CN109246076B - Method and device for single sign-on to multiple systems - Google Patents

Method and device for single sign-on to multiple systems Download PDF

Info

Publication number
CN109246076B
CN109246076B CN201810864122.3A CN201810864122A CN109246076B CN 109246076 B CN109246076 B CN 109246076B CN 201810864122 A CN201810864122 A CN 201810864122A CN 109246076 B CN109246076 B CN 109246076B
Authority
CN
China
Prior art keywords
user information
user
logged
login
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810864122.3A
Other languages
Chinese (zh)
Other versions
CN109246076A (en
Inventor
韩竞竞
李欣
龙慧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201810864122.3A priority Critical patent/CN109246076B/en
Publication of CN109246076A publication Critical patent/CN109246076A/en
Application granted granted Critical
Publication of CN109246076B publication Critical patent/CN109246076B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides a method and a device for single sign-on to multiple systems. After the single system is authenticated and logged in, the unique user identity is written into a cookie of the system after the login is completed, user information is written into a redis server, and further when the login of other one or more related systems is requested, the unique user identity is read from the cookie for the system to be logged in the same domain, and corresponding user information is pulled from the redis server according to the unique user identity, so that the automatic login of the system to be logged in is realized. Furthermore, for the cross-domain system to be logged in, the trust list is set, and the system to be logged in the trust list is operated in the same-domain system mode, so that automatic login is realized. The invention realizes the function that other related systems do not need to log in repeatedly after a single system logs in under the conditions of same domain and cross domain.

Description

Method and device for single sign-on to multiple systems
Technical Field
The invention relates to the technical field of computers, in particular to a method for single sign-on to multiple systems, a device for single sign-on to multiple systems, a computer storage medium and a computing device.
Background
In practical application, a user often needs to log in a plurality of systems for processing operation in occasions such as work and leisure, and the systems are often associated with each other to some extent, so that the user can log in the systems by using the same user account and password corresponding to the unique identity of the user. For example, for each employee of an enterprise, during their work, it may be necessary to log into multiple systems of the enterprise, such as a human resources system, a work log system, a product evaluation system, a product release system, etc. Generally, an enterprise allocates a user unique identity to each employee, so that each employee can log in the systems by using a user account and a password corresponding to the user unique identity, and management of the enterprise is facilitated. In the prior art, when logging in the systems, a user needs to log in the systems one by using the user account and the password, so that the operation is complicated, and the user experience is poor.
Disclosure of Invention
In view of the above, the present invention has been developed to provide a method, apparatus, computer storage medium and computing device for single sign-on multiple systems that overcome or at least partially address the above-mentioned problems.
According to one aspect of the embodiment of the invention, a method for single sign-on to multiple systems is provided, which is applied to a single sign-on server and comprises the following steps:
step 1: receiving a login request of a system to be logged in from a browser side;
step 2: judging whether a current cookie stored after a system finishes login exists on the browser side;
if not, executing the step 3: sending an authentication request to a login information server, when the login information server authenticates and passes input user information according to the received authentication request, receiving authentication passing information returned by the login information server, acquiring the user information and a user unique identity corresponding to the user information from the login information server, writing the user unique identity into a cookie of the system to be logged in, and writing the user information into a redis server, thereby completing logging in the system to be logged in;
if yes, executing step 4: comparing whether the parent domain name of the system to be logged in is the same as the parent domain name of the system corresponding to the current cookie;
if yes, executing step 5: reading the unique user identity stored in the current cookie, pulling user information corresponding to the unique user identity from the redis server according to the read unique user identity, and setting the login state of the system to be logged in as logged in according to the pulled user information, thereby realizing automatic login of the system to be logged in;
the steps are also adopted to realize automatic login of one or more other systems to be logged in.
Optionally, after step 4, the method further comprises:
and 6: if the parent domain name of the system to be logged in is different from the parent domain name of the system corresponding to the current cookie, judging whether the domain name of the system to be logged in is in an appointed trust list;
if the domain name of the system to be logged in is in the specified trust list, executing step 5;
and if the domain name of the system to be logged in is not in the specified trust list, the login is refused.
Optionally, in step 3, the verification request carries a uniform resource locator URL of the system to be logged in;
the verification passing information carries the URL of the system to be logged in and the user information acquisition key generated after the login information server verifies the input user information and passes the verification;
acquiring the user information and the corresponding unique user identity from the login information server, wherein the method comprises the following steps:
and calling a first user information acquisition interface of the single sign-on server, sending a first user information acquisition request carrying the user information acquisition key to the sign-on information server, and receiving user information and a user unique identity which are returned by the sign-on information server according to the first user information acquisition request and correspond to the user information acquisition key.
Optionally, in step 3, writing the user information to a redis server includes:
and writing the user information into a redis server by calling a specified writing interface of the single sign-on server.
Optionally, in step 5, pulling, from the redis server, user information corresponding to the user unique identifier according to the read user unique identifier, where the pulling includes:
and calling a second user information acquisition interface of the single sign-on server, sending a second user information acquisition request carrying the read user unique identity to the redis server, and receiving user information corresponding to the user unique identity returned by the redis server according to the second user information acquisition request.
Optionally, the user information written in the redis server is provided with an expiration time, at which point,
receiving the user information corresponding to the unique identity of the user, which is returned by the redis server according to the second user information acquisition request, and the receiving comprises the following steps:
when the redis server finds the user information corresponding to the read user unique identity after receiving the second user information acquisition request carrying the read user unique identity, receiving the user information corresponding to the user unique identity returned by the redis server;
and when the redis server does not find the user information corresponding to the read user unique identity after receiving the second user information acquisition request carrying the read user unique identity, receiving information which indicates that the acquisition is not successful and is returned by the redis server, and executing the step 3.
Optionally, in step 3, after obtaining the user information and the user unique identity corresponding to the user information from the login information server, the method further includes:
and writing the user information into the session of the system to be logged.
Optionally, after step 1 and before step 2, the method further comprises:
judging whether a session of the system to be logged in exists;
if yes, reading user information stored in the session of the system to be logged in;
setting the login state of the system to be logged in as logged in according to the user information, thereby realizing automatic login of the system to be logged in;
if not, executing step 2.
Optionally, the user unique identity includes an MD5 value of a user mailbox;
the user information comprises a user login account and a password.
Optionally, the information transmission between the login information server and the redis server is performed by using an https protocol.
According to another aspect of the embodiments of the present invention, there is provided a single sign-on multi-system apparatus, applied to a single sign-on server, including:
a login request receiving module adapted to perform step 1: receiving a login request of a system to be logged in from a browser side;
a cookie judging module adapted to perform step 2: judging whether a current cookie stored after a system finishes login exists on the browser side;
the verification login module is suitable for executing the step 3 if the browser side does not have the current cookie stored after the system finishes login in the prior art: sending an authentication request to a login information server, receiving authentication passing information returned by the login information server after the login information server authenticates and passes input user information according to the received authentication request, acquiring the user information and a user unique identity corresponding to the user information from the login information server, writing the user unique identity into a cookie of the system to be logged in, and writing the user information into a redis server, thereby completing logging in the system to be logged in;
the same domain/cross domain judging module is suitable for executing the step 4 if the browser side has the current cookie stored after the system finishes login in the prior art: comparing whether the parent domain name of the system to be logged in is the same as the parent domain name of the system corresponding to the current cookie; and
and the same-domain automatic login module is suitable for executing the step 5 if the parent domain name of the system to be logged in is the same as the parent domain name of the system corresponding to the current cookie: reading the unique user identity stored in the current cookie, pulling user information corresponding to the unique user identity from the redis server according to the read unique user identity, and setting the login state of the system to be logged in as logged in according to the pulled user information, thereby realizing automatic login of the system to be logged in;
the modules are further adopted to execute corresponding steps, and automatic login of one or more other systems to be logged in is achieved.
Optionally, the apparatus further comprises:
a cross-domain automatic login module, adapted to execute step 6 after the same domain/cross-domain determination module executes step 4: if the parent domain name of the system to be logged in is different from the parent domain name of the system corresponding to the current cookie, judging whether the domain name of the system to be logged in is in an appointed trust list;
if the domain name of the system to be logged in is in the specified trust list, triggering the same-domain automatic login module to execute the step 5;
and if the domain name of the system to be logged in is not in the specified trust list, the login is refused.
Optionally, the verification request carries a uniform resource locator URL of the system to be logged in;
the verification passing information carries the URL of the system to be logged in and the user information acquisition key generated after the login information server verifies the input user information and passes the verification;
the authentication login module is further adapted to:
and calling a first user information acquisition interface of the single sign-on server, sending a first user information acquisition request carrying the user information acquisition key to the sign-on information server, and receiving user information and a user unique identity mark, corresponding to the user information acquisition key, returned by the sign-on information server according to the first user information acquisition request.
Optionally, the verification login module is further adapted to:
and writing the user information into a redis server by calling a specified writing interface of the single sign-on server.
Optionally, the domain-shared automatic login module is further adapted to:
and calling a second user information acquisition interface of the single sign-on server, sending a second user information acquisition request carrying the read unique user identity to the redis server, and receiving user information corresponding to the unique user identity returned by the redis server according to the second user information acquisition request.
Optionally, the user information written in the redis server is provided with an expiration time, at which point,
the same domain auto-login module is further adapted to:
when the redis server finds the user information corresponding to the read user unique identity after receiving the second user information acquisition request carrying the read user unique identity, the redis server receives the user information corresponding to the user unique identity returned by the redis server;
and when the redis server receives the second user information acquisition request carrying the read unique user identity and does not find the user information corresponding to the read unique user identity, receiving information which indicates that the acquisition is not successful and is returned by the redis server, and triggering the verification login module to execute the step 3.
Optionally, the verification login module is further adapted to:
and after the user information and the unique user identity corresponding to the user information are obtained from the login information server, writing the user information into the session of the system to be logged in.
Optionally, the apparatus further comprises:
the session-based login module is suitable for: after the login request receiving module executes the step 1 and before the cookie judging module executes the step 2, judging whether a session of the system to be logged exists;
if yes, reading user information stored in the session of the system to be logged in;
setting the login state of the system to be logged in as logged in according to the user information, thereby realizing automatic login of the system to be logged in;
if not, triggering the cookie judging module to execute the step 2.
Optionally, the user unique identity includes an MD5 value of a user mailbox;
the user information comprises a user login account and a password.
Optionally, the information transmission between the apparatus and the login information server and the redis server is performed by using an https protocol.
According to a further aspect of embodiments of the present invention, there is also provided a computer storage medium having computer program code stored thereon, which, when run on a computing device, causes the computing device to perform a method of single sign-on to multiple systems according to any one of the above.
According to still another aspect of the embodiments of the present invention, there is also provided a computing device including:
a processor; and
a memory storing computer program code;
the computer program code, when executed by the processor, causes the computing device to perform a method of single sign-on to a multi-system according to any of the above.
The method and the device for single sign-on of multiple systems, provided by the embodiment of the invention, realize the function that other related systems do not need to repeatedly sign on after the single system logs on. Firstly, after receiving a login request of a system to be logged in from a browser side, judging that the browser side does not have a current cookie stored after the system finishes login, skipping to a login information server, and inputting user information for login verification; and after the login is successfully verified, acquiring the user information and the corresponding unique user identity from the login information server, writing the unique user identity into a cookie of the system to be logged in, and writing the user information into the redis server. Then, after receiving a login request for another system to be logged in from the browser side, judging that the browser side has a current cookie stored after the previous system finishes login at the moment, and comparing whether the parent domain name of the current system to be logged in is the same as the parent domain name of the previous system corresponding to the current cookie; if the system to be logged in and the previous system corresponding to the current cookie are the same-domain system, the unique user identity stored in the current cookie is read, user information corresponding to the unique user identity is pulled from the redis server according to the read unique user identity, and the login state of the system to be logged in is set to be logged in according to the pulled user information, so that automatic login of the system to be logged in is achieved. The login information of the user is acquired according to the cookie stored after the previous system finishes login, and then the user can automatically login other related systems in the same domain as the previous system, so that the function of logging in a plurality of systems through one-time login verification operation under the condition of the same domain is realized.
Further, if the comparison result shows that the parent domain name of the current system to be logged in is different from the parent domain name of the previous system corresponding to the current cookie, namely the current system to be logged in and the previous system corresponding to the current cookie are cross-domain systems, whether the domain name of the current system to be logged in is in the appointed trust list or not is judged, if yes, operation is performed according to the mode of the same-domain system, automatic login is achieved, and if not, login is refused. By setting the trust list, the function of logging in a plurality of systems through one-time login verification operation under the cross-domain condition is further realized.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
The above and other objects, advantages and features of the present invention will become more apparent to those skilled in the art from the following detailed description of specific embodiments thereof, taken in conjunction with the accompanying drawings.
Drawings
Various additional advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 illustrates a flow diagram of a method of single sign-on to multiple systems in accordance with an embodiment of the invention;
FIG. 2 illustrates a flow diagram of a method of single sign-on for multiple systems according to another embodiment of the invention;
FIG. 3 is a block diagram of an apparatus for single sign-on for multiple systems according to an embodiment of the invention; and
fig. 4 is a schematic structural diagram of an apparatus for single sign-on to multiple systems according to another embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
To solve the above technical problem, an embodiment of the present invention provides a method for single sign-on to multiple systems. FIG. 1 shows a flow diagram of a method of single sign-on to multiple systems according to an embodiment of the invention. Referring to fig. 1, the method is applied to a single sign-on server and may include the following steps 1 to 5.
Step 1, receiving a login request of a system to be logged in from a browser side.
And step 2, judging whether the browser side has the current cookie stored after the system finishes login.
And 3, if not, sending an authentication request to the login information server, receiving authentication passing information returned by the login information server after the login information server authenticates and passes the input user information according to the received authentication request, acquiring the user information and the user unique identity corresponding to the user information from the login information server, writing the user unique identity into a cookie of the system to be logged in, and writing the user information into the redis server, thereby completing logging in the system to be logged in.
And 4, if yes, comparing whether the parent domain name of the system to be logged in is the same as the parent domain name of the system corresponding to the current cookie.
And 5, if the unique user identity is the same as the unique user identity stored in the current cookie, reading user information corresponding to the unique user identity from the redis server according to the read unique user identity, and setting the login state of the system to be logged in as logged in according to the pulled user information, thereby realizing the automatic login of the system to be logged in.
Further, the method also comprises the step of realizing automatic login of one or more other systems to be logged in.
The method for single sign-on of multiple systems provided by the embodiment of the invention realizes the function that other related systems do not need to repeatedly sign on after the single system logs on. Firstly, after receiving a login request of a system to be logged in from a browser side, judging that the browser side does not have a current cookie stored after the system finishes login, skipping to a login information server, and inputting user information for login verification; and after the login is successfully verified, acquiring the user information and the corresponding unique user identity from the login information server, writing the unique user identity into a cookie of the system to be logged in, and writing the user information into the redis server. Then, after receiving a login request of another system to be logged in from the browser side, judging that a current cookie stored after the previous system finishes login exists on the browser side at the moment, and comparing whether the parent domain name of the current system to be logged in is the same as the parent domain name of the previous system corresponding to the current cookie or not; if the current system to be logged in and the previous system corresponding to the current cookie are the same-domain system, reading the unique user identity stored in the current cookie, pulling user information corresponding to the unique user identity from the redis server according to the read unique user identity, and setting the login state of the current system to be logged in as logged in according to the pulled user information, thereby realizing automatic login of the current system to be logged in. The login information of the user is acquired according to the cookie stored after the previous system finishes login, and then the user can automatically login other related systems in the same domain as the previous system, so that the function of logging in a plurality of systems through one-time login verification operation under the condition of the same domain is realized.
The above-mentioned system to be logged in and the previous system may be related systems logged in with the same user account and password.
In step 3, the mentioned authentication request may carry a URL (Uniform resource Locator) of the system to be logged in. After receiving the verification request, the login information server displays a login page for inputting user information. And then, the login information server verifies the input user information, if the input user information passes the verification, a user information acquisition key is generated, and verification passing information is returned to the single sign-on server, wherein the verification passing information carries the URL of the system to be logged in and the generated user information acquisition key. And then, after receiving the verification passing information, the single sign-on server calls a first user information acquisition interface of the single sign-on server, sends a first user information acquisition request carrying the user information acquisition key to the sign-on information server, and receives user information and a user unique identity which are returned by the sign-on information server according to the first user information acquisition request and correspond to the user information acquisition key. Here, the first user information acquisition interface may be a get interface. Further, in order to ensure that the user who requests to acquire the user information is the user who has just logged in successfully, and further ensure the safety of the user information, the user information acquisition key is provided with valid time, for example, the valid time is 5 to 10 seconds.
After the user information and the unique user identity are obtained, the single sign-on server writes the unique user identity into a cookie of the system to be logged in and stores the unique user identity, and writes the user information into a redis server by calling a specified writing interface of the single sign-on server.
A Remote Dictionary Server (Remote Dictionary Server) is a log-type and high-performance Key-Value database which can be based on a memory and can also be persistent, and can support multiple stored Value types, including a string (string), a linked list (list), a set (set), an ordered set (sorted set), and a hash (hash) type. Redis has the advantages of excellent read-write performance, data persistence support, master-slave copy support, read-write separation, rich data structure, message caching capability, expiration time setting capability and the like.
In an alternative embodiment of the invention, the user unique identity mentioned above may comprise the MD5 value of the user mailbox. Accordingly, the user information may include a user login account and a password.
In the step 4, if it is determined that the current cookie stored after the system completes login is present on the browser side, comparing whether the parent domain name of the system to be logged in is the same as the parent domain name of the system corresponding to the current cookie. For example, if the domain name of the system to be registered is test.abc.net, the parent domain name is abc.net; if the domain name of the system corresponding to the current cookie is hr. At this time, whether abc.net is the same as abc.cn is compared. If the two types of data are the same, continuing to execute the step 5, and if the two types of data are not the same, ending the login process of the current system to be logged in.
In the step 5, if the parent domain name of the system to be logged in is the same as the parent domain name of the system corresponding to the current cookie, the unique user identity stored in the current cookie is read. And then, calling a second user information acquisition interface of the single sign-on server, and sending a second user information acquisition request carrying the read unique user identity to the redis server. And after receiving the second user information acquisition request, the redis server searches the user information corresponding to the unique identity of the user in the redis server and returns the searched user information to the single sign-on server.
Further, in order to enhance the security of the user information, the user information written in the redis server is provided with an expiration time, for example, the expiration time may be set to 24 hours, and after the expiration time, the user information stored in the redis server will be automatically deleted. Thus, there may be a case where user information to be acquired is not available in the redis server. At this time, after the redis server receives the second user information acquisition request carrying the read user unique identity, if the user information corresponding to the read user unique identity is found by the redis server, the found user information is directly returned to the single sign-on server. And then, the single sign-on server sets the state of the system to be logged in as logged in according to the received user information, thereby realizing the automatic login of the system to be logged in.
After the redis server receives the second user information acquisition request carrying the read user unique identity, if the user information corresponding to the read user unique identity is not found by the redis server, returning information indicating that the acquisition is not successful to the single sign-on server. After receiving the information indicating that the acquisition is not successful, the single sign-on server executes the step 3, namely, the single sign-on server sends an authentication request to the sign-on information server, and after the sign-on information server authenticates the input user information according to the received authentication request and passes the authentication, the single sign-on server receives authentication passing information returned by the sign-on information server, acquires the user information and the user unique identity corresponding to the user information from the sign-on information server, writes the user unique identity into a cookie of the system to be logged in, and writes the user information into the redis server, thereby completing logging in the system to be logged in.
In an optional embodiment of the present invention, in step 3, after the user information and the user unique identity corresponding to the user information are obtained from the login information server, the user information may also be written into the session of the system to be logged in.
Further, after the login verification of the system to be logged in is successful and before the session of the system to be logged in is invalid, if the system to be logged in needs to be logged in again, the step 2 may be executed to determine whether the session of the system to be logged in exists before determining whether the browser side has the current cookie stored after the system completes the login. And if so, reading user information stored in the session of the system to be logged in, and setting the login state of the system to be logged in as logged in according to the user information, thereby realizing automatic login. If not, continuing to execute the step 2, namely, judging whether the browser side has the current cookie stored after the system finishes logging in.
In another embodiment according to the present invention, as shown in fig. 2, after step 4 is performed, the following step 6 may be further included.
If the parent domain name of the system to be logged in is different from the parent domain name of the system corresponding to the current cookie, judging whether the domain name of the system to be logged in is in the specified trust list; if the domain name of the system to be logged in is in the appointed trust list, executing step 5, namely, reading the unique user identity stored in the current cookie, pulling user information corresponding to the unique user identity from the redis server according to the read unique user identity, and setting the login state of the system to be logged in as logged in according to the pulled user information, thereby realizing automatic login of the system to be logged in; if the domain name of the system to be logged in is not in the appointed trust list, logging in is refused, and the current logging-in process of the system to be logged in is ended.
The above-mentioned specified trust list, in which domain names of a plurality of related systems that can be trusted to log in with the same user account and password can be recorded, can be pre-configured by a user or a single sign-on server.
In an optional embodiment of the present invention, in order to improve the security of information transmission, the https protocol is used for information transmission between the single sign-on server and the login information server and the redis server. The http protocol is a network protocol which is constructed by an SSL + http protocol and can perform encryption transmission and identity authentication, and is safer than the http protocol.
In the above, various implementation manners of each link of the embodiment shown in fig. 1 are introduced, and the implementation process of the single sign-on multi-system method of the present invention will be described in detail through specific embodiments.
Example one
In the first embodiment of the present invention, the following three systems are taken as examples for explanation: a human resource system, a work log system and a product release system.
The following describes a method for single sign-on to multiple systems applied to a single sign-on server in this embodiment. For convenience of description, it is assumed that the human resource system, the work log system, and the product release system are related systems that can be registered and trusted by using the same user account and password for a user, and domain names of the systems are hr. A trust list is pre-configured in the single sign-on server, and domain names of a human resource system, a work log system and a product release system are recorded in the trust list.
In the first step, a single sign-on server receives a login request for a human resource system from a browser side.
And secondly, judging whether the current cookie stored after the system finishes login exists on the browser side by the single sign-on server. Since the human resource system is the first system for the user to log in, it can be determined that the browser side does not have the current cookie stored after the previous system completes logging in.
And thirdly, firstly, the single sign-on server sends an authentication request carrying the URL of the human resource system to be logged on to the login information server, so that the login information server displays a login page for a user to input user information for authentication after receiving the authentication request, generates a user information acquisition key after the user information acquisition key passes the authentication, and returns authentication passing information carrying the URL of the human resource system to be logged on and the user information acquisition key. Then, after receiving the verification passing information, the single sign-on server calls a first user information acquisition interface of the single sign-on server, sends a first user information acquisition request carrying the user information acquisition key to the sign-on information server, and receives user information and a user unique identity which are returned by the sign-on information server according to the first user information acquisition request and correspond to the user information acquisition key. And finally, the single sign-on server writes the unique identity of the user into a cookie of the human resource system and stores the unique identity, and calls an appointed writing interface of the single sign-on server to write the user information into a redis server, so that the human resource system is logged on.
Fourthly, the single sign-on server receives a login request of the working log system from the browser side.
And fifthly, judging that the current cookie stored after the login of the human resource system serving as the prior system exists at the browser side by the single sign-on server.
And sixthly, the single sign-on server compares whether the parent domain name of the to-be-logged-on work log system is the same as the parent domain name of the prior system (namely, the human resource system) corresponding to the current cookie. Net, the parent domain names of the working log system and the human resource system are abc, and the comparison result shows that the parent domain names of the working log system and the human resource system are the same, namely, the working log system to be logged in and the human resource system corresponding to the current cookie are the same domain system.
And seventhly, reading the unique user identity stored in the current cookie by the single sign-on server, calling a second user information acquisition interface, and sending a second user information acquisition request carrying the read unique user identity to the redis server. And after receiving the second user information acquisition request, the redis server searches the user information corresponding to the unique identity of the user in the redis server and returns the searched user information to the single sign-on server. The single sign-on server sets the state of the working log system to be logged in as logged-on according to the received user information, thereby realizing the automatic logging-on of the working log system.
And eighthly, receiving a login request for the product release system from the browser side by the single sign-on server.
And ninthly, judging that the current cookie stored after the login of the human resource system serving as the prior system is finished exists on the browser side by the single sign-on server.
And step ten, the single sign-on server compares whether the parent domain name of the product publishing system to be logged in is the same as the parent domain name of the prior system (namely, the human resource system) corresponding to the current cookie. Because the parent domain name of the product publishing system is abc.cn and the parent domain name of the human resource system is abc.net, the comparison result shows that the parent domain names of the product publishing system and the human resource system are different, namely, the human resource system corresponding to the product publishing system to be logged in and the current cookie is a cross-domain system.
And step eleven, the single sign-on server judges that the domain name of the product publishing system to be logged in is in the trust list, then the single sign-on server reads the unique user identity stored in the current cookie, calls a second user information acquisition interface and sends a second user information acquisition request carrying the read unique user identity to the redis server. And after receiving the second user information acquisition request, the redis server searches the user information corresponding to the unique identity of the user and returns the searched user information to the single sign-on server. And the single sign-on server sets the state of the product release system to be logged in as logged in according to the received user information, so that the automatic login of the product release system is realized, and the whole login process is finished.
The embodiment realizes the function that other related systems do not need to log in repeatedly after a single system logs in, and supports the condition of a plurality of systems in the same domain and across domains.
It should be noted that, in practical applications, all the above optional embodiments may be combined in a combined manner at will to form an optional embodiment of the present invention, and details are not described here any more.
Based on the same inventive concept, the embodiment of the invention also provides a single sign-on multi-system device, which is applied to a single sign-on server and is used for supporting the single sign-on multi-system method provided by any one of the embodiments or the combination thereof. Fig. 3 is a schematic structural diagram of an apparatus for single sign-on to multiple systems according to an embodiment of the present invention. Referring to fig. 3, the apparatus may include at least: a login request receiving module 310, a cookie judging module 320, an authentication login module 330, a same domain/cross domain judging module 340, and a same domain automatic login module 350.
The functions of the components or devices of the single sign-on multi-system apparatus and the connection relationship between the components of the single sign-on multi-system apparatus according to the embodiment of the present invention are described below:
a login request receiving module 310, adapted to perform step 1: and receiving a login request of the system to be logged in from the browser side.
The cookie judging module 320 is connected to the login request receiving module 310, and executes step 2: and judging whether the browser side has the current cookie stored after the system finishes login.
The verification login module 330 is connected to the cookie judgment module 320, and is adapted to execute step 3 if there is no current cookie saved after the system completes login in the browser side: and sending an authentication request to a login information server, when the login information server authenticates and passes the input user information according to the received authentication request, receiving authentication passing information returned by the login information server, acquiring the user information and a user unique identity corresponding to the user information from the login information server, writing the user unique identity into a cookie of the system to be logged in, and writing the user information into a redis server, thereby completing logging in the system to be logged in.
The same domain/cross domain determining module 340, connected to the cookie determining module 320, is adapted to execute step 4 if there is a current cookie stored after the system completes login in the browser side: and comparing whether the parent domain name of the system to be logged in is the same as the parent domain name of the system corresponding to the current cookie.
The same-domain automatic login module 350 is connected to the same-domain/cross-domain determination module 340, and is adapted to execute step 5 if the parent domain name of the system to be logged in is the same as the parent domain name of the system corresponding to the current cookie: reading the unique user identity stored in the current cookie, pulling user information corresponding to the unique user identity from the redis server according to the read unique user identity, and setting the login state of the system to be logged in as logged in according to the pulled user information, thereby realizing automatic login of the system to be logged in.
Furthermore, the modules can be adopted to execute corresponding steps, so that automatic login of one or more other systems to be logged in is realized.
In another embodiment of the present invention, as shown in fig. 4, the apparatus for single sign-on to multiple systems shown in fig. 3 may further include:
the cross-domain automatic login module 460 is connected to the same domain/cross-domain determination module 340, and is adapted to perform step 6 after the same domain/cross-domain determination module 340 performs step 4: if the parent domain name of the system to be logged in is different from the parent domain name of the system corresponding to the current cookie, judging whether the domain name of the system to be logged in is in the specified trust list; if the domain name of the system to be logged in is in the designated trust list, triggering the same-domain automatic login module 350 to execute the step 5; if the domain name of the system to be logged in is not in the appointed trust list, the login is refused, and the current login process of the system to be logged in is ended.
In an optional embodiment, the verification request carries a Uniform Resource Locator (URL) of the system to be logged in;
the verification passing information carries a URL of the system to be logged in and a login information server verifies the input user information and obtains a key according to the generated user information after the input user information passes the verification;
the authentication login module 330 is further adapted to:
the method comprises the steps of calling a first user information acquisition interface of a single sign-on server, sending a first user information acquisition request carrying a user information acquisition key to the sign-on information server, and receiving user information and a user unique identity which are returned by the sign-on information server according to the first user information acquisition request and correspond to the user information acquisition key.
In an alternative embodiment, authentication login module 330 is further adapted to:
and writing the user information into the redis server by calling a specified writing interface of the single sign-on server.
In an alternative embodiment, the co-domain auto-login module 350 is further adapted to:
and calling a second user information acquisition interface of the single sign-on server, sending a second user information acquisition request carrying the read unique user identity to the redis server, and receiving user information corresponding to the unique user identity returned by the redis server according to the second user information acquisition request.
In an alternative embodiment, the user information written in the redis server is provided with an expiration time, at which point,
the domain auto-login module 350 is further adapted to:
when the redis server finds the user information corresponding to the read user unique identity after receiving a second user information acquisition request carrying the read user unique identity, the redis server receives the user information corresponding to the user unique identity returned by the redis server;
and after receiving the second user information acquisition request carrying the read unique user identity, the redis server receives information indicating that the acquisition is not successful, which is returned by the redis server, when the redis server does not find the user information corresponding to the read unique user identity, and triggers the verification login module 330 to execute step 3.
In an alternative embodiment, authentication login module 330 is further adapted to:
and after the user information and the user unique identity corresponding to the user information are obtained from the login information server, writing the user information into the session of the system to be logged in.
Further, as shown in fig. 4, the single sign-on multi-system apparatus shown in fig. 3 may further include:
the session-based login module 470, connected to the login request receiving module 310 and the cookie determining module 320, is adapted to: after the login request receiving module 310 executes step 1 and before the cookie judging module 320 executes step 2, judging whether there is a session of the system to be logged in;
if yes, reading user information stored in the session of the system to be logged in;
setting the login state of the system to be logged in as logged in according to the user information, thereby realizing automatic login of the system to be logged in;
if not, the cookie judgment module 320 is triggered to execute step 2.
In an alternative embodiment, the user unique identity comprises an MD5 value of the user mailbox. Accordingly, the user information includes a user login account and a password.
In an alternative embodiment, the information transmission between the device and the login information server and the redis server is performed by using https protocol.
Based on the same inventive concept, the embodiment of the invention also provides a computer storage medium. The computer storage medium has stored thereon computer program code which, when run on a computing device, causes the computing device to perform a method of single sign-on to multiple systems according to any one or combination of the embodiments described above.
Based on the same inventive concept, the embodiment of the invention also provides the computing equipment. The computing device may include:
a processor; and
a memory storing computer program code;
the computer program code, when executed by a processor, causes the computing device to perform a method of single sign-on to a multi-system according to any one or combination of the above embodiments.
According to any one or a combination of multiple optional embodiments, the embodiment of the present invention can achieve the following advantages:
the method and the device for single sign-on of multiple systems, provided by the embodiment of the invention, realize the function that other related systems do not need to repeatedly sign on after the single system logs on. Firstly, after receiving a login request of a system to be logged in from a browser side, judging that the browser side does not have a current cookie stored after the system completes login, jumping to a login information server, and inputting user information for login verification; and after the login is successfully verified, acquiring the user information and the corresponding unique user identity from the login information server, writing the unique user identity into a cookie of the system to be logged in, and writing the user information into the redis server. Then, after receiving a login request for another system to be logged in from the browser side, judging that the browser side has a current cookie stored after the previous system finishes login at the moment, and comparing whether the parent domain name of the current system to be logged in is the same as the parent domain name of the previous system corresponding to the current cookie; if the system to be logged in and the previous system corresponding to the current cookie are the same-domain system, the unique user identity stored in the current cookie is read, user information corresponding to the unique user identity is pulled from the redis server according to the read unique user identity, and the login state of the system to be logged in is set to be logged in according to the pulled user information, so that automatic login of the system to be logged in is achieved. The login information of the user is acquired according to the cookie stored after the previous system finishes login, and then the user can automatically login other related systems in the same domain as the previous system, so that the function of logging in a plurality of systems through one-time login verification operation under the condition of the same domain is realized.
Further, if the comparison result shows that the parent domain name of the current system to be logged in is different from the parent domain name of the previous system corresponding to the current cookie, namely the current system to be logged in and the previous system corresponding to the current cookie are cross-domain systems, whether the domain name of the current system to be logged in is in the appointed trust list or not is judged, if yes, operation is performed according to the mode of the same-domain system, automatic login is achieved, and if not, login is refused. By setting the trust list, the function of logging in a plurality of systems through one-time login verification operation under the cross-domain condition is further realized.
It can be clearly understood by those skilled in the art that the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and for the sake of brevity, detailed descriptions thereof are omitted here.
In addition, the functional units in the embodiments of the present invention may be physically independent of each other, two or more functional units may be integrated together, or all the functional units may be integrated in one processing unit. The integrated functional units may be implemented in the form of hardware, or in the form of software or firmware.
Those of ordinary skill in the art will understand that: the integrated functional units, if implemented in software and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computing device (e.g., a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention when the instructions are executed. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a Read Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
Alternatively, all or part of the steps of the method embodiments may be implemented by hardware (such as a personal computer, a server, or a network device) related to program instructions, which may be stored in a computer-readable storage medium, and when the program instructions are executed by a processor of the computing device, the computing device executes all or part of the steps of the method according to the embodiments of the present invention.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments can be modified or some or all of the technical features can be equivalently replaced within the spirit and principle of the present invention; such modifications or substitutions do not depart from the scope of the present invention.

Claims (20)

1. A method for single sign-on to multiple systems is applied to a single sign-on server and comprises the following steps:
step 1: receiving a login request of a system to be logged in from a browser side;
step 2: judging whether the browser side has a current cookie stored after the system finishes login in advance;
if not, executing the step 3: sending an authentication request to a login information server, when the login information server authenticates and passes input user information according to the received authentication request, receiving authentication passing information returned by the login information server, acquiring the user information and a user unique identity corresponding to the user information from the login information server, writing the user unique identity into a cookie of the system to be logged in, and writing the user information into a redis server, thereby completing logging in the system to be logged in;
if yes, executing step 4: comparing whether the parent domain name of the system to be logged in is the same as the parent domain name of the system corresponding to the current cookie;
if yes, executing step 5: reading the unique user identity stored in the current cookie, pulling user information corresponding to the unique user identity from the redis server according to the read unique user identity, and setting the login state of the system to be logged in as logged in according to the pulled user information, thereby realizing automatic login of the system to be logged in;
the steps are also adopted to realize automatic login of one or more other systems to be logged in;
in step 3, the verification request carries a Uniform Resource Locator (URL) of the system to be logged in;
the verification passing information carries the URL of the system to be logged in and the user information acquisition key generated after the login information server verifies the input user information and passes the verification;
acquiring the user information and the corresponding unique user identity from the login information server, wherein the method comprises the following steps:
and calling a first user information acquisition interface of the single sign-on server, sending a first user information acquisition request carrying the user information acquisition key to the sign-on information server, and receiving user information and a user unique identity mark, corresponding to the user information acquisition key, returned by the sign-on information server according to the first user information acquisition request.
2. The method of claim 1, wherein after step 4, further comprising:
step 6: if the parent domain name of the system to be logged in is different from the parent domain name of the system corresponding to the current cookie, judging whether the domain name of the system to be logged in is in a specified trust list;
if the domain name of the system to be logged in is in the specified trust list, executing step 5;
and if the domain name of the system to be logged in is not in the specified trust list, the login is refused.
3. The method according to claim 1 or 2, wherein in step 3 writing the user information to a redis server comprises:
and writing the user information into a redis server by calling a specified writing interface of the single sign-on server.
4. The method according to any of claims 1-3, wherein pulling user information corresponding to the user unique identity from the redis server according to the read user unique identity in step 5 comprises:
and calling a second user information acquisition interface of the single sign-on server, sending a second user information acquisition request carrying the read user unique identity to the redis server, and receiving user information corresponding to the user unique identity returned by the redis server according to the second user information acquisition request.
5. The method of claim 4, wherein the user information written in the redis server is provided with an expiration time, at which time,
receiving the user information corresponding to the unique identity of the user, which is returned by the redis server according to the second user information acquisition request, and the receiving comprises the following steps:
when the redis server finds the user information corresponding to the read user unique identity after receiving the second user information acquisition request carrying the read user unique identity, receiving the user information corresponding to the user unique identity returned by the redis server;
and when the redis server does not find the user information corresponding to the read user unique identity after receiving the second user information acquisition request carrying the read user unique identity, receiving information which indicates that the acquisition is not successful and is returned by the redis server, and executing the step 3.
6. The method according to any one of claims 1-5, wherein in step 3, after obtaining the user information and the user unique identity corresponding to the user information from the login information server, further comprising:
and writing the user information into the session of the system to be logged.
7. The method of claim 6, wherein after step 1 and before step 2, further comprising:
judging whether a session of the system to be logged in exists or not;
if yes, reading user information stored in the session of the system to be logged in;
setting the login state of the system to be logged in as logged in according to the user information, thereby realizing automatic login of the system to be logged in;
if not, executing step 2.
8. The method of any of claims 1-7, wherein the user unique identity comprises an MD5 value of a user mailbox;
the user information comprises a user login account and a password.
9. The method according to any of claims 1-8, wherein information transfer with the login information server and the redis server is performed using https protocol.
10. A single sign-on multi-system device is applied to a single sign-on server and comprises:
a login request receiving module adapted to perform step 1: receiving a login request of a system to be logged in from a browser side;
a cookie judging module adapted to perform step 2: judging whether a current cookie stored after a system finishes login exists on the browser side;
a login verification module, adapted to execute step 3 if the browser side does not have the current cookie saved after the system completes login in the past: sending an authentication request to a login information server, receiving authentication passing information returned by the login information server after the login information server authenticates and passes input user information according to the received authentication request, acquiring the user information and a user unique identity corresponding to the user information from the login information server, writing the user unique identity into a cookie of the system to be logged in, and writing the user information into a redis server, thereby completing logging in the system to be logged in;
the same domain/cross domain judging module is suitable for executing the step 4 if the browser side has the current cookie stored after the system finishes login in the prior art: comparing whether the parent domain name of the system to be logged in is the same as the parent domain name of the system corresponding to the current cookie; and
and the same-domain automatic login module is suitable for executing the step 5 if the parent domain name of the system to be logged in is the same as the parent domain name of the system corresponding to the current cookie: reading the unique user identity stored in the current cookie, pulling user information corresponding to the unique user identity from the redis server according to the read unique user identity, and setting the login state of the system to be logged in as logged in according to the pulled user information, thereby realizing automatic login of the system to be logged in;
the module is also adopted to execute corresponding steps to realize automatic login of one or more other systems to be logged in;
the verification request carries a Uniform Resource Locator (URL) of the system to be logged in;
the verification passing information carries the URL of the system to be logged in and the user information acquisition key generated after the login information server verifies the input user information and passes the verification;
the authentication login module is further adapted to:
and calling a first user information acquisition interface of the single sign-on server, sending a first user information acquisition request carrying the user information acquisition key to the sign-on information server, and receiving user information and a user unique identity which are returned by the sign-on information server according to the first user information acquisition request and correspond to the user information acquisition key.
11. The apparatus of claim 10, further comprising:
a cross-domain automatic login module, adapted to execute step 6 after the same domain/cross-domain determination module executes step 4: if the parent domain name of the system to be logged in is different from the parent domain name of the system corresponding to the current cookie, judging whether the domain name of the system to be logged in is in an appointed trust list;
if the domain name of the system to be logged in is in the specified trust list, triggering the same-domain automatic login module to execute the step 5;
and if the domain name of the system to be logged in is not in the specified trust list, the login is refused.
12. The apparatus according to claim 10 or 11, wherein the authentication login module is further adapted to:
and writing the user information into a redis server by calling a specified writing interface of the single sign-on server.
13. The apparatus of any of claims 10-12, wherein the co-domain auto-login module is further adapted to:
and calling a second user information acquisition interface of the single sign-on server, sending a second user information acquisition request carrying the read unique user identity to the redis server, and receiving user information corresponding to the unique user identity returned by the redis server according to the second user information acquisition request.
14. The apparatus of claim 13, wherein the user information written in the redis server is provided with an expiration time, at which time,
the same domain auto-login module is further adapted to:
when the redis server finds the user information corresponding to the read user unique identity after receiving the second user information acquisition request carrying the read user unique identity, the redis server receives the user information corresponding to the user unique identity returned by the redis server;
and when the redis server does not find the user information corresponding to the read user unique identity after receiving the second user information acquisition request carrying the read user unique identity, receiving information which indicates that the acquisition is not successful and is returned by the redis server, and triggering the verification login module to execute the step 3.
15. The apparatus according to any of claims 10-14, wherein the authentication login module is further adapted to:
and after the user information and the user unique identity corresponding to the user information are obtained from the login information server, writing the user information into the session of the system to be logged in.
16. The apparatus of claim 15, further comprising:
session-based login module adapted to: after the login request receiving module executes the step 1 and before the cookie judging module executes the step 2, judging whether a session of the system to be logged exists;
if yes, reading user information stored in the session of the system to be logged in;
setting the login state of the system to be logged in as logged in according to the user information, thereby realizing automatic login of the system to be logged in;
if not, triggering the cookie judging module to execute the step 2.
17. The apparatus of any of claims 10-16, wherein the user unique identity comprises an MD5 value of a user mailbox;
the user information comprises a user login account and a password.
18. The apparatus according to any of claims 10-16, wherein information transfer between the apparatus and the login information server and the redis server is performed using https protocol.
19. A computer storage medium storing computer program code which, when run on a computing device, causes the computing device to perform the method of single sign-on for multiple systems of any of claims 1-9.
20. A computing device, comprising:
a processor; and
a memory storing computer program code;
the computer program code, when executed by the processor, causes the computing device to perform the method of single sign-on to multiple systems according to any of claims 1-9.
CN201810864122.3A 2018-08-01 2018-08-01 Method and device for single sign-on to multiple systems Active CN109246076B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810864122.3A CN109246076B (en) 2018-08-01 2018-08-01 Method and device for single sign-on to multiple systems

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810864122.3A CN109246076B (en) 2018-08-01 2018-08-01 Method and device for single sign-on to multiple systems

Publications (2)

Publication Number Publication Date
CN109246076A CN109246076A (en) 2019-01-18
CN109246076B true CN109246076B (en) 2022-11-04

Family

ID=65073425

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810864122.3A Active CN109246076B (en) 2018-08-01 2018-08-01 Method and device for single sign-on to multiple systems

Country Status (1)

Country Link
CN (1) CN109246076B (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109977788A (en) * 2019-03-03 2019-07-05 湖北无垠智探科技发展有限公司 A kind of unmanned plane aerial photography image integrated treatment platform
CN110324307A (en) * 2019-05-16 2019-10-11 平安科技(深圳)有限公司 A kind of single sign-on authentication method and relevant device based on cloud
CN110493183B (en) * 2019-07-05 2022-07-12 深圳市邦健科技有限公司 Multi-account simultaneous online processing method and device, storage medium and equipment
CN110430205B (en) * 2019-08-09 2023-04-18 深圳前海微众银行股份有限公司 Single sign-on method, device, equipment and computer readable storage medium
CN111343145A (en) * 2020-02-03 2020-06-26 山东爱城市网信息技术有限公司 Redis-based single sign-on method and device
CN111353117B (en) * 2020-03-09 2021-04-02 南京联创数字科技有限公司 WEB cross-domain cookie management system based on key-value type memory database
CN112948802B (en) * 2020-04-28 2024-03-12 深圳市明源云科技有限公司 Single sign-on method, device, equipment and storage medium
CN111800511B (en) * 2020-07-07 2023-07-04 上海携程商务有限公司 Synchronous login state processing method, system, equipment and readable storage medium
CN112069488B (en) * 2020-07-27 2023-05-16 合肥美的智能科技有限公司 Application login method in communication program and related device thereof
CN111949308B (en) * 2020-08-07 2024-07-19 抖音视界有限公司 Software package release method and device
CN115484093A (en) * 2022-09-13 2022-12-16 中国银行股份有限公司 Single sign-on method and device
CN116208378B (en) * 2023-01-03 2023-11-24 学银通融(北京)教育科技有限公司 Method, device and equipment for preventing user from logging in repeatedly

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104468790A (en) * 2014-12-09 2015-03-25 北京奇虎科技有限公司 Method for processing cookie data and client side
CN104836803A (en) * 2015-04-24 2015-08-12 北京工商大学 Single sign-on method based on session mechanism
US9325696B1 (en) * 2012-01-31 2016-04-26 Google Inc. System and method for authenticating to a participating website using locally stored credentials
CN107948167A (en) * 2017-11-29 2018-04-20 浙江数链科技有限公司 A kind of method and apparatus of single-sign-on
CN108289101A (en) * 2018-01-25 2018-07-17 中企动力科技股份有限公司 Information processing method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9325696B1 (en) * 2012-01-31 2016-04-26 Google Inc. System and method for authenticating to a participating website using locally stored credentials
CN104468790A (en) * 2014-12-09 2015-03-25 北京奇虎科技有限公司 Method for processing cookie data and client side
CN104836803A (en) * 2015-04-24 2015-08-12 北京工商大学 Single sign-on method based on session mechanism
CN107948167A (en) * 2017-11-29 2018-04-20 浙江数链科技有限公司 A kind of method and apparatus of single-sign-on
CN108289101A (en) * 2018-01-25 2018-07-17 中企动力科技股份有限公司 Information processing method and device

Also Published As

Publication number Publication date
CN109246076A (en) 2019-01-18

Similar Documents

Publication Publication Date Title
CN109246076B (en) Method and device for single sign-on to multiple systems
JP6556943B2 (en) Single sign-on method for appliance secure shell
CN109587133B (en) Single sign-on system and method
CN105337949B (en) A kind of SSO authentication method, web server, authentication center and token verify center
US9098689B2 (en) Efficiently throttling user authentication
JP6282349B2 (en) Method and system for determining whether a terminal logged into a website is a mobile terminal
JP6533871B2 (en) System and method for controlling sign-on to web applications
US7698734B2 (en) Single sign-on (SSO) for non-SSO-compliant applications
US8560712B2 (en) Method for detecting and applying different security policies to active client requests running within secure user web sessions
US20160004855A1 (en) Login using two-dimensional code
CN107566323B (en) Application system login method and device
EP3069467B1 (en) Parallel on-premises and cloud-based authentication
US9210159B2 (en) Information processing system, information processing device, and authentication method
WO2014109881A1 (en) Methods and apparatus for increased security in issuing application tokens
JP2006331044A (en) Single sign-on achievement method
US9059987B1 (en) Methods and systems of using single sign-on for identification for a web server not integrated with an enterprise network
US20190132397A1 (en) Session Handling for Multi-User Multi-Tenant Web Applications
US10044694B2 (en) Server, method and system for authenticating application
EP4268101A1 (en) Authentication using device and user identity
CN109450890A (en) The method and apparatus of single-sign-on
CN112653673A (en) Multi-factor authentication method and system based on single sign-on
CN115913671A (en) Token injection access method and device based on zero-trust gateway, electronic equipment and storage medium
CN115225354A (en) Multi-application single sign-on method, device, computer equipment and medium
CN114095483A (en) Password substitution filling method and device, electronic equipment and storage medium
CN117411725B (en) Portal application authentication method and device and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant