CN108063681B - Method and device for realizing account synchronization in single sign-on system - Google Patents
Method and device for realizing account synchronization in single sign-on system Download PDFInfo
- Publication number
- CN108063681B CN108063681B CN201610991292.9A CN201610991292A CN108063681B CN 108063681 B CN108063681 B CN 108063681B CN 201610991292 A CN201610991292 A CN 201610991292A CN 108063681 B CN108063681 B CN 108063681B
- Authority
- CN
- China
- Prior art keywords
- request
- account information
- time
- user
- user account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0823—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
Abstract
The invention discloses a method for realizing account synchronization in a single sign-on system, which is used for user account information synchronization of a service provider SP, and comprises the following steps: receiving an account information acquisition request sent by an SP; acquiring the request time in the account information acquisition request; judging whether the SP sends a request for acquiring account information; and if the SP sends the account information acquisition request and the request time is after the recorded latest request time, sending the user account information which is related to the SP and changes in a first time period to the SP and recording the request time, wherein the first time period is a time period between the request time and the recorded latest request time. The invention also discloses a device for realizing account synchronization in the single sign-on system.
Description
Technical Field
The invention relates to the technical field of single sign-on, in particular to a method and a device for realizing account synchronization in a single sign-on system.
Background
Computer systems often need to identify the identity of a visitor, and after the visitor is identified as a user of the system, the corresponding service is provided for the user. Different services are provided by different Service Providers (SPs), and each SP needs to perform user information verification to provide services. When a user needs to use different services, the user can access the SP providing the services only by inputting user account information to perform login operation each time, and the operation is complicated. At this time, a Single Sign-on (SSO) system is developed to simplify the user operation.
Generally, a single sign-on system includes an Identity Provider (IDP) and an SP, where the IDP is used to verify user account information; the SP is used for providing service for the user after the verification is passed. The technical implementation mechanism of the single sign-on system can be as follows: when a visitor accesses a certain SP in the single sign-on system for the first time through a certain service terminal (such as a browser and the like), the accessed SP guides the visitor to perform user account information verification in the IDP; the IDP checks the user account information, if the user account information passes the check, the IDP determines that the visitor is a user of the single sign-on system and has the authority of accessing the SP, and returns an identifier to the service terminal where the user is located; when the user accesses another SP in the single sign-on system again through the service terminal, the other SP sends the identifier in the service terminal to the IDP for verification, and if the IDP verifies that the visitor also has the right to access the other SP, the user can access the other SP without logging in again. Through the implementation mechanism, the user does not need to repeatedly log in each SP, so that the user can conveniently access different SPs.
In the conventional single sign-on system, the way for the SP to acquire the user account information is that the IDP returns the user account information of the user to the SP when the login authentication is successful after the user requests to log in the SP, but in some scenes, the SP needs to operate all the user account information with the authority of logging in the SP, for example, internal authority management and the like are performed, and if the user does not log in, the SP does not know the user account information of the user, and thus some specific operations cannot be performed, that is, the SP cannot realize account synchronization with the IDP in the prior art.
Disclosure of Invention
In view of this, the present invention provides a method and an apparatus for implementing account synchronization in a single sign-on system, so as to solve the problem that the SP cannot implement account synchronization with the IDP in the prior art.
In order to solve the above problems, the technical scheme provided by the invention is as follows:
a method of implementing account synchronization in a single sign-on system, the method comprising:
receiving an account information acquisition request sent by a Service Provider (SP);
acquiring request time in the account information acquisition request;
judging whether the SP sends the account information acquisition request or not;
and if the SP sends the account information acquisition request and the request time is after the recorded latest request time, sending the changed user account information related to the SP in a first time period to the SP and recording the request time, wherein the first time period is a time period between the request time and the recorded latest request time.
Correspondingly, the method further comprises the following steps:
and if the request time is less than or equal to a first time and greater than a second time after the SP sends the account information acquisition request, sending the changed user account information related to the SP in a second time period to the SP, wherein the second time period is a time period from the second time to the first time, and the first time and the second time are two adjacent request times in the recorded request times.
Correspondingly, the method further comprises the following steps:
if the SP does not send the account information acquisition request, all current user account information related to the SP is sent to the SP, and the request time is recorded;
and if the SP sends the account information acquisition request and the request time is the recorded earliest request time or is before the recorded earliest request time, all the user account information related to the SP is sent to the SP.
Correspondingly, the determining whether the SP has sent the request for obtaining the user information includes:
and judging whether the SP sends the request for acquiring the user information according to whether the request time in the request for acquiring the account information sent by the SP is recorded.
Correspondingly, the user account information related to the SP comprises user account information of a user having the authority of logging in the SP; the changed user account information related to the SP comprises newly added user account information of a user having the authority of logging in the SP and updated user account information of the user having the authority of logging in the SP.
An apparatus for account synchronization in a single sign-on system, the apparatus comprising:
the receiving unit is used for receiving an account information acquisition request sent by a Service Provider (SP);
the acquisition unit is used for acquiring the request time in the account information acquisition request;
a judging unit, configured to judge whether the SP has sent the request for obtaining account information;
and a first sending unit, configured to send, to the SP, user account information that changes in relation to the SP within a first time period and record the request time if the determination result of the determining unit is that the SP has sent the request for obtaining account information and the request time is after the recorded latest request time, where the first time period is a time period between the request time and the recorded latest request time.
Correspondingly, the device further comprises:
a second sending unit, configured to send, to the SP, user account information that changes in relation to the SP within a second time period if the SP has sent the request for obtaining account information while the request time is less than or equal to a first time and greater than a second time, where the second time period is a time period from the second time to the first time, and the first time and the second time are two adjacent request times in the recorded request times.
Correspondingly, the device further comprises:
a third sending unit, configured to send all current user account information related to the SP and record the request time if the determination result of the determining unit is that the SP has not sent the request for obtaining account information;
and a fourth sending unit, configured to send all current user account information related to the SP if the determination result of the determining unit is that the SP has sent the account information acquiring request and the request time is the recorded earliest request time or is before the recorded earliest request time.
Correspondingly, the determining unit is specifically configured to:
and judging whether the SP sends the request for acquiring the user information according to whether the request time in the request for acquiring the account information sent by the SP is recorded.
Correspondingly, the user account information related to the SP comprises user account information of a user having the authority of logging in the SP; the changed user account information related to the SP comprises newly added user account information of a user having the authority of logging in the SP and updated user account information of the user having the authority of logging in the SP.
Therefore, the embodiment of the invention has the following beneficial effects:
in the embodiment of the invention, a SP actively sends an account information acquisition request to an IDP, and the IDP sends corresponding user account information to the SP according to the request time in the account information acquisition request and records the request time so that the SP can obtain all the user account information to realize account synchronization, so that the SP can perform certain specific operations, specifically, if the SP does not send the account information acquisition request, the IDP sends all the user account information with the authority of logging in the SP to the SP, and if the SP sends the account information acquisition request, the IDP can send the user account information which changes between the current request time and the last request time to the SP, so that the user account information changes in the IDP are synchronized to the SP, and all the user account information does not need to be transmitted any more; in addition, the user account information which changes in the appointed time period can be sent to the SP again according to the request time, so that the condition that the SP does not receive the user account information in a certain time period due to network faults and the like is avoided, and the accuracy of account synchronization is guaranteed.
Drawings
Fig. 1 is a flowchart of an embodiment of a method for implementing account synchronization in a single sign-on system according to the present invention;
FIG. 2 is a schematic diagram of a time axis of an embodiment of a method for implementing account synchronization in a single sign-on system according to the present invention;
fig. 3 is a schematic diagram of a first embodiment of an apparatus for implementing account synchronization in a single sign-on system according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a second embodiment of an apparatus for implementing account synchronization in a single sign-on system according to the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in detail below.
The method and the device for realizing the account synchronization in the single sign-on system provided by the embodiment of the invention solve the technical problem that in the prior art, when the SP needs to perform operations such as the management of the existing user account information, the user account information of a logged-on user can be obtained from the IDP only after the user logs in, and if the user does not log in, the SP can not know the user account information of the user who does not log in, and certain specific operations cannot be performed.
Based on the above thought, referring to fig. 1, a flowchart of an embodiment of a method for implementing account synchronization in a single sign-on system provided in the embodiment of the present invention is shown, where the embodiment may be applied to an IDP in an SSO system, and the embodiment may include the following steps:
step 101: and receiving an account information acquisition request sent by the SP.
The SSO system may include at least one SP, and when the SP needs to acquire account information of a user having a right to log in the SP, the SP sends an account information acquisition request to the IDP in the SSO system, where the account information acquisition request may include an identifier of the SP and a request time. The IDP receives the request for obtaining the account information sent by the SP, and can know which SP needs to obtain the user account information.
Step 102: and acquiring the request time in the account information acquisition request.
After the account information acquisition request sent by the SP is acquired, the request time in the account information acquisition request can also be acquired, where the request time may include a date and a time, and the time may be accurate to seconds or set according to actual conditions.
Step 103: and judging whether the SP sends an account information acquisition request or not.
The IDP may determine whether the SP has sent the request for obtaining account information according to the identifier of the SP, and send corresponding user account information to the SP according to the determination result.
In some possible implementation manners of the present invention, this step may determine whether the SP has sent the request for obtaining the user information according to whether the request time in the request for obtaining the account information sent by the SP is recorded.
In this embodiment, after receiving the account information acquiring request sent by the SP, the IDP sends corresponding user account information to the SP, and records the request time in the account information acquiring request, so that whether the SP has sent the user information acquiring request can be determined according to whether the request time is recorded.
Step 104: and if the SP sends the account information acquisition request and the request time is after the recorded latest request time, sending the user account information which is related to the SP and changes in a first time period to the SP and recording the request time, wherein the first time period is a time period between the request time and the recorded latest request time.
In some possible implementation methods of the present invention, the method for implementing account synchronization in a single sign-on system provided in the embodiment of the present invention may further include: and if the SP has not sent the request for obtaining the account information, sending all the current user account information related to the SP and recording the request time. In some possible implementation methods of the present invention, the method for implementing account synchronization in a single sign-on system provided in the embodiment of the present invention may further include:
and if the SP sends an account information acquisition request and the request time is less than or equal to the first time and greater than the second time, sending the user account information which is related to the SP and changes in the second time period to the SP, wherein the second time period is a time period from the second time to the first time, and the first time and the second time are two adjacent request times in the recorded request times.
In some possible implementation methods of the present invention, the method for implementing account synchronization in a single sign-on system provided in the embodiment of the present invention may further include:
and if the SP sends the account information acquisition request and the request time is the recorded earliest request time or is before the recorded earliest request time, all the user account information related to the SP is sent to the SP.
That is, if the IDP determines that the SP that has received the request for obtaining account information is the first request for obtaining account information, all current user account information related to the SP including user account information of the user having the authority to log in the SP is sent to the SP and the request time is recorded.
If the IDP determines that the SP sending the request for obtaining account information has sent the request for obtaining account information, the IDP can be divided into three cases according to the recorded request time:
the first case is that the request time is after the recorded latest request time, for example, the request time in the account information request is acquired as 2016 year 10 month 1 day 15:00:00, and the recorded latest request time, that is, the recorded last request time is 2016 year 10 month 1 day 14:00:00, then the time period between the request time and the recorded latest request time (referred to as the first time period in this embodiment, for example, the time period between 2016 year 10 month 1 day 14:00:00 and 2016 year 10 month 1 day 15:00: 00) is sent to the SP and the changed user account information related to the SP is recorded. The changed user account information related to the SP may include new user account information of the user having the authority to log in to the SP and updated user account information of the user having the authority to log in to the SP.
The second case is that the request time is less than (i.e. earlier than) or equal to the first time and greater than (i.e. later than) the second time, the first time and the second time are two adjacent request times in the recorded request times, the first time is greater than (i.e. later than) the second time, the changed user account information related to the SP is sent to the SP for the second time period, and the second time period is the time period from the second time to the first time. For example, the request time in the current account information acquisition request is 2016 (9/1/30: 00) year, the request time is between 2016 (9/1/00) year and 2016 (9/1/15/00) year, 2016 (9/1/2016) year 15/00 is the first time, 2016 (9/1/2016) year is the second time, and the changed user account information related to the SP in the period from 2016 (9/1/2016) year 14/00: 00 to 2016 (9/1/15/00: 00) year is sent to the SP. The changed user account information related to the SP may include new user account information of the user having the authority to log in to the SP and updated user account information of the user having the authority to log in to the SP. This is to avoid that the SP may reacquire the user account information in a certain time period when the user account information in the certain time period is not acquired or lost due to network failure, data loss, or the like.
The third case is that the request time is the recorded earliest request time or before the recorded earliest request time, all the user account information related to the SP is sent to the SP again. The user account information associated with the SP includes user account information for users having authority to log into the SP. This is to avoid that all user account information can be acquired again when the SP loses all user account information due to network failure, data loss, or the like.
Referring to fig. 2, a method for implementing account synchronization in a single sign-on system provided in the embodiment of the present invention is described according to the time axis of the request time in the above embodiment.
Assuming that the SP sending the account information acquisition request is SP X (i.e., SP identified as X), when SP X sends the account information acquisition request for the first Time, the IDP detects that SP X never sends the account information acquisition request, returns all current user account information related to SP X, and records the request Time 1.
When the SP X sends the account information acquiring request for the second Time, the IDP detects that the SP X has sent the account information acquiring request, and the request Time 2 is after the last request Time1, returns the user account information that changes between Time 2 and Time1, and records the request Time 2.
When the SP X sends the account information acquisition request for the nth Time, the IDP detects that the SP X has sent the account information acquisition request, and the request Time Time n is after the last request Time Time n-1, the user account information which changes between Time n and Time n-1 is returned, and the request Time Time n is recorded.
If the SP X needs to acquire the user account information within a certain Time period again due to network failure, data loss, and the like, the user account information within the Time period (Time X-1 to Time X) can be acquired only by taking the request Time y (Time y is less than or equal to Time X but greater than Time X-1) within the Time period as the request Time to be carried in the request for acquiring the account information and sent to the IDP.
If the request Time t carried in the account information acquisition request of the SP X is the first request Time1 or before the first request Time (the Time t is less than or equal to Time 1), the IDP returns all current user account information related to the SPX to the SP X, so that the SP X acquires all user account information again.
Thus, in the embodiment of the present invention, the SP actively sends an account information acquisition request to the IDP, and the IDP sends corresponding user account information to the SP according to the request time in the account information acquisition request and records the request time, specifically, if the SP has not sent an account information acquisition request, the IDP sends all user account information with the authority to log in to the SP, so that the SP obtains all user account information to implement account synchronization, so that the SP can perform some specific operations, and if the SP has sent an account information acquisition request, the IDP can send user account information that changes between the current request time and the last request time to the SP, so as to synchronize the change of the user account information in the IDP to the SP, and no longer transmit all user account information; in addition, the user account information which changes in the appointed time period can be sent to the SP again according to the request time, so that the condition that the SP does not receive the user account information in a certain time period due to network faults and the like is avoided, and the accuracy of account synchronization is guaranteed.
Referring to fig. 3, a schematic diagram of a first embodiment of an apparatus for implementing account synchronization in a single sign-on system provided in the embodiment of the present invention is shown, where the present embodiment may be applied to an IDP in an SSO system, and the present embodiment may include:
the receiving unit 301 is configured to receive an account information obtaining request sent by the service provider SP.
An obtaining unit 302, configured to obtain a request time in the request for obtaining account information.
A judging unit 303, configured to judge whether the SP has sent the request for obtaining account information.
In some possible implementations of the present invention, the determining unit may be specifically configured to:
and judging whether the SP sends the request for acquiring the user information according to the request time in the request for acquiring the account information sent by the SP.
And a first sending unit 304, configured to send, to the SP, the user account information that changes in relation to the SP within a first time period and record the request time if the determination result of the determining unit is that the SP has sent the request for obtaining account information and the request time is after the recorded latest request time, where the first time period is a time period between the request time and the recorded latest request time.
Referring to fig. 4, a schematic diagram of a second embodiment of the apparatus for implementing account synchronization in a single sign-on system provided in the embodiment of the present invention is shown, based on the above embodiment, the apparatus for implementing account synchronization in a single sign-on system provided in the embodiment of the present invention may further include:
a second sending unit 401, configured to send, to the SP, the user account information that changes in relation to the SP within a second time period if the SP has sent the request for obtaining account information while the request time is less than or equal to the first time and greater than the second time, where the second time period is a time period from the second time to the first time, and the first time and the second time are two adjacent request times in the recorded request times.
A third sending unit 402, configured to send all current user account information related to the SP and record the request time if the determination result of the determining unit is that the SP has not sent the request for obtaining account information.
A fourth sending unit 403, configured to send all the user account information currently related to the SP if the judgment result of the judging unit is that the SP has sent the request for obtaining account information and the request time is the recorded earliest request time or is before the recorded earliest request time.
In some possible implementations of the invention, the user account information related to the SP may include user account information of a user having a login authority to the SP; the changed user account information related to the SP may include the user account information of the newly added user having the authority to log in to the SP and the updated user account information of the user having the authority to log in to the SP.
The device for realizing account synchronization in the single sign-on system comprises a processor and a memory, wherein the receiving unit, the acquiring unit, the judging unit, the first sending unit, the second sending unit, the third sending unit, the fourth sending unit and the like are stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. The kernel can be set to be one or more, and account synchronization in the single sign-on system is realized by adjusting kernel parameters.
The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip.
Thus, in the embodiment of the present invention, the SP actively sends an account information acquisition request to the IDP, and the IDP sends corresponding user account information to the SP according to the request time in the account information acquisition request and records the request time, specifically, if the SP has not sent an account information acquisition request, the IDP sends all user account information with the authority to log in to the SP, so that the SP obtains all user account information to implement account synchronization, so that the SP can perform some specific operations, and if the SP has sent an account information acquisition request, the IDP can send user account information that changes between the current request time and the last request time to the SP, so as to synchronize the change of the user account information in the IDP to the SP, and no longer transmit all user account information; in addition, the user account information which changes in the appointed time period can be sent to the SP again according to the request time, so that the condition that the SP does not receive the user account information in a certain time period due to network faults and the like is avoided, and the accuracy of account synchronization is guaranteed.
The present application further provides a computer program product adapted to perform program code for initializing the following method steps when executed on a data processing device:
receiving an account information acquisition request sent by a Service Provider (SP);
acquiring request time in the account information acquisition request;
judging whether the SP sends the account information acquisition request or not;
and if the SP sends the account information acquisition request and the request time is after the recorded latest request time, sending the changed user account information related to the SP in a first time period to the SP and recording the request time, wherein the first time period is a time period between the request time and the recorded latest request time.
It should be noted that, in the present specification, the embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. For the system or the device disclosed by the embodiment, the description is simple because the system or the device corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description.
It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A method for realizing account synchronization in a single sign-on system is characterized by comprising the following steps:
receiving an account information acquisition request sent by a Service Provider (SP);
acquiring request time in the account information acquisition request;
judging whether the SP sends the account information acquisition request or not;
and if the SP sends the account information acquisition request and the request time is after the recorded latest request time, sending the changed user account information related to the SP in a first time period to the SP and recording the request time, wherein the first time period is a time period between the request time and the recorded latest request time.
2. The method of claim 1, further comprising:
and if the request time is less than or equal to a first time and greater than a second time after the SP sends the account information acquisition request, sending the changed user account information related to the SP in a second time period to the SP, wherein the second time period is a time period from the second time to the first time, and the first time and the second time are two adjacent request times in the recorded request times.
3. The method of claim 1, further comprising:
if the SP does not send the account information acquisition request, all current user account information related to the SP is sent to the SP, and the request time is recorded;
and if the SP sends the account information acquisition request and the request time is the recorded earliest request time or is before the recorded earliest request time, all the user account information related to the SP is sent to the SP.
4. The method of claim 1, wherein the determining whether the SP sent the request for obtaining user information comprises:
and judging whether the SP sends the request for acquiring the user information according to whether the request time in the request for acquiring the account information sent by the SP is recorded.
5. The method of any of claims 1-3, wherein the user account information associated with the SP includes user account information of a user having authority to login to the SP; the changed user account information related to the SP comprises newly added user account information of a user having the authority of logging in the SP and updated user account information of the user having the authority of logging in the SP.
6. An apparatus for implementing account synchronization in a single sign-on system, the apparatus comprising:
the receiving unit is used for receiving an account information acquisition request sent by a Service Provider (SP);
the acquisition unit is used for acquiring the request time in the account information acquisition request;
a judging unit, configured to judge whether the SP has sent the request for obtaining account information;
and a first sending unit, configured to send, to the SP, user account information that changes in relation to the SP within a first time period and record the request time if the determination result of the determining unit is that the SP has sent the request for obtaining account information and the request time is after the recorded latest request time, where the first time period is a time period between the request time and the recorded latest request time.
7. The apparatus of claim 6, further comprising:
a second sending unit, configured to send, to the SP, user account information that changes in relation to the SP within a second time period if the SP has sent the request for obtaining account information while the request time is less than or equal to a first time and greater than a second time, where the second time period is a time period from the second time to the first time, and the first time and the second time are two adjacent request times in the recorded request times.
8. The apparatus of claim 6, further comprising:
a third sending unit, configured to send all current user account information related to the SP and record the request time if the determination result of the determining unit is that the SP has not sent the request for obtaining account information;
and a fourth sending unit, configured to send all current user account information related to the SP if the determination result of the determining unit is that the SP has sent the account information acquiring request and the request time is the recorded earliest request time or is before the recorded earliest request time.
9. The apparatus according to claim 6, wherein the determining unit is specifically configured to:
and judging whether the SP sends the request for acquiring the user information according to whether the request time in the request for acquiring the account information sent by the SP is recorded.
10. The apparatus as claimed in any one of claims 6-8, wherein the user account information related to the SP comprises user account information of a user having authority to log in to the SP; the changed user account information related to the SP comprises newly added user account information of a user having the authority of logging in the SP and updated user account information of the user having the authority of logging in the SP.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610991292.9A CN108063681B (en) | 2016-11-08 | 2016-11-08 | Method and device for realizing account synchronization in single sign-on system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610991292.9A CN108063681B (en) | 2016-11-08 | 2016-11-08 | Method and device for realizing account synchronization in single sign-on system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108063681A CN108063681A (en) | 2018-05-22 |
| CN108063681B true CN108063681B (en) | 2020-10-27 |
Family
ID=62137879
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610991292.9A Active CN108063681B (en) | 2016-11-08 | 2016-11-08 | Method and device for realizing account synchronization in single sign-on system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108063681B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101174963A (en) * | 2006-10-31 | 2008-05-07 | 华为技术有限公司 | Method and system for implementing on-line user searching |
| CN102546570A (en) * | 2010-12-31 | 2012-07-04 | 国际商业机器公司 | Processing method and system for single sign-on |
| CN103370714A (en) * | 2012-02-17 | 2013-10-23 | 株式会社东芝 | Authentication collaboration system, ID provider device, and program |
| CN105933444A (en) * | 2016-06-27 | 2016-09-07 | 焦点科技股份有限公司 | Service discovering method based on cooperation of registration center and caching mechanism |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080155664A1 (en) * | 2006-12-24 | 2008-06-26 | Zeev Lieber | Identity management system with an untrusted identity provider |
| US9830569B2 (en) * | 2010-09-24 | 2017-11-28 | BitSight Technologies, Inc. | Security assessment using service provider digital asset information |
-
2016
- 2016-11-08 CN CN201610991292.9A patent/CN108063681B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101174963A (en) * | 2006-10-31 | 2008-05-07 | 华为技术有限公司 | Method and system for implementing on-line user searching |
| CN102546570A (en) * | 2010-12-31 | 2012-07-04 | 国际商业机器公司 | Processing method and system for single sign-on |
| CN103370714A (en) * | 2012-02-17 | 2013-10-23 | 株式会社东芝 | Authentication collaboration system, ID provider device, and program |
| CN105933444A (en) * | 2016-06-27 | 2016-09-07 | 焦点科技股份有限公司 | Service discovering method based on cooperation of registration center and caching mechanism |
Non-Patent Citations (2)
| Title |
|---|
| A secure SSO protocol without clock synchronization;Shi Sha 等;《2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE)》;20100920;全文 * |
| 基于Shibboleth的跨校联盟认证的研究与实现;陈秀娜;《中国优秀硕士学位论文全文数据库信息科技辑(月刊)》;20131215;I138-192 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108063681A (en) | 2018-05-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109587133B (en) | Single sign-on system and method | |
| US10110634B2 (en) | Monitoring user authenticity in distributed system | |
| US9876825B2 (en) | Monitoring user authenticity | |
| EP2748781B1 (en) | Multi-factor identity fingerprinting with user behavior | |
| US10476733B2 (en) | Single sign-on system and single sign-on method | |
| WO2016101635A1 (en) | Method, apparatus and device for synchronizing login status, and computer storage medium | |
| CN116432247A (en) | Infringement evidence method and device based on blockchain | |
| US11632433B2 (en) | System and method for improved opt-out recognition for a mobile device | |
| CN112954043B (en) | Method for identifying user based on website access log and computer equipment | |
| US9355269B2 (en) | Method and system for managing uniquely identifiable bookmarklets | |
| CN112100536A (en) | Webpage access method, device and equipment and readable storage medium | |
| US20230171087A1 (en) | Server Side Authentication | |
| US9680814B2 (en) | Method, device, and system for registering terminal application | |
| CN102769625A (en) | Client-side Cookie information acquisition method and device | |
| CN111988278B (en) | Abnormal user determination method and device based on user geographical location log | |
| CN108063681B (en) | Method and device for realizing account synchronization in single sign-on system | |
| CN110034922B (en) | Request processing method, processing device, request verification method and verification device | |
| CN108282495B (en) | DNS hijacking defense method and device | |
| KR101944698B1 (en) | Method for auto login of single sign on using the login result of computer operating system, and computer readable recording medium applying the same | |
| US10951600B2 (en) | Domain authentication | |
| CN110572417B (en) | Method, apparatus, server and storage medium for providing login ticket | |
| CN110427745B (en) | Verification code obtaining method and device, electronic equipment and computer readable medium | |
| CN113438229B (en) | Authentication method, authentication device and authentication equipment | |
| CN112187815B (en) | Method and system for acquiring unique identifier of electronic equipment | |
| EP3236364B1 (en) | Web tracking method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100080 No. 401, 4th Floor, Haitai Building, 229 North Fourth Ring Road, Haidian District, Beijing Applicant after: Beijing Guoshuang Technology Co.,Ltd. Address before: 100086 Cuigong Hotel, 76 Zhichun Road, Shuangyushu District, Haidian District, Beijing Applicant before: Beijing Guoshuang Technology Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |