terminals
CN103188248A (en) * 2011-12-31 2013-07-03 卓望数码技术(深圳)有限公司 Identity authentication system and method based on single sign-on
CN102571822A (en) * 2012-02-27 2012-07-11 杭州闪亮科技有限公司 Single sign-on system and implementation method thereof
CN103428191A (en) * 2012-05-18 2013-12-04 无锡指网生物识别科技有限公司 Single sign on method based on combination of CAS framework and fingerprint
US8713658B1 (en) * 2012-05-25 2014-04-29 Graphon Corporation System for and method of providing single sign-on (SSO) capability in an application publishing environment
US20140189839A1 (en) * 2012-12-31 2014-07-03 Michal Jezek Single sign-on methods and apparatus therefor
CN103179134A (en) * 2013-04-19 2013-06-26 中国建设银行股份有限公司 Single sign on method and system based on Cookie and application server thereof

Similar Documents

Publication Publication Date Title
JP5038531B2 (en) Trusted authentication, which was limited to equipment
CN103067399B (en) Wireless transmit / receive unit
CN101803272B (en) Authentication system and method
US8504704B2 (en) Distributed contact information management
US8959652B2 (en) Graduated authentication in an identity management system
AU2013318497B2 (en) Mobile multifactor single-sign-on authentication
US7257836B1 (en) Security link management in dynamic networks
US8745227B2 (en) Distributed secure content delivery
CN101449257B (en) Policy driven, credential delegation for single sign on and secure access to network resources
US20030149880A1 (en) Method and system for providing third party authentication of authorization
US6993596B2 (en) System and method for user enrollment in an e-community
CN101331731B (en) Method, apparatus and program products for custom authentication of a principal in a federation by an identity provider
US9491175B2 (en) System and method for proxying federated authentication protocols
US8099768B2 (en) Method and system for multi-protocol single logout
CN101202753B (en) Method and device for accessing plug-in connector applied system by client terminal
CN1835438B (en) Method of realizing single time accession between websites and website thereof
CN103503408B (en) System and method for providing access credentials
CA2475150C (en) System and method for providing key management protocol with client verification of authorization
CN1323508C (en) A Single Sign On method based on digital certificate
CN102281286B (en) Distributed hybrid enterprise endpoints obedience flexible and strong authentication methods and systems
US8281379B2 (en) Method and system for providing a federated authentication service with gradual expiration of credentials
CN101719238B (en) Method and system for managing, authenticating and authorizing unified identities
US8769655B2 (en) Shared registration multi-factor authentication tokens
US8015594B2 (en) Techniques for validating public keys using AAA services
CN1212716C (en) Method of sharing subscriber confirming infomration in different application systems of internet

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination