CN112688937A - Login method for system single sign-on under cross-application heterogeneous application - Google Patents
Login method for system single sign-on under cross-application heterogeneous application Download PDFInfo
- Publication number
- CN112688937A CN112688937A CN202011529098.1A CN202011529098A CN112688937A CN 112688937 A CN112688937 A CN 112688937A CN 202011529098 A CN202011529098 A CN 202011529098A CN 112688937 A CN112688937 A CN 112688937A
- Authority
- CN
- China
- Prior art keywords
- login
- ticket
- management server
- application
- central
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000012795 verification Methods 0.000 claims abstract description 23
- 230000009191 jumping Effects 0.000 claims description 6
- 230000006870 function Effects 0.000 claims description 5
- 235000014510 cooky Nutrition 0.000 claims description 4
- 238000009938 salting Methods 0.000 claims description 3
- 238000011161 development Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
A login method of system single sign-on under the heterogeneous application of the cross-application, including integrating every subsystem of the single sign-on, the session of a plurality of subsystems keeps unanimous, the said method includes step 1, any subsystem launches the business request, capsulate the ticket and transmit to the central login authentication management server to check, send out and log on the authentication request to the central login authentication management server, wherein, the said business request includes all requests and login requests of the business system; step 2, the central login authentication management server performs login authentication verification based on the login authentication request; and step 3, after the login authentication is successfully checked, the background sends the instruction of the page jump to the front end in an HTTP mode, the front end executes specific page jump content, and the page jumps to a background preset value.
Description
Technical Field
The invention relates to the field of Internet web development, in particular to a login method for system single sign-on under cross-application heterogeneous application.
Background
In the process of the continuous development of internet companies, the popularity of micro-services and the trend of front-end and back-end separation, user login and user account management in all domains in an enterprise need to be integrated together, and single-point login and whole-network roaming are achieved. Single Sign On (SSO) is one of the popular solutions for unified identity authentication at present, and Single Sign On means that a user can access all mutually trusted application systems only by logging On once in a plurality of application systems. The simple point of single sign-on is that in an environment where multiple systems coexist, a user does not need to log on in other systems after logging on at one place, that is, one-time logging on of the user can obtain the trust of all other systems.
In the traditional single sign-on system, after a user successfully passes the sign-on authentication, a redirection request is initiated by a program background to control a path to be jumped to a page, and the front end of the page does not have a background instruction to be sensed, which is based on the condition that the front end and the back end are not separated, and after the front end and the back end are separated, the background can not send a page jump instruction to a front-end browser after the page is successfully logged on.
Disclosure of Invention
In view of the technical defects and technical drawbacks in the prior art, embodiments of the present invention provide a login method for system single sign-on under a cross-application heterogeneous application, which overcomes or at least partially solves the above problems, and the specific scheme is as follows:
a login method of a system single sign-on under cross-application heterogeneous application comprises subsystems integrating the single sign-on, wherein sessions of a plurality of subsystems are kept consistent, and the method comprises the following steps:
step 1, any subsystem initiates a service request, encapsulates and forwards a ticket bill to a central login authentication management server for verification, and sends a login authentication request to the central login authentication management server, wherein the service request comprises all requests and login requests of a service system;
step 2, the central login authentication management server performs login authentication verification based on the login authentication request;
and step 3, after the login authentication is successfully checked, the background sends the instruction of the page jump to the front end in an HTTP mode, the front end executes specific page jump content, and the page jumps to a background preset value.
Further, in step 1, after any subsystem initiates a service request, the requested subsystem intercepts and authenticates, and encapsulates and forwards the ticket bill to the central login authentication management server for verification during authentication.
Further, step 2 specifically includes:
after receiving the subsystem authentication request, the central login authentication management server performs ticket bill verification, if the request system carries a ticket bill, the ticket bill is verified for reasonability, if the verification is passed, the client is called back to pass the verification, if the verification is not passed, the central login authentication management server redirects to the home page of the login system, the user is required to log in, if the login is successful, the ticket bill is called back to the subsystem of the login request, and if the login is failed, the user is prompted to log in the failed information; and if the server receives the logout request, directly destroying the login success ticket of the client, and jumping the display page of the server to the login page.
Further, checking ticket validity includes checking ticket whether it is illegal and whether it is expired.
Further, the method also comprises the steps that other subsystems integrating the single sign-on function do not need to log in again when the ticket bill is in the validity period if one subsystem is successfully logged in the subsystems integrating the single sign-on function; if the ticket is invalid, the service request is redirected to the login page, the user is required to input the user name and the password again to log in, and after the login is successful, the page jumps to the original request source address.
The method further comprises the steps that after the user successfully logs in the central login authentication management server, the user jumps back to the client side, the encrypted ticket bill is stored in the client side, the client side redirects the browser and stores the ticket bill in a cookie of the browser, the logged ticket bill is stored in the browser, the logged ticket bill is also stored in the central login authentication management server, the ticket bill is in the valid period, and all sub-systems only need to carry the ticket bill stored in the browser to the central login authentication management server for verification every service request without logging again.
Further, the method further comprises: after the user successfully logs in the central login authentication management server, based on the service request of the next user, the central login authentication management server obtains whether the ticket bill corresponding to the session existing in the middle of the memory exists and is valid according to the session, and receives and processes the corresponding service request.
Further, the central login authentication management server integrates independent login access page, key salting, authentication and login ticket bill expiration management functions.
Further, the method further comprises: if the subsystem requests to log out, and after jumping to the central login authentication management server to execute logging out, any other subsystem is logged in again, and then logging in again is needed.
The invention has the following beneficial effects:
after the client is integrated by the subsystems (the subsystems introduce functional segments packaged by the client), the client logs in one place, each subsystem passes through the client, logs out once and logs out all the subsystems; after login is successful, the background sends a page jump instruction to the front end in an HTTP mode, the front end executes specific page jump contents, and the page successfully jumps to a background preset value (a page to be displayed after login is successful); the central login authentication management server is used for uniformly managing login, logout and ticket authentication of the user; all systems needing to log in and out can share one page, and besides, a user can develop personalized log-in pages on the basis of the page or display other services.
Drawings
Fig. 1 is a flowchart of a login method for system single sign-on under a cross-application heterogeneous application according to an embodiment of the present invention;
fig. 2 is a service flow chart of a login method for system single sign-on under a cross-application heterogeneous application according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1-2, a login method for system single sign-on under a cross-application heterogeneous application provided by an embodiment of the present invention includes integrating subsystems of single sign-on, sessions of a plurality of subsystems are kept consistent, and the method includes
Step 1, any subsystem initiates a service request, encapsulates and forwards a ticket bill to a central login authentication management server for verification, and sends a login authentication request to the central login authentication management server, wherein the service request comprises all requests and login requests of a service system;
step 2, the central login authentication management server performs login authentication verification based on the login authentication request;
and step 3, after the login authentication is successfully checked, the background sends the instruction of the page jump to the front end in an HTTP mode, the front end executes specific page jump content, and the page jumps to a background preset value.
The single sign-on system (SSO) of the invention provides a multi-subsystem integrated client, the front end and the back end are completely separated (the back end program is completely set, the front end does not depend on the back end, and the agent can be started by independent Tomcat or nginx), and the sign-on and sign-off solutions with consistent session are provided. The inter-ip and inter-port sub-services skip to the central login authentication management server through the login request, and after the authentication and authentication are successful, other sub-systems are accessed without re-authentication and login; the subsystem requests to log out, jumps to the central login authentication management server, logs in any other subsystem again, and then needs to log in again; the central login authentication management server integrates independent login access page, key salting (encrypting a password by using a sha256 mode), authentication and login ticket (ticket) expiration management functions.
In step 1, after any subsystem initiates a service request, the requested subsystem intercepts and authenticates, and encapsulates and forwards the ticket bill to the central login authentication management server for verification during authentication.
Wherein, step 2 specifically includes:
after receiving the subsystem authentication request, the central login authentication management server performs ticket bill verification, if the request system carries a ticket bill, the ticket bill rationality is verified, the ticket bill rationality verification comprises the steps of verifying whether the ticket bill is illegal or not and whether the ticket bill is overdue or not, if the ticket bill is verified, the client is called back to pass verification, if the ticket bill is not verified, the central login authentication management server redirects to the first page of the login system, the user is required to log in, if the login is successful, the ticket bill is called back to the subsystem of the login request, and if the login is failed, the user is prompted to log in the failed information; and if the server receives the logout request, directly destroying the login success ticket of the client, and jumping the display page of the server to the login page.
In the step 3, in each subsystem integrating single sign-on, if one subsystem has successfully logged on, the ticket bill is in the validity period, and each subsystem does not need to log on again, so that the business operation can be smoothly performed; if the ticket is invalid, the service request is redirected to the login page, the user is required to input the user name and the password again to log in, and after the login is successful, the page jumps to the original request source address.
The single sign-on system is based on cookie and session, in this mode, after the user logs in successfully, the next user requests, the background needs to obtain whether the ticket bill corresponding to the session existing in the middle of the memory exists and is valid according to the session, under the condition that the front end and the rear end are not separated, the session keeps consistent, and after the front end and the rear end are completely independent, special processing is needed to ensure that the session is consistent, the processing means is to utilize the central log-in authentication management server to log in successfully, jump back to the client, store the encrypted ticket bill to the client, the client redirects the browser, stores the ticket bill into the cookie of the browser, at this time, the browser stores the logged ticket bill, the central log-in authentication management server also stores the logged ticket bill, the ticket bill is in the valid period, all subsystems only need to carry the ticket bill stored by the browser to check the central log in the authentication management server before each service request, without having to log in again.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (9)
1. A login method of a system single sign-on under cross-application heterogeneous application is characterized by comprising various subsystems integrating the single sign-on, wherein sessions of a plurality of subsystems are kept consistent, and the method comprises the following steps:
step 1, any subsystem initiates a service request, encapsulates and forwards a ticket bill to a central login authentication management server for verification, and sends a login authentication request to the central login authentication management server, wherein the service request comprises all requests and login requests of a service system;
step 2, the central login authentication management server performs login authentication verification based on the login authentication request;
and step 3, after the login authentication is successfully checked, the background sends the instruction of the page jump to the front end in an HTTP mode, the front end executes specific page jump content, and the page jumps to a background preset value.
2. The login method of system single sign-on under cross-application heterogeneous application as claimed in claim 1, wherein in step 1, after any subsystem initiates a service request, the requested subsystem intercepts and authenticates, and in authentication, the ticket is packaged and forwarded to the central login authentication management server for verification.
3. The login method of the system single sign-on under the heterogeneous application of the cross-application according to claim 2, wherein the step 2 specifically comprises:
after receiving the subsystem authentication request, the central login authentication management server performs ticket bill verification, if the request system carries a ticket bill, the ticket bill is verified for reasonability, if the verification is passed, the client is called back to pass the verification, if the verification is not passed, the central login authentication management server redirects to the home page of the login system, the user is required to log in, if the login is successful, the ticket bill is called back to the subsystem of the login request, and if the login is failed, the user is prompted to log in the failed information; and if the server receives the logout request, directly destroying the login success ticket of the client, and jumping the display page of the server to the login page.
4. The login method of system single sign-on under cross-application heterogeneous application according to claim 2, wherein checking ticket reasonableness comprises checking ticket whether it is illegal and whether it is expired.
5. The login method of system single sign-on under the cross-application heterogeneous application according to claim 3, wherein the method further comprises other subsystems integrating single sign-on, wherein if one subsystem has successfully logged on, the ticket is in the validity period, and the subsystems do not need to log on again; if the ticket is invalid, the service request is redirected to the login page, the user is required to input the user name and the password again to log in, and after the login is successful, the page jumps to the original request source address.
6. The login method of system single sign-on under cross-application heterogeneous application according to claim 1, further comprising, after the user successfully logs in the central login authentication management server, jumping back to the client, and storing the encrypted ticket to the client, the client saves the ticket to the cookie of the browser by redirecting the browser, at this time, the login ticket is saved in the browser, the central login authentication management server also saves the login ticket, the ticket is in the valid period, all subsystems only need to carry the ticket saved in the browser to the central login authentication management server for verification before each service request, and do not need to log in again.
7. The login method of system single sign-on under heterogeneous application of cross-application of claim 1, wherein the method further comprises: after the user successfully logs in the central login authentication management server, based on the service request of the next user, the central login authentication management server obtains whether the ticket bill corresponding to the session existing in the middle of the memory exists and is valid according to the session, and receives and processes the corresponding service request.
8. The login method of system single sign-on under heterogeneous application of cross-application of claim 1, wherein the central login authentication management server integrates independent login access page, key salting, authentication and login ticket expiration management functions.
9. The login method of system single sign-on under heterogeneous application of cross-application of claim 1, wherein the method further comprises: if the subsystem requests to log out, and after jumping to the central login authentication management server to execute logging out, any other subsystem is logged in again, and then logging in again is needed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011529098.1A CN112688937A (en) | 2020-12-22 | 2020-12-22 | Login method for system single sign-on under cross-application heterogeneous application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011529098.1A CN112688937A (en) | 2020-12-22 | 2020-12-22 | Login method for system single sign-on under cross-application heterogeneous application |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112688937A true CN112688937A (en) | 2021-04-20 |
Family
ID=75450592
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011529098.1A Pending CN112688937A (en) | 2020-12-22 | 2020-12-22 | Login method for system single sign-on under cross-application heterogeneous application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112688937A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113568762A (en) * | 2021-07-19 | 2021-10-29 | 远光软件股份有限公司 | Cross-system access method, equipment and computer readable storage medium |
| CN113660284A (en) * | 2021-08-26 | 2021-11-16 | 贵州电子商务云运营有限责任公司 | Distributed authentication method based on bill |
| CN114024727A (en) * | 2021-10-28 | 2022-02-08 | 广东好太太智能家居有限公司 | Cross-domain single sign-on method, system, authentication server and readable medium |
| CN115484093A (en) * | 2022-09-13 | 2022-12-16 | 中国银行股份有限公司 | Single sign-on method and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150089580A1 (en) * | 2013-09-20 | 2015-03-26 | Oracle International Corporation | Web-based single sign-on logon manager |
| CN105592035A (en) * | 2015-04-03 | 2016-05-18 | 中国银联股份有限公司 | Single sign on method used for multiple application systems |
| CN109165500A (en) * | 2018-09-04 | 2019-01-08 | 山东浪潮云投信息科技有限公司 | A kind of single sign-on authentication system and method based on cross-domain technology |
| CN110708313A (en) * | 2019-10-09 | 2020-01-17 | 中国电子科技集团公司第二十八研究所 | Single sign-on system and method supporting multiple modes |
| CN111581631A (en) * | 2020-05-12 | 2020-08-25 | 西安腾营信息科技有限公司 | Single sign-on method based on redis |
| CN111917762A (en) * | 2020-07-28 | 2020-11-10 | 银盛支付服务股份有限公司 | Authority authentication solution method and system for front-end and back-end separation management systems |
-
2020
- 2020-12-22 CN CN202011529098.1A patent/CN112688937A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150089580A1 (en) * | 2013-09-20 | 2015-03-26 | Oracle International Corporation | Web-based single sign-on logon manager |
| CN105592035A (en) * | 2015-04-03 | 2016-05-18 | 中国银联股份有限公司 | Single sign on method used for multiple application systems |
| CN109165500A (en) * | 2018-09-04 | 2019-01-08 | 山东浪潮云投信息科技有限公司 | A kind of single sign-on authentication system and method based on cross-domain technology |
| CN110708313A (en) * | 2019-10-09 | 2020-01-17 | 中国电子科技集团公司第二十八研究所 | Single sign-on system and method supporting multiple modes |
| CN111581631A (en) * | 2020-05-12 | 2020-08-25 | 西安腾营信息科技有限公司 | Single sign-on method based on redis |
| CN111917762A (en) * | 2020-07-28 | 2020-11-10 | 银盛支付服务股份有限公司 | Authority authentication solution method and system for front-end and back-end separation management systems |
Non-Patent Citations (2)
| Title |
|---|
| 冯伟华等: "基于Cookie的统一认证系统的设计与实现", 《计算机工程与设计》 * |
| 赵侃侃等: "基于CAS协议单点登录系统的改进与实现", 《计算机与网络》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113568762A (en) * | 2021-07-19 | 2021-10-29 | 远光软件股份有限公司 | Cross-system access method, equipment and computer readable storage medium |
| CN113568762B (en) * | 2021-07-19 | 2024-06-11 | 远光软件股份有限公司 | Cross-system access method and device and computer readable storage medium thereof |
| CN113660284A (en) * | 2021-08-26 | 2021-11-16 | 贵州电子商务云运营有限责任公司 | Distributed authentication method based on bill |
| CN114024727A (en) * | 2021-10-28 | 2022-02-08 | 广东好太太智能家居有限公司 | Cross-domain single sign-on method, system, authentication server and readable medium |
| CN115484093A (en) * | 2022-09-13 | 2022-12-16 | 中国银行股份有限公司 | Single sign-on method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12107844B2 (en) | Single sign on for a remote user session | |
| CN109309683B (en) | Token-based client identity authentication method and system | |
| CN112688937A (en) | Login method for system single sign-on under cross-application heterogeneous application | |
| US10382426B2 (en) | Authentication context transfer for accessing computing resources via single sign-on with single use access tokens | |
| US9699257B2 (en) | Online business method, system and apparatus based on open application programming interface | |
| CN102265255B (en) | Method and system for providing a federated authentication service with gradual expiration of credentials | |
| CN105007280B (en) | A kind of application login method and device | |
| US9485239B2 (en) | Implementing single sign-on across a heterogeneous collection of client/server and web-based applications | |
| US10778668B2 (en) | HTTP session validation module | |
| US8984284B2 (en) | Method and system for verifying entitlement to access content by URL validation | |
| CN112468481B (en) | Single-page and multi-page web application identity integrated authentication method based on CAS | |
| CN101635715B (en) | Method and system for improving network application safety | |
| CN111062023B (en) | Method and device for realizing single sign-on of multi-application system | |
| CN109495486B (en) | Single-page Web application integration CAS method based on JWT | |
| US20070288634A1 (en) | Computer readable recording medium storing control program, communication system and computer data signal embedded in carrier wave | |
| CN102238007A (en) | Method, device and system for acquiring session token of user by third-party application | |
| WO2014048749A1 (en) | Inter-domain single sign-on | |
| CN106953831A (en) | A kind of authorization method of user resources, apparatus and system | |
| CN110069909A (en) | It is a kind of to exempt from the close method and device for logging in third party system | |
| CN110708313B (en) | System supporting multi-mode single sign-on | |
| CN110489957A (en) | The management method and computer storage medium of access request | |
| CN108462671A (en) | A kind of authentication protection method and system based on reverse proxy | |
| CN105656856A (en) | Resource management method and device | |
| CN107911379B (en) | CAS server | |
| CA2398584C (en) | System, method and computer program product for enrolling and authenticating communication protocol-enabled clients for access to information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210420 |
|
| RJ01 | Rejection of invention patent application after publication |