CN109379363A - A kind of single-sign-on integrated approach and system based on intensive platform - Google Patents
A kind of single-sign-on integrated approach and system based on intensive platform Download PDFInfo
- Publication number
- CN109379363A CN109379363A CN201811247457.7A CN201811247457A CN109379363A CN 109379363 A CN109379363 A CN 109379363A CN 201811247457 A CN201811247457 A CN 201811247457A CN 109379363 A CN109379363 A CN 109379363A
- Authority
- CN
- China
- Prior art keywords
- log
- message
- application
- user
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The present invention provides a kind of single-sign-on integrated approach and system based on intensive platform, present system is specifically included with lower module: single-sign-on module: being completed to log in verification by agreement, is realized the function of roaming everywhere;Log module: the login log of each application system, and the access control right of the main platform of verification are recorded;Main console module: unified certification management is carried out to user or mechanism and is synchronized in each integrated application system.Technical solution of the present invention solve the problems, such as when single-sign-on general character application system user and the data such as mechanism and access control right can not be carried out unified certification management with it is synchronous.After being made a change in intensive platform to information such as user, mechanism, access authority, it can be synchronized to the user, mechanism in time in the general character application system of permission, realize the coherency management of the significant datas such as user, mechanism.
Description
Technical field
The present invention relates to network security and field of identity authentication more particularly to a kind of single-points based on intensive platform
Log in integrated approach and system.
Background technique
With the arrival of information age, enterprise needs to construct corresponding during Internet Construction according to all kinds of business
Application system, due to these application systems be usually enterprise development different times exploitation complete, each application system due to
Function stresses, the difference of design method and development technique, forms customer data base and user authentication system independent.With
There is independent account at family in each application system, and with being continuously increased for new business, it is excessive to will lead to account.It is accessing not
With application system when, user requires using corresponding account ID and password, easily causes to forget, memory disorders, if forgotten
The account for remembering or misremembering some business website causes not logging in, and is easy to dally over one's work, influences working efficiency.
Currently, the solution that traditional business event is integrated is single-sign-on, i.e., in multiple application systems, user is only
Need to access the application system of all mutual trusts by once logging in, application system does not need individually to develop oneself
Login interface is not necessarily to repeat logon.But this single-sign-on is cannot achieve in general character application system to user and mechanism
Unified certification management and the rights management of access control will change user and mechanism because there are many application system being related to
And the data such as access control right have to modify all application systems containing the change data, very elapsed time and money
Source.How to synchronize each application system, realize to the unified certification management of user and mechanism and the rights management of access control,
It is problem to be solved contained by this field.
Summary of the invention
In order to realize in single-sign-on to the user of each application system and mechanism carry out unified certification management with it is synchronous,
To access control carry out rights management with it is synchronous, improve the operability of single-sign-on, the present invention provides one kind based on intensive
Change the single-sign-on integrated approach and system for administering platform, user, mechanism, access authority etc. are believed in intensive platform
After breath makes a change, it can be synchronized to the user, mechanism in time in the general character application system of permission, realize user, mechanism
The coherency management of equal significant datas.
The present invention provides a kind of single-sign-on integrated approach based on intensive platform, specifically includes the following steps:
S1, building intensive platform, include server end (single-sign-on module), log system (log module);
S2, building need integrated application system client;
S3, client issue the request of access application system Service Source;
S4, client redirect request to server end;
S5, server end verify the legitimacy of the request, and log system verifies the access control right of the application system;
After S6, verification pass through, client is allowed to log in and access the application system Service Source;
S7, client call log system, write-in log in log;
S8, in intensive platform, creation, deletes user or organization data at modification;
S9, by data change log recording into log system table;
S10, monitoring change data, inquiring the user or mechanism has the access authority of which application system;
S11, synchrodata is generated according to the access authority of application system;
S12, pass through http/https interface mode or messaging bus mode synchrodata;
S13, synchronized result is returned.
Wherein, in the step S12 " passing through http/https interface mode or messaging bus mode synchrodata "
" http/https interface mode " further comprises:
S12.1, user log in intensive platform;
S12.2, the method for synchronization for configuring current general character application system are http/https mode, and configure synchronizing address, code key
Deng;
S12.3, the access authority that current general character application system is authorized to user or mechanism;
S12.4, it generates synchronous task and generates synchronization log;
S12.5, encapsulation synchrodata, and algorithm for encryption is used, code key is the code key of S12.2 configuration;
S12.6, interface calling data are generated, uses the format of " digital signature+&+ encryption data ";
S12.7, sync cap is called;
S12.8, reception return the result;
S12.9, it writes the result into synchronization log.
Wherein, the step S12.4 " generate synchronous task and generate synchronization log " further comprises:
S12.4.1, when starting intensive platform service, will start the timer that a timing generates synchronous task, it is fixed
When device be configured to be executed once per second, timer has monitored whether that synchronous task needs to generate, the synchronous task of generation in need,
Encapsulation task data are inserted into synchronous task table;
S12.4.2, synchrodata timer monitor there is the synchronous task being not carried out in synchronous task table, inquire current data
Synchronous application ID set is had turned in library, circulation has turned on the application of synchronizing function, creates a thread for each application, looks into
Whether ask under the application has synchronous task;
S12.4.3, start to synchronize, call synchrodata method, be passed to parameter List<AppSyncData>syncDatas,
Middle syncDatas is to need synchronous set of tasks, traverses this set of tasks, is synchronized one by one;
S12.4.4, calling start synchronous method, are passed to parameter List<AppSyncData>syncDatas, wherein
Whether syncData is synchronous task, inquire and apply id authorized included in synchronous task, unauthorized returns to mistake and mentions
Show that " with no authorized application can not synchronize, and please check data!", S12.4.5 is carried out when having authorized;
S12.4.5, inquiry synchronous applications information, judge the method for synchronization according to field syncUserMode;
It is the http/https method of synchronization when S12.4.6, field syncUserMode=1, obtains the http/ of the synchronous task
Https interface IP address judges whether interface IP address is legal, if address is that " synchronizing address is sky, synchronous for empty return error message
Task is cancelled, and please check data!", the legal carry out S12.4.7 in address;
S12.4.7, inquiry judge that current sync task is user or department, encapsulation using the timing error number of interior configuration
Synchrodata, synchrodata are the information such as user id, user login name, address name;
S12.4.8, encodeData (String data, String secretKey) method is called, wherein data is same step number
According to secretKey is encryption code key, generates digest according to data, encrypts to data, digest and synchrodata
Spliced using &;
S12.4.9, sync cap is called, receives return value, return value result=" true " is that data synchronize success, is occurred wrong
It mistakes and waits five seconds, call sync cap again, after call number is equal to the timing error number of configuration, by the mistake of return
False information is saved in synchronization log;
It is the messaging bus method of synchronization when S12.4.10, field syncUserMode=4, obtains message subject and newly-increased message day
Will sends a message to message server after encapsulation messages data, sends failure feedback synchronization failure, sends and successfully carry out
S12.4.11;
S12.4.11, newly-increased synchronization log, update message log, third-party application receive message and handle, processing result is disappeared
Breath is put into result queue, obtains response results and judges whether success, response results failure feedback synchronization failure, response results success
Carry out S12.4.12;
S12.4.12, response results are obtained, message logging is written, synchronize success after updating synchronization log state.
Wherein, " message in the step S12 " passing through http/https interface mode or messaging bus mode synchrodata "
Bus mode " further comprises:
S12.10, the user for listening to needs synchronization or mechanism have carried out creation, modification, deletion etc. and have operated;
S12.11, operation note log is generated;
S12.12, operation note log is obtained, generates synchronous task log;
S12.13, synchronous task is obtained;
S12.14, a thread is created for each application to execute synchronous task;
S12.15, the parameters such as the theme that message synchronization needs are obtained;
S12.16, the creation producer, initialization producer's configuration;
S12.17, write-in message logging;
S12.18, encapsulation synchrodata;
S12.19, synchronization message is sent to server;
S12.20, write-in synchronization log;
S12.21, obtain server return as a result, the fields such as update message log response time, message transmission state;
S12.22, third-party application receive message and handle, and processing result message is put into result queue;
S12.23, creation consumer, consumer use thread pool, create individual threads for each application and handle response results, prison
Listen sync response theme;
S12.24, response results are obtained, message logging is written;
S12.25, synchronization log state is updated.
In addition, the present invention also provides a kind of single-sign-on integrated system based on intensive platform, system tool
Body comprises the following modules:
Single-sign-on module: it completes to log in verification by agreement, realizes the function of roaming everywhere;
Log module: the login log of each application system, and the access control right of the main platform of verification are recorded;
Main console module: unified certification management is carried out to user or mechanism and is synchronized in each integrated application system.
Wherein, described " main console module " further comprises:
User facility manages submodule: managing all users concentratedly, realizes the unified storage of user information and the commission of mechanism hierarchical
Management function;
Single-point logins, publishes management submodule: realize logining, publishing for intensive platform, triggering send login, publish it is logical
Know message to general character application;
General character application management submodule;
Platform operates big data and manages submodule: two kinds of big data integrated management is realized, first is that according to currently logged on user's information
The big data information of display;Second is that all login users require the big data information of display.
Wherein, described " general character application management submodule " further comprises:
User, mechanism synchronization message integrate submodule: it realizes after using family instead from intensive platform additions and deletions, it is unidirectional same to application
Step integrates;
Single-sign-on integrates submodule: the single-sign-on integration mode provided by intensive platform is integrated;
Service monitoring message integrates submodule: realization regularly sends message and obtains general character application service state, is shown in service
Each general character of the heart is using upper;
Pending tasks message integrates submodule: after realizing that user logs in intensive platform, each general character is loaded on the page and is answered
With Pending tasks data, clicks Pending tasks and jump to general character application processing interface;
Notification message integrates submodule: sending a message to altogether when realizing the addition of intensive plateform system bulletin, modification
Property application;
It logins and publishes the integrated submodule of message: realizing that intensive platform is logined, published, triggering, which is sent, to be logged in, publishes notice
Message is to general character application;
Big data message integrates submodule: realizing the large data sets under both of which at first is that according to currently logged on user's information
The big data information (needing to send request message, general character application returned data result) of display, second is that all login users all need
Big data information to be shown (general character application sends data information to intensive platform).
Further, intensive platform additionally provides the basic businesses such as management console permission, audit, statistics, filtering, log
Module.
A kind of single-sign-on integrated approach and system based on intensive platform according to the present invention can be seen that this
General character application system can not unite to data such as user and mechanism and access control rights when invention solves single-sign-on
One authentication management and synchronous problem.
Detailed description of the invention
It in order to illustrate the embodiments of the present invention more clearly, below will be to required use in embodiment or description of the prior art
Attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description be only recorded in the embodiment of the present invention it is some
Embodiment is also possible to obtain other drawings based on these drawings for those of ordinary skill in the art.
Fig. 1 passes through http/https interface mode or messaging bus mode synchrodata for embodiment of the present invention method one
Flow chart.
Fig. 2 is the single-sign-on process that CAS agreement is used based on intensive platform of embodiment of the present invention method two
Figure.
Fig. 3 is the single-sign-on functional block diagram based on intensive platform of present system embodiment three.
Specific embodiment
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention,
And the content of specification can be looked for be practiced, and in order to allow above and other objects, features and advantages of the invention can
More clear and easy to understand, the following are a specific embodiment of the invention.
Embodiment one
Fig. 1 is the present invention by http/https interface mode or messaging bus mode synchrodata method, is specifically included following
Step:
S12.1, user log in intensive platform;
S12.2, the method for synchronization for configuring current general character application system are http/https mode, and configure synchronizing address, code key
Deng;
S12.3, the access authority that current general character application system is authorized to user or mechanism;
S12.4, it generates synchronous task and generates synchronization log;
S12.5, encapsulation synchrodata, and algorithm for encryption is used, code key is the code key of S12.2 configuration;
S12.6, interface calling data are generated, uses the format of " digital signature+&+ encryption data ";
S12.7, sync cap is called;
S12.8, reception return the result;
S12.9, it writes the result into synchronization log;
S12.10, the user for listening to needs synchronization or mechanism have carried out creation, modification, deletion etc. and have operated;
S12.11, operation note log is generated;
S12.12, operation note log is obtained, generates synchronous task log;
S12.13, synchronous task is obtained;
S12.14, a thread is created for each application to execute synchronous task;
S12.15, the parameters such as the theme that message synchronization needs are obtained;
S12.16, the creation producer, initialization producer's configuration;
S12.17, write-in message logging;
S12.18, encapsulation synchrodata;
S12.19, synchronization message is sent to server;
S12.20, write-in synchronization log;
S12.21, obtain server return as a result, the fields such as update message log response time, message transmission state;
S12.22, third-party application receive message and handle, and processing result message is put into result queue;
S12.23, creation consumer, consumer use thread pool, create individual threads for each application and handle response results, prison
Listen sync response theme;
S12.24, response results are obtained, message logging is written;
S12.25, synchronization log state is updated.
Wherein, the step S12.4 " generate synchronous task and generate synchronization log " further comprises:
S12.4.1, when starting intensive platform service, will start the timer that a timing generates synchronous task, it is fixed
When device be configured to be executed once per second.Timer has monitored whether that synchronous task needs to generate, the synchronous task of generation in need,
Encapsulation task data are inserted into synchronous task table;
S12.4.2, synchrodata timer monitor there is the synchronous task being not carried out in synchronous task table, inquire current data
Synchronous application ID set is had turned in library, circulation has turned on the application of synchronizing function, creates a thread for each application, looks into
Whether ask under the application has synchronous task;
S12.4.3, start to synchronize, call synchrodata method, be passed to parameter List<AppSyncData>syncDatas,
Middle syncDatas is to need synchronous set of tasks, traverses this set of tasks, is synchronized one by one;
S12.4.4, calling start synchronous method, are passed to parameter List<AppSyncData>syncDatas, wherein
Whether syncData is synchronous task, inquire and apply id authorized included in synchronous task, unauthorized returns to mistake and mentions
Show that " with no authorized application can not synchronize, and please check data!", S12.4.5 is carried out when having authorized;
S12.4.5, inquiry synchronous applications information, judge the method for synchronization according to field syncUserMode;
It is the http/https method of synchronization when S12.4.6, field syncUserMode=1, obtains the http/ of the synchronous task
Https interface IP address judges whether interface IP address is legal, if address is that " synchronizing address is sky, synchronous for empty return error message
Task is cancelled, and please check data!", the legal carry out S12.4.7 in address;
S12.4.7, inquiry judge that current sync task is user or department, encapsulation using the timing error number of interior configuration
Synchrodata, synchrodata are the information such as user id, user login name, address name;
S12.4.8, encodeData (String data, String secretKey) method is called, wherein data is same step number
According to secretKey is encryption code key, generates digest according to data, encrypts to data, digest and synchrodata
Spliced using &;
S12.4.9, sync cap is called, receives return value, return value result=" true " is that data synchronize success.Occur wrong
It mistakes and waits five seconds, call sync cap again, after call number is equal to the timing error number of configuration, by the mistake of return
False information is saved in synchronization log;
It is the messaging bus method of synchronization when S12.4.10, field syncUserMode=4, obtains message subject and newly-increased message day
Will sends a message to message server after encapsulation messages data, sends failure feedback synchronization failure, sends and successfully carry out
S12.4.11;
S12.4.11, newly-increased synchronization log, update message log, third-party application receive message and handle, processing result is disappeared
Breath is put into result queue, obtains response results and judges whether success, response results failure feedback synchronization failure, response results success
Carry out S12.4.12;
S12.4.12, response results are obtained, message logging is written, synchronize success after updating synchronization log state.
Embodiment two
Fig. 2 is the single-sign-on that the method for the present invention uses CAS agreement based on intensive platform, and detailed process is as follows:
S14, building intensive platform, platform contains CAS Server end, and is integrated with single-sign-on module and log mould
Block;
S15, building CAS client, CAS client is to need integrated application herein;
S16, building user browser;
S17, user browser issue the Service Source requested access to using providing to CAS client;
S18, CAS client redirection request are to CAS Server end;
S19, CAS Server end can generate a random bill Server Ticket and redirection request to user browser,
For doing single sign-on authentication;
S20, user browser send Server Ticket parameter, request single sign-on authentication;
The legitimacy of the client request CAS Server end S21, CAS verifying bill Server Ticket;
The access authority of S22, platform log module verification Application;
S23, CAS Server end, which are verified, feeds back to CAS client for result after bill passes through, and CAS client is allowed to access service
Resource;
S24, single-sign-on success, CAS client redirect result to user browser;
S25, CAS client call platform log module, write-in log in log.
Embodiment three
Fig. 3 is system of the invention, which specifically includes with lower module:
Single-sign-on module: it completes to log in verification by agreement, realizes the function of roaming everywhere;
Log module: the login log of each application system, and the access control right of the main platform of verification are recorded;
Main console module: unified certification management is carried out to user or mechanism and is synchronized in each integrated application system.
Wherein, described " main console module " further comprises:
User facility manages submodule: managing all users concentratedly, realizes the unified storage of user information and the commission of mechanism hierarchical
Management function;
Single-point logins, publishes management submodule: realize logining, publishing for intensive platform, triggering send login, publish it is logical
Know message to general character application;
General character application management submodule;
Platform operates big data and manages submodule: two kinds of big data integrated management is realized, first is that according to currently logged on user's information
The big data information of display;Second is that all login users require the big data information of display.
Wherein, described " general character application management submodule " further comprises:
User, mechanism synchronization message integrate submodule: it realizes after using family instead from intensive platform additions and deletions, it is unidirectional same to application
Step integrates;
Single-sign-on integrates submodule: the single-sign-on integration mode provided by intensive platform is integrated;
Service monitoring message integrates submodule: realization regularly sends message and obtains general character application service state, is shown in service
Each general character of the heart is using upper;
Pending tasks message integrates submodule: after realizing that user logs in intensive platform, each general character is loaded on the page and is answered
With Pending tasks data, clicks Pending tasks and jump to general character application processing interface;
Notification message integrates submodule: sending a message to altogether when realizing the addition of intensive plateform system bulletin, modification
Property application;
It logins and publishes the integrated submodule of message: realizing that intensive platform is logined, published, triggering, which is sent, to be logged in, publishes notice
Message is to general character application;
Big data message integrates submodule: realizing the large data sets under both of which at first is that according to currently logged on user's information
The big data information (needing to send request message, general character application returned data result) of display, second is that all login users all need
Big data information to be shown (general character application sends data information to intensive platform).
Further, intensive platform additionally provides the basic businesses such as management console permission, audit, statistics, filtering, log
Module.
The foregoing is only a preferred embodiment of the present invention, but protection scope of the present invention it is not limited to this, appoint
Within the technical scope of the present invention, any changes or substitutions that can be easily thought of, should all contain by what those familiar with the art
Lid is within protection scope of the present invention.Therefore, protection scope of the present invention should be subject to the protection scope in claims.
Claims (8)
1. a kind of single-sign-on integrated approach based on intensive platform, specifically includes the following steps:
S1, building intensive platform, include server end (single-sign-on module), log system (log module);
S2, building need integrated application system client;
S3, client issue the request of access application system Service Source;
S4, client redirect request to server end;
S5, server end verify the legitimacy of the request, and log system verifies the access control right of the application system;
After S6, verification pass through, client is allowed to log in and access intensive platform;
S7, client call log system, write-in log in log;
S8, it creates, modify in intensive platform, deleting user or organization data;
S9, by data change log recording into log system table;
S10, monitoring change data, inquiring the user or mechanism has the access authority of which application system;
S11, synchrodata is generated according to the access authority of application system;
S12, pass through http/https interface mode or messaging bus mode synchrodata;
S13, synchronized result is returned.
2. a kind of single-sign-on integrated approach based on intensive platform as described in claim 1, it is characterised in that: institute
Stating step S12 further comprises:
S12.1, user log in intensive platform;
S12.2, the method for synchronization for configuring current general character application system are http/https mode, and configure synchronizing address, code key
Deng;
S12.3, the access authority that current general character application system is authorized to user or mechanism;
S12.4, it generates synchronous task and generates synchronization log;
S12.5, encapsulation synchrodata, and algorithm for encryption is used, code key is the code key of S12.2 configuration;
S12.6, interface calling data are generated, uses the format of " digital signature+&+ encryption data ";
S12.7, sync cap is called;
S12.8, reception return the result;
S12.9, it writes the result into synchronization log;
S12.10, the user for listening to needs synchronization or mechanism have carried out creation, modification, deletion etc. and have operated;
S12.11, operation note log is generated;
S12.12, operation note log is obtained, generates synchronous task log;
S12.13, synchronous task is obtained;
S12.14, a thread is created for each application to execute synchronous task;
S12.15, the parameters such as the theme that message synchronization needs are obtained;
S12.16, the creation producer, initialization producer's configuration;
S12.17, write-in message logging;
S12.18, encapsulation synchrodata;
S12.19, synchronization message is sent to server;
S12.20, write-in synchronization log;
S12.21, obtain server return as a result, the fields such as update message log response time, message transmission state;
S12.22, third-party application receive message and handle, and processing result message is put into result queue;
S12.23, creation consumer, consumer use thread pool, create individual threads for each application and handle response results, prison
Listen sync response theme;
S12.24, response results are obtained, message logging is written;
S12.25, synchronization log state is updated.
3. a kind of single-sign-on integrated approach based on intensive platform as claimed in claim 2, it is characterised in that: institute
Stating step S12.4 further comprises:
S12.4.1, when starting intensive platform service, will start the timer that a timing generates synchronous task, it is fixed
When device be configured to be executed once per second, timer has monitored whether that synchronous task needs to generate, the synchronous task of generation in need,
Encapsulation task data are inserted into synchronous task table;
S12.4.2, synchrodata timer monitor there is the synchronous task being not carried out in synchronous task table, inquire current data
Synchronous application ID set is had turned in library, circulation has turned on the application of synchronizing function, creates a thread for each application, looks into
Whether ask under the application has synchronous task;
S12.4.3, start to synchronize, call synchrodata method, be passed to parameter List<AppSyncData>syncDatas,
Middle syncDatas is to need synchronous set of tasks, traverses this set of tasks, is synchronized one by one;
S12.4.4, calling start synchronous method, are passed to parameter List<AppSyncData>syncDatas, wherein
Whether syncData is synchronous task, inquire and apply id authorized included in synchronous task, unauthorized returns to mistake and mentions
Show that " with no authorized application can not synchronize, and please check data!", S12.4.5 is carried out when having authorized;
S12.4.5, inquiry synchronous applications information, judge the method for synchronization according to field syncUserMode;
It is the http/https method of synchronization when S12.4.6, field syncUserMode=1, obtains the http/ of the synchronous task
Https interface IP address judges whether interface IP address is legal, if address is that " synchronizing address is sky, synchronous for empty return error message
Task is cancelled, and please check data!", the legal carry out S12.4.7 in address;
S12.4.7, inquiry judge that current sync task is user or department, encapsulation using the timing error number of interior configuration
Synchrodata, synchrodata are the information such as user id, user login name, address name;
S12.4.8, encodeData (String data, String secretKey) method is called, wherein data is same step number
According to secretKey is encryption code key, generates digest according to data, encrypts to data, digest and synchrodata
Spliced using &;
S12.4.9, sync cap is called, receives return value, return value result=" true " is that data synchronize success, is occurred wrong
It mistakes and waits five seconds, call sync cap again, after call number is equal to the timing error number of configuration, by the mistake of return
False information is saved in synchronization log;
It is the messaging bus method of synchronization when S12.4.10, field syncUserMode=4, obtains message subject and newly-increased message day
Will sends a message to message server after encapsulation messages data, sends failure feedback synchronization failure, sends and successfully carry out
S12.4.11;
S12.4.11, newly-increased synchronization log, update message log, third-party application receive message and handle, processing result is disappeared
Breath is put into result queue, obtains response results and judges whether success, response results failure feedback synchronization failure, response results success
Carry out S12.4.12;
S12.4.12, response results are obtained, message logging is written, synchronize success after updating synchronization log state.
4. a kind of single-sign-on integrated approach based on intensive platform as described in claim 1, it is characterised in that: institute
It states single sign-on authentication and is applicable to current general open protocol, such as CAS agreement and Oauth agreement, without complicated adaptation.
5. a kind of single-sign-on integrated system based on intensive platform, the system are specifically included with lower module:
Single-sign-on module: it completes to log in verification by agreement, realizes the function of roaming everywhere;
Log module: the login log of each application system, and the access control right of the main platform of verification are recorded;
Main console module: unified certification management is carried out to user or mechanism and is synchronized in each integrated application system.
6. a kind of single-sign-on integrated system based on intensive platform as claimed in claim 5, it is characterised in that: institute
Stating main console module further comprises:
User facility manages submodule: managing all users concentratedly, realizes the unified storage of user information and the commission of mechanism hierarchical
Management function;
Single-point logins, publishes management submodule: realize logining, publishing for intensive platform, triggering send login, publish it is logical
Know message to general character application;
General character application management submodule;
Platform operates big data and manages submodule: two kinds of big data integrated management is realized, first is that according to currently logged on user's information
The big data information of display;Second is that all login users require the big data information of display.
7. a kind of single-sign-on integrated system based on intensive platform as claimed in claim 6, it is characterised in that: institute
Stating general character application management submodule further comprises:
User, mechanism synchronization message integrate submodule: it realizes after using family instead from intensive platform additions and deletions, it is unidirectional same to application
Step integrates;
Single-sign-on integrates submodule: the single-sign-on integration mode provided by intensive platform is integrated;
Service monitoring message integrates submodule: realization regularly sends message and obtains general character application service state, is shown in service
Each general character of the heart is using upper;
Pending tasks message integrates submodule: after realizing that user logs in intensive platform, each general character is loaded on the page and is answered
With Pending tasks data, clicks Pending tasks and jump to general character application processing interface;
Notification message integrates submodule: sending a message to altogether when realizing the addition of intensive plateform system bulletin, modification
Property application;
It logins and publishes the integrated submodule of message: realizing that intensive platform is logined, published, triggering, which is sent, to be logged in, publishes notice
Message is to general character application;
Big data message integrates submodule: realizing the large data sets under both of which at first is that according to currently logged on user's information
The big data information (needing to send request message, general character application returned data result) of display, second is that all login users all need
Big data information to be shown (general character application sends data information to intensive platform).
8. a kind of single-sign-on integrated system based on intensive platform as claimed in claim 5, it is characterised in that: also
It may include the basic businesses module such as management console permission, audit, statistics, filtering, log.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811247457.7A CN109379363B (en) | 2018-10-25 | 2018-10-25 | A kind of single-sign-on integrated approach and system based on intensive platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811247457.7A CN109379363B (en) | 2018-10-25 | 2018-10-25 | A kind of single-sign-on integrated approach and system based on intensive platform |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109379363A true CN109379363A (en) | 2019-02-22 |
CN109379363B CN109379363B (en) | 2019-07-12 |
Family
ID=65402073
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811247457.7A Active CN109379363B (en) | 2018-10-25 | 2018-10-25 | A kind of single-sign-on integrated approach and system based on intensive platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109379363B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110187870A (en) * | 2019-05-22 | 2019-08-30 | 中电科华云信息技术有限公司 | A kind of shared integrated system based on business module |
CN110213105A (en) * | 2019-06-06 | 2019-09-06 | 北京神舟航天软件技术有限公司 | It is a kind of cross-platform micro- using creation method |
CN110572430A (en) * | 2019-07-30 | 2019-12-13 | 云南昆钢电子信息科技有限公司 | identity data synchronization system and method based on timing task |
CN111339521A (en) * | 2020-02-17 | 2020-06-26 | 北京金和网络股份有限公司 | WEB-based single sign-on user integration method and system |
CN111586054A (en) * | 2020-05-09 | 2020-08-25 | 山东健康医疗大数据有限公司 | Single sign-on implementation method based on Internet architecture |
CN112434043A (en) * | 2020-12-02 | 2021-03-02 | 新华三大数据技术有限公司 | Data synchronization method, device, electronic equipment and medium |
CN114189375A (en) * | 2021-12-06 | 2022-03-15 | 银清科技有限公司 | Business system management method and device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050202392A1 (en) * | 2004-01-30 | 2005-09-15 | Allen J. V. | Web service api for student information and course management systems |
US20080085502A1 (en) * | 2006-10-04 | 2008-04-10 | Ecollege.Com | Web service api for student information and course management systems |
US9060239B1 (en) * | 2011-08-09 | 2015-06-16 | Zscaler, Inc. | Cloud based mobile device management systems and methods |
CN106845175A (en) * | 2015-12-04 | 2017-06-13 | 方正国际软件(北京)有限公司 | The establishing method and device of a kind of data permission |
CN107395577A (en) * | 2017-07-06 | 2017-11-24 | 广东电网有限责任公司信息中心 | A kind of large-scale power Enterprise Salary security system |
-
2018
- 2018-10-25 CN CN201811247457.7A patent/CN109379363B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050202392A1 (en) * | 2004-01-30 | 2005-09-15 | Allen J. V. | Web service api for student information and course management systems |
US20080085502A1 (en) * | 2006-10-04 | 2008-04-10 | Ecollege.Com | Web service api for student information and course management systems |
US9060239B1 (en) * | 2011-08-09 | 2015-06-16 | Zscaler, Inc. | Cloud based mobile device management systems and methods |
CN106845175A (en) * | 2015-12-04 | 2017-06-13 | 方正国际软件(北京)有限公司 | The establishing method and device of a kind of data permission |
CN107395577A (en) * | 2017-07-06 | 2017-11-24 | 广东电网有限责任公司信息中心 | A kind of large-scale power Enterprise Salary security system |
Non-Patent Citations (3)
Title |
---|
周益飞 等: ""基于SOA的统一身份认证系统设计"", 《软件导刊》 * |
王倩宜 等: ""统一用户管理和身份认证服务的设计与实现"", 《实验技术与管理》 * |
郭威: ""企业级信息管理系统认证统一管理的设计与实现"", 《南方能源建》 * |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110187870A (en) * | 2019-05-22 | 2019-08-30 | 中电科华云信息技术有限公司 | A kind of shared integrated system based on business module |
CN110213105A (en) * | 2019-06-06 | 2019-09-06 | 北京神舟航天软件技术有限公司 | It is a kind of cross-platform micro- using creation method |
CN110572430A (en) * | 2019-07-30 | 2019-12-13 | 云南昆钢电子信息科技有限公司 | identity data synchronization system and method based on timing task |
CN111339521A (en) * | 2020-02-17 | 2020-06-26 | 北京金和网络股份有限公司 | WEB-based single sign-on user integration method and system |
CN111586054A (en) * | 2020-05-09 | 2020-08-25 | 山东健康医疗大数据有限公司 | Single sign-on implementation method based on Internet architecture |
CN112434043A (en) * | 2020-12-02 | 2021-03-02 | 新华三大数据技术有限公司 | Data synchronization method, device, electronic equipment and medium |
CN114189375A (en) * | 2021-12-06 | 2022-03-15 | 银清科技有限公司 | Business system management method and device |
CN114189375B (en) * | 2021-12-06 | 2024-02-27 | 银清科技有限公司 | Service system management method and device |
Also Published As
Publication number | Publication date |
---|---|
CN109379363B (en) | 2019-07-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109379363B (en) | A kind of single-sign-on integrated approach and system based on intensive platform | |
US20210203655A1 (en) | Single sign-on for unmanaged mobile devices | |
US10728235B2 (en) | System and method for mobile single sign-on integration | |
EP3723341B1 (en) | Single sign-on for unmanaged mobile devices | |
KR102006198B1 (en) | Using credentials stored in different directories to access a common endpoint | |
US10013668B2 (en) | Secure storage of enterprise certificates for cloud services | |
US8291490B1 (en) | Tenant life cycle management for a software as a service platform | |
US9130920B2 (en) | Monitoring of authorization-exceeding activity in distributed networks | |
ES2853200T3 (en) | System and procedure to access private digital content | |
CN109165500B (en) | Single sign-on authentication system and method based on cross-domain technology | |
US20080289019A1 (en) | Framework for automated dissemination of security metadata for distributed trust establishment | |
US9319394B2 (en) | System and method for pool-based identity authentication for service access without use of stored credentials | |
CN113360862A (en) | Unified identity authentication system, method, electronic device and storage medium | |
US11552948B1 (en) | Domain management intermediary service | |
US11716312B1 (en) | Platform for optimizing secure communications | |
CN109067785A (en) | Cluster authentication method, device | |
Christie et al. | Using keycloak for gateway authentication and authorization | |
JP6383293B2 (en) | Authentication system | |
CN113973017B (en) | Business intelligent platform data processing system and method | |
US11601271B2 (en) | Cloud-based removable drive encryption policy enforcement and recovery key management | |
US20230195493A1 (en) | Virtual device enrollment and management | |
Velthuis | New authentication mechanism using certificates for big data analytic tools | |
Sun | Grid-based secure web service framework for bioinformatics | |
CN116032616A (en) | Identity verification method and related equipment | |
CN116776296A (en) | Authorization file generation and authorization storage method based on offline service |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 100083 Quantum Ginza 601, No. 23 Zhichun Road, Haidian District, Beijing Applicant after: Beijing Puyun Mdt InfoTech Ltd Applicant after: Cape Cloud Information Technology Co., Ltd. Address before: 100083 Quantum Ginza 601, No. 23 Zhichun Road, Haidian District, Beijing Applicant before: Beijing Puyun Mdt InfoTech Ltd Applicant before: Guangdong Puyun information Polytron Technologies Inc |
|
GR01 | Patent grant | ||
GR01 | Patent grant |