CN112087425B - Login method, equipment and medium of ERP software system - Google Patents
Login method, equipment and medium of ERP software system Download PDFInfo
- Publication number
- CN112087425B CN112087425B CN202010752248.9A CN202010752248A CN112087425B CN 112087425 B CN112087425 B CN 112087425B CN 202010752248 A CN202010752248 A CN 202010752248A CN 112087425 B CN112087425 B CN 112087425B
- Authority
- CN
- China
- Prior art keywords
- user
- login
- authentication center
- user information
- application identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Abstract
The invention relates to a login method, equipment and a medium of an ERP software system, wherein the ERP software system comprises a first system and a second system, and the method comprises the following steps: the authentication center receives a login request of a user of a first system for requesting to login a second system; the authentication center determines whether the user has the authority to log in the second system or not according to the application identifier in the login request; and if the user does not have the authority of logging in the second system, the authentication center verifies the user through the callback address in the login request. The embodiment of the invention does not need each system to maintain a set of user information and single-point information by unifying the user systems. But performs unified management using only one set of user information. And shielding the single sign-on mode of each system and carrying out unified processing.
Description
Technical Field
The invention relates to the technical field of ERP software systems, in particular to a login method, equipment and a medium of an ERP software system.
Background
Under the global economic environment, enterprises increasingly need the support of a complete integrated management information system, and continuously perform business process optimization and recombination by means of information technology so as to form and maintain core competitiveness. The emergence of Enterprise Resource Planning (ERP) software enables an Enterprise to avoid the development of a high-risk information system, and an information system which meets the actual needs of the Enterprise and can meet the future needs can be efficiently obtained only by quickly realizing and combining the implementation process of the characteristics of the Enterprise.
In the process of ERP software integration, developers often encounter the following scenarios: the customer information system is built by different manufacturers, and each system needs to jump to each other to complete the whole business process; in the process of mutual jumping among systems, a single-point login mode is generally adopted, single-point connection and single-point information are configured, and the maintenance workload is large and unstable.
Disclosure of Invention
The present invention aims to solve the following technical problems at least to some extent.
Mutual skip authentication is needed among the systems, so that the working pressure of the systems is increased;
each system logs in a single sign-on mode, and maintenance workload is large and unstable.
A first aspect of an embodiment of the present invention provides a login method for an ERP software system, where the ERP software system includes a first system and a second system, and the method includes:
the authentication center receives a login request of a user of a first system for requesting to login a second system;
the authentication center determines whether the user has the authority to log in the second system or not according to the application identifier in the login request;
and if the user does not have the authority of logging in the second system, the authentication center verifies the user through the callback address in the login request.
The embodiment of the invention unifies the user systems, and each system does not need to maintain a set of user information and single-point information. But performs unified management using only one set of user information. And shielding the single sign-on mode of each system and carrying out unified processing.
In one example, the causing the user to jump to an authentication center for verification through a callback address in the login request includes:
the authentication center verifies the application identification and feeds back the application identification to the first system so as to enable the first system to obtain the user information of the user and enable the first system to enable the user to log in the second system according to the user information and the target address in the login request.
In one example, the verifying the application identifier and feeding back to the first system by the certificate authority so that the first system obtains the user information of the user includes:
verifying the application identifier through the authentication center, so that the first system obtains a third-party login authorization code;
and receiving the third-party login authorization code and the user number sent by the first system, and feeding back the user information to the first system through the third-party login authorization code and the user number.
According to the embodiment of the invention, the problem of malicious access to the authentication center is reduced by verifying the first system.
In one example, the feeding back the user information to the first system through the third-party login authorization code and the number of the user includes:
and verifying the third-party login authorization code and the number of the user through the authentication center, so that the first system obtains a login token, and the first system analyzes the login token to obtain the user information.
According to the embodiment of the invention, the risk of user information leakage is reduced and the safety of the user information is improved in a token login mode.
In one example, said causing said first system to parse said login token comprises:
and if the first system fails to analyze the login token within a certain time after the first system acquires the token, acquiring the login token from the authentication center again.
The embodiment of the invention further enhances the security of the user token by setting the time efficiency of the login token.
In one example, the analyzing, by the first system, the login token to obtain the user information includes:
and the first system decrypts the login token through a decryption algorithm to acquire the user information.
The embodiment of the invention verifies and analyzes the login token through the encryption and decryption algorithm, thereby improving the safety in the data transmission process.
In one embodiment, further comprising:
the first system stores the target address in the login request in a time domain.
In one example, the user information is related to a service, and includes at least one of: serial number, password, position, department.
A second aspect of an embodiment of the present invention provides a login device based on an ERP software system, including:
a processor; and
a memory communicatively coupled to the processor, wherein,
the memory has stored thereon instructions executable by the processor to cause the processor to:
the authentication center receives a login request of a user of a first system for requesting to login a second system;
the authentication center determines whether the user has the authority to log in the second system or not according to the application identifier in the login request;
and if the user does not have the authority of logging in the second system, the authentication center verifies the user through the callback address in the login request.
The embodiment of the invention does not need each system to maintain a set of user information and single-point information by unifying the user systems. But performs unified management using only one set of user information. And shielding the single sign-on mode of each system and carrying out unified processing.
A third aspect of an embodiment of the present invention provides a login nonvolatile computer storage medium based on an ERP software system, in which computer-executable instructions are stored, where the computer-executable instructions are configured to:
the authentication center receives a login request of a user of a first system for requesting to login a second system;
the authentication center determines whether the user has the authority to log in the second system or not according to the application identifier in the login request;
and if the user does not have the authority of logging in the second system, the authentication center verifies the user through the callback address in the login request.
The embodiment of the invention unifies the user systems, and each system does not need to maintain a set of user information and single-point information. But performs unified management using only one set of user information. And shielding the single sign-on mode of each system and carrying out unified processing.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a schematic flow chart of a method provided by an embodiment of the present invention;
FIG. 2 is a schematic diagram of a system framework provided by an embodiment of the present invention;
fig. 3 is a schematic diagram of an apparatus framework according to an embodiment of the present invention.
Detailed Description
In order to more clearly explain the overall concept of the present application, the following detailed description is given by way of example in conjunction with the accompanying drawings.
The existing single sign-on mode has large workload, and the single point information needs to be updated in time after being changed. If the update is not timely, the jump cannot be carried out. The maintenance work load is very large.
Therefore, the embodiment of the invention improves and perfects the traditional system integration mode, and by means of the technical scheme provided by the embodiment of the invention, when the user information changes, the user information does not need to manually maintain single-point information, and a program does not need to be modified to complete normal system jump, and the maintenance workload is zero.
The embodiment of the invention does not use a single-point mode in the system jumping process, but uses a unified authentication and authorization mode to jump the system. And judging whether the target system is logged in or not when the target system is accessed, if not, jumping to a unified authentication interface, and simultaneously transmitting a callback address. And after the unified authentication system logs in, requesting the callback address to jump to a corresponding target system.
According to a first aspect of the embodiments of the present invention, the present invention provides a login method for an ERP software system, and fig. 1 is a schematic flow chart of the method of the present invention, as shown in the figure, the method includes:
s101, an authentication center receives a login request of a user of a first system for requesting to login a second system;
s102, the authentication center determines whether the user has the authority to log in the second system according to the application identifier in the login request;
s103, if the user does not have the right to log in the second system, the authentication center verifies the user through the callback address in the login request.
The embodiment of the invention unifies the user systems, and does not need each system to maintain a set of user information and single-point information. But performs unified management using only one set of user information. Shielding the single sign-on mode of each system and carrying out unified processing
Fig. 2 is a schematic diagram of a system framework according to an embodiment of the present invention, as shown in fig. 2, which mainly includes: the system comprises a first system, a second system and an authentication center, wherein the first system and the second system are integrated in an ERP system.
Firstly, a user in a first system wants to log in a second system, a link for logging in the second system is hung in the first system, the first system initiates a login request to the second system, and the request is sent to an authentication center for verification.
Specifically, the login request includes an application identifier, a callback address, and a destination address, and the verification center determines whether the first system is authorized to jump to the second system according to the application identifier, and if the first system is authorized to jump to the second system according to the destination address, it is understood that the authorized situation may be that a pre-authentication agreement is reached in the authentication center in advance. And if the user does not have the right to log in the second system, the authentication center verifies the user through the callback address in the login request, for example, a login interface is displayed on a display interface of the user.
The authentication center verifies the application identifier and feeds back the application identifier to the first system so that the first system can acquire the user information of the user and the first system can log the user in the second system according to the user information and the target address in the login request. The following describes the authentication process of the authentication center in detail.
The first system sends the authentication identification to the authentication center for verification, and at the same time, the first system stores the target address in the time domain (Session),
verifying the application identifier through the authentication center, and enabling the first system to acquire a third-party login authorization code (English: OAuthCode) after the application identifier is verified;
and the first system sends the third-party login authorization code and the number of the user to an authentication center for verification.
And the authentication center receives the third-party login authorization code and the user number sent by the first system, and feeds back the user information to the first system through the third-party login authorization code and the user number.
In some preferred embodiments of the present invention, the authentication center verifies the third-party login authorization code and the number of the user, so that the first system obtains a login Token (english: token), and the first system analyzes the login Token to obtain the user information. The login token may be cached in the code. The login token has a certain time limit, for example, two hours, and after the time limit is exceeded, the user information cannot be acquired, and the login token needs to be acquired again.
Specifically, if the first system fails to analyze the login token within a certain time after the first system acquires the token, the first system acquires the login token from the authentication center again.
The login token is generated by the authentication center through encryption algorithm, after the first system acquires the login token, the login token is decrypted through decryption algorithm to acquire user information of the user, wherein the user information comprises but is not limited to service information of a user such as a number, a password, a position, a department and the like.
And the first system reads the target address from the time domain according to the acquired complete user information and skips. After jumping, each second system constructs the context of the system according to the transferred user information. The whole jump process is completed. During the period, the user information only needs to be maintained to one place to issue the main data, and the maintenance in each system is not needed.
Along these same lines, the present examples provide apparatus and non-volatile computer storage media that correspond to the methods described above.
Fig. 3 is a schematic diagram of an equipment framework provided in an embodiment of the present invention, and as shown in fig. 3, a login device based on an ERP software system includes:
a processor; and
a memory communicatively coupled to the processor, wherein,
the memory has stored thereon instructions executable by the processor to enable the processor to:
the authentication center receives a login request of a user of a first system for requesting to login a second system;
the authentication center determines whether the user has the authority to log in the second system or not according to the application identifier in the login request;
and if the user does not have the authority of logging in the second system, the authentication center verifies the user through the callback address in the login request.
The embodiment of the invention also provides a login nonvolatile computer storage medium based on an ERP software system, which corresponds to the method shown in FIG. 1, and the login nonvolatile computer storage medium stores computer executable instructions, and the computer executable instructions are set as follows:
the authentication center receives a login request of a user of a first system for requesting to login a second system;
the authentication center determines whether the user has the authority to log in the second system or not according to the application identifier in the login request;
and if the user does not have the authority of logging in the second system, the authentication center verifies the user through the callback address in the login request.
The embodiments of the present invention are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment is described with emphasis on differences from other embodiments. In particular, for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and reference may be made to the partial description of the method embodiment for relevant points.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the application.
Claims (6)
1. A login method of an ERP software system is characterized in that the ERP software system comprises a first system and a second system, and the method comprises the following steps:
the authentication center receives a login request of a user of a first system for requesting to login a second system;
the authentication center determines whether the user has the authority to log in the second system or not according to the application identifier in the login request;
if the user does not have the right to log in the second system, the authentication center verifies the user through a callback address in the login request; the step of skipping the user to an authentication center for verification through the callback address in the login request comprises the following steps:
the authentication center verifies the application identifier and feeds back the application identifier to the first system so that the first system can acquire the user information of the user and the first system can log the user in the second system according to the user information and the target address in the login request;
the authentication center verifies the application identifier and feeds back the application identifier to the first system so that the first system obtains the user information of the user, and the method comprises the following steps:
verifying the application identifier through the authentication center, so that the first system obtains a third-party login authorization code;
receiving the third-party authorization code and the number of the user sent by the first system, and feeding back the user information to the first system through the third-party login authorization code and the number of the user; the feeding back the user information to the first system through the third-party login authorization code and the number of the user includes:
verifying the third-party login authorization code and the number of the user through the authentication center, so that the first system obtains a login token, and the first system analyzes the login token to obtain the user information; said causing said first system to parse said login token comprises:
and if the first system fails to analyze the login token within a certain time after the first system acquires the token, acquiring the login token from the authentication center again.
2. The method of claim 1, wherein the first system parsing the login token to obtain the user information comprises:
and the first system decrypts the login token through a decryption algorithm to acquire the user information.
3. The method of claim 1, further comprising:
the first system stores the target address in the login request in a time domain.
4. The method of claim 1, wherein the user information is related to a service and comprises at least one of: serial number, password, position, department.
5. A login device based on an ERP software system is characterized by comprising:
a processor; and
a memory communicatively coupled to the processor, wherein,
the memory has stored thereon instructions executable by the processor to enable the processor to:
the authentication center receives a login request of a user of a first system for requesting to login a second system;
the authentication center determines whether the user has the authority to log in the second system or not according to the application identifier in the login request;
if the user does not have the authority of logging in the second system, the authentication center verifies the user through a callback address in the login request; the step of enabling the user to skip to an authentication center for verification through the callback address in the login request comprises the following steps:
the authentication center verifies the application identifier and feeds back the application identifier to the first system so that the first system can acquire the user information of the user and the first system can log the user in the second system according to the user information and the target address in the login request;
the authentication center verifies the application identifier and feeds back the application identifier to the first system so that the first system obtains the user information of the user, and the method comprises the following steps:
verifying the application identifier through the authentication center, so that the first system obtains a third-party login authorization code;
receiving the third-party authorization code and the number of the user sent by the first system, and feeding back the user information to the first system through the third-party login authorization code and the number of the user; the feeding back the user information to the first system through the third-party login authorization code and the number of the user includes:
verifying the third-party login authorization code and the number of the user through the authentication center, so that the first system obtains a login token, and the first system analyzes the login token to obtain the user information; said causing said first system to parse said login token comprises:
and if the first system fails to analyze the login token within a certain time after the first system acquires the token, acquiring the login token from the authentication center again.
6. A login non-volatile computer storage medium based on an ERP software system, storing computer-executable instructions configured to:
the authentication center receives a login request of a user of a first system for requesting to login a second system;
the authentication center determines whether the user has the authority to log in the second system or not according to the application identifier in the login request;
if the user does not have the right to log in the second system, the authentication center verifies the user through a callback address in the login request; the step of skipping the user to an authentication center for verification through the callback address in the login request comprises the following steps:
the authentication center verifies the application identifier and feeds back the application identifier to the first system so that the first system can acquire the user information of the user and the first system can log the user in the second system according to the user information and the target address in the login request;
the authentication center verifies the application identifier and feeds back the application identifier to the first system so that the first system obtains the user information of the user, and the method comprises the following steps:
verifying the application identifier through the authentication center, so that the first system obtains a third-party login authorization code;
receiving the third-party authorization code and the number of the user sent by the first system, and feeding back the user information to the first system through the third-party login authorization code and the number of the user; the feeding back the user information to the first system through the third-party login authorization code and the number of the user includes:
verifying the third-party login authorization code and the number of the user through the authentication center, so that the first system obtains a login token, and the first system analyzes the login token to obtain the user information; said causing said first system to parse said login token comprises:
and if the first system fails to analyze the login token within a certain time after the first system acquires the token, acquiring the login token from the authentication center again.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010752248.9A CN112087425B (en) | 2020-07-30 | 2020-07-30 | Login method, equipment and medium of ERP software system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010752248.9A CN112087425B (en) | 2020-07-30 | 2020-07-30 | Login method, equipment and medium of ERP software system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112087425A CN112087425A (en) | 2020-12-15 |
| CN112087425B true CN112087425B (en) | 2022-11-29 |
Family
ID=73734771
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010752248.9A Active CN112087425B (en) | 2020-07-30 | 2020-07-30 | Login method, equipment and medium of ERP software system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112087425B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113328862B (en) * | 2021-06-15 | 2022-07-22 | 支付宝(杭州)信息技术有限公司 | Enterprise personnel authentication method, device and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107070880A (en) * | 2017-02-16 | 2017-08-18 | 济南浪潮高新科技投资发展有限公司 | A kind of method and system of single-sign-on, a kind of authentication center's server |
| WO2020087778A1 (en) * | 2018-11-02 | 2020-05-07 | 深圳壹账通智能科技有限公司 | Multiple system login method, apparatus, computer device and storage medium |
| CN111259368A (en) * | 2019-11-07 | 2020-06-09 | 深圳市远行科技股份有限公司 | Method and equipment for logging in system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107682184B (en) * | 2017-09-25 | 2019-10-11 | 平安科技(深圳)有限公司 | Cloud service platform region resource extended method, device, equipment and storage medium |
-
2020
- 2020-07-30 CN CN202010752248.9A patent/CN112087425B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107070880A (en) * | 2017-02-16 | 2017-08-18 | 济南浪潮高新科技投资发展有限公司 | A kind of method and system of single-sign-on, a kind of authentication center's server |
| WO2020087778A1 (en) * | 2018-11-02 | 2020-05-07 | 深圳壹账通智能科技有限公司 | Multiple system login method, apparatus, computer device and storage medium |
| CN111259368A (en) * | 2019-11-07 | 2020-06-09 | 深圳市远行科技股份有限公司 | Method and equipment for logging in system |
Non-Patent Citations (1)
| Title |
|---|
| 基于CAS的单点登录系统的研究与实现;赵晋等;《软件》;20161115(第11期);118-124 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112087425A (en) | 2020-12-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108923908B (en) | Authorization processing method, device, equipment and storage medium | |
| US8230222B2 (en) | Method, system and computer program for deploying software packages with increased security | |
| US8863254B2 (en) | Authentication information management of associated first and second authentication information for user authentication | |
| US20130144755A1 (en) | Application licensing authentication | |
| US8667569B2 (en) | Credentials management | |
| KR101832535B1 (en) | Trustworthy device claims as a service | |
| US20190220305A1 (en) | Automation as a service | |
| CN104796412B (en) | End-to-end cloud service system and access method to its sensitive data | |
| US20210385096A1 (en) | Metering cloud workloads at edge computing devices | |
| CN107294955B (en) | Electronic file encryption middleware control system and method | |
| WO2014150737A2 (en) | Method and system for enabling the federation of unrelated applications | |
| US20200065155A1 (en) | Grid Computing System | |
| US20110154436A1 (en) | Provider Management Methods and Systems for a Portable Device Running Android Platform | |
| CN112087425B (en) | Login method, equipment and medium of ERP software system | |
| US11979411B2 (en) | Control of access to computing resources implemented in isolated environments | |
| US20220092155A1 (en) | Protecting an item of software | |
| US9027155B2 (en) | System for governing the disclosure of restricted data | |
| CN105577657A (en) | SSL/TLS algorithm suite expansion method | |
| CN111143788B (en) | License processing method, electronic device, and storage medium | |
| CN112416395A (en) | Hot repair updating method and device | |
| US11157597B2 (en) | Method for providing cloud-based service | |
| JP2015185071A (en) | Information track system and information track method | |
| KR20130053867A (en) | Management method of trusted application download, management server, device and system using it | |
| JP2013045277A (en) | Program obfuscation method and remote debug system | |
| CN112528239A (en) | Method and device for automatically authorizing software |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20221109 Address after: 250101 Inspur science and Technology Park, 1036 Inspur Road, hi tech Zone, Jinan City, Shandong Province Applicant after: Inspur Genersoft Co.,Ltd. Address before: 250101 Inspur science and Technology Park, 1036 Inspur Road, hi tech Zone, Jinan City, Shandong Province Applicant before: SHANDONG INSPUR GENESOFT INFORMATION TECHNOLOGY Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |