CN107819722A - A kind of design method of the Centralized Authentication System based on Cookie - Google Patents

A kind of design method of the Centralized Authentication System based on Cookie Download PDF

Info

Publication number
CN107819722A
CN107819722A CN201610813419.8A CN201610813419A CN107819722A CN 107819722 A CN107819722 A CN 107819722A CN 201610813419 A CN201610813419 A CN 201610813419A CN 107819722 A CN107819722 A CN 107819722A
Authority
CN
China
Prior art keywords
cookie
authentication
design method
authentication system
domain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610813419.8A
Other languages
Chinese (zh)
Inventor
余漫游
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Changsha Dry Network Technology Co Ltd
Original Assignee
Changsha Dry Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Changsha Dry Network Technology Co Ltd filed Critical Changsha Dry Network Technology Co Ltd
Priority to CN201610813419.8A priority Critical patent/CN107819722A/en
Publication of CN107819722A publication Critical patent/CN107819722A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

A kind of design method of the Centralized Authentication System based on Cookie, this method is related to field of information security technology, its content includes, on the basis of the realization principle of the authentication mechanism based on Cookie and process are analyzed and studied, for Cross-domain problem, it is proposed that the single sign-on authentication method based on Cookie redundancies.By traveling through trusted domain list, transmit and share cookie information, realize the single-sign-on between multiple member's subsystems and unified certification.

Description

A kind of design method of the Centralized Authentication System based on Cookie
Technical field
The present invention relates to a kind of design method of Centralized Authentication System, more particularly to a kind of unified certification based on Cookie The design method of system.
Background technology
Currently, many different business application systems of each appearance of enterprise, such as mailing system, the office automation system Deng, how safely and conveniently certification user and control its access rights turn into system design in overriding concern the problem of.In net In network environment, the resource in network could be only accessed by the user of authentication.Single-sign-on (single sign-on, SSO a kind of mechanism) is provided, allows different application systems in network environment to obtain unified authentication function rapidly so that user A register only need to be carried out, you can the mandate of application system and resource is accessed needed for obtaining, it is not necessary to input user name again User identity is determined with password, that is, is realized " once logging in, multi-party certification ";Realize that the solution of single-sign-on has at present A lot, the most representative Passport and IBM for being Microsoft Web Sphere Portal Server.Wherein The authentication of Passport single-sign-ons is using centralized certification and the pattern of distributed authorization;Web Sphere Portal Server is using LDAP (lightweight directory access protocol, LDAP) user note based on Cookie Volume center carries out unified certification, although above-mentioned single-sign-on product can preferably realize the function of single-sign-on, these Scheme exist it is complex, lack flexibility, costly, and the shortcomings that can only be used under same domain name;
In view of above-mentioned analysis, herein on by the application study basis to the unified certification technology based on Cookie, for Cross-domain problem, it is proposed that a kind of single sign-on authentication method based on Cookie redundancies, realize tobacco knowledge property right letter Cease the unified certification of resource comprehensive service platform.
The content of the invention
A kind of design method of the Centralized Authentication System based on Cookie, it is characterised in that the single-point based on Cookie is stepped on Authentication mechanism is recorded, the single sign-on authentication process based on Cookie, is broadly divided into two stages.First stage, initial user Authentication, that is, the process that Cookie is established.Second stage, follow-up Cookie authentication phases.Base Cookie head recognizes Card flow is described as follows:1. user sends resource request by client Web browser to member's subsystem A;2. member's subsystem The A analysis users that unite ask, and check whether client has the effective Cookie (including subscriber identity information) created; 3. if without effective Cookie, the Web browser of user is redirected to certificate server by member's subsystem.It is required that User inputs username and password, carries out login authentication;4. user enters login page, username and password is inputted, is submitted to Certificate server is verified;5. certificate server is authenticated to the user profile of submission;6. if the verification passes, certificate server An effective checking information can be produced and be sent to member's subsystem A;After 7. member's subsystem A receives the information being proved to be successful, meeting Cookie information is produced, is sent to the Web browser of user, and the request of user is redirected to requested resource.
Follow-up Cookie verification process is described as follows:1. user carries cookie information, pass through client Web browser Resource request is sent to member's subsystem B;2. member's subsystem B extracts user authentication information from cookie information, it is sent to Certificate server is verified.3. certificate server is authenticated verifying to the user profile of submission;If 4. being proved to be successful, recognize Card server can produce an effective checking information and be sent to member's subsystem B;5. member's subsystem B receives the letter being proved to be successful After breath, requested resource is provided a user, if checking is unsuccessful, refuses the resource of user access request and prompts user Again log in.
Untill said process is continued until that Cookie effective time expires.
A kind of design method of the Centralized Authentication System based on Cookie, it is characterised in that based on Cookie redundancies Cross-domain single login authentication design, under distributed network environment, member's subsystem is likely distributed in different DNS domain names Under, this method solves Cross-domain problem using Cookie redundancies.Using HTTP redirection technology, arranged by traveling through trusted domain Table transmission and shared cookie information.
(1) access first:User accesses member's subsystem and creates Cookie process and traditional based on Cookie first Single-sign-on create Cookie mode be identical.It is not repeated herein, by 1. 2. 3. 4. step, to Client browse Cookie (user A.com.txt) caused by domain A.com where writing member's subsystem A in device.
(2) subsequent access:1. user asks to access member's subsystem B resource;2. member's subsystem B analysis users please Ask, check whether client has the effective Cookie created, if without cookie information, the Web of user is clear Look to think highly of and be directed to certificate server, carry out user authentication;3. certificate server searching loop trusted domain list first, take out Can be with the information of member's subsystem corresponding to trust domain;4. other member's subsystems are redirected to successively;
For authentication service when return authentication information, member's is given in the instruction for sending the Cookie terms of validity under renewal A.com domains System A, after member's subsystem A is connected to instruction, update the Cookie terms of validity under subscription client A.com domains.
So far, two Cookie on subscription client be present, be member's subsystem A (A.com domains) and member's subsystem respectively The Cookie that system B (B.com domains) writes to client, and the two Cookie are duplicate in terms of content, and use is superfluous Remaining technology realizes the single sign-on authentication based on Cookie under cross-domain state.

Claims (5)

  1. A kind of 1. design method of the Centralized Authentication System based on Cookie, it is characterised in that the single-sign-on based on Cookie Authentication mechanism, the single sign-on authentication process based on Cookie, it is broadly divided into two stages.
  2. 2. the design method of the Centralized Authentication System according to claim 1 based on Cookie, it is characterised in that first The process that stage, initial user authentication, that is, Cookie are established.
  3. 3. the design method of the Centralized Authentication System according to claim 1 based on Cookie, it is characterised in that second Stage, follow-up Cookie authentication phases.
  4. 4. a kind of design method of the Centralized Authentication System based on Cookie, it is characterised in that based on Cookie redundancies The design of cross-domain single login authentication, under distributed network environment, member's subsystem is likely distributed in different DNS domain names Under, this method solves Cross-domain problem using Cookie redundancies.
  5. 5. HTTP redirection technology is utilized, by traveling through the transmission of trusted domain list and shared cookie information.
CN201610813419.8A 2016-09-10 2016-09-10 A kind of design method of the Centralized Authentication System based on Cookie Pending CN107819722A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610813419.8A CN107819722A (en) 2016-09-10 2016-09-10 A kind of design method of the Centralized Authentication System based on Cookie

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610813419.8A CN107819722A (en) 2016-09-10 2016-09-10 A kind of design method of the Centralized Authentication System based on Cookie

Publications (1)

Publication Number Publication Date
CN107819722A true CN107819722A (en) 2018-03-20

Family

ID=61600327

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610813419.8A Pending CN107819722A (en) 2016-09-10 2016-09-10 A kind of design method of the Centralized Authentication System based on Cookie

Country Status (1)

Country Link
CN (1) CN107819722A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108200107A (en) * 2018-03-30 2018-06-22 浙江网新恒天软件有限公司 A kind of method that single-sign-on is realized in multi-domain environment
CN112202813A (en) * 2020-10-29 2021-01-08 杭州迪普科技股份有限公司 Network access method and device
CN113765869A (en) * 2020-08-18 2021-12-07 北京沃东天骏信息技术有限公司 Login method, device, server and storage medium

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108200107A (en) * 2018-03-30 2018-06-22 浙江网新恒天软件有限公司 A kind of method that single-sign-on is realized in multi-domain environment
CN113765869A (en) * 2020-08-18 2021-12-07 北京沃东天骏信息技术有限公司 Login method, device, server and storage medium
CN112202813A (en) * 2020-10-29 2021-01-08 杭州迪普科技股份有限公司 Network access method and device
CN112202813B (en) * 2020-10-29 2023-04-18 杭州迪普科技股份有限公司 Network access method and device

Similar Documents

Publication Publication Date Title
US10270741B2 (en) Personal authentication and access
US8955082B2 (en) Authenticating using cloud authentication
US9826100B2 (en) Usage tracking for software as a service (SaaS) applications
JP4782986B2 (en) Single sign-on on the Internet using public key cryptography
WO2017028804A1 (en) Web real-time communication platform authentication and access method and device
US9584615B2 (en) Redirecting access requests to an authorized server system for a cloud service
US20080072303A1 (en) Method and system for one time password based authentication and integrated remote access
CN107534557A (en) The Identity Proxy of access control and single-sign-on is provided
US20040098615A1 (en) Mapping from a single sign-in service to a directory service
CN105049427B (en) The management method and device of application system login account
US8250633B2 (en) Techniques for flexible resource authentication
CN104320423A (en) Single sign-on light weight implementation method based on Cookie
CN105577835B (en) Cross-platform single sign-on system based on cloud computing
US11870766B2 (en) Integration of legacy authentication with cloud-based authentication
CN105141580B (en) A kind of resource access control method based on the domain AD
CN104836803A (en) Single sign-on method based on session mechanism
JP2003296277A5 (en)
CN107819570A (en) A kind of cross-domain single login method based on variable C ookie
CN107819722A (en) A kind of design method of the Centralized Authentication System based on Cookie
CN114385995A (en) Handle-based method for accessing identifier analysis micro-service to industrial Internet and identifier service system
CN103118025B (en) Based on the single-point logging method of networking certification, device and certificate server
KR20030075809A (en) Client authentication method using SSO in the website builded on a multiplicity of domains
Köhler et al. Federating hpc access via saml: Towards a plug-and-play solution
Milenković et al. Using Kerberos protocol for single sign-on in identity management systems
KR101636986B1 (en) A Integrated interface user authentication method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20180320

WD01 Invention patent application deemed withdrawn after publication