CN107819722A - A kind of design method of the Centralized Authentication System based on Cookie - Google Patents
A kind of design method of the Centralized Authentication System based on Cookie Download PDFInfo
- Publication number
- CN107819722A CN107819722A CN201610813419.8A CN201610813419A CN107819722A CN 107819722 A CN107819722 A CN 107819722A CN 201610813419 A CN201610813419 A CN 201610813419A CN 107819722 A CN107819722 A CN 107819722A
- Authority
- CN
- China
- Prior art keywords
- cookie
- authentication
- design method
- authentication system
- domain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
A kind of design method of the Centralized Authentication System based on Cookie, this method is related to field of information security technology, its content includes, on the basis of the realization principle of the authentication mechanism based on Cookie and process are analyzed and studied, for Cross-domain problem, it is proposed that the single sign-on authentication method based on Cookie redundancies.By traveling through trusted domain list, transmit and share cookie information, realize the single-sign-on between multiple member's subsystems and unified certification.
Description
Technical field
The present invention relates to a kind of design method of Centralized Authentication System, more particularly to a kind of unified certification based on Cookie
The design method of system.
Background technology
Currently, many different business application systems of each appearance of enterprise, such as mailing system, the office automation system
Deng, how safely and conveniently certification user and control its access rights turn into system design in overriding concern the problem of.In net
In network environment, the resource in network could be only accessed by the user of authentication.Single-sign-on (single sign-on,
SSO a kind of mechanism) is provided, allows different application systems in network environment to obtain unified authentication function rapidly so that user
A register only need to be carried out, you can the mandate of application system and resource is accessed needed for obtaining, it is not necessary to input user name again
User identity is determined with password, that is, is realized " once logging in, multi-party certification ";Realize that the solution of single-sign-on has at present
A lot, the most representative Passport and IBM for being Microsoft Web Sphere Portal Server.Wherein
The authentication of Passport single-sign-ons is using centralized certification and the pattern of distributed authorization;Web Sphere Portal
Server is using LDAP (lightweight directory access protocol, LDAP) user note based on Cookie
Volume center carries out unified certification, although above-mentioned single-sign-on product can preferably realize the function of single-sign-on, these
Scheme exist it is complex, lack flexibility, costly, and the shortcomings that can only be used under same domain name;
In view of above-mentioned analysis, herein on by the application study basis to the unified certification technology based on Cookie, for
Cross-domain problem, it is proposed that a kind of single sign-on authentication method based on Cookie redundancies, realize tobacco knowledge property right letter
Cease the unified certification of resource comprehensive service platform.
The content of the invention
A kind of design method of the Centralized Authentication System based on Cookie, it is characterised in that the single-point based on Cookie is stepped on
Authentication mechanism is recorded, the single sign-on authentication process based on Cookie, is broadly divided into two stages.First stage, initial user
Authentication, that is, the process that Cookie is established.Second stage, follow-up Cookie authentication phases.Base Cookie head recognizes
Card flow is described as follows:1. user sends resource request by client Web browser to member's subsystem A;2. member's subsystem
The A analysis users that unite ask, and check whether client has the effective Cookie (including subscriber identity information) created;
3. if without effective Cookie, the Web browser of user is redirected to certificate server by member's subsystem.It is required that
User inputs username and password, carries out login authentication;4. user enters login page, username and password is inputted, is submitted to
Certificate server is verified;5. certificate server is authenticated to the user profile of submission;6. if the verification passes, certificate server
An effective checking information can be produced and be sent to member's subsystem A;After 7. member's subsystem A receives the information being proved to be successful, meeting
Cookie information is produced, is sent to the Web browser of user, and the request of user is redirected to requested resource.
Follow-up Cookie verification process is described as follows:1. user carries cookie information, pass through client Web browser
Resource request is sent to member's subsystem B;2. member's subsystem B extracts user authentication information from cookie information, it is sent to
Certificate server is verified.3. certificate server is authenticated verifying to the user profile of submission;If 4. being proved to be successful, recognize
Card server can produce an effective checking information and be sent to member's subsystem B;5. member's subsystem B receives the letter being proved to be successful
After breath, requested resource is provided a user, if checking is unsuccessful, refuses the resource of user access request and prompts user
Again log in.
Untill said process is continued until that Cookie effective time expires.
A kind of design method of the Centralized Authentication System based on Cookie, it is characterised in that based on Cookie redundancies
Cross-domain single login authentication design, under distributed network environment, member's subsystem is likely distributed in different DNS domain names
Under, this method solves Cross-domain problem using Cookie redundancies.Using HTTP redirection technology, arranged by traveling through trusted domain
Table transmission and shared cookie information.
(1) access first:User accesses member's subsystem and creates Cookie process and traditional based on Cookie first
Single-sign-on create Cookie mode be identical.It is not repeated herein, by 1. 2. 3. 4. step, to Client browse
Cookie (user A.com.txt) caused by domain A.com where writing member's subsystem A in device.
(2) subsequent access:1. user asks to access member's subsystem B resource;2. member's subsystem B analysis users please
Ask, check whether client has the effective Cookie created, if without cookie information, the Web of user is clear
Look to think highly of and be directed to certificate server, carry out user authentication;3. certificate server searching loop trusted domain list first, take out
Can be with the information of member's subsystem corresponding to trust domain;4. other member's subsystems are redirected to successively;
For authentication service when return authentication information, member's is given in the instruction for sending the Cookie terms of validity under renewal A.com domains
System A, after member's subsystem A is connected to instruction, update the Cookie terms of validity under subscription client A.com domains.
So far, two Cookie on subscription client be present, be member's subsystem A (A.com domains) and member's subsystem respectively
The Cookie that system B (B.com domains) writes to client, and the two Cookie are duplicate in terms of content, and use is superfluous
Remaining technology realizes the single sign-on authentication based on Cookie under cross-domain state.
Claims (5)
- A kind of 1. design method of the Centralized Authentication System based on Cookie, it is characterised in that the single-sign-on based on Cookie Authentication mechanism, the single sign-on authentication process based on Cookie, it is broadly divided into two stages.
- 2. the design method of the Centralized Authentication System according to claim 1 based on Cookie, it is characterised in that first The process that stage, initial user authentication, that is, Cookie are established.
- 3. the design method of the Centralized Authentication System according to claim 1 based on Cookie, it is characterised in that second Stage, follow-up Cookie authentication phases.
- 4. a kind of design method of the Centralized Authentication System based on Cookie, it is characterised in that based on Cookie redundancies The design of cross-domain single login authentication, under distributed network environment, member's subsystem is likely distributed in different DNS domain names Under, this method solves Cross-domain problem using Cookie redundancies.
- 5. HTTP redirection technology is utilized, by traveling through the transmission of trusted domain list and shared cookie information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610813419.8A CN107819722A (en) | 2016-09-10 | 2016-09-10 | A kind of design method of the Centralized Authentication System based on Cookie |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610813419.8A CN107819722A (en) | 2016-09-10 | 2016-09-10 | A kind of design method of the Centralized Authentication System based on Cookie |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107819722A true CN107819722A (en) | 2018-03-20 |
Family
ID=61600327
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610813419.8A Pending CN107819722A (en) | 2016-09-10 | 2016-09-10 | A kind of design method of the Centralized Authentication System based on Cookie |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107819722A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108200107A (en) * | 2018-03-30 | 2018-06-22 | 浙江网新恒天软件有限公司 | A kind of method that single-sign-on is realized in multi-domain environment |
CN112202813A (en) * | 2020-10-29 | 2021-01-08 | 杭州迪普科技股份有限公司 | Network access method and device |
CN113765869A (en) * | 2020-08-18 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Login method, device, server and storage medium |
-
2016
- 2016-09-10 CN CN201610813419.8A patent/CN107819722A/en active Pending
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108200107A (en) * | 2018-03-30 | 2018-06-22 | 浙江网新恒天软件有限公司 | A kind of method that single-sign-on is realized in multi-domain environment |
CN113765869A (en) * | 2020-08-18 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Login method, device, server and storage medium |
CN112202813A (en) * | 2020-10-29 | 2021-01-08 | 杭州迪普科技股份有限公司 | Network access method and device |
CN112202813B (en) * | 2020-10-29 | 2023-04-18 | 杭州迪普科技股份有限公司 | Network access method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10270741B2 (en) | Personal authentication and access | |
US8955082B2 (en) | Authenticating using cloud authentication | |
US9826100B2 (en) | Usage tracking for software as a service (SaaS) applications | |
JP4782986B2 (en) | Single sign-on on the Internet using public key cryptography | |
WO2017028804A1 (en) | Web real-time communication platform authentication and access method and device | |
US9584615B2 (en) | Redirecting access requests to an authorized server system for a cloud service | |
US20080072303A1 (en) | Method and system for one time password based authentication and integrated remote access | |
CN107534557A (en) | The Identity Proxy of access control and single-sign-on is provided | |
US20040098615A1 (en) | Mapping from a single sign-in service to a directory service | |
CN105049427B (en) | The management method and device of application system login account | |
US8250633B2 (en) | Techniques for flexible resource authentication | |
CN104320423A (en) | Single sign-on light weight implementation method based on Cookie | |
CN105577835B (en) | Cross-platform single sign-on system based on cloud computing | |
US11870766B2 (en) | Integration of legacy authentication with cloud-based authentication | |
CN105141580B (en) | A kind of resource access control method based on the domain AD | |
CN104836803A (en) | Single sign-on method based on session mechanism | |
JP2003296277A5 (en) | ||
CN107819570A (en) | A kind of cross-domain single login method based on variable C ookie | |
CN107819722A (en) | A kind of design method of the Centralized Authentication System based on Cookie | |
CN114385995A (en) | Handle-based method for accessing identifier analysis micro-service to industrial Internet and identifier service system | |
CN103118025B (en) | Based on the single-point logging method of networking certification, device and certificate server | |
KR20030075809A (en) | Client authentication method using SSO in the website builded on a multiplicity of domains | |
Köhler et al. | Federating hpc access via saml: Towards a plug-and-play solution | |
Milenković et al. | Using Kerberos protocol for single sign-on in identity management systems | |
KR101636986B1 (en) | A Integrated interface user authentication method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180320 |
|
WD01 | Invention patent application deemed withdrawn after publication |