CN108683675B - Report activating method based on SSO extending sessions duration - Google Patents
Report activating method based on SSO extending sessions duration Download PDFInfo
- Publication number
- CN108683675B CN108683675B CN201810498413.5A CN201810498413A CN108683675B CN 108683675 B CN108683675 B CN 108683675B CN 201810498413 A CN201810498413 A CN 201810498413A CN 108683675 B CN108683675 B CN 108683675B
- Authority
- CN
- China
- Prior art keywords
- keepalivekey
- report
- user
- party platform
- platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
Abstract
The invention discloses a kind of report activating methods based on SSO extending sessions duration comprising the steps of: step 1: user logs in unified identity authentication platform;Step 2: request jumps third-party platform;Step 3: third-party platform requests to authenticate to unified identity authentication platform;Step 4: user information and keepAliveKey are obtained;Step 5: user persistently uses third-party platform, otherwise jumps to step 8;Step 6: the third-party platform sesion time extends;Step 7: third-party platform calls report active interface to synchronize sesion and jump to step 5;Step 8: process terminates.By calling report active interface to refresh unified identity authentication platform user SESSION duration, transformation verifying interface increases keepAliveKey, increases refresh interface, realizes and report function living the present invention.
Description
Technical field
The present invention relates to a kind of report activating method, especially a kind of report activating method based on SSO extending sessions duration.
Background technique
Now with the gradually growth of the website WEB, many services will do it fractionation, will use micro services technology, Huo Zhejian
Single small distributed between service and service or between system and system is carried out by HTTP or RESTFUL
Communication, in previous single system application, we are generally stored in user information in SESSION, when needing to use
It taking at any time, jumping to the Login Register page less than if if taken, very simple principle, but in present Distributed Application
In, it is synchronous how to guarantee SESSION, as shown in Fig. 2, just needing to use SSO single-sign-on at this time, when user accesses for the first time
When application system 1, if not logged in, it can be directed into unified single sign-on system and be logged in;It is mentioned according to user
The log-on message of confession, unified single sign-on system carry out proof of identity, if unified single sign-on system creation is complete by verification
Office's session and authorization token are jumped to using 1, are verified using 1 request, and token is effective, Accreditation System (address using 1), wound
The local session using 1 is built, user's access applies 2, and verifying is not logged in, and jumps to unified identity authentication platform, and verifying has been stepped on
Record is jumped to using 2, is verified using 2 requests, and token is effective, Accreditation System (address using 2), creates part meeting using 2
Words, user can normally access using 2 without logging in, if being 10 minutes using 1 SESSION duration, using 2
SESSION duration is 3 minutes, and unified single sign-on system SESSION duration is 5 minutes, thinks that access is answered after user 8 minutes
With 2, the completion of old process user authentication just finishes, and has all lost using 2 and unified single sign-on system SESSION at this time
Effect, the login page that will jump to Unified Identity platform at this time allow user to log in.User experience feeling will be very poor.
Summary of the invention
Technical problem to be solved by the invention is to provide a kind of report activating methods based on SSO extending sessions duration.
In order to solve the above technical problems, the technical scheme adopted by the invention is that:
A kind of report activating method based on SSO extending sessions duration, it is characterised in that comprise the steps of:
Step 1: user logs in unified identity authentication platform;
Step 2: request jumps third-party platform;
Step 3: third-party platform requests to authenticate to unified identity authentication platform;
Step 4: user information and keepAliveKey are obtained;
Step 5: user persistently uses third-party platform, otherwise jumps to step 8;
Step 6: the third-party platform sesion time extends;
Step 7: third-party platform calls report active interface to synchronize sesion and jump to step 5;
Step 8: process terminates.
Further, the step 4 is specially
4.1, by generating one after verifying for reporting unique identification keepAliveKey living, are generated only using UUID
One mark;
4.2 are stored to this mark keepAliveKey in the identity information of user, while distribution is arrived in this mark storage
In caching;
The json word of keepAliveKey is not included in 4.3 change source code ServiceValidateSuccessJsonView
This is reported mark keepAliveKey living to be added in json and returns to third-party platform by symbol.
Further, the step 6 is specially
6.1 acquisition third-party platforms are transmitted through the report come mark keepAliveKey living, slow from distribution according to report mark living
Deposit middle acquisition user information;
If 6.2 reports mark living is no longer valid or expired, user information is no longer valid to jump login;
If 6.3 get user information, obtain the time-out time of current session, then update session when
It is long.
Compared with prior art, the present invention having the following advantages that and effect: the present invention is using the synchronous method solution of SESSION
Certainly inside third-party platform SESSION it is asynchronous with unified identity authentication platform SESSION cause user to log in again or
The problem of re-authentication, third-party platform call verifying interface to get user information and unique keepAliveKey(report work
Identify key), by calling report active interface to refresh unified identity authentication platform user SESSION duration, transformation verifying interface increases
KeepAliveKey increases refresh interface, realizes and reports function living.
Detailed description of the invention
Fig. 1 is the flow chart of the report activating method of the invention based on SSO extending sessions duration.
Fig. 2 is the synchronous flow chart of SESSION of the prior art.
Specific embodiment
The present invention is described in further detail with reference to the accompanying drawing and by embodiment, and following embodiment is to this hair
Bright explanation and the invention is not limited to following embodiments.
As shown in Figure 1, a kind of report activating method based on SSO extending sessions duration of the invention, it is characterised in that comprising with
Lower step:
Step 1: user logs in unified identity authentication platform;
Step 2: request jumps third-party platform;
Step 3: third-party platform requests to authenticate to unified identity authentication platform;
Step 4: user information and keepAliveKey are obtained;
Rewrite ServiceValidateController identity information access control class transformation in source code
HandleRequestInternal method increases keepAliveKey.
1) it, by generating one after verifying for reporting unique identification keepAliveKey living, is generated only using UUID
One mark.
2), this mark keepAliveKey is stored in the identity information of user, while distribution is arrived into this mark storage
In caching.
3), change source code ServiceValidateSuccessJsonView(returns to third-party user information class) in
This is reported mark keepAliveKey living to be added in json and returns to third party by the json character not comprising keepAliveKey
" user information and keepAliveKey are obtained in the i.e. corresponding flow chart of platform.
Step 5: user persistently uses third-party platform, otherwise jumps to step 8;
Step 6: the third-party platform sesion time extends;
1) it, obtains third-party platform and is transmitted through next report mark (keepAliveKey) living, identify according to report is living from distribution
User information is obtained in caching;
2), if report mark living is no longer valid or expired, user information is no longer valid to jump login;
If 3), get user information, obtain the time-out time of current session, then update session when
It is long.
Step 7: third-party platform calls report active interface to synchronize sesion and jump to step 5;
Step 8: process terminates.
The present invention solves third-party platform inside SESSION using SESSION synchronous method and unified identity authentication is flat
Platform SESSION is asynchronous to cause user to log in again or the problem of re-authentication, third-party platform calls verifying interface to obtain
Get user information and unique keepAliveKey(report mark key living), recognized by calling report active interface to refresh Unified Identity
Platform user SESSION duration is demonstrate,proved, transformation verifying interface increases keepAliveKey, increases refresh interface, realizes and report function living
Energy.
Above content is only illustrations made for the present invention described in this specification.Technology belonging to the present invention
The technical staff in field can do various modifications or supplement or is substituted in a similar manner to described specific embodiment, only
It should belong to guarantor of the invention without departing from the content or beyond the scope defined by this claim of description of the invention
Protect range.
Claims (1)
1. a kind of report activating method based on SSO extending sessions duration, it is characterised in that comprise the steps of:
Step 1: user logs in unified identity authentication platform;
Step 2: request jumps third-party platform;
Step 3: third-party platform requests to authenticate to unified identity authentication platform;
Step 4: user information and keepAliveKey are obtained;
4.1, by generating one after verifying for reporting unique identification keepAliveKey living, are generated unique using UUID
Mark;
4.2 are stored to this mark keepAliveKey in the identity information of user, while distributed caching is arrived in this mark storage
In;
Do not include the json character of keepAliveKey in 4.3 change source code ServiceValidateSuccessJsonView,
It reports mark keepAliveKey living to be added in json this and returns to third-party platform;
Step 5: user persistently uses third-party platform, otherwise jumps to step 8;
Step 6: 6.1 acquisition third-party platforms are transmitted through next report mark keepAliveKey living, identify according to report is living from distribution
User information is obtained in caching;
If 6.2 reports mark living is no longer valid or expired, user information is no longer valid to jump login;
If 6.3 get user information, the time-out time of current session is obtained, then updates the duration of session;
Step 7: third-party platform calls report active interface to synchronize session and jump to step 5;
Step 8: process terminates.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810498413.5A CN108683675B (en) | 2018-05-23 | 2018-05-23 | Report activating method based on SSO extending sessions duration |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810498413.5A CN108683675B (en) | 2018-05-23 | 2018-05-23 | Report activating method based on SSO extending sessions duration |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108683675A CN108683675A (en) | 2018-10-19 |
| CN108683675B true CN108683675B (en) | 2019-06-18 |
Family
ID=63807799
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810498413.5A Active CN108683675B (en) | 2018-05-23 | 2018-05-23 | Report activating method based on SSO extending sessions duration |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108683675B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110557396B (en) * | 2019-09-09 | 2022-03-15 | 苏宁消费金融有限公司 | Method and system for unifying login sessions between H5 clients |
| CN111988360B (en) * | 2020-07-17 | 2023-06-20 | 西安抱朴通信科技有限公司 | Session management method in cloud platform, storage medium and electronic device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103188207A (en) * | 2011-12-27 | 2013-07-03 | 北大方正集团有限公司 | Cross-domain single sign-on realization method and system |
| CN104410674A (en) * | 2014-11-12 | 2015-03-11 | 国云科技股份有限公司 | A WEB session synchronization method of a single sign on system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102025495A (en) * | 2009-09-17 | 2011-04-20 | 成都康赛电子科大信息技术有限责任公司 | SAML2.0-based identity authentication and management |
| CN102857484B (en) * | 2011-07-01 | 2015-11-25 | 阿里巴巴集团控股有限公司 | A kind of method, system and device realizing single-sign-on |
| CN105637919A (en) * | 2013-06-11 | 2016-06-01 | 七网络有限责任公司 | Optimizing keepalive and other background traffic in a wireless network |
| CN107682330B (en) * | 2017-09-27 | 2020-10-23 | 广州市万表信息技术有限公司 | Unified authentication method and system |
-
2018
- 2018-05-23 CN CN201810498413.5A patent/CN108683675B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103188207A (en) * | 2011-12-27 | 2013-07-03 | 北大方正集团有限公司 | Cross-domain single sign-on realization method and system |
| CN104410674A (en) * | 2014-11-12 | 2015-03-11 | 国云科技股份有限公司 | A WEB session synchronization method of a single sign on system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108683675A (en) | 2018-10-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110086822B (en) | Method and system for implementing micro-service architecture-oriented unified identity authentication strategy | |
| EP3723341B1 (en) | Single sign-on for unmanaged mobile devices | |
| CN103701761B (en) | Authentication method and system that open interface is called | |
| US9262621B1 (en) | Methods systems and articles of manufacture for implementing user access to remote resources | |
| CN107786571A (en) | A kind of method of user's unified certification | |
| US20090150989A1 (en) | User authentication | |
| CN105024975B (en) | The method, apparatus and system that account logs in | |
| CN109413032A (en) | A kind of single-point logging method, computer readable storage medium and gateway | |
| US20080168539A1 (en) | Methods and systems for federated identity management | |
| CN104836803B (en) | Single-point logging method based on session mechanism | |
| CN106209749A (en) | Single-point logging method and the processing method and processing device of device, relevant device and application | |
| US20150149530A1 (en) | Redirecting Access Requests to an Authorized Server System for a Cloud Service | |
| CN103532982A (en) | Wearable device based authorization method, device and system | |
| CN103139200A (en) | Single sign-on method of web service | |
| CN109067789A (en) | Web vulnerability scanning method, system based on linux system | |
| CN106453396A (en) | Double token account login method and login verification device | |
| CN105323222B (en) | Login validation method and system | |
| CN102143131B (en) | User logout method and authentication server | |
| CN105049427A (en) | Management method and management device for login accounts of application systems | |
| CN104994102A (en) | Enterprise information system authentication and access control method based on reverse proxy | |
| CN108683675B (en) | Report activating method based on SSO extending sessions duration | |
| CN104767614B (en) | A kind of information authentication method and device | |
| CN108712372A (en) | A kind of method and system of client access WEB third party logins | |
| CN109067785A (en) | Cluster authentication method, device | |
| CN110365684A (en) | Access control method, device and the electronic equipment of application cluster |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |