CN109246076A - A kind of method and apparatus of single-sign-on multisystem - Google Patents
A kind of method and apparatus of single-sign-on multisystem Download PDFInfo
- Publication number
- CN109246076A CN109246076A CN201810864122.3A CN201810864122A CN109246076A CN 109246076 A CN109246076 A CN 109246076A CN 201810864122 A CN201810864122 A CN 201810864122A CN 109246076 A CN109246076 A CN 109246076A
- Authority
- CN
- China
- Prior art keywords
- user
- user information
- log
- server
- unique identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
Abstract
The present invention provides a kind of method and apparatus of single-sign-on multisystem.By after completing to verify login triangular web, user's unique identity is written in the cookie of the system after completing to log in, and redis server is written into user information, and then when request logs in other one or more related systems, for same area to login system, user's unique identity is read from the cookie, and according to user's unique identity from the corresponding user information of redis server pull, to realize the automated log on that login system is waited for this.Further, for cross-domain to login system, by the way that trust list is arranged, for operating in the way of same domain system in trust list to login system, automated log on is realized.The present invention realize same area and it is cross-domain in the case where, triangular web log in after, other related systems need not repeat logon function.
Description
Technical field
The present invention relates to field of computer technology, especially a kind of method of single-sign-on multisystem, single-sign-on polyphyly
Device, computer storage medium and the calculating equipment of system.
Background technique
In practical applications, user often may require that logging in multiple systems carries out processing operation in occasions such as work, leisure,
Often there is certain association between these systems, therefore same user's account corresponding with the unique identity of user can be used in user
Number and password log in these systems.For example, for every employee of enterprise, during its work, it may be necessary to log in
Multiple systems such as human resource system, work log system, product testing system, the product delivery system of enterprise.In general, enterprise
It can be every employee's distributing user unique identity, so that every employee can be with corresponding with its user's unique identity
User account and password log in these above-mentioned systems, facilitate the management of enterprise.In the prior art, these above-mentioned systems are being logged in
When, need user to log in these systems, cumbersome, poor user experience one by one with the user account and password.
Summary of the invention
In view of the above problems, it proposes on the present invention overcomes the above problem or at least be partially solved in order to provide one kind
State the method for single-sign-on multisystem, the device of single-sign-on multisystem, computer storage medium and the calculating equipment of problem.
One side according to an embodiment of the present invention provides a kind of method of single-sign-on multisystem, steps on applied to single-point
Record server, comprising:
Step 1: receiving the logging request for treating login system from browser side;
Step 2: judging that the browser side completes the current cookie saved after logging in the presence or absence of first system;
If it is not, thening follow the steps 3: sending checking request to log-on message server, when the log-on message server root
According to after received checking request verified and passed through to the user information of input, receive the log-on message server and return
Be verified information, obtain the user information and user corresponding with the user information from the log-on message server
Unique identity, user's unique identity write-in is described in the cookie of login system, and by the user
Redis server is written in information, to complete to log in described to login system;
If so, thening follow the steps 4: the relatively father field name to login system system corresponding with the current cookie
Father field name it is whether identical;
If they are the same, 5 are thened follow the steps: the user's unique identity saved in the current cookie is read, according to institute
User's unique identity of reading is believed from redis server pull user corresponding with user's unique identity
Breath, and be set as having logged in by the logging state to login system according to the user information pulled, to realize to institute
State the automated log on to login system;
Wherein, above-mentioned steps are also used, are realized to other one or more automated log ons to login system.
Optionally, after step 4, the method also includes:
Step 6: if the father field name of the father field name to login system system corresponding from the current cookie is different,
Then whether the judgement domain name to login system is in specified trust list;
If the domain name to login system thens follow the steps 5 in the specified trust list;
If the domain name to login system in the specified trust list, is not refused to log in.
Optionally, in step 3, the checking request carries the uniform resource position mark URL to login system;
It is described be verified information carry it is described to the URL of login system and the log-on message server to input
User information verified and the user information that generates after being passed through obtains key;
The user information and corresponding user's unique identity are obtained from the log-on message server, comprising:
It calls the first user information of the single logging-on server to obtain interface, is sent to the log-on message server
It carries the user information and obtains the first user information acquisition request of key, and receive the log-on message server according to institute
State the user information corresponding with user information acquisition key and the unique body of user of the return of the first user information acquisition request
Part mark.
Optionally, in step 3, redis server is written into the user information, comprising:
By calling the specified write-in interface of the single logging-on server that redis service is written in the user information
Device.
Optionally, in steps of 5, according to read user's unique identity from the redis server pull with
The corresponding user information of user's unique identity, comprising:
The second user acquisition of information interface for calling the single logging-on server is taken to redis server transmission
Second user information acquisition request with read user's unique identity, and receive the redis server according to
The user information corresponding with user's unique identity that the second user information acquisition request returns.
Optionally, the user information being written in the redis server is provided with expired time, at this point,
Receive that the redis server returns according to the second user information acquisition request with user's unique identities
Identify corresponding user information, comprising:
When the redis server is receiving the second user for carrying read user's unique identity
After information acquisition request, when itself finding user information corresponding with user's unique identity of the reading, institute is received
State the user information corresponding with user's unique identity of redis server return;
When the redis server is receiving the second user for carrying read user's unique identity
After information acquisition request, when itself not finding user information corresponding with user's unique identity of the reading, receive
Successful information has not been obtained in the instruction that the redis server returns, and executes step 3.
Optionally, in step 3, from the log-on message server obtain the user information and with the user information
After corresponding user's unique identity, further includes:
User information write-in is described in the session of login system.
Optionally, after step 1 and before step 2, the method also includes:
Judge whether there is the session to login system;
If it exists, then the user information to save in the session of login system is read;
The logging state to login system is set as having logged according to the user information, is stepped on automatically to realize
Record is described to login system;
If it does not exist, 2 are thened follow the steps.
Optionally, user's unique identity includes the MD5 value of subscriber mailbox;
The user information includes user's login account and password.
Optionally, the information transmission between the log-on message server and the redis server is assisted using https
View carries out.
According to another aspect of an embodiment of the present invention, a kind of device of single-sign-on multisystem is additionally provided, is applied to single
Point login service device, comprising:
Logging request receiving module is adapted for carrying out step 1: receiving the login for treating login system from browser side and asks
It asks;
Cookie judgment module, is adapted for carrying out step 2: judging that the browser side completes to log in the presence or absence of first system
The current cookie saved afterwards;
Login module is verified, if saving after logging in suitable for the browser side there is no the completion of first system current
Cookie, thens follow the steps 3: checking request is sent to log-on message server, when the log-on message server is according to being connect
After the checking request of receipts is verified and passed through to the user information of input, the verifying that the log-on message server returns is received
By information, the user information and the unique body of user corresponding with the user information are obtained from the log-on message server
Part mark, user's unique identity write-in is described in the cookie of login system, and the user information is write
Enter redis server, to complete to log in described to login system;
Same area/cross-domain judgment module, if being saved after being logged in suitable for the browser side there are the completion of first system current
Cookie, thens follow the steps 4: the relatively father field of the father field name to login system system corresponding with the current cookie
Whether name is identical;And
Same area automated log on module, if suitable for the father field name to login system system corresponding with the current cookie
The father field name of system is identical, thens follow the steps 5: the user's unique identity saved in the current cookie is read, according to institute
User's unique identity of reading is believed from redis server pull user corresponding with user's unique identity
Breath, and be set as having logged in by the logging state to login system according to the user information pulled, to realize to institute
State the automated log on to login system;
Wherein, corresponding steps are also executed using above-mentioned module, realized to other one or more to the automatic of login system
It logs in.
Optionally, described device further include:
Cross-domain automated log on module is suitable for after the same area/cross-domain judgment module executes the step 4, executes step
Rapid 6: if the father field name of the father field name to login system system corresponding from the current cookie is different, described in judgement
Whether the domain name to login system is in specified trust list;
If the domain name to login system in the specified trust list, triggers the same area automated log on module
Execute step 5;
If the domain name to login system in the specified trust list, is not refused to log in.
Optionally, the checking request carries the uniform resource position mark URL to login system;
It is described be verified information carry it is described to the URL of login system and the log-on message server to input
User information verified and the user information that generates after being passed through obtains key;
The verifying login module is further adapted for:
It calls the first user information of the single logging-on server to obtain interface, is sent to the log-on message server
It carries the user information and obtains the first user information acquisition request of key, and receive the log-on message server according to institute
State the user information corresponding with user information acquisition key and the unique body of user of the return of the first user information acquisition request
Part mark.
Optionally, the verifying login module is further adapted for:
By calling the specified write-in interface of the single logging-on server that redis service is written in the user information
Device.
Optionally, the same area automated log on module is further adapted for:
The second user acquisition of information interface for calling the single logging-on server is taken to redis server transmission
Second user information acquisition request with read user's unique identity, and receive the redis server according to
The user information corresponding with user's unique identity that the second user information acquisition request returns.
Optionally, the user information being written in the redis server is provided with expired time, at this point,
The same area automated log on module is further adapted for:
When the redis server is receiving the second user for carrying read user's unique identity
After information acquisition request, when itself finding user information corresponding with user's unique identity of the reading, institute is received
State the user information corresponding with user's unique identity of redis server return;
When the redis server is receiving the second user for carrying read user's unique identity
After information acquisition request, when itself not finding user information corresponding with user's unique identity of the reading, receive
Successful information has not been obtained in the instruction that the redis server returns, and triggers the verifying login module and execute step 3.
Optionally, the verifying login module is further adapted for:
The user information and the unique body of user corresponding with the user information are obtained from the log-on message server
It is after part mark, user information write-in is described in the session of login system.
Optionally, described device further include:
Login module based on session, is suitable for: after the logging request receiving module executes step 1 and described
Before cookie judgment module executes step 2, the session to login system is judged whether there is;
If it exists, then the user information to save in the session of login system is read;
The logging state to login system is set as having logged according to the user information, is stepped on automatically to realize
Record is described to login system;
If it does not exist, then it triggers the cookie judgment module and executes step 2.
Optionally, user's unique identity includes the MD5 value of subscriber mailbox;
The user information includes user's login account and password.
Optionally, the information transmission between described device and the log-on message server and the redis server is adopted
It is carried out with https agreement.
It is according to an embodiment of the present invention in another aspect, additionally provide a kind of computer storage medium, the computer storage
Media storage has computer program code, when the computer program code is run on the computing device, leads to the calculating
Equipment executes the method according to above described in any item single-sign-on multisystems.
Another aspect according to an embodiment of the present invention additionally provides a kind of calculating equipment, comprising:
Processor;And
It is stored with the memory of computer program code;
When the computer program code is run by the processor, the calculating equipment is caused to execute according to above
The method of described in any item single-sign-on multisystems.
The method and apparatus for the single-sign-on multisystem that the embodiment of the present invention proposes, after realizing triangular web login,
His related system need not repeat logon function.Firstly, being asked receiving the login for treating login system from browser side
After asking, judges that browser side completes the current cookie saved after logging in there is no first system, then jump to log-on message
Server, input user information carry out login authentication;After logining successfully by verifying, user's letter is obtained from log-on message server
Breath and corresponding user's unique identity, are written this for user's unique identity and wait in the cookie of login system, and will
Redis server is written in user information.Then, receive from browser side to another logging request to login system
Afterwards, judge that browser side completes the current cookie saved after logging in there are previous system at this time, is more currently wait log in
Whether the father field name of the father field name of system previous system corresponding with current cookie is identical;If they are the same, that is, currently to login system
Previous system corresponding with current cookie is same domain system, then reads the user's unique identities mark saved in current cookie
Know, according to read user's unique identity from redis server pull use corresponding with user's unique identity
Family information, and currently will be set as having logged in the logging state of login system according to the user information pulled, to realize
To currently to the automated log on of login system.It goes to obtain user's by the cookie for completing to save after logging according to first system
Log-on message, and then other related systems of automated log on and first system same area, realize in same area, by primary
Login authentication operation logs in the function of multiple systems.
Further, it obtains currently if comparing to the father field name of login system previous system corresponding with current cookie
Father field name is different, that is, be currently cross-domain system to login system previous system corresponding with current cookie, then judge currently to
Whether the domain name of login system is in specified trust list, if so, being operated in the way of same domain system, realizes automatic
It logs in, if it is not, then refusing to log in.By the way that trust list is arranged, it is furthermore achieved in cross-domain situation, is tested by once logging in
Card operation logs in the function of multiple systems.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention,
And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can
It is clearer and more comprehensible, the followings are specific embodiments of the present invention.
According to the following detailed description of specific embodiments of the present invention in conjunction with the accompanying drawings, those skilled in the art will be brighter
The above and other objects, advantages and features of the present invention.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field
Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention
Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 shows the flow chart of the method for single-sign-on multisystem according to an embodiment of the invention;
Fig. 2 shows the flow charts of the method for single-sign-on multisystem according to another embodiment of the present invention;
Fig. 3 shows the structural schematic diagram of the device of single-sign-on multisystem according to an embodiment of the invention;And
Fig. 4 shows the structural schematic diagram of the device of single-sign-on multisystem according to another embodiment of the present invention.
Specific embodiment
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
It is fully disclosed to those skilled in the art.
In order to solve the above technical problems, a kind of method that the embodiment of the present invention proposes single-sign-on multisystem.Fig. 1 is shown
The flow chart of the method for single-sign-on multisystem according to an embodiment of the invention.Referring to Fig. 1, this method is applied to single-sign-on
Server may comprise steps of 1 to step 5.
Step 1, the logging request for treating login system from browser side is received.
Step 2, judge that browser side completes the current cookie saved after logging in the presence or absence of first system.
Step 3, if it is not, then sending checking request to log-on message server, when log-on message server is according to being received
Checking request the user information of input is verified and is passed through after, receive log-on message server return be verified letter
Breath obtains user information and user's unique identity corresponding with user information from log-on message server, and user is unique
Redis server is written in the cookie of login system, and by user information in identity write-in, so that completing to log in should be to
Login system.
Step 4, if so, compare the father field name system corresponding with current cookie to login system father field name whether
It is identical.
Step 5, if they are the same, then the user's unique identity saved in current cookie is read, according to read use
Family unique identity is from redis server pull user information corresponding with user's unique identity, and according to being drawn
Logging state to login system is set as having logged in by the user information taken, treats stepping on automatically for login system to realize
Record.
Further, this method further include using above-mentioned steps, realize to other it is one or more to login system from
It is dynamic to log in.
The method for the single-sign-on multisystem that the embodiment of the present invention proposes, after realizing triangular web login, other are related
System need not repeat logon function.Firstly, receive from browser side treat the logging request of login system after, sentence
Disconnected browser side out completes the current cookie saved after logging in there is no first system, then jumps to log-on message server,
It inputs user information and carries out login authentication;After logining successfully by verifying, user information and right is obtained from log-on message server
The user's unique identity answered, is written this for user's unique identity and waits in the cookie of login system, and user is believed
Breath write-in redis server.Then, receive from browser side to another after the logging request of login system, sentence
Disconnected browser side completes the current cookie saved after logging in there are previous system at this time out, more currently to the father of login system
Whether the father field name of domain name previous system corresponding with current cookie is identical;If they are the same, that is, currently to login system and currently
The corresponding previous system of cookie is same domain system, then reads the user's unique identity saved in current cookie, according to
Read user's unique identity from redis server pull user information corresponding with user's unique identity,
And currently will be set as having logged in the logging state of login system according to the user information pulled, thus realize to currently to
The automated log on of login system.The login for obtaining user is gone to believe by the cookie for completing to save after logging according to first system
Breath, and then other related systems of automated log on and first system same area, realize in same area, are tested by once logging in
Card operation logs in the function of multiple systems.
It is mentioned above to can be the phase logged in same user account and password to login system and first system
Relationship system.
In above step 3, mentioned checking request can carry URL (the Uniform Resoure to login system
Locator, uniform resource locator).After log-on message server receives the checking request, show a login page for
Input user information.Then, log-on message server verifies the user information of input, if passing through, generates a user
Acquisition of information key, and information is verified to single logging-on server return, wherein it is verified in information and carries wait step on
The URL of recording system and user information generated obtain key.In turn, single logging-on server is verified information receiving
Afterwards, it calls its first user information to obtain interface, is sent to log-on message server and carry the user information obtains key the
One user information acquisition request, and receive that log-on message server returns according to the first user information acquisition request with the user
The corresponding user information of acquisition of information key and user's unique identity.Herein, the first user information, which obtains interface, to be
Get interface.Further, in order to ensure the user of request user information is just to log in successful user, and then guarantee to use
The safety of family information, user information obtain key and are provided with effective time, for example, effective time is 5-10 seconds.
After getting user information and user's unique identity, single logging-on server is by user's unique identity
Write-in specified be written interface redis is written in user information in the cookie of login system and save, and by calling it
Server.
Redis (Remote Dictionary Server, long-range Dictionary server), which is that one kind is memory-based, can also hold
Log type, the high performance Key-Value database changed long, can support the value type of a variety of storages, including character string
(string), chained list (list), set (set), ordered set (sorted set) and Hash (hash) type.Redis has
Readwrite performance is excellent, support data persistence, support leader follower replication, read and write abruption, data structure it is abundant, can buffered message, can
The advantages that expired time is set.
In alternative embodiment of the invention, user's unique identity mentioned above may include subscriber mailbox
MD5 value.Correspondingly, user information may include user's login account and password.
In above step 4, if judging, browser side completes the current cookie saved after logging in there are first system,
Whether the father field name for comparing the father field name system corresponding with current cookie to login system is identical.As an example it is assumed that
Login system domain name is test.abc.net, then his father's domain name is abc.net;Currently the domain name of the corresponding system of cookie is
Hr.abc.cn, then his father's domain name is abc.cn.At this point, whether compare abc.net and abc.cn identical.If they are the same, then continue to hold
Row step 5 terminates the login process currently to login system if not identical.
In above step 5, if the father field name of father field name system corresponding with current cookie to login system is identical,
Read the user's unique identity saved in current cookie.In turn, the second user information of single logging-on server is called
Interface is obtained, the second user acquisition of information for carrying read user's unique identity to the transmission of redis server is asked
It asks.After redis server receives second user information acquisition request, searched at itself corresponding with user's unique identity
User information, and the user information found is returned into single logging-on server.
Further, in order to enhance the safety of user information, the user information being written in redis server is provided with expired
Time, for example, expired time can be set to 24 hours, after expired, the user information stored in redis server will delete automatically
It removes.In that way it is possible to which appearing in does not have the case where required user information obtained in redis server.At this point, being serviced in redis
After device receives the second user information acquisition request for carrying read user's unique identity, if itself finding
User information corresponding with user's unique identity of the reading, then directly return to single-point for the user information found and step on
Record server.In turn, single logging-on server according to received user information the state to login system is set as having stepped on
Record, to realize the automated log on for waiting for this login system.
It is received in redis server and carries the second user acquisition of information of read user's unique identity and ask
After asking, if being taken itself not finding user information corresponding with user's unique identity of the reading to single-sign-on
Business device returns to instruction and successful information has not been obtained.Single logging-on server is held after receiving instruction and successful information has not been obtained
Row above-mentioned steps 3, that is, send checking request to log-on message server, when log-on message server is according to the received verifying of institute
After request is verified and passed through to the user information of input, receive the return of log-on message server is verified information, from
Log-on message server obtains user information and user's unique identity corresponding with user information, by user's unique identities mark
Write-in is known in the cookie of login system, and redis server is written into user information, to complete to log in and should be wait log in
System.
In alternative embodiment of the invention, in step 3, from log-on message server obtain user information and with this
After the corresponding user's unique identity of user information, user information can also be written in the session of login system.
Further, after this is to the success of login system login authentication, and in this session failure to login system
Before, if this need to be logged on to login system, step 2 can executed, that is, judge browser side with the presence or absence of formerly system
Before system completes the current cookie saved after logging in, this session to login system is first judged whether there is.If it exists,
This user information to save in the session of login system is then read, and will be originally to login system according to the user information
Logging state is set as having logged in, to realize automated log on.If it does not exist, then step 2 is continued to execute, that is, judge browser
The current cookie saved after logging in is completed with the presence or absence of first system in side.
It in another embodiment in accordance with the invention, can also include following step as shown in Fig. 2, after executing step 4
Rapid 6.
If the father field name of father field name system corresponding from current cookie to login system is different, judge be wait log in
Whether the domain name of system is in specified trust list;If the domain name to login system thens follow the steps 5 in specified trust list,
That is, read the user's unique identity saved in current cookie, according to read user's unique identity from redis
Server pull user information corresponding with user's unique identity, and will be wait log according to the user information pulled
The logging state of system is set as having logged in, to realize the automated log on for treating login system;If the domain name to login system is not
In specified trust list, then refuse to log in, terminate currently to the login process of login system.
Specified trust list mentioned above can be pre-configured with by user or single logging-on server, in the specified trust
Can recorde in list logged in same user account and password, the domain name of multiple related systems trusty.
In alternative embodiment of the invention, in order to improve the safety of information transmission, single logging-on server and login
Information transmission between information server and redis server is carried out using https agreement.Https agreement is by SSL+http
Protocol construction carries out encrypted transmission, the network protocol of authentication, safer than http agreement.
A variety of implementations of the links of embodiment illustrated in fig. 1 are described above, specific embodiment will be passed through below
Come be discussed in detail single-sign-on multisystem of the invention method realization process.
Embodiment one
In specific embodiments of the present invention one, it is illustrated by taking three systems below single-sign-on as an example: human resources
System, work log system and product delivery system.
Below to a kind of method of single-sign-on multisystem provided in this embodiment applied to single logging-on server into
Row illustrates.Wherein, for convenience of description, it is assumed that human resource system, work log system and product delivery system be for
It can be logged in same user account and password for one user, related system trusty, their domain name is respectively
Hr.abc.net, blog.abc.net and product.abc.cn.Be provided with trust list in single logging-on server in advance, it should
Record has the domain name of human resource system, work log system and product delivery system in trust list.
The first step, single logging-on server receive the logging request to human resource system from browser side.
Second step, it is current that single logging-on server judges that browser side completes to save after logging in the presence or absence of first system
cookie.Since human resource system is the first system that this user logs in, it can determine whether out that there is no formerly systems for browser side
System completes the current cookie saved after logging in.
Third step, firstly, the verifying that single logging-on server sends the URL for carrying human resource system to be logged in is asked
It asks to log-on message server, so that log-on message server after receiving the checking request, shows login page for user
Input user information verified, and after being verified generate user information obtain key, and return carry it is to be logged in
The URL of human resource system is verified information with user information acquisition key.Then, single logging-on server is receiving
To after being verified information, its first user information is called to obtain interface, is sent to log-on message server and carry user letter
Breath obtains the first user information acquisition request of key, and receives log-on message server according to the first user information acquisition request
The user information corresponding with user information acquisition key and user's unique identity returned.Finally, single-sign-on services
User's unique identity is written in the cookie of human resource system and is saved by device, and calls its specified write-in interface that will use
Redis server is written in family information, to complete to log in human resource system.
4th step, single logging-on server receive the logging request to work log system from browser side.
5th step, single logging-on server are judged that browser side exists and are completed as the human resource system of first system
The current cookie saved after login.
6th step, the father field name that single logging-on server compares work log system to be logged in are corresponding with current cookie
First system (that is, human resource system) father field name it is whether identical.Due to work log system and human resource system father
Domain name is abc.net, can obtain comparison result be both father field name it is identical, that is, work log system to be logged in work as
The corresponding human resource system of preceding cookie is same domain system.
7th step, single logging-on server read the user's unique identity saved in current cookie, call second
User information obtains interface, and the second user letter for carrying read user's unique identity is sent to redis server
Cease acquisition request.After redis server receives second user information acquisition request, itself searching and user's unique identities
Corresponding user information is identified, and the user information found is returned into single logging-on server.Single logging-on server root
According to received user information the state of work log system to be logged in is set as having logged in, thus realize to work log
The automated log on of system.
8th step, single logging-on server receive the logging request to product delivery system from browser side.
9th step, single logging-on server are judged that browser side exists and are completed as the human resource system of first system
The current cookie saved after login.
Tenth step, the father field name that single logging-on server compares product delivery system to be logged in are corresponding with current cookie
First system (that is, human resource system) father field name it is whether identical.Due to the entitled abc.cn of the father field of product delivery system,
And the entitled abc.net of father field of human resource system, it can show that the father field name that comparison result is the two is different, that is, to be logged in
Product delivery system human resource system corresponding with current cookie is cross-domain system.
11st step, single logging-on server judge the domain name of product delivery system to be logged in trust list,
Then, single logging-on server reads the user's unique identity saved in current cookie, and second user information is called to obtain
Interface is taken, the second user information acquisition request for carrying read user's unique identity is sent to redis server.
After redis server receives second user information acquisition request, searched at itself corresponding with user's unique identity
User information, and the user information found is returned into single logging-on server.Single logging-on server is received according to institute
The state of product delivery system to be logged in is set as having logged in by user information, to realize to the automatic of product delivery system
It logs in, entire login process terminates.
The present embodiment realizes after triangular web logs in, other related systems need not repeat logon function, and support
The case where same area and cross-domain multiple systems.
It should be noted that above-mentioned all optional embodiments can be any group by the way of combining in practical application
It closes, forms alternative embodiment of the invention, this is no longer going to repeat them.
Based on the same inventive concept, the embodiment of the invention also provides a kind of device of single-sign-on multisystem, it is applied to
Single logging-on server, for supporting the side of single-sign-on multisystem provided by any one above-mentioned embodiment or combinations thereof
Method.Fig. 3 shows the structural schematic diagram of the device of single-sign-on multisystem according to an embodiment of the invention.Referring to Fig. 3, the dress
Set at least may include: logging request receiving module 310, cookie judgment module 320, verifying login module 330, same area/across
Domain judgment module 340 and same area automated log on module 350.
Now introduce each composition or function and each portion of device of the device of the single-sign-on multisystem of the embodiment of the present invention
Connection relationship between point:
Logging request receiving module 310 is adapted for carrying out step 1: receiving and treats stepping on for login system from browser side
Record request.
Cookie judgment module 320 is connect with logging request receiving module 310, is executed step 2: being judged that browser side is
The no current cookie for completing to save after logging in there are first system.
Login module 330 is verified, is connect with cookie judgment module 320, if being suitable for browser side is not present first system
The current cookie saved after logging in is completed, thens follow the steps 3: sending checking request to log-on message server, believes when logging in
Breath server according to institute received checking request the user information of input is verified and is passed through after, reception log-on message service
What device returned is verified information, obtains user information and the unique body of user corresponding with user information from log-on message server
Part mark, by the write-in of user's unique identity in the cookie of login system, and by user information write-in redis service
Device is somebody's turn to do to complete to log in login system.
Same area/cross-domain judgment module 340, connect with cookie judgment module 320, if being suitable for browser side has formerly system
System completes the current cookie saved after logging in, thens follow the steps 4: comparing the father field name to login system and current cookie pairs
Whether the father field name for the system answered is identical.
Same area automated log on module 350 is connect with same area/cross-domain judgment module 340, if suitable for the father field to login system
The father field name of name system corresponding with current cookie is identical, thens follow the steps 5: reading the user saved in current cookie only
One identity, according to read user's unique identity from redis server pull and user's unique identity
Corresponding user information, and be set as having logged in by the logging state to login system according to the user information pulled, thus
Realize the automated log on for treating login system.
Further, corresponding steps can also be executed using above-mentioned module, realization is wait log in other one or more
The automated log on of system.
According to another embodiment of the present invention, as shown in figure 4, the device of single-sign-on multisystem shown in Fig. 3 is also
May include:
Cross-domain automated log on module 460 is connect with same area/cross-domain judgment module 340, is suitable in same area/cross-domain judgement mould
After block 340 executes step 4, step 6 is executed: if the father field of the father field name system corresponding with current cookie to login system
Whether name is different, then judge the domain name to login system in specified trust list;If the domain name to login system is in specified letter
Appoint in list, then triggers same area automated log on module 350 and execute step 5;If the domain name to login system does not trust column specified
In table, then refuse to log in, terminate currently to the login process of login system.
In one alternate embodiment, checking request carries the uniform resource position mark URL to login system;
Be verified information carry to login system URL and log-on message server to the user information of input into
Row is verified and the user information generated after passing through obtains key;
Verifying login module 330 is further adapted for:
It calls the first user information of single logging-on server to obtain interface, is sent to log-on message server and carry user
First user information acquisition request of acquisition of information key, and receive log-on message server and asked according to the acquisition of the first user information
Ask the user information corresponding with user information acquisition key and user's unique identity of return.
In one alternate embodiment, verifying login module 330 is further adapted for:
By calling the specified write-in interface of single logging-on server that redis server is written in user information.
In one alternate embodiment, same area automated log on module 350 is further adapted for:
The second user acquisition of information interface for calling single logging-on server sends to carry to redis server and be read
The second user information acquisition request of the user's unique identity taken, and redis server is received according to second user information
The user information corresponding with user's unique identity that acquisition request returns.
In one alternate embodiment, the user information being written in redis server is provided with expired time, at this point,
Same area automated log on module 350 is further adapted for:
When redis server is receiving the second user acquisition of information for carrying read user's unique identity
After request, when itself finding user information corresponding with user's unique identity of the reading, redis server is received
The user information corresponding with user's unique identity returned;
When redis server is receiving the second user acquisition of information for carrying read user's unique identity
After request, when itself not finding user information corresponding with user's unique identity of the reading, redis service is received
Successful information has not been obtained in the instruction that device returns, and triggers verifying login module 330 and execute step 3.
In one alternate embodiment, verifying login module 330 is further adapted for:
It, will after log-on message server acquisition user information and user's unique identity corresponding with user information
User information is written in the session of login system.
Further, as shown in figure 4, the device of single-sign-on multisystem shown in Fig. 3 can also include:
Login module 470 based on session, is connected with logging request receiving module 310 and cookie judgment module 320
It connects, is suitable for: after logging request receiving module 310 executes step 1 and before the execution step 2 of cookie judgment module 320, sentencing
The disconnected session with the presence or absence of to login system;
If it exists, then the user information to save in the session of login system is read;
The logging state to login system is set as having logged according to user information, to realize that automated log on waits logging in
System;
If it does not exist, then it triggers cookie judgment module 320 and executes step 2.
In one alternate embodiment, user's unique identity includes the MD5 value of subscriber mailbox.Correspondingly, Yong Huxin
Breath includes user's login account and password.
In one alternate embodiment, the information transmission between the device and log-on message server and redis server
It is carried out using https agreement.
Based on the same inventive concept, the embodiment of the invention also provides a kind of computer storage mediums.Computer storage
Media storage has computer program code, when the computer program code is run on the computing device, calculating equipment is caused to be held
The method of row single-sign-on multisystem according to any one above-mentioned embodiment or combinations thereof.
Based on the same inventive concept, the embodiment of the invention also provides a kind of calculating equipment.The calculating equipment may include:
Processor;And
It is stored with the memory of computer program code;
When the computer program code is run by processor, the calculating equipment is caused to execute according to any one above-mentioned reality
The method for applying single-sign-on multisystem described in example or combinations thereof.
According to the combination of any one above-mentioned alternative embodiment or multiple alternative embodiments, the embodiment of the present invention can reach
It is following the utility model has the advantages that
The method and apparatus for the single-sign-on multisystem that the embodiment of the present invention proposes, after realizing triangular web login,
His related system need not repeat logon function.Firstly, being asked receiving the login for treating login system from browser side
After asking, judges that browser side completes the current cookie saved after logging in there is no first system, then jump to log-on message
Server, input user information carry out login authentication;After logining successfully by verifying, user's letter is obtained from log-on message server
Breath and corresponding user's unique identity, are written this for user's unique identity and wait in the cookie of login system, and will
Redis server is written in user information.Then, receive from browser side to another logging request to login system
Afterwards, judge that browser side completes the current cookie saved after logging in there are previous system at this time, is more currently wait log in
Whether the father field name of the father field name of system previous system corresponding with current cookie is identical;If they are the same, that is, currently to login system
Previous system corresponding with current cookie is same domain system, then reads the user's unique identities mark saved in current cookie
Know, according to read user's unique identity from redis server pull use corresponding with user's unique identity
Family information, and currently will be set as having logged in the logging state of login system according to the user information pulled, to realize
To currently to the automated log on of login system.It goes to obtain user's by the cookie for completing to save after logging according to first system
Log-on message, and then other related systems of automated log on and first system same area, realize in same area, by primary
Login authentication operation logs in the function of multiple systems.
Further, it obtains currently if comparing to the father field name of login system previous system corresponding with current cookie
Father field name is different, that is, be currently cross-domain system to login system previous system corresponding with current cookie, then judge currently to
Whether the domain name of login system is in specified trust list, if so, being operated in the way of same domain system, realizes automatic
It logs in, if it is not, then refusing to log in.By the way that trust list is arranged, it is furthermore achieved in cross-domain situation, is tested by once logging in
Card operation logs in the function of multiple systems.
It is apparent to those skilled in the art that the specific work of the system of foregoing description, device and unit
Make process, can refer to corresponding processes in the foregoing method embodiment, for brevity, does not repeat separately herein.
In addition, each functional unit in each embodiment of the present invention can be physically independent, can also two or
More than two functional units integrate, and can be all integrated in a processing unit with all functional units.It is above-mentioned integrated
Functional unit both can take the form of hardware realization, can also be realized in the form of software or firmware.
Those of ordinary skill in the art will appreciate that: if the integrated functional unit is realized and is made in the form of software
It is independent product when selling or using, can store in a computer readable storage medium.Based on this understanding,
Technical solution of the present invention is substantially or all or part of the technical solution can be embodied in the form of software products,
The computer software product is stored in a storage medium comprising some instructions, with so that calculating equipment (such as
Personal computer, server or network equipment etc.) various embodiments of the present invention the method is executed when running described instruction
All or part of the steps.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM), random access memory
Device (RAM), the various media that can store program code such as magnetic or disk.
Alternatively, realizing that all or part of the steps of preceding method embodiment can be (all by the relevant hardware of program instruction
Such as personal computer, the calculating equipment of server or network equipment etc.) it completes, described program instruction can store in one
In computer-readable storage medium, when described program instruction is executed by the processor of calculating equipment, the calculating equipment is held
The all or part of the steps of row various embodiments of the present invention the method.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent
Present invention has been described in detail with reference to the aforementioned embodiments for pipe, those skilled in the art should understand that: at this
Within the spirit and principle of invention, it is still possible to modify the technical solutions described in the foregoing embodiments or right
Some or all of the technical features are equivalently replaced;And these are modified or replaceed, and do not make corresponding technical solution de-
From protection scope of the present invention.
One side according to an embodiment of the present invention provides a kind of method of single-sign-on multisystem of A1., is applied to single-point
Login service device, comprising:
Step 1: receiving the logging request for treating login system from browser side;
Step 2: judging that the browser side completes the current cookie saved after logging in the presence or absence of first system;
If it is not, thening follow the steps 3: sending checking request to log-on message server, when the log-on message server root
According to after received checking request verified and passed through to the user information of input, receive the log-on message server and return
Be verified information, obtain the user information and user corresponding with the user information from the log-on message server
Unique identity, user's unique identity write-in is described in the cookie of login system, and by the user
Redis server is written in information, to complete to log in described to login system;
If so, thening follow the steps 4: the relatively father field name to login system system corresponding with the current cookie
Father field name it is whether identical;
If they are the same, 5 are thened follow the steps: the user's unique identity saved in the current cookie is read, according to institute
User's unique identity of reading is believed from redis server pull user corresponding with user's unique identity
Breath, and be set as having logged in by the logging state to login system according to the user information pulled, to realize to institute
State the automated log on to login system;
Wherein, above-mentioned steps are also used, are realized to other one or more automated log ons to login system.
A2. method according to a1, wherein after step 4, further includes:
Step 6: if the father field name of the father field name to login system system corresponding from the current cookie is different,
Then whether the judgement domain name to login system is in specified trust list;
If the domain name to login system thens follow the steps 5 in the specified trust list;
If the domain name to login system in the specified trust list, is not refused to log in.
A3. method according to a1 or a2, wherein in step 3, the checking request carries described is wait log in
The uniform resource position mark URL of system;
It is described be verified information carry it is described to the URL of login system and the log-on message server to input
User information verified and the user information that generates after being passed through obtains key;
The user information and corresponding user's unique identity are obtained from the log-on message server, comprising:
It calls the first user information of the single logging-on server to obtain interface, is sent to the log-on message server
It carries the user information and obtains the first user information acquisition request of key, and receive the log-on message server according to institute
State the user information corresponding with user information acquisition key and the unique body of user of the return of the first user information acquisition request
Part mark.
A4. the method according to any one of A1-A3, wherein in step 3, redis is written into the user information
Server, comprising:
By calling the specified write-in interface of the single logging-on server that redis service is written in the user information
Device.
A5. the method according to any one of A1-A4, wherein in steps of 5, according to the unique body of read user
Part identifies from redis server pull user information corresponding with user's unique identity, comprising:
The second user acquisition of information interface for calling the single logging-on server is taken to redis server transmission
Second user information acquisition request with read user's unique identity, and receive the redis server according to
The user information corresponding with user's unique identity that the second user information acquisition request returns.
A6. method according to a5, wherein when the user information being written in the redis server is provided with expired
Between, at this point,
Receive that the redis server returns according to the second user information acquisition request with user's unique identities
Identify corresponding user information, comprising:
When the redis server is receiving the second user for carrying read user's unique identity
After information acquisition request, when itself finding user information corresponding with user's unique identity of the reading, institute is received
State the user information corresponding with user's unique identity of redis server return;
When the redis server is receiving the second user for carrying read user's unique identity
After information acquisition request, when itself not finding user information corresponding with user's unique identity of the reading, receive
Successful information has not been obtained in the instruction that the redis server returns, and executes step 3.
A7. the method according to any one of A1-A6, wherein in step 3, obtained from the log-on message server
After taking the user information and user's unique identity corresponding with the user information, further includes:
User information write-in is described in the session of login system.
A8. the method according to A7, wherein after step 1 and before step 2, further includes:
Judge whether there is the session to login system;
If it exists, then the user information to save in the session of login system is read;
The logging state to login system is set as having logged according to the user information, is stepped on automatically to realize
Record is described to login system;
If it does not exist, 2 are thened follow the steps.
A9. the method according to any one of A1-A8, wherein user's unique identity includes subscriber mailbox
MD5 value;
The user information includes user's login account and password.
A10. the method according to any one of A1-A9, wherein with the log-on message server and the redis
Information transmission between server is carried out using https agreement.
According to another aspect of an embodiment of the present invention, a kind of device of single-sign-on multisystem of B11. is additionally provided, is applied
In single logging-on server, comprising:
Logging request receiving module is adapted for carrying out step 1: receiving the login for treating login system from browser side and asks
It asks;
Cookie judgment module, is adapted for carrying out step 2: judging that the browser side completes to log in the presence or absence of first system
The current cookie saved afterwards;
Login module is verified, if saving after logging in suitable for the browser side there is no the completion of first system current
Cookie, thens follow the steps 3: checking request is sent to log-on message server, when the log-on message server is according to being connect
After the checking request of receipts is verified and passed through to the user information of input, the verifying that the log-on message server returns is received
By information, the user information and the unique body of user corresponding with the user information are obtained from the log-on message server
Part mark, user's unique identity write-in is described in the cookie of login system, and the user information is write
Enter redis server, to complete to log in described to login system;
Same area/cross-domain judgment module, if being saved after being logged in suitable for the browser side there are the completion of first system current
Cookie, thens follow the steps 4: the relatively father field of the father field name to login system system corresponding with the current cookie
Whether name is identical;And
Same area automated log on module, if suitable for the father field name to login system system corresponding with the current cookie
The father field name of system is identical, thens follow the steps 5: the user's unique identity saved in the current cookie is read, according to institute
User's unique identity of reading is believed from redis server pull user corresponding with user's unique identity
Breath, and be set as having logged in by the logging state to login system according to the user information pulled, to realize to institute
State the automated log on to login system;
Wherein, corresponding steps are also executed using above-mentioned module, realized to other one or more to the automatic of login system
It logs in.
B12. the device according to B11, wherein further include:
Cross-domain automated log on module is suitable for after the same area/cross-domain judgment module executes the step 4, executes step
Rapid 6: if the father field name of the father field name to login system system corresponding from the current cookie is different, described in judgement
Whether the domain name to login system is in specified trust list;
If the domain name to login system in the specified trust list, triggers the same area automated log on module
Execute step 5;
If the domain name to login system in the specified trust list, is not refused to log in.
B13. the device according to B11 or B12, wherein the checking request carries the system to login system
One Resource Locator URL;
It is described be verified information carry it is described to the URL of login system and the log-on message server to input
User information verified and the user information that generates after being passed through obtains key;
The verifying login module is further adapted for:
It calls the first user information of the single logging-on server to obtain interface, is sent to the log-on message server
It carries the user information and obtains the first user information acquisition request of key, and receive the log-on message server according to institute
State the user information corresponding with user information acquisition key and the unique body of user of the return of the first user information acquisition request
Part mark.
B14. the device according to any one of B11-B13, wherein the verifying login module is further adapted for:
By calling the specified write-in interface of the single logging-on server that redis service is written in the user information
Device.
B15. the device according to any one of B11-B14, wherein the same area automated log on module is further adapted for:
The second user acquisition of information interface for calling the single logging-on server is taken to redis server transmission
Second user information acquisition request with read user's unique identity, and receive the redis server according to
The user information corresponding with user's unique identity that the second user information acquisition request returns.
B16. the device according to B15, wherein the user information being written in the redis server is provided with expired
Time, at this point,
The same area automated log on module is further adapted for:
When the redis server is receiving the second user for carrying read user's unique identity
After information acquisition request, when itself finding user information corresponding with user's unique identity of the reading, institute is received
State the user information corresponding with user's unique identity of redis server return;
When the redis server is receiving the second user for carrying read user's unique identity
After information acquisition request, when itself not finding user information corresponding with user's unique identity of the reading, receive
Successful information has not been obtained in the instruction that the redis server returns, and triggers the verifying login module and execute step 3.
B17. the device according to any one of B11-B16, wherein the verifying login module is further adapted for:
The user information and the unique body of user corresponding with the user information are obtained from the log-on message server
It is after part mark, user information write-in is described in the session of login system.
B18. the device according to B17, wherein further include:
Login module based on session, is suitable for: after the logging request receiving module executes step 1 and described
Before cookie judgment module executes step 2, the session to login system is judged whether there is;
If it exists, then the user information to save in the session of login system is read;
The logging state to login system is set as having logged according to the user information, is stepped on automatically to realize
Record is described to login system;
If it does not exist, then it triggers the cookie judgment module and executes step 2.
B19. the device according to any one of B11-B18, wherein user's unique identity includes user's postal
The MD5 value of case;
The user information includes user's login account and password.
B20. the device according to any one of B11-B19, wherein described device and the log-on message server and
Information transmission between the redis server is carried out using https agreement.
Another aspect according to an embodiment of the present invention additionally provides a kind of computer storage medium of C21., the computer
Storage medium is stored with computer program code, when the computer program code is run on the computing device, causes described
Calculate the method that equipment executes the single-sign-on multisystem according to any one of A1-A10.
It is according to an embodiment of the present invention in another aspect, additionally providing a kind of calculating equipment of D22., comprising:
Processor;And
It is stored with the memory of computer program code;
When the computer program code is run by the processor, the calculating equipment is caused to execute according to A1-A10
Any one of described in single-sign-on multisystem method.
Claims (10)
1. a kind of method of single-sign-on multisystem is applied to single logging-on server, comprising:
Step 1: receiving the logging request for treating login system from browser side;
Step 2: judging that the browser side completes the current cookie saved after logging in the presence or absence of first system;
If it is not, thening follow the steps 3: sending checking request to log-on message server, when the log-on message server is according to institute
After received checking request is verified and passed through to the user information of input, testing for the log-on message server return is received
Card obtains the user information from the log-on message server and user corresponding with the user information is unique by information
Identity, user's unique identity write-in is described in the cookie of login system, and by the user information
Redis server is written, to complete to log in described to login system;
If so, thening follow the steps 4: the relatively father of the father field name to login system system corresponding with the current cookie
Whether domain name is identical;
If they are the same, it thens follow the steps 5: reading the user's unique identity saved in the current cookie, according to being read
User's unique identity from redis server pull user information corresponding with user's unique identity, and
The logging state to login system is set as having logged according to the user information pulled, to realize to described wait step on
The automated log on of recording system;
Wherein, above-mentioned steps are also used, are realized to other one or more automated log ons to login system.
2. according to the method described in claim 1, wherein, after step 4, further includes:
Step 6: if the father field name of the father field name to login system system corresponding from the current cookie is different, sentencing
Whether the disconnected domain name to login system is in specified trust list;
If the domain name to login system thens follow the steps 5 in the specified trust list;
If the domain name to login system in the specified trust list, is not refused to log in.
3. method according to claim 1 or 2, wherein in step 3, the checking request carries described wait log in
The uniform resource position mark URL of system;
It is described be verified information carry it is described to the URL of login system and the log-on message server in the use to input
Family information is verified and the user information generated after being passed through obtains key;
The user information and corresponding user's unique identity are obtained from the log-on message server, comprising:
It calls the first user information of the single logging-on server to obtain interface, sends and carry to the log-on message server
The user information obtains the first user information acquisition request of key, and receives the log-on message server according to described the
The user information corresponding with user information acquisition key and user's unique identities mark that one user information acquisition request returns
Know.
4. method according to any one of claim 1-3, wherein in step 3, the user information is written
Redis server, comprising:
By calling the specified write-in interface of the single logging-on server that redis server is written in the user information.
5. method according to any of claims 1-4, wherein in steps of 5, according to the unique body of read user
Part identifies from redis server pull user information corresponding with user's unique identity, comprising:
The second user acquisition of information interface for calling the single logging-on server is carried to redis server transmission
The second user information acquisition request of read user's unique identity, and the redis server is received according to
The user information corresponding with user's unique identity that second user information acquisition request returns.
6. according to the method described in claim 5, wherein, the user information being written in the redis server is provided with expired
Time, at this point,
Receive that the redis server returns according to the second user information acquisition request with user's unique identity
Corresponding user information, comprising:
When the redis server is receiving the second user information for carrying read user's unique identity
After acquisition request, when itself finding user information corresponding with user's unique identity of the reading, described in reception
The user information corresponding with user's unique identity that redis server returns;
When the redis server is receiving the second user information for carrying read user's unique identity
After acquisition request, when itself not finding user information corresponding with user's unique identity of the reading, described in reception
Successful information has not been obtained in the instruction that redis server returns, and executes step 3.
7. method according to claim 1 to 6, wherein in step 3, obtained from the log-on message server
After taking the user information and user's unique identity corresponding with the user information, further includes:
User information write-in is described in the session of login system.
8. a kind of device of single-sign-on multisystem is applied to single logging-on server, comprising:
Logging request receiving module is adapted for carrying out step 1: receiving the logging request for treating login system from browser side;
Cookie judgment module, is adapted for carrying out step 2: judging that the browser side completes to protect after logging in the presence or absence of first system
The current cookie deposited;
Login module is verified, if the current cookie saved after being logged in suitable for the browser side there is no the completion of first system,
It thens follow the steps 3: sending checking request to log-on message server, when the log-on message server is according to the received verifying of institute
After request is verified and passed through to the user information of input, receive the log-on message server return is verified letter
Breath obtains the user information and user's unique identities mark corresponding with the user information from the log-on message server
Know, user's unique identity write-in is described in the cookie of login system, and the user information is written
Redis server, to complete to log in described to login system;
Same area/cross-domain judgment module, if being saved after being logged in suitable for the browser side there are the completion of first system current
Cookie, thens follow the steps 4: the relatively father field of the father field name to login system system corresponding with the current cookie
Whether name is identical;And
Same area automated log on module, if suitable for the father field name to login system system corresponding with the current cookie
Father field name is identical, thens follow the steps 5: the user's unique identity saved in the current cookie is read, according to being read
User's unique identity from redis server pull user information corresponding with user's unique identity, and
The logging state to login system is set as having logged according to the user information pulled, to realize to described wait step on
The automated log on of recording system;
Wherein, corresponding steps are also executed using above-mentioned module, realized to other one or more automated log ons to login system.
9. a kind of computer storage medium, the computer storage medium is stored with computer program code, when the computer
When program code is run on the computing device, the calculating equipment is caused to execute according to claim 1 described in any one of -7
The method of single-sign-on multisystem.
10. a kind of calculating equipment, comprising:
Processor;And
It is stored with the memory of computer program code;
When the computer program code is run by the processor, cause the calculating equipment execute according to claim 1-
The method of single-sign-on multisystem described in any one of 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810864122.3A CN109246076B (en) | 2018-08-01 | 2018-08-01 | Method and device for single sign-on to multiple systems |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810864122.3A CN109246076B (en) | 2018-08-01 | 2018-08-01 | Method and device for single sign-on to multiple systems |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109246076A true CN109246076A (en) | 2019-01-18 |
| CN109246076B CN109246076B (en) | 2022-11-04 |
Family
ID=65073425
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810864122.3A Active CN109246076B (en) | 2018-08-01 | 2018-08-01 | Method and device for single sign-on to multiple systems |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109246076B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109977788A (en) * | 2019-03-03 | 2019-07-05 | 湖北无垠智探科技发展有限公司 | A kind of unmanned plane aerial photography image integrated treatment platform |
| CN110324307A (en) * | 2019-05-16 | 2019-10-11 | 平安科技(深圳)有限公司 | A kind of single sign-on authentication method and relevant device based on cloud |
| CN110430205A (en) * | 2019-08-09 | 2019-11-08 | 深圳前海微众银行股份有限公司 | Single-point logging method, device, equipment and computer readable storage medium |
| CN110493183A (en) * | 2019-07-05 | 2019-11-22 | 深圳市邦健科技有限公司 | More accounts online simultaneously processing method, device, storage medium and equipment |
| CN111343145A (en) * | 2020-02-03 | 2020-06-26 | 山东爱城市网信息技术有限公司 | Redis-based single sign-on method and device |
| CN111353117A (en) * | 2020-03-09 | 2020-06-30 | 南京联创互联网技术有限公司 | WEB cross-domain cookie management system based on key-value type memory database |
| CN111800511A (en) * | 2020-07-07 | 2020-10-20 | 上海携程商务有限公司 | Processing method, system, equipment and readable storage medium for synchronous login state |
| CN111949308A (en) * | 2020-08-07 | 2020-11-17 | 北京字节跳动网络技术有限公司 | Software package publishing method and device |
| CN112069488A (en) * | 2020-07-27 | 2020-12-11 | 合肥美的智能科技有限公司 | Application login method in communication program and related device thereof |
| CN112948802A (en) * | 2020-04-28 | 2021-06-11 | 深圳市明源云科技有限公司 | Single sign-on method, device, equipment and storage medium |
| CN116208378A (en) * | 2023-01-03 | 2023-06-02 | 学银通融(北京)教育科技有限公司 | Method, device and equipment for preventing user from logging in repeatedly |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104468790A (en) * | 2014-12-09 | 2015-03-25 | 北京奇虎科技有限公司 | Method for processing cookie data and client side |
| CN104836803A (en) * | 2015-04-24 | 2015-08-12 | 北京工商大学 | Single sign-on method based on session mechanism |
| US9325696B1 (en) * | 2012-01-31 | 2016-04-26 | Google Inc. | System and method for authenticating to a participating website using locally stored credentials |
| CN107948167A (en) * | 2017-11-29 | 2018-04-20 | 浙江数链科技有限公司 | A kind of method and apparatus of single-sign-on |
| CN108289101A (en) * | 2018-01-25 | 2018-07-17 | 中企动力科技股份有限公司 | Information processing method and device |
-
2018
- 2018-08-01 CN CN201810864122.3A patent/CN109246076B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9325696B1 (en) * | 2012-01-31 | 2016-04-26 | Google Inc. | System and method for authenticating to a participating website using locally stored credentials |
| CN104468790A (en) * | 2014-12-09 | 2015-03-25 | 北京奇虎科技有限公司 | Method for processing cookie data and client side |
| CN104836803A (en) * | 2015-04-24 | 2015-08-12 | 北京工商大学 | Single sign-on method based on session mechanism |
| CN107948167A (en) * | 2017-11-29 | 2018-04-20 | 浙江数链科技有限公司 | A kind of method and apparatus of single-sign-on |
| CN108289101A (en) * | 2018-01-25 | 2018-07-17 | 中企动力科技股份有限公司 | Information processing method and device |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109977788A (en) * | 2019-03-03 | 2019-07-05 | 湖北无垠智探科技发展有限公司 | A kind of unmanned plane aerial photography image integrated treatment platform |
| CN110324307A (en) * | 2019-05-16 | 2019-10-11 | 平安科技(深圳)有限公司 | A kind of single sign-on authentication method and relevant device based on cloud |
| CN110493183A (en) * | 2019-07-05 | 2019-11-22 | 深圳市邦健科技有限公司 | More accounts online simultaneously processing method, device, storage medium and equipment |
| CN110430205A (en) * | 2019-08-09 | 2019-11-08 | 深圳前海微众银行股份有限公司 | Single-point logging method, device, equipment and computer readable storage medium |
| CN111343145A (en) * | 2020-02-03 | 2020-06-26 | 山东爱城市网信息技术有限公司 | Redis-based single sign-on method and device |
| CN111353117A (en) * | 2020-03-09 | 2020-06-30 | 南京联创互联网技术有限公司 | WEB cross-domain cookie management system based on key-value type memory database |
| CN112948802A (en) * | 2020-04-28 | 2021-06-11 | 深圳市明源云科技有限公司 | Single sign-on method, device, equipment and storage medium |
| CN112948802B (en) * | 2020-04-28 | 2024-03-12 | 深圳市明源云科技有限公司 | Single sign-on method, device, equipment and storage medium |
| CN111800511A (en) * | 2020-07-07 | 2020-10-20 | 上海携程商务有限公司 | Processing method, system, equipment and readable storage medium for synchronous login state |
| CN112069488A (en) * | 2020-07-27 | 2020-12-11 | 合肥美的智能科技有限公司 | Application login method in communication program and related device thereof |
| CN111949308A (en) * | 2020-08-07 | 2020-11-17 | 北京字节跳动网络技术有限公司 | Software package publishing method and device |
| CN116208378A (en) * | 2023-01-03 | 2023-06-02 | 学银通融(北京)教育科技有限公司 | Method, device and equipment for preventing user from logging in repeatedly |
| CN116208378B (en) * | 2023-01-03 | 2023-11-24 | 学银通融(北京)教育科技有限公司 | Method, device and equipment for preventing user from logging in repeatedly |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109246076B (en) | 2022-11-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109246076A (en) | A kind of method and apparatus of single-sign-on multisystem | |
| US11790062B2 (en) | Processing authentication requests to secured information systems based on machine-learned user behavior profiles | |
| US11496452B2 (en) | Non-repeatable challenge-response authentication | |
| US10887313B2 (en) | Systems and methods for controlling sign-on to web applications | |
| CN105871838B (en) | A kind of log-in control method and customer center platform of third party's account | |
| CN107645486B (en) | login authentication method and device | |
| CN108108973A (en) | Business risk control method and device | |
| CN110430205A (en) | Single-point logging method, device, equipment and computer readable storage medium | |
| EP3211825A1 (en) | Trusted terminal verification method and apparatus | |
| JP6595625B2 (en) | Automatic recharge system, method and server | |
| CN108989359A (en) | Method for verifying login and system, the readable storage medium storing program for executing and terminal of server cluster | |
| US11811780B2 (en) | Behavior-based authentication | |
| US20210224712A1 (en) | Facilitating activity logs within a multi-service system | |
| CN106656927A (en) | Method and device for enabling Linux account to be added to AD domain | |
| CN103997482B (en) | Method, the system of user's login in desktop cloud business | |
| CN107862198A (en) | One kind accesses verification method, system and client | |
| CN109413203A (en) | A kind of transaction data acquisition methods and device | |
| CN106130739A (en) | Application program login process method and device | |
| US20220272173A1 (en) | Scalable server-based web scripting with user input | |
| CN110324307A (en) | A kind of single sign-on authentication method and relevant device based on cloud | |
| CN109688109A (en) | The verification method and device of identifying code based on client-side information identification | |
| US10783238B2 (en) | Automating password change management | |
| CN107911443A (en) | A kind of session information processing method, device, server and readable storage medium storing program for executing | |
| CN112818016A (en) | API-based real-time and off-line data query method and system | |
| CN105760119B (en) | Terminal device, information processing system and output method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |