CN108134806B - Single-point logout method and system - Google Patents
Single-point logout method and system Download PDFInfo
- Publication number
- CN108134806B CN108134806B CN201810206236.9A CN201810206236A CN108134806B CN 108134806 B CN108134806 B CN 108134806B CN 201810206236 A CN201810206236 A CN 201810206236A CN 108134806 B CN108134806 B CN 108134806B
- Authority
- CN
- China
- Prior art keywords
- user
- service system
- logout
- authentication server
- login
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
Abstract
The invention provides a method and a system for single-point logout, which comprise the following steps: the unified authentication server receives a logout request from a user, logs out a session of the user and realizes logout of the user; the service system client sends a user login state query request to the unified authentication server every preset time so as to obtain the login state of the user, and the unified authentication server returns the login state of the user to the service system client; when the login state of the user is judged to be logout, the service system client sends a logout request to the service system; and the service system logs out the session of the user according to the log-out request from the service system client to realize log-out. The invention can be a more portable and simple single-point logout technology without increasing the difficulty and the performance burden of the integrated single-point logout of the service system server.
Description
Technical Field
The invention relates to the technical field of internet application, in particular to a single-point logout method and a single-point logout system.
Background
Single sign-on is a concept that appears relative to single sign-on. The single sign-on, that is, the user only needs to log on once to access all the service systems integrated with the single sign-on. Correspondingly, the concept of single sign-off is that a user can log off all logged-on service systems only by logging off once.
Currently, for single sign-on, a unified authentication server (or other name such as single sign-on server) notifies a service system server to log off a user session. The notification of the logout SESSION (SESSION) can be initiated by the unified authentication server to the service system server, or can be notified by the unified authentication server to the client, which is initiated by the client to the service system.
No matter where the logout session notification is initiated, there is no exception that it is necessary to maintain, at the unified authentication server, which systems the user has single-signed on and the session identifiers for these systems, and at the same time, it is necessary to maintain the mapping relationship between the session identifiers and the sessions on the business system side.
However, in these implementation methods, the implementation of the unified authentication server and the service system is complicated, and the system overhead is large because the session relationship needs to be maintained.
Disclosure of Invention
The object of the present invention is to solve at least one of the technical drawbacks mentioned.
Therefore, the invention aims to provide a single point logout method and a single point logout system.
In order to achieve the above object, an embodiment of the present invention provides a method for single point logout, including the following steps:
step S1, the unified authentication server receives the log-out request from the user, logs out the session of the user, and realizes the log-out of the user;
step S2, the service system client sends a user login state query request to the unified authentication server every preset time to obtain the login state of the user, and the unified authentication server returns the login state of the user to the service system client;
step S3, the service system client sends a login request to the service system when judging that the login state of the user is login;
and step S4, the service system logs out the user' S session according to the log-out request from the service system client, so as to realize log-out.
Further, in the step S2, the preset time is 5 to 15 seconds.
Further, in step S2, the service system client rounds a call interface to query the login status of the user.
Further, the steps S2 to S4 are executed in all the service systems that have been single-point logged in, and when the user logs out from the unified authentication server, all the service systems log out, thereby completing the single-point logging out of the user.
Further, in step S3, the business system client determines the login state of the user using a JS code.
The embodiment of the present invention further provides a single point logout system, including: the system comprises a uniform authentication server, a service system client and a service system, wherein the uniform authentication server is used for receiving a logout request from a user, logging out a session of the user and realizing the logout of the user; the service system client is used for sending a user login state query request to the unified authentication server at preset time intervals so as to acquire the login state of the user, the unified authentication server returns the login state of the user to the service system client, and the service system client sends a login request to a service system when judging that the login state of the user is login; and the service system is used for logging out the session of the user according to the log-out request from the service system client so as to realize log-out.
Further, the preset time is 5-15 seconds.
Further, the business system client inquires the login state of the user through a round-robin calling interface.
Further, all the service systems which have been single-point logged in are executed, and when the user logs out on the unified authentication server, all the service systems log out, so that the single-point logging out of the user is completed.
Further, the business system client adopts the JS code to judge the login state of the user.
According to the method and the system for single-point logout, a passive single-point logout implementation mode is adopted, the login state of the user of the unified authentication center is detected by the client side of the service system in a round-robin mode, and if the user logs out of the unified authentication center, the client side performs logout operation through the server side of the service system. The invention adopts the unified authentication server without maintaining the state of the user login service system, the service system server does not need to maintain the complex user session state mapping relation, the service system client can provide more friendly logout prompt, and the service system does not need to provide a special logout interface for the unified authentication server. The single-point logout method and the single-point logout system can be a more portable and simple single-point logout technology, and can not increase the difficulty and the performance burden of the integrated single-point logout of the service system server.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 is a flowchart of a single sign-off method according to an embodiment of the invention;
fig. 2 is a block diagram of a single sign-on system according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
The invention provides a single-point logout method and a single-point logout system, which realize the single-point logout of a user under the condition that the user is supposed to have single-point login to a unified authentication server and a service system.
As shown in fig. 1, the single sign-on method of the embodiment of the present invention includes the following steps:
step S1, the unified authentication server receives the logout request from the user, logs out the SESSION of the user, and realizes the logout of the user.
For example, the user requests to log out of the browser, the unified authentication server receives a log-out request from the user from the browser, logs out the SESSION of the user, and the log-out of the user is realized.
Step S2, the service system client sends a user login status query request to the unified authentication server every preset time to obtain the login status of the user, and the unified authentication server returns the login status of the user to the service system client.
In one embodiment of the present invention, the predetermined time is 5 to 15 seconds.
Preferably, the preset time is 10 seconds. Namely, the service system client inquires the user login state from the unified authentication server every 10 seconds.
It should be noted that the time value is only for the purpose of example, and the preset time may be set according to the needs of the user, which is not described herein again.
In one embodiment of the invention, the business system client side rounds a calling interface to inquire the login state of the user.
Step S3, when the service system client determines that the login status of the user is logout, the service system client sends a logout request to the service system.
In this step, the service system client adopts the JS code to determine the login state of the user.
The business system client is required to execute the round-robin logout detection code (as shown in table 1) resident. Taking a browser as an example, the JS code is adopted to detect the login state of the user on the unified authentication server, and after the user logs out, a login request is initiated to the service end of the service system.
TABLE 1
Step S4, the service system logs out the SESSION of the user according to the log-out request from the service system client, so as to implement log-out.
If steps S2 to S4 are executed in all the service systems that have been single-signed on, and the user logs out from the unified authentication server, all the service systems log out, and the single-sign-out of the user is completed.
As shown in fig. 2, the single sign-off system in the embodiment of the present invention includes: the unified authentication server 100, the business system client 200 and the business system 300.
Specifically, the unified authentication server 100 is configured to receive a logout request from a user, logout a session of the user, and implement logout of the user. For example, the user requests to log out of the browser, and the unified authentication server 100 receives a log-out request from the user from the browser, and logs out the SESSION of the user, thereby implementing the log-out of the user.
The service system client 200 is configured to send a user login status query request to the unified authentication server 100 at preset time intervals, so as to obtain a login status of a user.
In one embodiment of the present invention, the predetermined time is 5 to 15 seconds.
Preferably, the preset time is 10 seconds. That is, the business system client 200 inquires the unified authentication server 100 about the user login state every 10 seconds.
It should be noted that the time value is only for the purpose of example, and the preset time may be set according to the needs of the user, which is not described herein again.
In one embodiment of the invention, the business system client 200 queries the user's login status through a round-robin invocation interface.
Then, the unified authentication server 100 returns the login status of the user to the business system client 200.
When the service system client 200 determines that the login status of the user is logout, it sends a logout request to the service system.
In one embodiment of the present invention, the business system client 200 employs the JS code to determine the user's login status.
The service system 300 is configured to log out the session of the user according to the log-out request from the service system client 200, so as to implement log-out.
It should be noted that all the service systems that have been single-logged on are executed, and when the user logs out on the unified authentication server 100, all the service systems 300 are logged out, so as to complete single-logging out of the user.
According to the method and the system for single-point logout, a passive single-point logout implementation mode is adopted, the login state of the user of the unified authentication center is detected by the client side of the service system in a round-robin mode, and if the user logs out of the unified authentication center, the client side performs logout operation through the server side of the service system. The invention adopts the unified authentication server without maintaining the state of the user login service system, the service system server does not need to maintain the complex user session state mapping relation, the service system client can provide more friendly logout prompt, and the service system does not need to provide a special logout interface for the unified authentication server. The single-point logout method and the single-point logout system can be a more portable and simple single-point logout technology, and can not increase the difficulty and the performance burden of the integrated single-point logout of the service system server.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (8)
1. A single point logout method is characterized by comprising the following steps:
step S1, the unified authentication server receives the log-out request from the user, logs out the session of the user, and realizes the log-out of the user;
step S2, the service system client sends a user login state query request to the unified authentication server every preset time to obtain the login state of the user, and the unified authentication server returns the login state of the user to the service system client;
step S3, the service system client sends a login request to the service system when judging that the login state of the user is login;
step S4, the service system logs off the user' S session according to the log-off request from the service system client to realize log-off;
if all the service systems that have been single-point logged in are all executed in steps S2 to S4, then all the service systems log out when the user logs out on the unified authentication server, and thus the single-point logging out of the user is completed.
2. The method of single point logout according to claim 1, wherein in the step S2, the preset time is 5-15 seconds.
3. The method of single point logout according to claim 1, wherein in the step S2, the business system client rounds a call interface to query the login status of the user.
4. The method of single point logout of claim 1, wherein in the step S3, the business system client determines the login status of the user using a JS code.
5. A single sign-off system, comprising: a unified authentication server, a service system client and a service system, wherein,
the unified authentication server is used for receiving a logout request from a user, logging out the session of the user and realizing the logout of the user;
the service system client is used for sending a user login state query request to the unified authentication server at preset time intervals so as to acquire the login state of the user, the unified authentication server returns the login state of the user to the service system client, and the service system client sends a login request to a service system when judging that the login state of the user is login;
the service system is used for logging out the session of the user according to the log-out request from the service system client to realize log-out;
and all the service systems which have been subjected to single sign-on are executed, and when the user logs out from the unified authentication server, all the service systems realize log-out, so that the single sign-out of the user is completed.
6. The system of single point logout according to claim 5, wherein the preset time is 5-15 seconds.
7. The system for single point logout of claim 5, wherein the business system client queries the login status of the user through a round robin invocation interface.
8. The single point logout system of claim 5, wherein the business system client determines the login status of the user using a JS code.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810206236.9A CN108134806B (en) | 2018-03-13 | 2018-03-13 | Single-point logout method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810206236.9A CN108134806B (en) | 2018-03-13 | 2018-03-13 | Single-point logout method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108134806A CN108134806A (en) | 2018-06-08 |
CN108134806B true CN108134806B (en) | 2021-02-12 |
Family
ID=62431202
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810206236.9A Active CN108134806B (en) | 2018-03-13 | 2018-03-13 | Single-point logout method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108134806B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109274662B (en) * | 2018-09-06 | 2021-06-04 | 北京天元创新科技有限公司 | Method, device, server and terminal for preventing CAS server from passively destroying session |
CN109495473A (en) * | 2018-11-19 | 2019-03-19 | 杭州数梦工场科技有限公司 | Realize method, apparatus, equipment and storage medium that application system single-point is nullified |
CN110365680B (en) * | 2019-07-16 | 2022-04-15 | 中国联合网络通信集团有限公司 | Batch logout method and device based on single sign-on |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102315945A (en) * | 2011-10-20 | 2012-01-11 | 江苏三源教育实业有限公司 | Unified identity authentication method based on private agreement |
CN105188060A (en) * | 2015-10-12 | 2015-12-23 | 深圳竹云科技有限公司 | Mobile terminal-oriented single sign-on (SSO) authentication method and system |
CN106686012A (en) * | 2017-03-10 | 2017-05-17 | 东软集团股份有限公司 | Single-point logging-out method and device |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060218628A1 (en) * | 2005-03-22 | 2006-09-28 | Hinton Heather M | Method and system for enhanced federated single logout |
CN102098158B (en) * | 2009-12-10 | 2013-12-11 | 北大方正集团有限公司 | Cross-domain name single sign on and off method and system as well as corresponding equipment |
CN102739603B (en) * | 2011-03-31 | 2015-10-21 | 国际商业机器公司 | The method and apparatus of single-sign-on |
CN103209168B (en) * | 2013-01-30 | 2017-03-08 | 广东欧珀移动通信有限公司 | A kind of method and system for realizing single-sign-on |
CN106453578B (en) * | 2016-10-21 | 2019-05-14 | 郑州云海信息技术有限公司 | The implementation method that single-point is nullified in a kind of cross-domain Web application of isomery |
CN106357686A (en) * | 2016-10-26 | 2017-01-25 | 中企动力科技股份有限公司 | Single-point authentication method and single-point authentication system |
-
2018
- 2018-03-13 CN CN201810206236.9A patent/CN108134806B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102315945A (en) * | 2011-10-20 | 2012-01-11 | 江苏三源教育实业有限公司 | Unified identity authentication method based on private agreement |
CN105188060A (en) * | 2015-10-12 | 2015-12-23 | 深圳竹云科技有限公司 | Mobile terminal-oriented single sign-on (SSO) authentication method and system |
CN106686012A (en) * | 2017-03-10 | 2017-05-17 | 东软集团股份有限公司 | Single-point logging-out method and device |
Also Published As
Publication number | Publication date |
---|---|
CN108134806A (en) | 2018-06-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108134806B (en) | Single-point logout method and system | |
CN110493352B (en) | Unified gateway service system based on WEB middleware and service method thereof | |
US8838792B2 (en) | Identity provider instance discovery | |
US20180191710A1 (en) | Management and authentication in hosted directory service | |
WO2020097185A3 (en) | Systems and methods for application pre-launch | |
US20170141916A1 (en) | Managing key rotations with multiple key managers | |
US9641503B2 (en) | Using credentials stored in different directories to access a common endpoint | |
US7493390B2 (en) | Method and system for supporting the communication of presence information regarding one or more telephony devices | |
US11553021B2 (en) | Media downlink transmission control method and related device | |
EP2587759B1 (en) | Single sign-on for applications | |
US20040078622A1 (en) | Client assisted autonomic computing | |
US20070169170A1 (en) | Session Management By Analysis Of Requests And Responses | |
RU2008131535A (en) | NETWORK SYSTEM | |
US7945679B2 (en) | Presence service system, a presence apparatus, a presence service method, and a presence service program | |
CN110166435A (en) | The mimicry Web gateway system and method for dynamic dispatching are carried out using load balancing | |
CN105681385A (en) | Information pushing method and device | |
US11019036B2 (en) | Method for privacy protection | |
US9398048B2 (en) | Authenticating an application to access a communication system | |
US20150149629A1 (en) | User online state querying method and apparatus | |
WO2012000455A1 (en) | Client terminal and load balancing method | |
EP2890086B1 (en) | Method and farm load balancing device for establishing a bi-directional server to server communication and computer program thereof | |
CN110557396B (en) | Method and system for unifying login sessions between H5 clients | |
WO2014127614A1 (en) | Remote monitoring method and system for server | |
US8438582B2 (en) | Soft denial of application actions over the network communications | |
CN115296866B (en) | Access method and device for edge node |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |