CN110753018A - Login authentication method and system - Google Patents

Login authentication method and system Download PDF

Info

Publication number
CN110753018A
CN110753018A CN201810812677.3A CN201810812677A CN110753018A CN 110753018 A CN110753018 A CN 110753018A CN 201810812677 A CN201810812677 A CN 201810812677A CN 110753018 A CN110753018 A CN 110753018A
Authority
CN
China
Prior art keywords
client
server
external server
information
single sign
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810812677.3A
Other languages
Chinese (zh)
Inventor
彭权
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Gridsum Technology Co Ltd
Original Assignee
Beijing Gridsum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Gridsum Technology Co Ltd filed Critical Beijing Gridsum Technology Co Ltd
Priority to CN201810812677.3A priority Critical patent/CN110753018A/en
Publication of CN110753018A publication Critical patent/CN110753018A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a login authentication method and system. Wherein, the method comprises the following steps: acquiring request information from a client, wherein the client successfully logs in a single sign-on server in advance, and the request information is used for representing that the client requests to log in an external server; generating link information corresponding to the external server, wherein the link information comprises: encrypting information corresponding to the client; and sending the link information to the client, wherein the encrypted information in the link information is used for verifying the client, and after the verification is passed, the client is determined to successfully log in the external server. The invention solves the technical problem that when the external server is accessed to the single sign-on server in the prior art, the login process needs to be completed by skipping for many times.

Description

Login authentication method and system
Technical Field
The invention relates to the field of login authentication, in particular to a login authentication method and system.
Background
SSO, Single Sign-On, is known as Single Sign On, and users can access mutually trusted application systems only by logging On once. When the external system accesses the SSO system, the access needs to be performed according to the standard provided by the SSO system. The current single sign-on authentication skip flow is shown in fig. 1, and assuming that the address of the external system is https:// app.ex.com, after a user inputs https:// app.ex.com in a browser, the external system detects that no information which can identify the logged-on is available at present, so that login verification is required; then browser redirects to https:// sso. Com. The SSO server redirects to https:// app. ex. com/? And (5) the ticket is ST-12345, the external system verifies the SSO after obtaining the service ticket, and if the verification is passed, the current login state is stored, and the login process is completed.
However, the existing login authentication method has a strict requirement on an external system when accessing to an SSO system, which may limit a programming language (for example, only Java and other languages have a support package provided by the language), and if other languages do not have the support of the existing support package, the external system is required to implement an authentication process; a redirection of multiple pages is required.
Aiming at the problem that when an external server is accessed into a single sign-on server in the prior art, multiple jumps are required to complete a sign-on process, an effective solution is not provided at present.
Disclosure of Invention
The embodiment of the invention provides a login authentication method and system, which at least solve the technical problem that when an external server accesses a single-point login server in the prior art, multiple jumps are required to complete a login process.
According to an aspect of an embodiment of the present invention, there is provided a login authentication method, including: acquiring request information from a client, wherein the client successfully logs in a single sign-on server in advance, and the request information is used for representing that the client requests to log in an external server; generating link information corresponding to the external server, wherein the link information comprises: encrypting information corresponding to the client; and sending the link information to the client, wherein the encrypted information in the link information is used for verifying the client, and after the verification is passed, the client is determined to successfully log in the external server.
Further, generating link information corresponding to the external server includes: acquiring an encryption key corresponding to an external server; encrypting the identity information corresponding to the client by using the encryption key to obtain encrypted information; the link information is generated based on the encryption information.
Further, before obtaining an encryption key corresponding to the external server, the method further includes: receiving an access request sent by an external server; and determining an encryption key corresponding to the external server, and sending a decryption key corresponding to the encryption key to the external server.
According to another aspect of the embodiments of the present invention, there is also provided a login authentication method, including: receiving link information corresponding to an external server sent by a client, wherein the client successfully logs in a single sign-on server in advance, the link information is generated after the single sign-on server receives request information sent by the client, the request information is used for representing that the client requests to log in the external server, and the link information comprises: encrypting information corresponding to the client; and initiating authentication of the client based on the encrypted information, wherein after the authentication is passed, the client is determined to be successfully logged in the external server.
Further, before receiving link information corresponding to the external server sent by the client, the method further includes: sending an access request to a single sign-on server; and receiving a decryption key sent by the single sign-on server.
Further, initiating authentication of the client based on the encryption information comprises: decrypting the encrypted information by using the decryption key to obtain decrypted information, wherein the encrypted information is obtained by encrypting the identity information corresponding to the client by using the encryption key corresponding to the decryption key through the single sign-on server; and calling the single sign-on server, and verifying the identity information corresponding to the client pre-stored in the single sign-on server by the single sign-on server based on the decryption information.
According to another aspect of the embodiments of the present invention, there is also provided a login authentication method, including: the method comprises the steps that a client sends request information to a single sign-on server, wherein the client successfully logs in the single sign-on server in advance, and the request information is used for representing that the client requests to log in an external server; the client receives link information corresponding to an external server sent by a single sign-on server, wherein the link information comprises: encrypting information corresponding to the client; and the client sends link information to the external server, wherein the encrypted information in the link information is used for verifying the client, and after the verification is passed, the client is determined to successfully log in the external server.
According to another aspect of the embodiments of the present invention, there is also provided a login authentication system, including a client, a single sign-on server, and an external server, where the client has successfully logged in the single sign-on server in advance, where: the client is used for sending request information to the single sign-on server, wherein the request information is used for representing that the client requests to log in an external server; the single sign-on server is used for responding to the request information and generating link information corresponding to the external server, wherein the link information comprises: encrypting information corresponding to the client; and the external server is used for verifying the client based on the encrypted information, wherein the client is determined to successfully log in the external server under the condition that the verification is passed.
According to another aspect of the embodiments of the present invention, there is also provided a login authentication apparatus, including: the system comprises an acquisition module, a processing module and a display module, wherein the acquisition module is used for acquiring request information from a client, the client successfully logs in a single sign-on server in advance, and the request information is used for representing that the client requests to log in an external server; the generating module is used for generating link information corresponding to the external server, wherein the link information comprises: encrypting information corresponding to the client; and the sending module is used for sending the link information to the client, wherein the encrypted information in the link information is used for verifying the client, and after the verification is passed, the client is determined to successfully log in the external server.
According to another aspect of the embodiments of the present invention, there is also provided a login authentication apparatus, including: the client side is used for successfully logging in the single sign-on server in advance, the link information is generated after the single sign-on server receives request information sent by the client side, the request information is used for representing that the client side requests to log in the external server, and the link information comprises: encrypting information corresponding to the client; and the authentication module is used for initiating authentication of the client based on the encrypted information, wherein after the authentication is passed, the client is determined to successfully log in the external server.
According to another aspect of the embodiments of the present invention, there is also provided a login authentication apparatus, including: the system comprises a first sending module, a second sending module and a third sending module, wherein the first sending module is used for sending request information to a single sign-on server, a client successfully logs in the single sign-on server in advance, and the request information is used for representing that the client requests to log in an external server; the receiving module is used for receiving link information corresponding to the external server sent by the single sign-on server, wherein the link information comprises: encrypting information corresponding to the client; and the second sending module is used for sending the link information to the external server, wherein the encrypted information in the link information is used for verifying the client, and after the verification is passed, the client is determined to successfully log in the external server.
According to another aspect of the embodiments of the present invention, there is also provided a storage medium, where the storage medium includes a stored program, and when the program runs, the apparatus on which the storage medium is located is controlled to execute the above single sign-on authentication method.
According to another aspect of the embodiments of the present invention, there is also provided a processor, configured to execute a program, where the program executes the single sign-on authentication method described above.
In the embodiment of the invention, when the client needs to log in the external server, the client can send request information to the single sign-on server, the single sign-on server generates the link information corresponding to the external server, the client accesses the external server through the link information, and the client is determined to directly log in the external server after successfully verifying the client based on the encrypted information in the link information, so that the whole single sign-on authentication is completed. The single sign-on server generates the link information corresponding to the external server, and the client can sign on the external server through the link information.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is an interaction diagram of a login authentication method according to the prior art;
FIG. 2 is a flow diagram of a login authentication method according to an embodiment of the present invention;
FIG. 3 is an interaction diagram of an alternative login authentication method according to an embodiment of the present invention;
FIG. 4 is a flow diagram of another login authentication method according to an embodiment of the invention;
FIG. 5 is a flow chart of yet another login authentication method according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of a login authentication system according to an embodiment of the present invention;
fig. 7 is a schematic diagram of a login authentication device according to an embodiment of the present invention;
fig. 8 is a schematic diagram of another login authentication device according to an embodiment of the present invention; and
fig. 9 is a schematic diagram of still another login authentication device according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
In accordance with an embodiment of the present invention, there is provided an embodiment of a login authentication method, it should be noted that the steps illustrated in the flowchart of the figure may be performed in a computer system such as a set of computer executable instructions, and that while a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than here.
It should be noted that the login authentication method described above may be executed by a single sign-on server.
Fig. 2 is a flowchart of a login authentication method according to an embodiment of the present invention, as shown in fig. 2, the method includes the following steps:
step S202, request information from a client is obtained, wherein the client successfully logs in a single sign-on server in advance, and the request information is used for representing that the client requests to log in an external server.
Specifically, the client may be a browser installed on a smart phone (including an Android phone and an IOS phone), a tablet PC, an IPAD, a palmtop, a notebook, a PC, and the like, and a user may access the SSO server and the external server by inputting an address in the browser.
Step S204, link information corresponding to the external server is generated, wherein the link information comprises: and encrypting information corresponding to the client.
Specifically, the link information may be a URL (Uniform Resource Locator) address of the client logging in the external server; the encryption information may be obtained by encrypting, by the SSO server, the identity information corresponding to the client, and using the encryption information as a parameter in the URL address.
In an optional scheme, a program is preset on the SSO server, and when request information output by the client is received, link information corresponding to the external server can be generated through the program.
And step S206, sending the link information to the client, wherein the encrypted information in the link information is used for verifying the client, and after the verification is passed, determining that the client successfully logs in the external server.
In an optional scheme, after receiving a URL address of an external server generated by a single sign-on server, a client may input the URL address to access the external server, so that the external server may obtain encrypted information, obtain decrypted information when it is detected that a user is not decrypted by the external server, call an SSO server through an interface, send the decrypted information to the SSO server, compare the decrypted information with user information in the SSO server by the SSO server, implement authentication of the client, and after the authentication is successful, the client may directly log in the external server.
Through the embodiment of the invention, when the client needs to log in the external server, the client can send request information to the single sign-on server, the single sign-on server generates the link information corresponding to the external server, the client accesses the external server through the link information, and the client is determined to directly log in the external server after the client is successfully verified based on the encrypted information in the link information, so that the whole single sign-on authentication is completed. Compared with the prior art, the external system does not need to be developed by a specific language, when the external system is accessed into the SSO server, the single-point login authentication can be completed only by one-time skipping without multiple skipping, the authentication process is simplified, the maintenance cost is reduced, and the technical problem that when the external server is accessed into the single-point login server in the prior art, the login process needs to be completed by multiple skipping is solved.
Optionally, in the foregoing embodiment of the present invention, in step S204, the generating link information corresponding to the external server includes:
step S2042, an encryption key corresponding to the external server is obtained.
Specifically, to implement single sign-on authentication, the SSO server may assign a unique corresponding encryption key to the external server, and the specific type of the key is not limited in the present invention.
Step S2044, the identity information corresponding to the client is encrypted by using the encryption key to obtain encrypted information.
Specifically, the identity information may be identification information unique to the client, for example, an account name and a password for the client to log in the SSO server, and the present invention is not limited to this.
In step S2046, link information is generated based on the encrypted information.
In an alternative scheme, the SSO server may fill in the URL address with the encrypted information as a URL parameter through a preset program, for example, assuming that the address of the external system is https:// app. token ═ token } & loginnfo ═ loginnfo }, where token and loginnfo are encryption information.
Optionally, in the foregoing embodiment of the present invention, before the step S2042, before the obtaining the encryption key corresponding to the external server, the method further includes:
step S212, receiving an access request sent by an external server.
Specifically, in order to implement single sign-on authentication for the client, before logging in the external server, the external server may send an access request to the SSO server, and register the access request in the SSO server in advance, where the access request includes a link address of the external system.
Step S214, determining an encryption key corresponding to the external server, and sending a decryption key corresponding to the encryption key to the external server.
Specifically, after the external server registers the link address in the SSO server, the SSO server may distribute the encryption key and the corresponding decryption key, and send the decryption key to the external server, so that the external server can decrypt the encrypted information through the decryption key distributed by the SSO server, and the single sign-on authentication process is completed.
Fig. 3 is an interaction diagram of an alternative login authentication method according to an embodiment of the present invention, and a preferred embodiment of the present invention is described in detail below with reference to fig. 3. As shown in fig. 3, a user can enter the SSO system through a browser, and the SSO system generates a login-free link to an external system, such as https:// app. the user can complete authentication by clicking the login-free link, and the external system decrypts the encrypted information generated by the SSO under the condition that the external system detects that the user does not have login authentication, then compares the encrypted information with the user information, and directly logs in after verification is completed.
By the scheme, the SSO system distributes the key after registering in the external system, encrypts the URL parameter, decrypts the URL parameter by using the key by the external system, and passes authentication if the key is compared with the SSO user information, the external system link is generated by the SSO without considering the external system development language limitation, so that login is avoided, and repeated skipping is avoided.
Example 2
According to the embodiment of the invention, the embodiment of the login authentication method is also provided.
The login authentication method may be executed by an external server.
Fig. 4 is a flowchart of another login authentication method according to an embodiment of the present invention, as shown in fig. 4, the method includes the following steps:
step S402, receiving link information corresponding to an external server sent by a client, where the client has successfully logged in a single sign-on server in advance, the link information is generated by the single sign-on server after receiving request information sent by the client, the request information is used to represent that the client requests to log in the external server, and the link information includes: and encrypting information corresponding to the client.
Specifically, the client may be a browser installed on a smart phone (including an Android phone and an IOS phone), a tablet PC, an IPAD, a palmtop, a notebook, a PC, and the like, and a user may access the SSO server and the external server by inputting an address in the browser. The link information may be a URL (Uniform Resource Locator) address of the client logging in the external server; the encryption information may be obtained by encrypting, by the SSO server, the identity information corresponding to the client, and using the encryption information as a parameter in the URL address.
And step S404, initiating the authentication of the client based on the encrypted information, wherein after the authentication is passed, the client is determined to successfully log in the external server.
Through the embodiment of the invention, when the client needs to log in the external server, the client can send request information to the single sign-on server, the single sign-on server generates the link information corresponding to the external server, the client accesses the external server through the link information, and the client is determined to directly log in the external server after the client is successfully verified based on the encrypted information in the link information, so that the whole single sign-on authentication is completed. Compared with the prior art, the external system does not need to be developed by a specific language, when the external system is accessed into the SSO server, the single-point login authentication can be completed only by one-time skipping without multiple skipping, the authentication process is simplified, the maintenance cost is reduced, and the technical problem that when the external server is accessed into the single-point login server in the prior art, the login process needs to be completed by multiple skipping is solved.
Optionally, in the foregoing embodiment of the present invention, before receiving, in step S402, the link information corresponding to the external server sent by the client, the method further includes:
step S406, sending an access request to the single sign-on server.
Specifically, in order to implement single sign-on authentication for the client, before logging in the external server, the external server may send an access request to the SSO server, and register the access request in the SSO server in advance, where the access request includes a link address of the external system.
Step S408 is to receive the decryption key sent by the single sign-on server.
Specifically, after the external server registers the link address in the SSO server, the SSO server may distribute the encryption key and the corresponding decryption key, and send the decryption key to the external server, so that the external server can decrypt the encrypted information through the decryption key distributed by the SSO server, and the single sign-on authentication process is completed.
Optionally, in the foregoing embodiment of the present invention, in step S404, initiating the verification of the client based on the encryption information includes:
step S4042, decrypting the encrypted information by using the decryption key to obtain decrypted information, wherein the encrypted information is obtained by encrypting the identity information corresponding to the client by using the encryption key corresponding to the decryption key by the single sign-on server.
Specifically, to implement single sign-on authentication, the SSO server may assign a unique corresponding encryption key to the external server, and the specific type of the key is not limited in the present invention. The identity information may be identification information unique to the client, for example, an account name and a password for the client to log in the SSO server, and the present invention is not limited to this.
Step S4044, the single sign-on server is called, and the single sign-on server performs authentication based on the decryption information and the identity information corresponding to the client pre-stored in the single sign-on server.
Example 3
According to the embodiment of the invention, the embodiment of the login authentication method is also provided.
It should be noted that the login authentication method described above may be executed by the client.
Fig. 5 is a flowchart of another login authentication method according to an embodiment of the present invention, as shown in fig. 5, the method includes the following steps:
step S502, the client sends request information to the single sign-on server, wherein the client successfully logs in the single sign-on server in advance, and the request information is used for representing that the client requests to log in an external server.
Specifically, the client may be a browser installed on a smart phone (including an Android phone and an IOS phone), a tablet PC, an IPAD, a palmtop, a notebook, a PC, and the like, and a user may access the SSO server and the external server by inputting an address in the browser.
Step S504, the client receives link information corresponding to the external server sent by the single sign-on server, where the link information includes: and encrypting information corresponding to the client.
Specifically, the link information may be a URL (Uniform Resource Locator) address of the client logging in the external server; the encryption information may be obtained by encrypting, by the SSO server, the identity information corresponding to the client, and using the encryption information as a parameter in the URL address.
Step S506, the client sends link information to the external server, where the encrypted information in the link information is used to authenticate the client, and after the authentication is passed, it is determined that the client successfully logs in the external server.
Through the embodiment of the invention, when the client needs to log in the external server, the client can send request information to the single sign-on server, the single sign-on server generates the link information corresponding to the external server, the client accesses the external server through the link information, and the client is determined to directly log in the external server after the client is successfully verified based on the encrypted information in the link information, so that the whole single sign-on authentication is completed. Compared with the prior art, the external system does not need to be developed by a specific language, when the external system is accessed into the SSO server, the single-point login authentication can be completed only by one-time skipping without multiple skipping, the authentication process is simplified, the maintenance cost is reduced, and the technical problem that when the external server is accessed into the single-point login server in the prior art, the login process needs to be completed by multiple skipping is solved.
Example 4
According to the embodiment of the invention, the embodiment of the login authentication system is also provided.
Fig. 6 is a schematic diagram of a login authentication system according to an embodiment of the present invention, as shown in fig. 6, the system includes: client 62, single sign-on server 64, and external server 66, client 62 having previously successfully signed on to single sign-on server 64.
The client 62 is configured to send request information to the single sign-on server, where the request information is used to represent that the client requests to log on the external server 66; the single sign-on server 64 is configured to generate link information corresponding to the external server in response to the request information, where the link information includes: encrypting information corresponding to the client; and the external server is used for verifying the client based on the encrypted information, wherein the client is determined to successfully log in the external server under the condition that the verification is passed.
Specifically, the client may be a browser installed on a smart phone (including an Android phone and an IOS phone), a tablet PC, an IPAD, a palmtop, a notebook, a PC, and the like, and a user may access the SSO server and the external server by inputting an address in the browser. The link information may be a URL (Uniform Resource Locator) address of the client logging in the external server; the encryption information may be obtained by encrypting, by the SSO server, the identity information corresponding to the client, and using the encryption information as a parameter in the URL address.
Through the embodiment of the invention, when the client needs to log in the external server, the client can send request information to the single sign-on server, the single sign-on server generates the link information corresponding to the external server, the client accesses the external server through the link information, and the client is determined to directly log in the external server after the client is successfully verified based on the encrypted information in the link information, so that the whole single sign-on authentication is completed. Compared with the prior art, the external system does not need to be developed by a specific language, when the external system is accessed into the SSO server, the single-point login authentication can be completed only by one-time skipping without multiple skipping, the authentication process is simplified, the maintenance cost is reduced, and the technical problem that when the external server is accessed into the single-point login server in the prior art, the login process needs to be completed by multiple skipping is solved.
Example 5
According to the embodiment of the invention, the embodiment of the login authentication device is also provided.
Fig. 7 is a schematic diagram of a login authentication apparatus according to an embodiment of the present invention, as shown in fig. 7, the apparatus including:
the obtaining module 72 is configured to obtain request information from a client, where the client successfully logs in the single sign-on server, and the request information is used to represent that the client requests to log in an external server.
Specifically, the client may be a browser installed on a smart phone (including an Android phone and an IOS phone), a tablet PC, an IPAD, a palmtop, a notebook, a PC, and the like, and a user may access the SSO server and the external server by inputting an address in the browser.
A generating module 74, configured to generate link information corresponding to the external server, where the link information includes: and encrypting information corresponding to the client.
Specifically, the link information may be a URL (Uniform Resource Locator) address of the client logging in the external server; the encryption information may be obtained by encrypting, by the SSO server, the identity information corresponding to the client, and using the encryption information as a parameter in the URL address.
And a sending module 76, configured to send the link information to the client, where the encrypted information in the link information is used to authenticate the client, and after the authentication is passed, it is determined that the client successfully logs in the external server.
The login authentication device may be a device for executing the login authentication method in a single sign-on server.
Through the embodiment of the invention, when the client needs to log in the external server, the client can send request information to the single sign-on server, the single sign-on server generates the link information corresponding to the external server, the client accesses the external server through the link information, and the client is determined to directly log in the external server after the client is successfully verified based on the encrypted information in the link information, so that the whole single sign-on authentication is completed. Compared with the prior art, the external system does not need to be developed by a specific language, when the external system is accessed into the SSO server, the single-point login authentication can be completed only by one-time skipping without multiple skipping, the authentication process is simplified, the maintenance cost is reduced, and the technical problem that when the external server is accessed into the single-point login server in the prior art, the login process needs to be completed by multiple skipping is solved.
Example 6
According to the embodiment of the invention, the embodiment of the login authentication device is also provided.
Fig. 8 is a schematic diagram of another login authentication apparatus according to an embodiment of the present invention, as shown in fig. 8, the apparatus includes:
a receiving module 82, configured to receive link information corresponding to an external server sent by a client, where the client has successfully logged in a single sign-on server in advance, the link information is generated by the single sign-on server after receiving request information sent by the client, the request information is used to represent that the client requests to log in the external server, and the link information includes: and encrypting information corresponding to the client.
Specifically, the client may be a browser installed on a smart phone (including an Android phone and an IOS phone), a tablet PC, an IPAD, a palmtop, a notebook, a PC, and the like, and a user may access the SSO server and the external server by inputting an address in the browser. The link information may be a URL (Uniform Resource Locator) address of the client logging in the external server; the encryption information may be obtained by encrypting, by the SSO server, the identity information corresponding to the client, and using the encryption information as a parameter in the URL address.
And an authentication module 84 for initiating authentication of the client based on the encrypted information, wherein after the authentication is passed, it is determined that the client successfully logs in the external server.
The login authentication device may be a device in an external server for executing the login authentication method.
Through the embodiment of the invention, when the client needs to log in the external server, the client can send request information to the single sign-on server, the single sign-on server generates the link information corresponding to the external server, the client accesses the external server through the link information, and the client is determined to directly log in the external server after the client is successfully verified based on the encrypted information in the link information, so that the whole single sign-on authentication is completed. Compared with the prior art, the external system does not need to be developed by a specific language, when the external system is accessed into the SSO server, the single-point login authentication can be completed only by one-time skipping without multiple skipping, the authentication process is simplified, the maintenance cost is reduced, and the technical problem that when the external server is accessed into the single-point login server in the prior art, the login process needs to be completed by multiple skipping is solved.
Example 7
According to the embodiment of the invention, the embodiment of the login authentication device is also provided.
Fig. 9 is a schematic diagram of still another login authentication apparatus according to an embodiment of the present invention, as shown in fig. 9, the apparatus includes:
the first sending module 92 is configured to send request information to the single sign-on server, where the client has successfully logged in the single sign-on server in advance, and the request information is used to represent that the client requests to log in an external server.
Specifically, the client may be a browser installed on a smart phone (including an Android phone and an IOS phone), a tablet PC, an IPAD, a palmtop, a notebook, a PC, and the like, and a user may access the SSO server and the external server by inputting an address in the browser.
A receiving module 94, configured to receive link information corresponding to an external server sent by a single sign-on server, where the link information includes: and encrypting information corresponding to the client.
Specifically, the link information may be a URL (Uniform Resource Locator) address of the client logging in the external server; the encryption information may be obtained by encrypting, by the SSO server, the identity information corresponding to the client, and using the encryption information as a parameter in the URL address.
And a second sending module 96, configured to send link information to the external server, where the encrypted information in the link information is used to authenticate the client, and after the authentication passes, it is determined that the client successfully logs in the external server.
The login authentication device may be a device in the client for executing the login authentication method.
Through the embodiment of the invention, when the client needs to log in the external server, the client can send request information to the single sign-on server, the single sign-on server generates the link information corresponding to the external server, the client accesses the external server through the link information, and the client is determined to directly log in the external server after the client is successfully verified based on the encrypted information in the link information, so that the whole single sign-on authentication is completed. Compared with the prior art, the external system does not need to be developed by a specific language, when the external system is accessed into the SSO server, the single-point login authentication can be completed only by one-time skipping without multiple skipping, the authentication process is simplified, the maintenance cost is reduced, and the technical problem that when the external server is accessed into the single-point login server in the prior art, the login process needs to be completed by multiple skipping is solved.
The login authentication device comprises a processor and a memory, wherein the acquisition module, the generation module, the sending module, the receiving module, the verification module, the first sending module, the receiving module, the second sending module and the like are stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. The kernel can be set to be one or more than one, the external system is not required to be developed by a specific language by adjusting kernel parameters, and when the SSO server is accessed, the single sign-on authentication can be completed by only one jump without multiple jumps.
The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip.
An embodiment of the present invention provides a storage medium on which a program is stored, the program implementing the login authentication method when executed by a processor.
The embodiment of the invention provides a processor, which is used for running a program, wherein the login authentication method is executed when the program runs.
The embodiment of the invention provides equipment, which comprises a processor, a memory and a program which is stored on the memory and can run on the processor, wherein the processor executes the program and realizes the following steps: (method claim step, independent + dependent). The device herein may be a server, a PC, a PAD, a mobile phone, etc.
The present application further provides a computer program product adapted to perform a program for initializing the following method steps when executed on a data processing device:
acquiring request information from a client, wherein the client successfully logs in a single sign-on server in advance, and the request information is used for representing that the client requests to log in an external server; generating link information corresponding to the external server, wherein the link information comprises: encrypting information corresponding to the client; and sending the link information to the client, wherein the encrypted information in the link information is used for verifying the client, and after the verification is passed, the client is determined to successfully log in the external server.
The generating of the link information corresponding to the external server includes: acquiring an encryption key corresponding to an external server; encrypting the identity information corresponding to the client by using the encryption key to obtain encrypted information; the link information is generated based on the encryption information.
Before an encryption key corresponding to an external server is obtained, receiving an access request sent by the external server; and determining an encryption key corresponding to the external server, and sending a decryption key corresponding to the encryption key to the external server.
Receiving link information corresponding to an external server sent by a client, wherein the client successfully logs in a single sign-on server in advance, the link information is generated after the single sign-on server receives request information sent by the client, the request information is used for representing that the client requests to log in the external server, and the link information comprises: encrypting information corresponding to the client; and initiating authentication of the client based on the encrypted information, wherein after the authentication is passed, the client is determined to be successfully logged in the external server.
Before receiving link information corresponding to an external server sent by a client, sending an access request to a single sign-on server; and receiving a decryption key sent by the single sign-on server.
Decrypting the encrypted information by using the decryption key to obtain decrypted information, wherein the encrypted information is obtained by encrypting the identity information corresponding to the client by using the encryption key corresponding to the decryption key through the single sign-on server; and calling the single sign-on server, and verifying the identity information corresponding to the client pre-stored in the single sign-on server by the single sign-on server based on the decryption information.
The method comprises the steps that a client sends request information to a single sign-on server, wherein the client successfully logs in the single sign-on server in advance, and the request information is used for representing that the client requests to log in an external server; the client receives link information corresponding to an external server sent by a single sign-on server, wherein the link information comprises: encrypting information corresponding to the client; and the client sends link information to the external server, wherein the encrypted information in the link information is used for verifying the client, and after the verification is passed, the client is determined to successfully log in the external server.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (10)

1. A login authentication method, comprising:
acquiring request information from a client, wherein the client successfully logs in a single sign-on server in advance, and the request information is used for representing that the client requests to log in an external server;
generating link information corresponding to the external server, wherein the link information comprises: encryption information corresponding to the client;
and sending the link information to the client, wherein the encrypted information in the link information is used for verifying the client, and after the verification is passed, the client is determined to successfully log in the external server.
2. The method of claim 1, wherein generating the link information corresponding to the external server comprises:
acquiring an encryption key corresponding to the external server;
encrypting the identity information corresponding to the client by using the encryption key to obtain the encrypted information;
generating the link information based on the encryption information.
3. The method of claim 2, wherein prior to obtaining the corresponding encryption key of the external server, the method further comprises:
receiving an access request sent by the external server;
and determining an encryption key corresponding to the external server, and sending a decryption key corresponding to the encryption key to the external server.
4. A login authentication method, comprising:
receiving link information corresponding to an external server sent by a client, wherein the client has successfully logged in a single sign-on server in advance, the link information is generated by the single sign-on server after receiving request information sent by the client, the request information is used for representing that the client requests to log in the external server, and the link information comprises: encryption information corresponding to the client;
and initiating authentication of the client based on the encrypted information, wherein after the authentication is passed, the client is determined to be successfully logged in the external server.
5. The method according to claim 4, wherein before receiving the link information corresponding to the external server sent by the client, the method further comprises:
sending an access request to the single sign-on server;
and receiving the decryption key sent by the single sign-on server.
6. The method of claim 5, wherein initiating authentication of the client based on the encryption information comprises:
decrypting the encrypted information by using the decryption key to obtain decrypted information, wherein the encrypted information is obtained by encrypting the identity information corresponding to the client by using the encryption key corresponding to the decryption key by using the single sign-on server;
and calling the single sign-on server, and verifying by the single sign-on server based on the decryption information and the identity information corresponding to the client pre-stored in the single sign-on server.
7. A login authentication method, comprising:
a client sends request information to a single sign-on server, wherein the client successfully logs in the single sign-on server in advance, and the request information is used for representing that the client requests to log in an external server;
the client receives link information corresponding to the external server sent by the single sign-on server, wherein the link information comprises: encryption information corresponding to the client;
and the client sends the link information to the external server, wherein the encrypted information in the link information is used for verifying the client, and after the verification is passed, the client is determined to successfully log in the external server.
8. A login authentication system is characterized by comprising a client, a single sign-on server and an external server, wherein the client successfully logs in the single sign-on server in advance, and the login authentication system comprises:
the client is used for sending request information to the single sign-on server, wherein the request information is used for representing that the client requests to log in the external server;
the single sign-on server is configured to generate link information corresponding to the external server in response to the request information, where the link information includes: encryption information corresponding to the client;
and the external server is used for verifying the client based on the encryption information, wherein the client is determined to successfully log in the external server under the condition of passing verification.
9. A storage medium comprising a stored program, wherein the program, when executed, controls an apparatus in which the storage medium is located to execute the login authentication method according to any one of claims 1 to 7.
10. A processor, configured to execute a program, wherein the program executes the login authentication method according to any one of claims 1 to 7.
CN201810812677.3A 2018-07-23 2018-07-23 Login authentication method and system Pending CN110753018A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810812677.3A CN110753018A (en) 2018-07-23 2018-07-23 Login authentication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810812677.3A CN110753018A (en) 2018-07-23 2018-07-23 Login authentication method and system

Publications (1)

Publication Number Publication Date
CN110753018A true CN110753018A (en) 2020-02-04

Family

ID=69275047

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810812677.3A Pending CN110753018A (en) 2018-07-23 2018-07-23 Login authentication method and system

Country Status (1)

Country Link
CN (1) CN110753018A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112861091A (en) * 2021-03-18 2021-05-28 网易(杭州)网络有限公司 Login method, login device, electronic equipment and storage medium
CN113301048A (en) * 2021-05-26 2021-08-24 随锐科技集团股份有限公司 Method and system for realizing conference control link
CN114338192A (en) * 2021-12-30 2022-04-12 苏州浪潮智能科技有限公司 Method, device, equipment and medium for safely processing web request
CN115037557A (en) * 2022-08-10 2022-09-09 深圳易伙科技有限责任公司 Temporary identity authentication method and device for user access application

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101997685A (en) * 2009-08-27 2011-03-30 阿里巴巴集团控股有限公司 Single sign-on method, single sign-on system and associated equipment
CN103685282A (en) * 2013-12-18 2014-03-26 飞天诚信科技股份有限公司 Identity authentication method based on single sign on
US20140115724A1 (en) * 2012-10-22 2014-04-24 Nederlandse Organisatie Voor Toegepast- Natuurwetenschappelijk Onderzoek Tno Token-Based Validation Method for Segmented Content Delivery
US20140122873A1 (en) * 2012-10-31 2014-05-01 Steven W. Deutsch Cryptographic enforcement based on mutual attestation for cloud services
CN105337949A (en) * 2014-08-13 2016-02-17 中国移动通信集团重庆有限公司 SSO (Single Sign On) authentication method, web server, authentication center and token check center
CN107679831A (en) * 2017-10-09 2018-02-09 金蝶软件(中国)有限公司 A kind of method and relevant apparatus of calling ERP functions
US20190149328A1 (en) * 2017-11-15 2019-05-16 Alexander J.M. VAN DER VELDEN System for digital identity authentication and methods of use

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101997685A (en) * 2009-08-27 2011-03-30 阿里巴巴集团控股有限公司 Single sign-on method, single sign-on system and associated equipment
US20140115724A1 (en) * 2012-10-22 2014-04-24 Nederlandse Organisatie Voor Toegepast- Natuurwetenschappelijk Onderzoek Tno Token-Based Validation Method for Segmented Content Delivery
US20140122873A1 (en) * 2012-10-31 2014-05-01 Steven W. Deutsch Cryptographic enforcement based on mutual attestation for cloud services
CN103685282A (en) * 2013-12-18 2014-03-26 飞天诚信科技股份有限公司 Identity authentication method based on single sign on
CN105337949A (en) * 2014-08-13 2016-02-17 中国移动通信集团重庆有限公司 SSO (Single Sign On) authentication method, web server, authentication center and token check center
CN107679831A (en) * 2017-10-09 2018-02-09 金蝶软件(中国)有限公司 A kind of method and relevant apparatus of calling ERP functions
US20190149328A1 (en) * 2017-11-15 2019-05-16 Alexander J.M. VAN DER VELDEN System for digital identity authentication and methods of use

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112861091A (en) * 2021-03-18 2021-05-28 网易(杭州)网络有限公司 Login method, login device, electronic equipment and storage medium
CN113301048A (en) * 2021-05-26 2021-08-24 随锐科技集团股份有限公司 Method and system for realizing conference control link
CN114338192A (en) * 2021-12-30 2022-04-12 苏州浪潮智能科技有限公司 Method, device, equipment and medium for safely processing web request
CN114338192B (en) * 2021-12-30 2023-06-06 苏州浪潮智能科技有限公司 Web request security processing method, device, equipment and medium
CN115037557A (en) * 2022-08-10 2022-09-09 深圳易伙科技有限责任公司 Temporary identity authentication method and device for user access application
CN115037557B (en) * 2022-08-10 2022-10-25 深圳易伙科技有限责任公司 Temporary identity authentication method and device for user access application

Similar Documents

Publication Publication Date Title
US10848310B2 (en) Method and device for identifying user identity
US10505914B2 (en) Sharing account information among multiple users
US9660982B2 (en) Reset and recovery of managed security credentials
EP3499836B1 (en) Authentication method, device and authentication client
CN110753018A (en) Login authentication method and system
CN104113552A (en) Platform authorization method, platform server side, application client side and system
CN105007280A (en) Application sign-on method and device
CN109086596B (en) Authentication method, device and system for application program
US20210234697A1 (en) Systems and methods for inter-service authentication
CN104158802A (en) Platform authorization method, platform service side, application client side and system
CN110069909B (en) Method and device for login of third-party system without secret
CN108200014B (en) Method, device and system for accessing server by using intelligent key device
CN106549919B (en) Information registration and authentication method and device
CN112287376A (en) Method and device for processing private data
CN106911628A (en) A kind of user registers the method and device of application software on the client
CN108235067B (en) Authentication method and device for video stream address
CN113766496A (en) Cross-platform binding method and system of intelligent equipment and related equipment
CN112118209B (en) Account operation method and device of vehicle equipment
CN110457959B (en) Information transmission method and device based on Trust application
CN111182010B (en) Local service providing method and device
KR102468823B1 (en) Applet package sending method and device, electronic apparatus, and computer readable medium
CN112422475B (en) Service authentication method, device, system and storage medium
CN111625850A (en) Access control method, device, electronic equipment and storage medium
CN110912697B (en) Scheme request verification method, device and equipment
CN114301710B (en) Method for determining whether message is tampered, secret pipe platform and secret pipe system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200204

RJ01 Rejection of invention patent application after publication