CN111259355A - Single sign-on method, portal system and service platform - Google Patents
Single sign-on method, portal system and service platform Download PDFInfo
- Publication number
- CN111259355A CN111259355A CN202010095020.7A CN202010095020A CN111259355A CN 111259355 A CN111259355 A CN 111259355A CN 202010095020 A CN202010095020 A CN 202010095020A CN 111259355 A CN111259355 A CN 111259355A
- Authority
- CN
- China
- Prior art keywords
- login
- terminal
- login information
- information
- service system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the application discloses a single sign-on method, a portal system and a service platform, wherein the method comprises the following steps: receiving a login request aiming at a target service system in the at least two service systems, which is sent by a terminal; the login request at least carries user identity authentication information of the terminal; obtaining login information which is required to be used by the terminal for logging in the target service system based on the user identity authentication information; acquiring a login information input area in a login page of the target service system; automatically inputting the login information in the login information input area; and automatically submitting the login information input in the login information input area so as to realize the single sign-on of the terminal to the target business system.
Description
Technical Field
The application relates to a login technology, in particular to a single sign-on method, a portal system and a service platform.
Background
With the development of information-based construction, the business systems used by units and enterprises are gradually increased. To avoid the following problems in the related art: the problem that a user (enterprise or unit staff) needs to input an account and a password once when accessing one service system, and needs to input the account and the password for multiple times when accessing multiple service systems respectively, and the use experience of the user is poor occurs, so that a single sign-on technology appears. The single sign-on technology is that the access of a plurality of service systems can be realized under the condition that the same user only inputs an account number and a password once.
In the related art, a portal system is usually adopted to realize single sign-on of each business system, and at present, several password substitution techniques exist to realize single sign-on. The first scheme is as follows: recording a login script, installing an extension plug-in on a browser of a user, playing back the recorded login script, and simulating a process of filling in a form (an account number input box and a password input box) so as to realize that an account number password is automatically filled in and then submitted to a service system expected to log in, thereby completing single sign-on. Scheme II: installing a plug-in on a browser of a user, constructing the content of a form in the plug-in, simulating the submission mode of the form, realizing the automatic filling of an account password and then submitting the account password to a service system expected to log in, and completing the single sign-on. According to the two schemes, the current password substitution and filling technology needs to install plug-ins on the browser of the user to assist in completing the password substitution and filling process. However, in the actual use process, the way of requiring the user to install the plug-in board can cause the user to feel dislike, and the experience is poor.
Disclosure of Invention
In order to solve the existing technical problem, the embodiment of the application provides a single sign-on method, a portal system and a service platform.
The technical scheme of the embodiment of the application is realized as follows:
the embodiment of the application provides a single sign-on method, which is applied to service platforms of at least two service systems, and the method comprises the following steps:
receiving a login request aiming at a target service system in the at least two service systems, which is sent by a terminal; the login request at least carries user identity authentication information of the terminal;
obtaining login information which is required to be used by the terminal for logging in the target service system based on the user identity authentication information;
acquiring a login information input area in a login page of the target service system;
automatically inputting the login information in the login information input area;
and automatically submitting the login information input in the login information input area so as to realize the single sign-on of the terminal to the target business system.
In the foregoing solution, the obtaining login information that needs to be used when the terminal logs in the target service system based on the user identification information includes:
sending a login information acquisition request to a portal system, wherein the request carries the user identity information;
receiving a feedback result aiming at the acquisition request, wherein the feedback result is characterized by login information which is recorded by the portal system and corresponds to the user identity authentication information;
and determining that the login information recorded by the portal system and corresponding to the user identity authentication information is the login information which is required to be used when the terminal logs in the target service system.
In the above scheme, the login information input area comprises an account number input area and a password input area;
correspondingly, the obtaining of the login information input area in the login page of the target service system and the automatic input of the login information in the login information input area include:
acquiring an account number input area and a password input area in the login page;
and automatically filling account information in the login information into an account input area, and automatically filling password information in the login information into a password input area.
In the above scheme, the acquiring an account number input area and a password input area in the login page includes:
acquiring an area comprising a first keyword in the login page and taking the area as an account input area, wherein the area comprising the first keyword is characterized in that the area is an area for account input;
and acquiring an area comprising the second keyword in the login page and taking the area as a password input area, wherein the area comprising the second keyword is characterized in that the area is an area for inputting the password.
In the above scheme, the method further comprises:
loading a software toolkit to the landing page;
correspondingly, the login information required to be used when the terminal logs in the target service system is obtained based on the user identity authentication information; acquiring a login information input area in a login page of the target service system; automatically inputting the login information in the login information input area; automatically submitting the login information entered in the login information entry area, comprising:
the software toolkit loaded to the login page acquires login information needed to be used when the terminal logs in the target service system based on the user identity authentication information;
and acquiring a login information input area in the login page through the software toolkit, automatically inputting the login information in the login information input area, and automatically submitting the login information.
The embodiment of the application provides a single sign-on method, which is applied to a portal system and comprises the following steps:
in case the portal system displays icon identifications of at least two business systems,
detecting operation generated by a user through icon identifications of a terminal to at least two service systems, and judging whether the terminal accesses the service systems through the portal system for the first time;
determining the service system targeted by the operation as a target service system under the condition that the terminal is judged to access the service system through the portal system for the non-first time;
acquiring user identity authentication information of the terminal; and the user identity authentication information is used for enabling the terminal to realize single sign-on of the target service system.
In the above scheme, the method further comprises:
and generating the user identity information for the terminal under the condition that the terminal accesses the service system through the portal system for the first time.
In the above scheme, the method further comprises:
and correspondingly recording the login information used when the terminal accesses the service system through the portal system for the first time and the user identity information.
An embodiment of the present application provides a service platform, including:
a receiving unit, configured to receive a login request sent by a terminal for a target service system of the at least two service systems; the login request at least carries user identity authentication information of the terminal;
an obtaining unit, configured to obtain login information that needs to be used when the terminal logs in the target service system based on the user identification information;
the acquisition unit is used for acquiring a login information input area in a login page of the target service system;
an input unit for automatically inputting the login information in the login information input area;
and the submitting unit is used for automatically submitting the login information input in the login information input area so as to realize the single sign-on of the terminal to the target service system.
The embodiment of the application provides a door system, includes:
the display unit is used for displaying the icon identifications of at least two service systems;
the detection and judgment unit is used for detecting the operation generated by the user through the icon identifications of the at least two service systems by the terminal under the condition that the icon identifications of the at least two service systems are displayed by the display unit, and judging whether the terminal accesses the service systems through the portal system for the first time;
the determining unit is used for determining that the service system targeted by the operation is a target service system under the condition that the detecting and judging unit judges that the terminal accesses the service system through the portal system for a non-first time;
an obtaining unit, configured to obtain user identification information of the terminal; and the user identity authentication information is used for enabling the terminal to realize single sign-on of the target service system.
Embodiments of the present application provide a computer-readable storage medium, on which a computer program is stored, which when executed by a processor, implements the aforementioned steps of the single sign-on method applied to a service platform and/or applied to a portal system.
The embodiment of the application provides a single sign-on method, a portal system and a service platform, wherein the method comprises the following steps: receiving a login request aiming at a target service system in the at least two service systems, which is sent by a terminal; the login request at least carries user identity authentication information of the terminal; obtaining login information which is required to be used by the terminal for logging in the target service system based on the user identity authentication information; acquiring a login information input area in a login page of the target service system; automatically inputting the login information in the login information input area; and automatically submitting the login information input in the login information input area so as to realize the single sign-on of the terminal to the target business system.
The embodiment of the application is a scheme for realizing the replacement and filling of the login information at the server side, and a plug-in does not need to be installed at the client side, so that good experience is brought to a user. In addition, the login information required to be used when the terminal logs in the target service system is obtained according to the user identification information of the terminal, so that the accuracy of the login information can be ensured, and the successful login and access of the terminal can be ensured.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a first flowchart illustrating an implementation of a single sign-on method applied to a service platform according to an embodiment of the present application;
fig. 2 is a schematic flow chart illustrating an implementation process of the single sign-on method applied to the service platform according to the embodiment of the present application;
fig. 3 is a schematic flow chart illustrating a third implementation process of the single sign-on method applied to the service platform according to the embodiment of the present application;
fig. 4 is a schematic flowchart of an implementation of a single sign-on method applied to a portal system according to an embodiment of the present application;
FIGS. 5(a), (b) are schematic page display diagrams of portal pages presented by the portal system in the embodiment of the present application;
FIG. 6 is a schematic diagram of a setting page of login information in an embodiment of the present application;
fig. 7 is a first schematic diagram illustrating a specific implementation of a single sign-on method in an embodiment of the present application;
fig. 8 is a second specific implementation diagram of the single sign-on method in the embodiment of the present application;
FIG. 9 is a schematic diagram illustrating a structure of a service platform according to an embodiment of the present application;
FIG. 10 is a schematic diagram of the structure of the portal system in the embodiment of the present application;
fig. 11 is a hardware configuration diagram of a service platform and/or a portal system in an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions in the embodiments of the present application will be described clearly and completely with reference to the accompanying drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application. In the present application, the embodiments and features of the embodiments may be arbitrarily combined with each other without conflict. The steps illustrated in the flow charts of the figures may be performed in a computer system such as a set of computer-executable instructions. Also, while a logical order is shown in the flow diagrams, in some cases, the steps shown or described may be performed in an order different than here.
Technical terms that may be used in the embodiments of the present application are explained first:
single Sign On (SSO), which is abbreviated as SSO, is a system in which a terminal (user) can access all mutually trusted application systems only by logging On once in a plurality of service (application) systems. For example, in the case of a plurality of business systems within a company, when the business system which is accessed first is logged in, access to other business systems can be realized without inputting login information.
The embodiment of the application provides a single sign-on method which is applied to service platforms of at least two business systems. It can be understood that in the embodiment of the present application, access to each service system can be realized only when a terminal (user) inputs login information (an account and a password) once, so as to realize single sign-on.
As shown in fig. 1, the method includes:
s101: receiving a login request aiming at a target service system in the at least two service systems, which is sent by a terminal; the login request at least carries User Identification (UID) information of the terminal;
s102: obtaining login information which is required to be used by the terminal for logging in the target business system based on the UID information;
s103: acquiring a login information input area in a login page of the target service system;
s104: automatically inputting the login information in the login information input area;
s105: and automatically submitting the login information input in the login information input area so as to realize the single sign-on of the terminal to the target business system.
The main body executing S101-S105 is a service platform. Wherein, S102 and S103 have no strict sequence, and can be carried out simultaneously.
In the scheme, the login request sent by the terminal is received, the login information needed by the terminal to login the target service system is obtained based on the UID information of the terminal carried in the login request, the input area of the login information is obtained and automatically input, and then the single-point login of the terminal in the target service system is realized. As will be understood by those skilled in the art, the terminal to be detected is generally viewed as a client (user) side, and the service platform is viewed as a server side, and the aforementioned automatic input and submission scheme of the login information can be viewed as a login information substitution scheme implemented on the server side, which does not require a plug-in to be installed on the client side, and brings a good experience to the user. In addition, the login information required to be used when the terminal logs in the target service system is obtained according to the UID information of the terminal, so that the accuracy of the login information can be ensured, and the successful login and access of the terminal can be ensured.
An embodiment of the present application provides another embodiment of a single sign-on method, as shown in fig. 2, the method includes:
s101: receiving a login request aiming at a target service system in the at least two service systems, which is sent by a terminal; the login request at least carries UID information of the terminal;
s1021: sending a login information acquisition request to a portal system;
s1022: receiving a feedback result aiming at the acquisition request, wherein the feedback result is characterized by login information which is recorded by the portal system and corresponds to the UID information;
s1023: determining login information which is recorded by the portal system and corresponds to the UID information as login information which is required to be used by the terminal for logging in the target service system;
s103: acquiring a login information input area in a login page of the target service system;
s104: automatically inputting the login information in the login information input area;
s105: and automatically submitting the login information input in the login information input area so as to realize the single sign-on of the terminal to the target business system.
As a specific implementation of S102, the foregoing S1021 to S1023 obtain, through communication interaction with the portal system, login information corresponding to the UID of the terminal from the portal system as login information that the terminal needs to use to log in to the target business system. The scheme stores the login information which is required to be used when the terminal logs in the target service system in the portal system, and can facilitate the updating of the login information. Different terminals have different UID information, which is equivalent to different terminals corresponding to different identifiers, and the login information required to be used when the terminal logs in the target service system is obtained based on the UID information of the terminal, so that the acquisition accuracy of the login information can be greatly ensured. The aforementioned S101, S103, S104 and S105 can refer to the aforementioned related descriptions, and repeated descriptions are omitted.
In an optional embodiment, the login information input area comprises an account number input area and a password input area; accordingly, S103 and S104: the acquiring of the login information input area in the login page of the target service system and the automatic input of the login information in the login information input area comprise:
acquiring an account number input area and a password input area in the login page; and automatically filling account information in the login information into an account input area, and automatically filling password information in the login information into a password input area. The alternative scheme realizes the acquisition of the login information input area in the login page and the automatic filling of the login information, further realizes the replacement filling technology of the login information of the service side, and can bring good experience for users compared with the replacement filling technology of the login information which can be realized only by installing a plug-in at the client side in the related technology.
In an optional embodiment, the obtaining an account number input area and a password input area in the login page includes: acquiring an area comprising a first keyword in the login page and taking the area as an account input area, wherein the area comprising the first keyword is characterized in that the area is an area for account input; and acquiring an area comprising the second keyword in the login page and taking the area as a password input area, wherein the area comprising the second keyword is characterized in that the area is an area for inputting the password. In this alternative, in practical application, the prompt of the account number input area and the password input area is considered to be presented in the login page. If the (first) keyword "user name", "user" and "username" is used to prompt that the area behind the keyword is the account input area. The region behind the keyword is prompted as a password input region by the (second) keyword "password", and the like. According to the alternative scheme, the account number input area and the password input area of the login page can be accurately identified through identification of the keywords, and login information can be automatically input to an accurate area through accurate identification of the two input areas, so that successful login and successful access are realized.
An embodiment of the present application provides another embodiment of a single sign-on method, as shown in fig. 3, the method includes:
s301: receiving a login request aiming at a target service system in the at least two service systems, which is sent by a terminal; the login request at least carries UID information of the terminal;
s302: loading a Software Development Kit (SDK) to the landing page;
the SDK in this step is pre-developed and is loaded to the login page for use when needed.
S303: the SDK loaded to the login page obtains login information which is needed to be used when the terminal logs in the target service system based on the UID information;
s304: and acquiring a login information input area in the login page through the SDK, automatically inputting the login information in the login information input area, and automatically submitting the login information to realize single-point login of the terminal to the target service system.
In the scheme, the replacement filling technology of the login information is realized by loading the SDK into the login page of the target service system, so that the method is easy to realize in engineering and has strong practicability.
The embodiment of the application also provides an embodiment of a single sign-on method, which is applied to a portal system. As shown in fig. 4, the method includes:
s401: under the condition that a portal system displays icon identifications of at least two service systems, detecting operation generated by a user through the icon identifications of the terminal on the at least two service systems, and judging whether the terminal accesses the service systems through the portal system for the first time;
if yes, executing S402;
if no, S404 is executed.
S402: determining the service system targeted by the operation as a target service system under the condition that the terminal is judged to access the service system through the portal system for the non-first time; continuing to execute S403;
s403: obtaining UID information of the terminal; and the UID information is used for enabling the terminal to realize single sign-on of the target business system, and the process is finished.
S404: and under the condition that the terminal accesses the service system through the portal system for the first time, generating the UID information for the terminal, and ending the process.
In the foregoing solution, when it is determined that the terminal accesses the service system through the portal system for the first time, UID information is generated for the terminal, and when the terminal accesses the service system through the portal system for a second time, the portal system obtains the UID information by reading the UID information generated for the terminal. It can be understood that the UID information generated by the portal system for each terminal is different, so that different terminals have unique UID information, and the UID information can ensure the accuracy of the login information of the terminal obtained by the service system, thereby successfully realizing the successful login of the terminal in the service system.
In an optional embodiment, after S404, the method further comprises: and the portal system correspondingly records the login information and the UID information which are used when the terminal accesses the service system through the portal system for the first time to form a corresponding relation. In this optional embodiment, the portal system completes generation of the terminal UID and recording of the correspondence, which greatly facilitates the terminal to log in and access different service systems through the portal system.
The present application will be described in further detail with reference to the following drawings and specific embodiments.
In the application scenario, a client side is taken as a user terminal, a server side includes a portal system (portal), a plurality of business systems and a service platform, and login information includes an account and a password.
It should be understood that the portal system in the embodiment of the present application refers to an application system that leads to comprehensive internet information resources and provides related information services. In the application scenario, the user terminal installs the portal system, and a portal system display page (portal homepage) presented by the portal system can be as shown in fig. 5(a), and icon identifications of various service systems, such as icon identifications of service systems a-D, are displayed on the portal homepage. In practical applications, the business systems a-D may be any application that the user needs to use, such as a mall application, a payment application, a shopping application, etc.; but also music, mail, etc. As shown in fig. 5(b), the business system includes a mall application system, a shopping application system, music, mail, reading application system, and the like. If the user can select one of the icon identifications of the service system, for example, touch operation is performed on the icon identification A of the service system A, the terminal can enter the service system A to log in and access the service system A.
It can be understood that, in a specific implementation, in a case where a user logs in a business system through a portal homepage presented by a terminal, the user selects an icon of the business system that the user wishes to log in the portal homepage, and the portal system detects the selection operation and determines whether the terminal logs in the business system through the portal system for the first time. If so, the terminal presents a setting interface as shown in fig. 6, and the user sets an account and a password on the setting interface, and it is assumed in fig. 6 that the service system in which the user logs in the service system through the portal system for the first time is the service system a. And the portal system records the user name and the password set by the user and generates UID information for the terminal. In addition, the portal system takes the set account and the set password as the login information of the terminal and correspondingly records the login information and the UID information generated for the terminal to form a corresponding relation. The portal system can generate the UID information and the record of the corresponding relation for the terminal which firstly performs the service system login through the portal system, so that the terminal can automatically acquire the login information of the terminal under the condition that the terminal performs the service system login through the portal system next time, and the single-point login to the service system to be accessed can be realized without inputting an account number and a password. The login information needed to be used when the terminal logs in the target service system is stored in the portal system, and the user can conveniently update the login information through the portal system. In addition, the portal system generates different UID information for different terminals, which is equivalent to different terminals corresponding to different identifiers, and the login information required to be used when the terminal logs in the target service system is obtained based on the UID information of the terminal, so that the acquisition accuracy of the login information can be greatly ensured.
When the portal system determines that the terminal is not performing the login of the service system through the portal system for the first time, assuming that the terminal is performing the login for the second time, the terminal wants to log in the service system B (target service system), and a scheme of performing the single login on the server side according to the embodiment of the present application will be described based on the foregoing scenario and fig. 7 and 8.
S701: and when the portal system judges that the terminal is not logged in the service system through the portal system for the first time, the portal system reads the UID information and the SDK which is developed in advance for the terminal and feeds back the UID information and the SDK to the terminal.
It can be understood that in the application scenario, in order to implement the login information substitution technology of the server, the inventor purposely develops the SDK and stores the SDK in the portal system. And loading the terminal side when the terminal needs the terminal.
Different terminals have different UID information, which is equivalent to different terminals corresponding to different identifiers, and the login information required to be used when the terminal logs in the target service system is obtained based on the UID information of the terminal, so that the acquisition accuracy of the login information can be greatly ensured.
S702: the terminal sends a login request to a service platform of a business system B which the terminal wants to login;
it is understood that the login request includes UID information generated by the portal system for the terminal, and also includes a Uniform Resource Locator (URL) of the service system that the terminal wants to log in. In a specific implementation, to facilitate the sending of the request, the UID of the terminal generated by the portal system may be used as a part of the URL parameter of the service system B to which the terminal is to log in, for example, the login request is https:// oa1. com? uid 13424245. Wherein https:// oa1. com? The URL of the service system B is UID/UID 13424245, which is the UID information of the terminal.
S703: the service platform receives the login request, loads a login page of the business system B to be logged in by the terminal to the terminal side, and loads the SDK stored in the portal system received by the terminal side to the login page;
it can be understood that, in order to implement the login information substitution and filling technology of the server in the application scenario, the inventor specially develops the SDK, and the login information substitution and filling technology can be implemented by loading the SDK in the login page.
Wherein, on the technical level, through the code statement: < script src ═ http:// portal. com/jquery-pw-sso. js "> < script > the SDK was loaded into the landing page. It is understood that the SDK in the present application scenario is implemented by a js programming language.
It is understood that the above SDK loaded into the login page can be regarded as a plug-in that needs to be loaded on the server side, which can implement the login information substitution function of the server side.
S704: the service platform analyzes the UID information of the terminal from the login request through the SDK;
s705: the service platform sends a login information acquisition request to the portal system through the SDK, wherein the request carries UID information;
s706: the portal system receives the login information acquisition request, searches an account and a password corresponding to the UID information in the request from the recorded corresponding relation, takes the searched account and password as login information needed by the terminal to log in the service system B and sends the login information to the service platform;
here, the portal system sends the found account and password to the service platform as a feedback result for the login information acquisition request.
S707: the service platform receives a feedback result sent by the portal system;
s708: the service platform identifies an account number input area and a password input area of a login page through the SDK; automatically filling the account number in an account number input area and automatically filling the password information in a password input area;
in this step, all input boxes (input boxes) and submit buttons in the login page are identified by a document.getelementsbytagname ("input") statement in the scripting language js (javascript). The code segments of the SDK for acquiring all input boxes are as follows:
var inputs=document.getElementsByTagName("input");
for(var i=0;i<inputs.length;i++){
if(is_username(inputs[i].id){
v/find Account input Box, remember the value of id
}
if(is_password(inputs[i].id){
V/find password entry Box, remember the value of id
}
}
The account number input area in the identification login page can be regarded as an identification account number input box. Account name key values (first keywords) such as user name (title), account name (title), user, username, name, account, and name are often used in practical applications. The SDK preferentially judges which area in the login page has the keywords, and the area is considered as the account input area when the area appears. If the account input area is not found out through the keywords, the fuzzy matching algorithm is adopted to match the keywords, for example, a fuzzy matching query function regexp (keyword) is used, wherein the keyword can be user or name, and the like to perform fuzzy matching.
Wherein, the password input area in the identification login page can be regarded as an identification password input box. It is considered that in practical applications, password key values (second keys) such as password, pwd, mimea, etc. are frequently used. The SDK preferentially judges which area in the login page has the keywords, and the area is considered as the password input area when the area appears. If the password input area is not found through the keywords, a fuzzy matching algorithm is adopted to perform matching, such as regexp (keyword), and the keyword can be p, w, d, and the like to perform fuzzy matching. In the foregoing solution, any other reasonable method may be adopted for the method of identifying the password input box and the account input box.
Assuming that the account id found by the terminal with the portal system UID of xe13424245 is zhang, and the password is 123456, and the search code of the above input box is used, and the password input box id is pwd, the automatic input of the account and the password in the respective boxes can be realized by the following codes:
document. getelementbyid ("user"). value ═ zhangsan;
document.getElementById("pwd").value="123456";
in the step, the account number input box and the password input box of the login page can be accurately identified through identifying the keywords, and the accurate identification of the two input boxes can enable login information to be automatically input into the accurate input boxes, so that successful login and access can be realized.
S709: the service platform automatically submits the login page with the login information input to the service system B through the SDK, and the terminal automatically logs in the service system B.
In this step, the SDK identifies the submit button in the login page. The automatic submission can adopt document, getElementById ("button"). click () statement, thereby completing the automatic submission of the terminal to the service system B, and realizing single sign-on.
The foregoing S708 and S709 may be regarded as sdk (jquery-pw-sso. js file) to implement the process of the login information substitution function; and automatically acquiring input boxes of the form, such as a password input box and an account input box, automatically filling form values, such as an account and a password, and then automatically triggering the form to submit to complete the automatic single sign-on process.
In the scheme, the SDK is loaded into the login page of the target service system to realize the replacement and filling function of the login information, so that the identification of the login information input box in the login page and the automatic filling of the login information are realized, and compared with the replacement and filling technology in which the login information can be realized only by installing a plug-in at the client side in the related technology, the replacement and filling method can bring good experience for users. And the substitution and filling function of the login information is realized through the SDK, so that the method is easy to realize in engineering and has strong practicability.
Those skilled in the art can understand that, because the SDK developed in the embodiment of the present application is stored in the portal system, it is not on the service system nor on the browser of the terminal, and the dynamic loading can be performed when the terminal logs in the service system through the portal system. In addition, the SDK can be updated according to actual requirements, and the update can be realized by updating the jquery-pw-sso. For example, portal can be connected with servers of various manufacturers through the internet to obtain the latest jquery-pw-sso.js file, and replace the jquery-pw-sso.js file originally stored in a portal system, so that automatic updating is realized. The contents of the update mainly include: an algorithm to identify an account entry box, an algorithm to identify a password entry box, and/or an algorithm to identify a submit button.
The scheme can be applied to the interior of an enterprise or an enterprise, wherein the user is an enterprise employee, and the business system is a business system of the enterprise or the enterprise, such as a financial system, a manpower system, a research and development department system and the like; the portal system can provide an entrance for the enterprise staff to log in or access to each business system of the enterprise or the unit, and the enterprise staff can realize the log-in and access to each business system through the portal system only by inputting the account and the password once by applying the scheme. The single sign-on scheme does not need to install additional plug-ins to terminals of enterprise employees, provides convenience for the enterprise employees and improves use experience. In addition, the scheme for realizing single sign-on based on the server side is convenient to realize real-time update of the SDK, and can solve the problem that the conventional login information substitution and filling technology identifies inaccurate page elements such as an account input box and a password input box, thereby improving the substitution and filling accuracy.
It should be understood by those skilled in the art that all the service systems in the embodiment of the present application may share one service platform, or part of the service systems may share one service platform, or each service system may use a dedicated service platform. Preferably all business systems share a service platform.
An embodiment of the present application further provides a service system, as shown in fig. 9, where the system includes: a receiving unit 801, an obtaining unit 802, an obtaining unit 803, an input unit 804, and a submitting unit 805;
a receiving unit 801, configured to receive a login request sent by a terminal for a target service system of the at least two service systems; the login request at least carries UID information of the terminal;
an obtaining unit 802, configured to obtain login information that needs to be used when the terminal logs in to the target service system based on the UID information of the terminal;
an obtaining unit 803, configured to obtain a login information input area in a login page of the target service system;
an input unit 804, configured to perform automatic input of the login information in the login information input area;
a submitting unit 805, configured to automatically submit the login information input in the login information input area to implement single sign-on of the terminal to the target service system.
In an optional scheme, the obtaining unit 802 is configured to send a login information obtaining request to the portal system; receiving a feedback result aiming at the acquisition request, wherein the feedback result is characterized by login information which is recorded by the portal system and corresponds to the UID information; and determining that the login information recorded by the portal system and corresponding to the UID information is the login information which is required to be used by the terminal for logging in the target service system.
In an optional scheme, the login information input area comprises an account number input area and a password input area; an obtaining unit 803, configured to obtain an account number input area and a password input area in the login page; an input unit 804, configured to automatically fill in account information in the login information to an account input area, and automatically fill in password information in the login information to a password input area.
In an optional scheme, the obtaining unit 803 is configured to obtain an area including a first keyword in the login page, and use the area as an account entry area, where the area including the first keyword is characterized as an area for account entry; and acquiring an area comprising the second keyword in the login page and taking the area as a password input area, wherein the area comprising the second keyword is characterized in that the area is an area for inputting the password.
In an optional scheme, the system further includes a loading unit, configured to load the SDK to the login page; obtaining login information needed to be used by the terminal for logging in the target service system based on the UID information by the SDK loaded to the login page; and the SDK identifies a login information input area in the login page, automatically inputs the login information in the login information input area, and automatically submits the login information.
It can be understood that the receiving Unit 801, the obtaining Unit 802, the obtaining Unit 803, the inputting Unit 804 and the submitting Unit 805 in the service system may be implemented by a Central Processing Unit (CPU), a Digital Signal Processor (DSP), a Micro Control Unit (MCU) or a Programmable Gate Array (FPGA) of the service system in practical application.
An embodiment of the present application further provides a portal system, as shown in fig. 10, including: a display unit 901, a detection and judgment unit 902, a determination unit 903 and an acquisition unit 904; wherein the content of the first and second substances,
a display unit 901, configured to display icon identifiers of at least two service systems;
a detecting and determining unit 902, configured to detect, when the display unit displays the icon identifiers of the at least two service systems, an operation that is generated by a user through a terminal on the icon identifiers of the at least two service systems, and determine whether the terminal accesses the service systems through the portal system for the first time;
a determining unit 903, configured to determine, when the detecting and determining unit determines that the terminal accesses the service system through the portal system for a non-first time, that the service system targeted by the operation is a target service system;
an obtaining unit 904, configured to obtain UID information of the terminal; and the UID information is used for enabling the terminal to realize single sign-on of the target business system.
In an optional scheme, the determining unit 903 is configured to generate the UID information for the terminal when it is determined that the terminal accesses the service system through a portal system for the first time.
In an optional scheme, the portal system further includes a recording unit, configured to correspondingly record login information used when the terminal accesses the service system through the portal system for the first time, and the UID information.
It should be noted that, in the service system and the portal system according to the embodiment of the present application, because the problem solving principle of the service system and the portal system is similar to that of the single sign-on method, the implementation process and the implementation principle of the service system and the portal system can be described by referring to the implementation process and the implementation principle of the method, and repeated details are not repeated.
It can be understood that the display Unit 901, the detection and judgment Unit 902, the determination Unit 903 and the obtaining Unit 904 in the portal system can be implemented by a Central Processing Unit (CPU), a Digital Signal Processor (DSP), a Micro Control Unit (MCU) or a Programmable Gate Array (FPGA) of the portal system in practical application.
An embodiment of the present application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is configured to, when executed by a processor, perform at least the steps of the method shown in any one of fig. 1 to 8. The computer readable storage medium may be specifically a memory. The memory may be memory 62 as shown in fig. 11.
The embodiment of the application also provides a terminal. Fig. 11 is a schematic hardware structure diagram of a service platform and/or a portal system according to an embodiment of the present application, and as shown in fig. 11, the service platform and/or the portal system includes: a communication component 63 for data transmission, at least one processor 61 and a memory 62 for storing computer programs capable of running on the processor 61. The various components in the terminal are coupled together by a bus system 64. It will be appreciated that the bus system 64 is used to enable communications among the components. The bus system 64 includes a power bus, a control bus, and a status signal bus in addition to the data bus. For clarity of illustration, however, the various buses are labeled as bus system 64 in FIG. 11.
Wherein the processor 61 executes the computer program to perform at least the steps of the method of any of fig. 1 to 8.
It will be appreciated that the memory 62 can be either volatile memory or nonvolatile memory, and can include both volatile and nonvolatile memory. Among them, the nonvolatile Memory may be a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a magnetic random access Memory (FRAM), a Flash Memory (Flash Memory), a magnetic surface Memory, an optical disk, or a Compact Disc Read-Only Memory (CD-ROM); the magnetic surface storage may be disk storage or tape storage. Volatile memory can be Random Access Memory (RAM), which acts as external cache memory. By way of illustration and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Synchronous Static Random Access Memory (SSRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic Random Access Memory (SDRAM), Double Data Rate Synchronous Dynamic Random Access Memory (DDRSDRAM), Enhanced Synchronous Dynamic Random Access Memory (ESDRAM), Enhanced Synchronous Dynamic Random Access Memory (Enhanced DRAM), Synchronous Dynamic Random Access Memory (SLDRAM), Direct Memory (DRmb Access), and Random Access Memory (DRAM). The memory 62 described in embodiments herein is intended to comprise, without being limited to, these and any other suitable types of memory.
The method disclosed in the above embodiments of the present application may be applied to the processor 61, or implemented by the processor 61. The processor 61 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 61. The processor 61 described above may be a general purpose processor, a DSP, or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The processor 61 may implement or perform the methods, steps and logic blocks disclosed in the embodiments of the present application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software modules may be located in a storage medium located in the memory 62, and the processor 61 reads the information in the memory 62 and performs the steps of the aforementioned method in conjunction with its hardware.
In an exemplary embodiment, the portal system and/or business system may be implemented by one or more Application Specific Integrated Circuits (ASICs), DSPs, Programmable Logic Devices (PLDs), Complex Programmable Logic Devices (CPLDs), FPGAs, general purpose processors, controllers, MCUs, microprocessors (microprocessors), or other electronic components for performing the aforementioned single sign-on method.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of the unit is only a logical functional division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, all functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may be separately regarded as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Alternatively, the integrated units described above in the present application may be stored in a computer-readable storage medium if they are implemented in the form of software functional modules and sold or used as independent products. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially implemented or portions thereof contributing to the prior art may be embodied in the form of a software product stored in a storage medium, and including several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a removable storage device, a ROM, a RAM, a magnetic or optical disk, or various other media that can store program code.
The methods disclosed in the several method embodiments provided in the present application may be combined arbitrarily without conflict to obtain new method embodiments.
Features disclosed in several of the product embodiments provided in the present application may be combined in any combination to yield new product embodiments without conflict.
The features disclosed in the several method or apparatus embodiments provided in the present application may be combined arbitrarily, without conflict, to arrive at new method embodiments or apparatus embodiments.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (11)
1. A single sign-on method is applied to service platforms of at least two business systems, and is characterized by comprising the following steps:
receiving a login request aiming at a target service system in the at least two service systems, which is sent by a terminal; the login request at least carries user identity authentication information of the terminal;
obtaining login information which is required to be used by the terminal for logging in the target service system based on the user identity authentication information;
acquiring a login information input area in a login page of the target service system;
automatically inputting the login information in the login information input area;
and automatically submitting the login information input in the login information input area so as to realize the single sign-on of the terminal to the target business system.
2. The method according to claim 1, wherein the obtaining login information that the terminal needs to use to log in to the target service system based on the user identification information comprises:
sending a login information acquisition request to a portal system, wherein the request carries the user identity information;
receiving a feedback result aiming at the acquisition request, wherein the feedback result is characterized by login information which is recorded by the portal system and corresponds to the user identity authentication information;
and determining that the login information recorded by the portal system and corresponding to the user identity authentication information is the login information which is required to be used when the terminal logs in the target service system.
3. The method according to claim 1 or 2, wherein the login information input field comprises an account number input field and a password input field;
correspondingly, the obtaining of the login information input area in the login page of the target service system and the automatic input of the login information in the login information input area include:
acquiring an account number input area and a password input area in the login page;
and automatically filling account information in the login information into an account input area, and automatically filling password information in the login information into a password input area.
4. The method of claim 3, wherein the obtaining an account number input field and a password input field in the login page comprises:
acquiring an area comprising a first keyword in the login page and taking the area as an account input area, wherein the area comprising the first keyword is characterized in that the area is an area for account input;
and acquiring an area comprising the second keyword in the login page and taking the area as a password input area, wherein the area comprising the second keyword is characterized in that the area is an area for inputting the password.
5. The method according to any one of claims 1 to 4, further comprising:
loading a software toolkit to the landing page;
correspondingly, the login information required to be used when the terminal logs in the target service system is obtained based on the user identity authentication information; acquiring a login information input area in a login page of the target service system; automatically inputting the login information in the login information input area; automatically submitting the login information entered in the login information entry area, comprising:
the software toolkit loaded to the login page acquires login information needed to be used when the terminal logs in the target service system based on the user identity authentication information;
and acquiring a login information input area in the login page through the software toolkit, automatically inputting the login information in the login information input area, and automatically submitting the login information.
6. A single sign-on method is applied to a portal system, and is characterized in that the method comprises the following steps:
in case the portal system displays icon identifications of at least two business systems,
detecting operation generated by a user through icon identifications of a terminal to at least two service systems, and judging whether the terminal accesses the service systems through the portal system for the first time;
determining the service system targeted by the operation as a target service system under the condition that the terminal is judged to access the service system through the portal system for the non-first time;
acquiring user identity authentication information of the terminal; and the user identity authentication information is used for enabling the terminal to realize single sign-on of the target service system.
7. The method of claim 6, further comprising:
and generating the user identity information for the terminal under the condition that the terminal accesses the service system through the portal system for the first time.
8. The method of claim 7, further comprising:
and correspondingly recording the login information used when the terminal accesses the service system through the portal system for the first time and the user identity information.
9. A service platform, comprising:
a receiving unit, configured to receive a login request sent by a terminal for a target service system of the at least two service systems; the login request at least carries user identity authentication information of the terminal;
an obtaining unit, configured to obtain login information that needs to be used when the terminal logs in the target service system based on the user identification information;
the acquisition unit is used for acquiring a login information input area in a login page of the target service system;
an input unit for automatically inputting the login information in the login information input area;
and the submitting unit is used for automatically submitting the login information input in the login information input area so as to realize the single sign-on of the terminal to the target service system.
10. A portal system, comprising:
the display unit is used for displaying the icon identifications of at least two service systems;
the detection and judgment unit is used for detecting the operation generated by the user through the icon identifications of the at least two service systems by the terminal under the condition that the icon identifications of the at least two service systems are displayed by the display unit, and judging whether the terminal accesses the service systems through the portal system for the first time;
the determining unit is used for determining that the service system targeted by the operation is a target service system under the condition that the detecting and judging unit judges that the terminal accesses the service system through the portal system for a non-first time;
an obtaining unit, configured to obtain user identification information of the terminal; and the user identity authentication information is used for enabling the terminal to realize single sign-on of the target service system.
11. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the steps of the method of one of the claims 1 to 5 and/or of one of the claims 6 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010095020.7A CN111259355A (en) | 2020-02-12 | 2020-02-12 | Single sign-on method, portal system and service platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010095020.7A CN111259355A (en) | 2020-02-12 | 2020-02-12 | Single sign-on method, portal system and service platform |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111259355A true CN111259355A (en) | 2020-06-09 |
Family
ID=70952798
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010095020.7A Pending CN111259355A (en) | 2020-02-12 | 2020-02-12 | Single sign-on method, portal system and service platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111259355A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111736830A (en) * | 2020-06-17 | 2020-10-02 | 浙江申跃信息科技有限公司 | Page integration method based on symbolic path analysis |
| CN111737717A (en) * | 2020-06-28 | 2020-10-02 | 深信服科技股份有限公司 | Authority management and control method, system, equipment and computer readable storage medium |
| CN112055017A (en) * | 2020-09-02 | 2020-12-08 | 中国平安财产保险股份有限公司 | Single-account multi-application unified login method and device and computer equipment |
| CN114095483A (en) * | 2021-10-26 | 2022-02-25 | 深信服科技股份有限公司 | Password substitution filling method and device, electronic equipment and storage medium |
| CN115150141A (en) * | 2022-06-22 | 2022-10-04 | 青岛海信网络科技股份有限公司 | Single sign-on method and single management equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101075875A (en) * | 2007-06-14 | 2007-11-21 | 中国电信股份有限公司 | Method and system for realizing monopoint login between gate and system |
| CN101166173A (en) * | 2006-10-20 | 2008-04-23 | 北京直真节点技术开发有限公司 | A single-node login system, device and method |
| JP2009003559A (en) * | 2007-06-19 | 2009-01-08 | Fuji Xerox Co Ltd | Computer system for single sign-on server, and program |
| WO2016173199A1 (en) * | 2015-04-30 | 2016-11-03 | 中兴通讯股份有限公司 | Mobile application single sign-on method and device |
| CN107770151A (en) * | 2017-09-01 | 2018-03-06 | 北京中燕信息技术有限公司 | A kind of enterprise's integrated work management system and its method |
| CN110784450A (en) * | 2019-09-24 | 2020-02-11 | 云深互联(北京)科技有限公司 | Single sign-on method and device based on browser |
-
2020
- 2020-02-12 CN CN202010095020.7A patent/CN111259355A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101166173A (en) * | 2006-10-20 | 2008-04-23 | 北京直真节点技术开发有限公司 | A single-node login system, device and method |
| CN101075875A (en) * | 2007-06-14 | 2007-11-21 | 中国电信股份有限公司 | Method and system for realizing monopoint login between gate and system |
| JP2009003559A (en) * | 2007-06-19 | 2009-01-08 | Fuji Xerox Co Ltd | Computer system for single sign-on server, and program |
| WO2016173199A1 (en) * | 2015-04-30 | 2016-11-03 | 中兴通讯股份有限公司 | Mobile application single sign-on method and device |
| CN106209726A (en) * | 2015-04-30 | 2016-12-07 | 中兴通讯股份有限公司 | A kind of Mobile solution single-point logging method and device |
| CN107770151A (en) * | 2017-09-01 | 2018-03-06 | 北京中燕信息技术有限公司 | A kind of enterprise's integrated work management system and its method |
| CN110784450A (en) * | 2019-09-24 | 2020-02-11 | 云深互联(北京)科技有限公司 | Single sign-on method and device based on browser |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111736830A (en) * | 2020-06-17 | 2020-10-02 | 浙江申跃信息科技有限公司 | Page integration method based on symbolic path analysis |
| CN111737717A (en) * | 2020-06-28 | 2020-10-02 | 深信服科技股份有限公司 | Authority management and control method, system, equipment and computer readable storage medium |
| CN111737717B (en) * | 2020-06-28 | 2024-04-09 | 深信服科技股份有限公司 | Authority management and control method, system, equipment and computer readable storage medium |
| CN112055017A (en) * | 2020-09-02 | 2020-12-08 | 中国平安财产保险股份有限公司 | Single-account multi-application unified login method and device and computer equipment |
| CN114095483A (en) * | 2021-10-26 | 2022-02-25 | 深信服科技股份有限公司 | Password substitution filling method and device, electronic equipment and storage medium |
| CN115150141A (en) * | 2022-06-22 | 2022-10-04 | 青岛海信网络科技股份有限公司 | Single sign-on method and single management equipment |
| CN115150141B (en) * | 2022-06-22 | 2024-03-08 | 青岛海信网络科技股份有限公司 | Single sign-on method and single point management equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111259355A (en) | Single sign-on method, portal system and service platform | |
| US8898764B2 (en) | Authenticating user through web extension using token based authentication scheme | |
| US9459888B2 (en) | Implementing browser based hypertext transfer protocol session storage | |
| US10587653B2 (en) | Policy approval layer | |
| CN108701309A (en) | A kind of distributed user profile authentication system for security of e-commerce transactions | |
| US8838679B2 (en) | Providing state service for online application users | |
| CN111695156A (en) | Service platform access method, device, equipment and storage medium | |
| CN107613005B (en) | Reverse proxy method and device, electronic device and storage medium | |
| US8650405B1 (en) | Authentication using dynamic, client information based PIN | |
| CN104580075A (en) | User login validation method, device and system | |
| US9137094B1 (en) | Method for setting DNS records | |
| CN111651347B (en) | Jump verification method, device, equipment and storage medium of test system | |
| CN112528262A (en) | Application program access method, device, medium and electronic equipment based on token | |
| US11431699B2 (en) | Method and device for processing user operation | |
| CN108173875B (en) | Page login method and device, electronic equipment and storage medium | |
| CN110708335A (en) | Access authentication method and device and terminal equipment | |
| CN106714206A (en) | Method and device for detecting network connection by wireless network access point | |
| CN105141605A (en) | Session method, web server and browser | |
| CN112953962A (en) | Domain name access method and device | |
| US20150324598A1 (en) | Method and System for Managing Uniquely Identifiable Bookmarklets | |
| CN111880858A (en) | Document processing and instant messaging method, device, electronic equipment and storage medium | |
| CN110677506A (en) | Network access method, device, computer equipment and storage medium | |
| CN111935107B (en) | Identity authentication method, device, system, electronic equipment and storage medium | |
| CN113761509A (en) | iframe verification login method and device | |
| CN112905990A (en) | Access method, client, server and access system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |