CN110727935B - Single sign-on method, system, computer device and storage medium - Google Patents
Single sign-on method, system, computer device and storage medium Download PDFInfo
- Publication number
- CN110727935B CN110727935B CN201910964775.3A CN201910964775A CN110727935B CN 110727935 B CN110727935 B CN 110727935B CN 201910964775 A CN201910964775 A CN 201910964775A CN 110727935 B CN110727935 B CN 110727935B
- Authority
- CN
- China
- Prior art keywords
- token
- server
- terminal
- domain name
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/41—User authentication where a single sign-on provides access to a plurality of computers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
Abstract
The application relates to a single sign-on method, a single sign-on system, a computer device and a storage medium. The single sign-on system comprises a background server of a target application program, an alias server and a target server; the method comprises the following steps: the alias server receives a login request which is sent by a terminal and requests to login the target application program, wherein the login request carries a first domain name of the background server and a first token which is acquired in advance; the alias server maps the first domain name to a second domain name according to a preset domain name mapping relation, and sends the first token to the target server corresponding to the second domain name; and the target server carries out token verification on the first token, accesses the background server when the first token passes the verification, and returns an access result to the terminal. In the embodiment of the invention, the verification pressure of the background server is reduced, and the high-concurrency scene can be dealt with.
Description
Technical Field
The present application relates to the field of single sign-on technologies, and in particular, to a single sign-on method, a single sign-on system, a computer device, and a storage medium.
Background
Single Sign On (Single Sign On), abbreviated as SSO, is one of the solutions for enterprise business integration that is popular at present. SSO is defined as the fact that in multiple applications, a user only needs to log in once to access all mutually trusted applications.
In the related art, if a terminal successfully logs in one of two associated applications, a background server of the application issues a token to the terminal. When the terminal logs in another application program, the token is held to the background server for token authentication, and the user does not need to input authentication information again.
However, if a highly concurrent scenario is encountered, too many login requests for token authentication at the background server may result in delayed response of the background server and even crash of the background server.
Disclosure of Invention
In view of the above, it is desirable to provide a single sign-on method, a system, a computer device, and a storage medium capable of improving the response speed of a server in response to the above-described technical problem.
In a first aspect, an embodiment of the present invention provides a single sign-on method, which is applied to a single sign-on system, where the single sign-on system includes a background server of a target application program, an alias server, and a target server; the method comprises the following steps:
the method comprises the steps that an alias server receives a login request which is sent by a terminal and requests to login a target application program, wherein the login request carries a first domain name of a background server and a first token which is acquired in advance;
the alias server maps the first domain name to a second domain name according to a preset domain name mapping relation and sends the first token to a target server corresponding to the second domain name;
and the target server carries out token verification on the first token, accesses the background server when the first token passes the verification, and returns an access result to the terminal.
In one embodiment, the token verifying the first token by the target server includes:
the target server compares the first token with a second token stored in advance;
if the first token is consistent with the second token, determining that the token is verified;
and if the first token is inconsistent with the second token, determining that the token verification fails.
In one embodiment, after the target server performs token verification on the first token, the method further includes:
when the token authentication fails, the target server generates a login page and transmits the login page to the terminal.
In one embodiment, the single sign-on system further comprises an authentication server; after the sending the login page to the terminal, the method further includes:
the authentication server receives the scanning information of the login page sent by the terminal;
generating a third token when the scanning is determined to be successful according to the scanning information;
and respectively sending the third token to the target server and the terminal so that the target server updates the second token according to the third token and the terminal updates the first token according to the third token.
In one embodiment, after the third token is sent to the target server and the terminal respectively, the method further includes:
and the alias server receives the login request which is retransmitted by the terminal after the first token is updated.
In one embodiment, the determining that the scanning is successful according to the scanning information includes:
analyzing the scanning information to obtain a graph code and a first character string corresponding to the graph code;
and if the first character string is matched with a second character string stored in advance, determining that the scanning is successful.
In one embodiment, before the alias server receives a login request sent by the terminal to request to login to the target application, the method further includes:
the background server receives identity authentication information sent by the terminal;
and generating a first token after the authentication is passed, and sending the first token to the terminal.
In a second aspect, an embodiment of the present invention provides a single sign-on system, where the single sign-on system includes a background server of a target application, an alias server, and a target server;
the alias server is used for receiving a login request which is sent by a terminal and requests to login a target application program, wherein the login request carries a first domain name of the background server and a first token which is acquired in advance; mapping the first domain name to a second domain name according to a preset domain name mapping relation, and sending the first token to a target server corresponding to the second domain name;
and the target server is used for carrying out token authentication on the first token, accessing the background server when the first token is authenticated, and returning an access result to the terminal.
In one embodiment, the target server is specifically configured to compare the first token with a second token stored in advance; if the first token is consistent with the second token, determining that the token is verified; and if the first token is inconsistent with the second token, determining that the token verification fails.
In one embodiment, the target server is specifically configured to generate a login page when token authentication fails, and send the login page to the terminal.
In one embodiment, the single sign-on system further comprises an authentication server;
the authentication server is used for receiving the scanning information of the login page sent by the terminal; generating a third token when the scanning is determined to be successful according to the scanning information; and respectively sending the third token to the target server and the terminal so that the target server updates the second token according to the third token and the terminal updates the first token according to the third token.
In one embodiment, the alias server is further configured to receive a login request that is retransmitted by the terminal after updating the first token.
In one embodiment, the authentication server is specifically configured to analyze the scanning information to obtain a graphic code and a first character string corresponding to the graphic code; and if the first character string is matched with a second character string stored in advance, determining that the scanning is successful.
In one embodiment, the background server is used for receiving the authentication information sent by the terminal; and generating a first token after the authentication is passed, and sending the first token to the terminal.
In a third aspect, an embodiment of the present invention provides a computer device, including a memory and a processor, where the memory stores a computer program, and the processor implements the steps in the method when executing the computer program.
In a fourth aspect, the present invention provides a computer-readable storage medium, on which a computer program is stored, the computer program, when being executed by a processor, implementing the steps in the method as described above.
According to the single sign-on method, the single sign-on system, the computer equipment and the storage medium, the alias server receives a sign-on request sent by the terminal and requesting to sign on a target application program, and the sign-on request carries a first domain name of the background server and a first token acquired in advance; the alias server maps the first domain name to a second domain name according to a preset domain name mapping relation and sends the first token to a target server corresponding to the second domain name; and the target server carries out token verification on the first token, accesses the background server when the first token passes the verification, and returns an access result to the terminal. According to the embodiment of the invention, when the terminal requests to log in the target application program, the alias server firstly carries out domain name mapping to determine the target server, and then the target server carries out token verification, so that the verification pressure of the background server is reduced, and the response speed of the background server is improved; moreover, the target server can provide OpenResty service, the processing speed is high, and the number of the links supported is large, so that the target server can deal with high-concurrency scenes.
Drawings
FIG. 1 is a diagram of an application environment for a single sign-on method in one embodiment;
FIG. 2 is a flow diagram illustrating a single sign-on method in accordance with an embodiment;
FIG. 3 is a flowchart illustrating a single sign-on method according to another embodiment;
FIG. 4 is a block diagram of a single sign-on system in accordance with one embodiment;
FIG. 5 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The single sign-on method provided by the application can be applied to the application environment shown in fig. 1. The terminal 101 and the single sign-on system 102 communicate with each other via a network. The single sign-on system comprises a background server of a target application program, an alias server and a target server; the single sign-on system can be implemented by an independent server or a server cluster composed of a plurality of servers. The terminal may be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices.
In one embodiment, as shown in fig. 2, a single sign-on method is provided, which is exemplified by the application of the method to the single sign-on system in fig. 1, and includes the following steps:
In this embodiment, the terminal sends a login request when needing to log in the target application program, and the alias server receives the login request sent by the terminal. For example, the terminal transmits a login request requesting to login to the application a, and the alias server receives the login request. After receiving the login request, the alias server analyzes the login request, and analyzes a first domain name corresponding to a background server of the target application program and a first token acquired by the terminal in advance from the login request. The embodiment of the invention does not limit the analysis mode of the login request in detail, and can be set according to the actual situation.
Before logging in the target application program, the terminal successfully logs in other application programs in advance and acquires the first token. Wherein the other application is an application having an association relationship with the target application. A Token (Token) is an object that represents the right to perform some operation. For example, after the terminal logs in the application B, Token1 is obtained, and when logging in the application a having an association relationship with the application B, Token1 may be carried in the login request.
In this embodiment, the alias server performs domain name mapping according to a preset domain name mapping relationship, where the domain name mapping relationship may be a CNAME record. CNAME records are referred to as alias records, and such records allow multiple names to be mapped to the same computer. After obtaining the first domain name, the alias server maps the first domain name to the second domain name. The second domain name corresponds to the target server, and the first token is sent to the target server.
The target server may provide an openreserve service, which is a fully functional Web application server (also known as ngx _ openreserve). It packages the standard nginnx core, many common third party modules, and most of their dependencies. By kneading a plurality of well-designed Nginx modules, OpenResty effectively converts the Nginx server into a strong Web application server, and developers can use Lua programming language to perform script programming on a Nginx core and various existing Nginx C modules based on the Nginx server, so that extremely high-performance Web application capable of processing more than ten thousand concurrent requests is constructed.
And 203, the target server performs token authentication on the first token, accesses the background server when the first token authentication is passed, and returns an access result to the terminal.
In this embodiment, after receiving the first token, the target server performs token authentication on the first token, and if the first token passes the token authentication, the target server accesses the background server of the target application program and returns an access result to the terminal, so that the terminal successfully logs in the target application program.
In the single sign-on method, an alias server receives a sign-on request sent by a terminal for requesting to sign on a target application program, wherein the sign-on request carries a first domain name of a background server and a first token acquired in advance; the alias server maps the first domain name to a second domain name according to a preset domain name mapping relation and sends the first token to a target server corresponding to the second domain name; and the target server carries out token verification on the first token, accesses the background server when the first token passes the verification, and returns an access result to the terminal. According to the embodiment of the invention, when the terminal requests to log in the target application program, the alias server firstly carries out domain name mapping to determine the target server, and then the target server carries out token verification, so that the verification pressure of the background server is reduced, and the response speed of the background server is improved; moreover, the target server can provide OpenResty service, the processing speed is high, and the number of the links supported is large, so that the target server can deal with high-concurrency scenes.
In another embodiment, as shown in fig. 3, this embodiment relates to an optional process of the single sign-on method. On the basis of the embodiment shown in fig. 2, the method may specifically include the following steps:
In this embodiment, when the terminal logs in an application, the terminal sends authentication information to the background server of the application. The background server of the application program performs identity authentication on the terminal after receiving identity authentication information sent by the terminal, generates a first token after the identity authentication passes, and sends the first token to the terminal.
For example, when logging in the application B, the terminal sends a login account and a login password to the backend server of the application B, and after receiving the login account and the login password, the backend server verifies whether the login password corresponds to the login account. And when the login password corresponds to the login account, determining that the authentication is passed, generating a Token1, and sending the Token1 to the terminal. The terminal saves Token1 after receiving Token 1.
In this embodiment, the target server may store the second token corresponding to the target application program in the Redis in advance. After receiving the first token, the target server compares the first token with a pre-stored second token, if the first token is consistent with the second token, the target server determines that the token is verified, and step 310 is executed; if the first token is not consistent with the second token, it is determined that the token authentication failed, step 305 is performed.
In this embodiment, when the token authentication fails, the target server generates a login page and sends the login page to the terminal. Wherein the landing page may be the same as the landing page provided by the backend server of the target application. The login page can be provided with a graphic code, such as a two-dimensional code. The embodiment of the invention does not limit the login page in detail and can be set according to the actual situation. When the token authentication fails, the target server generates the login page instead of the background server, so that the pressure of the background server can be reduced, the data amount processed by the background server is reduced, and the response speed of the background server is improved.
In this embodiment, after the target server sends the login page to the terminal, the terminal scans the login page to obtain scanning information; then, the terminal transmits the scan information to the authentication server. The authentication server receives scanning information sent by the terminal and judges whether the terminal is scanned successfully or not according to the scanning information; and generating a third token when the terminal scanning is determined to be successful.
The determining whether the terminal scans successfully may specifically include: analyzing the scanning information to obtain a graph code and a first character string corresponding to the graph code; and if the first character string is matched with a second character string stored in advance, determining that the scanning is successful. For example, the authentication server analyzes the scanning information, analyzes a two-dimensional code from the scanning information, and performs image recognition on the two-dimensional code to obtain a first character string represented by the two-dimensional code; then, the authentication server compares the first character string with a second character string stored in advance, and if the first character string is matched with the second character string, the scanning is determined to be successful; if the first string does not match the second string, a scan failure is determined. And the pre-stored second character string corresponds to the graphic code on the login page.
And 307, respectively sending the third token to the target server and the terminal, so that the target server updates the second token according to the third token, and the terminal updates the first token according to the third token.
In this embodiment, after the authentication server generates the third token, the authentication server sends the third token to the target server. And after receiving the third token, the target server updates a second token pre-stored in Redis according to the third token. Meanwhile, the authentication server sends the third token to the terminal, and the terminal updates the prestored first token after receiving the third token.
Optionally, the authentication server generates a cookie according to the third token, sends the cookie to the terminal, and the terminal stores the cookie in the browser after receiving the cookie.
And step 308, the alias server receives the login request which is retransmitted by the terminal after the terminal updates the first token.
In this embodiment, after updating the first token according to the third token, the terminal retransmits a login request requesting to login the target application, where the login request carries the updated first token. And the alias server receives the login request retransmitted by the terminal.
And step 310, accessing the background server when the first token passes the verification, and returning an access result to the terminal.
In the single sign-on method, a terminal acquires a first token in advance, and sends a sign-on request to an alias server when the terminal requests to sign on a target application program, wherein the sign-on request carries a first domain name and the first token corresponding to a background server of the target application program; and the alias server performs domain name mapping after receiving the login request to obtain a second domain name, and sends the first token to a target server corresponding to the second domain name. And when the target server fails to verify the first token, the target server generates a login page and sends the login page to the terminal. And the authentication server determines whether the terminal is successfully scanned after receiving the scanning information obtained by scanning the login page by the terminal, and generates a third token when the terminal is successfully scanned. The authentication server then sends the third token to the target server and the terminal. And the terminal updates the first token and resends the login request after receiving the third token, the target server updates the second token after receiving the third token, and the token is verified after receiving the login request resent by the terminal. And then, the target server accesses the background server after the token passes the verification and sends an access result to the terminal. In the process, the target server carries out token verification instead of the background server, so that the pressure of the background server is reduced; and when the token authentication fails, the target server generates a login page and sends the login page to the terminal, instead of the background server generating the login page, so that the pressure of the background server is further reduced. The data volume processed by the background server is reduced, so that the response speed of the background server is improved, and high-concurrency scenes can be responded.
It should be understood that although the various steps in the flow charts of fig. 2-3 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-3 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternating with other steps or at least some of the sub-steps or stages of other steps.
In one embodiment, as shown in FIG. 4, a single sign-on system is provided that includes a backend server for a target application, an alias server, and a target server;
the alias server 401 is configured to receive a login request, which is sent by a terminal and is used for requesting to login a target application program, where the login request carries a first domain name of a background server and a first token acquired in advance; mapping the first domain name to a second domain name according to a preset domain name mapping relation, and sending the first token to a target server corresponding to the second domain name;
and the target server 402 is used for performing token authentication on the first token, accessing the background server when the first token authentication is passed, and returning an access result to the terminal.
In one embodiment, the target server 402 is specifically configured to compare the first token with a second token stored in advance; if the first token is consistent with the second token, determining that the token is verified; and if the first token is inconsistent with the second token, determining that the token verification fails.
In one embodiment, the target server 402 is specifically configured to generate a login page when token authentication fails, and send the login page to the terminal.
In one embodiment, the single sign-on system further comprises an authentication server;
the authentication server is used for receiving the scanning information of the login page sent by the terminal; generating a third token when the scanning is determined to be successful according to the scanning information; and respectively sending the third token to the target server and the terminal so that the target server updates the second token according to the third token and the terminal updates the first token according to the third token.
In one embodiment, alias server 401 is further configured to receive a login request that is retransmitted by the terminal after updating the first token.
In one embodiment, the authentication server is specifically configured to analyze the scanning information to obtain a graphic code and a first character string corresponding to the graphic code; and if the first character string is matched with a second character string stored in advance, determining that the scanning is successful.
In one embodiment, the background server is used for receiving the authentication information sent by the terminal; and generating a first token after the authentication is passed, and sending the first token to the terminal.
For specific limitations of the single sign-on system, reference may be made to the above limitations of the single sign-on method, which are not described herein again. The modules in the single sign-on system can be implemented in whole or in part by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 5. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used to store single sign-on data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a single sign-on method.
Those skilled in the art will appreciate that the architecture shown in fig. 5 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having a computer program stored therein, the processor implementing the following steps when executing the computer program:
the method comprises the steps that an alias server receives a login request which is sent by a terminal and requests to login a target application program, wherein the login request carries a first domain name of a background server and a first token which is acquired in advance;
the alias server maps the first domain name to a second domain name according to a preset domain name mapping relation and sends the first token to a target server corresponding to the second domain name;
and the target server carries out token verification on the first token, accesses the background server when the first token passes the verification, and returns an access result to the terminal.
In one embodiment, the processor, when executing the computer program, performs the steps of:
the target server compares the first token with a second token stored in advance;
if the first token is consistent with the second token, determining that the token is verified;
and if the first token is inconsistent with the second token, determining that the token verification fails.
In one embodiment, the processor, when executing the computer program, performs the steps of:
when the token authentication fails, the target server generates a login page and transmits the login page to the terminal.
In one embodiment, the processor, when executing the computer program, performs the steps of:
the authentication server receives the scanning information of the login page sent by the terminal;
generating a third token when the scanning is determined to be successful according to the scanning information;
and respectively sending the third token to the target server and the terminal so that the target server updates the second token according to the third token and the terminal updates the first token according to the third token.
In one embodiment, the processor, when executing the computer program, performs the steps of:
and the alias server receives the login request which is retransmitted by the terminal after the first token is updated.
In one embodiment, the determining that the scanning is successful according to the scanning information includes:
analyzing the scanning information to obtain a graph code and a first character string corresponding to the graph code;
and if the first character string is matched with a second character string stored in advance, determining that the scanning is successful.
In one embodiment, the processor, when executing the computer program, performs the steps of:
the background server receives identity authentication information sent by the terminal;
and generating a first token after the authentication is passed, and sending the first token to the terminal.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
the method comprises the steps that an alias server receives a login request which is sent by a terminal and requests to login a target application program, wherein the login request carries a first domain name of a background server and a first token which is acquired in advance;
the alias server maps the first domain name to a second domain name according to a preset domain name mapping relation and sends the first token to a target server corresponding to the second domain name;
and the target server carries out token verification on the first token, accesses the background server when the first token passes the verification, and returns an access result to the terminal.
In one embodiment, the computer program when executed by the processor further performs the steps of:
the target server compares the first token with a second token stored in advance;
if the first token is consistent with the second token, determining that the token is verified;
and if the first token is inconsistent with the second token, determining that the token verification fails.
In one embodiment, the computer program when executed by the processor further performs the steps of:
when the token authentication fails, the target server generates a login page and transmits the login page to the terminal.
In one embodiment, the computer program when executed by the processor further performs the steps of:
the authentication server receives the scanning information of the login page sent by the terminal;
generating a third token when the scanning is determined to be successful according to the scanning information;
and respectively sending the third token to the target server and the terminal so that the target server updates the second token according to the third token and the terminal updates the first token according to the third token.
In one embodiment, the computer program when executed by the processor further performs the steps of:
and the alias server receives the login request which is retransmitted by the terminal after the first token is updated.
In one embodiment, the determining that the scanning is successful according to the scanning information includes:
analyzing the scanning information to obtain a graph code and a first character string corresponding to the graph code;
and if the first character string is matched with a second character string stored in advance, determining that the scanning is successful.
In one embodiment, the computer program when executed by the processor further performs the steps of:
the background server receives identity authentication information sent by the terminal;
and generating a first token after the authentication is passed, and sending the first token to the terminal.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (9)
1. A single sign-on method is characterized in that the method is applied to a single sign-on system, wherein the single sign-on system comprises a background server of a target application program, an alias server and a target server; the method comprises the following steps:
the alias server receives a login request which is sent by a terminal and requests to login the target application program, wherein the login request carries a first domain name of the background server and a first token which is acquired in advance;
the alias server maps the first domain name to a second domain name according to a preset domain name mapping relation, and sends the first token to the target server corresponding to the second domain name;
the target server carries out token verification on the first token, accesses the background server when the first token passes the token verification, and returns an access result to the terminal;
wherein the target server performs token verification on the first token, including:
the target server compares the first token with a pre-stored second token;
if the first token is consistent with the second token, determining that the token is verified;
and if the first token is inconsistent with the second token, determining that the token verification fails.
2. The method of claim 1, wherein after the target server performs token validation on the first token, the method further comprises:
and when the token authentication fails, the target server generates a login page and sends the login page to the terminal.
3. The method of claim 2, wherein the single sign-on system further comprises an authentication server; after the sending the login page to the terminal, the method further comprises:
the authentication server receives the scanning information of the login page sent by the terminal;
generating a third token when the scanning is determined to be successful according to the scanning information;
and respectively sending the third token to the target server and the terminal so that the target server updates the second token according to the third token and the terminal updates the first token according to the third token.
4. The method of claim 3, wherein after the sending the third token to the target server and the terminal, respectively, the method further comprises:
and the alias server receives a login request which is retransmitted by the terminal after the terminal updates the first token.
5. The method of claim 3, wherein the determining that the scanning was successful based on the scanning information comprises:
analyzing the scanning information to obtain a graph code and a first character string corresponding to the graph code;
and if the first character string is matched with a second character string stored in advance, determining that the scanning is successful.
6. The method according to any one of claims 1-5, wherein before the alias server receives a login request sent by a terminal requesting to login to the target application, the method further comprises:
the background server receives the identity authentication information sent by the terminal;
and generating the first token after the authentication is passed, and sending the first token to the terminal.
7. A single sign-on system, comprising a backend server for a target application, an alias server and a target server;
the alias server is used for receiving a login request which is sent by a terminal and requests to login the target application program, wherein the login request carries a first domain name of the background server and a first token which is acquired in advance; mapping the first domain name to a second domain name according to a preset domain name mapping relation, and sending the first token to the target server corresponding to the second domain name;
the target server is used for carrying out token verification on the first token, accessing the background server when the first token passes the token verification, and returning an access result to the terminal;
the target server is specifically configured to compare the first token with a second token stored in advance; if the first token is consistent with the second token, determining that the token is verified; and if the first token is inconsistent with the second token, determining that the token verification fails.
8. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 6 when executing the computer program.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910964775.3A CN110727935B (en) | 2019-10-11 | 2019-10-11 | Single sign-on method, system, computer device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910964775.3A CN110727935B (en) | 2019-10-11 | 2019-10-11 | Single sign-on method, system, computer device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110727935A CN110727935A (en) | 2020-01-24 |
| CN110727935B true CN110727935B (en) | 2021-08-24 |
Family
ID=69221001
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910964775.3A Active CN110727935B (en) | 2019-10-11 | 2019-10-11 | Single sign-on method, system, computer device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110727935B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111581628B (en) * | 2020-05-13 | 2023-04-28 | 广州市百果园信息技术有限公司 | Token acquisition method, device, equipment and storage medium |
| CN116305020A (en) * | 2021-12-09 | 2023-06-23 | 中兴通讯股份有限公司 | Resource access method, system, electronic device and computer readable storage medium |
| CN114362965A (en) * | 2022-02-28 | 2022-04-15 | 北京达佳互联信息技术有限公司 | Resource processing method and device, electronic equipment and storage medium |
| CN115174181B (en) * | 2022-06-28 | 2023-03-28 | 北京中亦安图科技股份有限公司 | Method, device, equipment and storage medium for realizing single sign-on |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102111410B (en) * | 2011-01-13 | 2013-07-03 | 中国科学院软件研究所 | Agent-based single sign on (SSO) method and system |
| CN102984169A (en) * | 2012-12-11 | 2013-03-20 | 中广核工程有限公司 | Single sign-on method, equipment and system |
-
2019
- 2019-10-11 CN CN201910964775.3A patent/CN110727935B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN110727935A (en) | 2020-01-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110727935B (en) | Single sign-on method, system, computer device and storage medium | |
| US11089023B2 (en) | Computer readable storage media for tiered connection pooling and methods and systems for utilizing same | |
| CN110781482B (en) | Login method, login device, computer equipment and storage medium | |
| CN111460423B (en) | Two-dimensional code scanning login method and device | |
| CN112019493A (en) | Identity authentication method, identity authentication device, computer device, and medium | |
| CN110784450A (en) | Single sign-on method and device based on browser | |
| CN113381979B (en) | Access request proxy method and proxy server | |
| CN103475484B (en) | USB key authentication methods and system | |
| CN108418797B (en) | Webpage access method and device, computer equipment and storage medium | |
| CN112860778A (en) | Database management method, device, equipment and medium for desktop application program | |
| RU2638779C1 (en) | Method and server for executing authorization of application on electronic device | |
| CN112165448A (en) | Service processing method, device, system, computer equipment and storage medium | |
| CN113626840A (en) | Interface authentication method and device, computer equipment and storage medium | |
| CN113742681B (en) | Account management method and device, computer equipment and storage medium | |
| CN114448722B (en) | Cross-browser login method and device, computer equipment and storage medium | |
| CN111597573B (en) | Page embedding method and device, computer equipment and storage medium | |
| CN114238914A (en) | Digital certificate application system, method, device, computer equipment and storage medium | |
| CN112632504A (en) | Webpage access method, device, system, computer equipment and storage medium | |
| CN113918932A (en) | Security authentication method and related components | |
| CN110933034A (en) | Login method and device based on digital fingerprints | |
| CN112417403A (en) | Automatic system authentication and authorization processing method based on GitLab API | |
| CN111552551A (en) | User management method and device based on master-slave system, computer equipment and medium | |
| CN111988336A (en) | Access request processing method, device and system and computer equipment | |
| CN113938323B (en) | JWT (Java virtual machine-based) based replay attack prevention method, device, equipment and storage medium | |
| CN111563005B (en) | Cookie data processing method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |