CN113179254A - System login method and device, electronic equipment and storage medium - Google Patents
System login method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN113179254A CN113179254A CN202110357400.8A CN202110357400A CN113179254A CN 113179254 A CN113179254 A CN 113179254A CN 202110357400 A CN202110357400 A CN 202110357400A CN 113179254 A CN113179254 A CN 113179254A
- Authority
- CN
- China
- Prior art keywords
- login
- authentication service
- service center
- user authentication
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
Abstract
The application provides a system login method, a device, an electronic device and a storage medium, wherein the method applied to a first system comprises the following steps: the first user authentication service center receives user login information sent by the first front end, generates first login credential information after the user login information is verified, sends login notification information to the second user authentication service center, the second user authentication service center generates temporary credential information after receiving the login notification information, sends the first login credential information and the temporary credential information to the first front end and forwards the temporary credential information to the second front end, and the second front end sends the temporary credential information to the second user authentication service center for verification, receives and stores the second login credential information sent by the second user authentication service center. Therefore, in the scene that different systems exist in respective user authentication service centers, the user can access all the systems by logging in at one time.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a system login method, an apparatus, an electronic device, and a storage medium.
Background
Generally, a conventional enterprise IT system usually has some mutually independent systems due to early construction reasons, and faces system splitting and data islanding problems. Meanwhile, each system usually has an independent user account system, and a user needs to independently register an account in each system and log in the system, so that the user experience is poor. With the digital transformation and upgrading of enterprises, for a consumer end, all system account login systems are usually required to be opened, so that a user can access all systems without repeated login after logging in once.
In the related art, user login authentication systems are generally unified, and all system applications are connected with a unified user authentication center. The scheme needs the application of each system to carry out butt joint transformation, and relates to the large application range, the technical difference exists between the systems, the integration difficulty between the systems is large, and the transformation cost is high.
Disclosure of Invention
The present application is directed to solving, at least to some extent, one of the technical problems in the related art.
The application provides a system login method, a system login device, electronic equipment and a storage medium, aiming at the situation that different heterogeneous systems have respective independent user authentication service centers, synchronization of user login states is carried out, single sign-on of a global system is achieved, and therefore a user can access all the systems through one login, repeated login of the user during switching of the systems is avoided, and user experience is improved.
An embodiment of a first aspect of the present application provides a system login method, where any system has a corresponding front end and a user authentication service center, and is applied to a first system, where the method includes:
the first user authentication service center receives user login information sent by a first front end, and generates first login credential information after the user login information is verified;
the first user authentication service center sends login notification information to a second user authentication service center, so that the second user authentication service center generates temporary credential information and sends the temporary credential information to the first user authentication service center after receiving the login notification information;
the first user authentication service center sends the first login credential information and the temporary credential information to the first front end, and the first front end sends the temporary credential information to the second front end, so that the second front end receives and stores the second login credential information sent by the second user authentication service center after the temporary credential information is sent to the second user authentication service center for verification.
According to the system login method, the first user authentication service center receives user login information sent by the first front end, and after the user login information is verified, first login credential information is generated; the first user authentication service center sends login notification information to the second user authentication service center, so that the second user authentication service center generates temporary credential information and sends the temporary credential information to the first user authentication service center after receiving the login notification information; the first user authentication service center sends the first login credential information and the temporary credential information to the first front end, and the first front end sends the temporary credential information to the second front end, so that the second front end sends the temporary credential information to the second user authentication service center for verification, receives and stores the second login credential information sent by the second user authentication service center. Therefore, in a scene that different heterogeneous systems have independent user authentication service centers, the user login states are synchronized, single sign-on of the global system is achieved, the user can access all the systems through one-time login, repeated login of the user during switching among the systems is avoided, and user experience is improved.
An embodiment of a second aspect of the present application provides another system login method, where any system has a corresponding front end and a user authentication service center, and is applied to a second system, where the method includes:
the second user authentication service center receives login notification information sent by the first user authentication service center;
after receiving the login notification information, the second user authentication service center generates temporary credential information and sends the temporary credential information to the first user authentication service center, so that the first user authentication service center sends the temporary credential information to a second front end through the first front end;
and the second front end sends the temporary credential information to the second user authentication service center for verification, and then receives and stores second login credential information sent by the second user authentication service center.
According to the system login method, the login notification information sent by the first user authentication service center is received through the second user authentication service center; after receiving the login notification information, the second user authentication service center generates temporary credential information and sends the temporary credential information to the first user authentication service center, so that the first user authentication service center sends the temporary credential information to the second front end through the first front end; and the second front end sends the temporary certificate information to a second user authentication service center for verification, and then receives and stores second login certificate information sent by the second user authentication service center. Therefore, in a scene that different heterogeneous systems have independent user authentication service centers, the user login states are synchronized, single sign-on of the global system is achieved, the user can access all the systems through one-time login, repeated login of the user during switching among the systems is avoided, and user experience is improved.
An embodiment of a third aspect of the present application provides a system login apparatus, where any system has a corresponding front end and a user authentication service center, and is applied to a first system, where the system login apparatus includes:
the receiving and generating module is used for the first user authentication service center to receive user login information sent by the first front end, and generate first login credential information after the user login information is verified;
the first sending module is used for sending login notification information to a second user authentication service center by the first user authentication service center so that the second user authentication service center generates temporary credential information and sends the temporary credential information to the first user authentication service center after receiving the login notification information;
and the second sending module is used for sending the first login credential information and the temporary credential information to the first front end by the first user authentication service center, and sending the temporary credential information to the second front end by the first front end so that the second front end receives and stores the second login credential information sent by the second user authentication service center after sending the temporary credential information to the second user authentication service center for verification.
The system login device receives user login information sent by a first front end through a first user authentication service center, and generates first login credential information after the user login information is verified; the first user authentication service center sends login notification information to the second user authentication service center, so that the second user authentication service center generates temporary credential information and sends the temporary credential information to the first user authentication service center after receiving the login notification information; the first user authentication service center sends the first login credential information and the temporary credential information to the first front end, and the first front end sends the temporary credential information to the second front end, so that the second front end sends the temporary credential information to the second user authentication service center for verification, receives and stores the second login credential information sent by the second user authentication service center. Therefore, in a scene that different heterogeneous systems have independent user authentication service centers, the user login states are synchronized, single sign-on of the global system is achieved, the user can access all the systems through one-time login, repeated login of the user during switching among the systems is avoided, and user experience is improved.
An embodiment of a fourth aspect of the present application provides another system login apparatus, where any system has a corresponding front end and a user authentication service center, and is applied to a second system, including:
the second receiving module is used for the second user authentication service center to receive the login notification information sent by the first user authentication service center;
a receiving and generating module, configured to generate, by the second user authentication service center, temporary credential information after receiving the login notification information, and send the temporary credential information to the first user authentication service center, so that the first user authentication service center sends the temporary credential information to a second front end through the first front end;
and the third receiving module is used for receiving and storing the second login credential information sent by the second user authentication service center after the second front end sends the temporary credential information to the second user authentication service center for verification.
The system login device receives login notification information sent by a first user authentication service center through a second user authentication service center; after receiving the login notification information, the second user authentication service center generates temporary credential information and sends the temporary credential information to the first user authentication service center, so that the first user authentication service center sends the temporary credential information to the second front end through the first front end; and the second front end sends the temporary certificate information to a second user authentication service center for verification, and then receives and stores second login certificate information sent by the second user authentication service center. Therefore, in a scene that different heterogeneous systems have independent user authentication service centers, the user login states are synchronized, single sign-on of the global system is achieved, the user can access all the systems through one-time login, repeated login of the user during switching among the systems is avoided, and user experience is improved.
An embodiment of a fifth aspect of the present application provides an electronic device, including: the system comprises a memory, a processor and a computer program stored in the memory and running on the processor, wherein the processor executes the program to realize the system login method provided by the embodiment of the first aspect of the application, or realize the system login method provided by the embodiment of the second aspect of the application.
An embodiment of a sixth aspect of the present application proposes a non-transitory computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements a system login method as proposed in an embodiment of the first aspect of the present application, or implements a system login method as proposed in an embodiment of the second aspect of the present application.
An embodiment of the seventh aspect of the present application proposes a computer program product, wherein instructions of the computer program product, when executed by a processor, perform the system login method as proposed in the embodiment of the first aspect of the present application, or perform the system login method as proposed in the embodiment of the second aspect of the present application.
Additional aspects and advantages of the present application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application.
Drawings
The foregoing and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 is a schematic flowchart of a system login method according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a system login method according to a second embodiment of the present application;
fig. 3 is a schematic flowchart of a system login method according to a third embodiment of the present application;
fig. 4 is a schematic flowchart of a system login method according to a fourth embodiment of the present application;
fig. 5 is a schematic flowchart of a system login method according to a fifth embodiment of the present application;
fig. 6 is a schematic structural diagram of a system login device according to a sixth embodiment of the present application;
fig. 7 is a schematic structural diagram of a system login device according to a seventh embodiment of the present application;
FIG. 8 illustrates a block diagram of an exemplary electronic device or server suitable for use in implementing embodiments of the present application.
Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary and intended to be used for explaining the present application and should not be construed as limiting the present application.
In order to solve the problems that in the prior art, a user login authentication system is unified, all system applications are in butt joint with a unified user authentication center, butt joint and transformation of the system applications are needed, the application range is large, technical differences exist among the systems, integration difficulty among the systems is large, and transformation cost is high, the embodiment of the application provides a system login method, a user actively informs a second user authentication service center of a second system to log in when logging in a first user authentication service center of the first system, user login processing of front and back end systems of the second system is completed, synchronization of login states between the first system and the second system user authentication service is realized, and therefore, synchronization of the user login states is carried out in a scene that different heterogeneous systems have independent user authentication service centers, and single sign-on of a global system is realized, therefore, the user can access all the systems by logging in once, repeated logging in when the user switches between the systems is avoided, and user experience is improved.
A system login method, an apparatus, an electronic device, and a storage medium according to embodiments of the present application are described below with reference to the accompanying drawings.
Fig. 1 is a flowchart illustrating a system login method according to an embodiment of the present application.
The system login method can be applied to electronic equipment. The electronic device may be any device with computing capability, for example, a PC (Personal Computer), a mobile terminal, and the like, and the mobile terminal may be a hardware device with various operating systems, touch screens, and/or display screens, such as a mobile phone, a tablet Computer, a Personal digital assistant, and a wearable device.
The first system and the second system described in the embodiment of the application are two heterogeneous systems, any one of the systems has a corresponding front end and a user authentication service center, the first system and the second system have independent user authentication service centers which are respectively a first user authentication service center and a second user authentication service center, the first front end and the second front end of the first system and the second system can be corresponding web pages or application programs, and the setting is selected according to an application scene.
As shown in fig. 1, the system login method applied to the first system may include the following steps:
In the embodiment of the application, the first system has the first user authentication service center, and each application in the first system can perform user login information authentication through the first user authentication service center and realize single sign-on in the first system. And simultaneously, a second system to an Nth system, wherein N is a positive integer greater than 2, a second user authentication service center to an Nth user authentication service center exist in the second system to the Nth system, and each application in the second system to the Nth system can respectively carry out user login information authentication through the corresponding second user authentication service center to the Nth user authentication service center and realize single sign-on from the second system to the Nth system.
In this embodiment of the application, the first front end and the first user authentication service center may perform information interaction according to a preset mechanism, specifically select a setting according to an application scenario, for example, select a cookie (plain text file) or token (a token, that is, a string of character strings) mechanism according to a system characteristic of the first front end and the first user authentication service center.
In this embodiment of the application, the receiving of the user login information by the first front end may be understood as user login information input by a user through a text manner such as a keyboard, or user login information in a voice form input by the user through a voice acquisition device, where the user login information may be an account and a password, or a mobile phone number, a face image, and the like, and is specifically selected and set according to an application scenario.
In this embodiment of the application, after receiving the user login information sent by the first front end, the first user authentication service center may select a setting according to an application scenario according to a manner of performing matching verification on the user login information and the pre-stored user information, which is described as follows.
As a possible implementation manner, the user login information is an account and a password, the corresponding account is matched in the stored user information table, the corresponding stored password is obtained to be matched with the received password, and if the corresponding stored password is consistent with the received password, the verification is passed.
As another possible implementation manner, the user login information is a face image, the features of the face in the image are extracted and matched with the stored face feature library, and if the features are consistent, the verification is passed.
It is to be understood that, in the case of inconsistent matching, the check does not pass.
Further, after the user login information is verified, the single sign-on of the user inside the first system is realized, and the first login credential information is generated, where the first login credential information may be understood as information that the user X has logged in the first system, for example, X01 is the user X identifier plus the first system identifier, and is specifically set according to the application scenario requirements.
102, the first user authentication service center sends login notification information to the second user authentication service center, so that the second user authentication service center generates temporary credential information and sends the temporary credential information to the first user authentication service center after receiving the login notification information.
In this embodiment of the application, after the user login information is verified, which means that the user realizes single sign-on in the first system, according to a preset system information sharing mechanism, the first system may send login notification information to the second user authentication service center through the first user authentication service center, where the login notification information may also be understood as information that the user Y has logged in the first system, for example, the user Y is identified by Y01 plus the first system identifier, and is specifically set according to the application scenario requirements.
In this embodiment of the application, after receiving the login notification information, the second user authentication service center may know that the target user has logged in the first system, and therefore, generate temporary credential information corresponding to the target user and send the temporary credential information to the first user authentication service center, that is, the second user authentication service center stores the user login information to obtain the temporary credential information corresponding to the target user, which may be temporary credential information such as an account and a password of the target user in the second system.
In the embodiment of the present application, it can be understood that, since the user logs in the first system at the first front end and the currently displayed display interface of the first front end is provided, after the first user authentication service center sends the first login credential information and the temporary credential information to the first front end, in the embodiment of the present application, the first front end stores the first login credential information, so that the first front end can perform operation processing without logging in again.
In the embodiment of the application, the first front end may interact with the second front end and cannot directly interact with the second authentication service center, and the first front end sends the temporary credential information to the second front end, so that after the second front end sends the temporary credential information to the second user authentication service center for verification, the second front end receives and stores the second login credential information sent by the second user authentication service center, thereby implementing single sign-on of the user in the second system.
As a possible implementation manner of the present application, when the first front end sends the temporary credential information to the second front end, the method further includes: and jumping to a display interface at the second front end according to the login address of the second system, so that the user can know that the user logs in another system in real time and can directly perform related operations, for example, the user jumps to the display interface at the second front end, namely an application program A interface, according to the login address of the second system, namely an application program B interface, so that the user can know the login situation in time at this time, and the use requirements of the user are met. And the second system login can be realized under the condition that the user does not sense the second system login without skipping, so that the use requirement of a specific user is met.
As a possible implementation manner of the present application, when the first front end sends the temporary credential information to the second front end, the method further includes: and sending the first system redirection address to the second front end, so that the second front end jumps to a display interface of the first front end according to the first system redirection address after receiving and storing second login credential information sent by a second user authentication service center, and returns to the first front end of the first system after synchronous login of the second system is performed, so that a user continues to perform related operations, the use requirement of the user is met, and the use experience of the user is improved.
As one possible implementation manner of the present application, after the first front end is operated, the operation may be performed by jumping to a second front end, where the second front end receives and stores second login credential information sent by a second user authentication service center, and may perform the operation directly without logging in, so that a login address is obtained at the first front end, and the login address is jumped from a display interface of the first front end to a display interface of the second front end according to the login address, so that the second front end performs the operation processing according to the operation request when receiving the operation request.
According to the system login method, the first user authentication service center receives user login information sent by the first front end, and after the user login information is verified, first login credential information is generated; the first user authentication service center sends login notification information to the second user authentication service center, so that the second user authentication service center generates temporary credential information and sends the temporary credential information to the first user authentication service center after receiving the login notification information; the first user authentication service center sends the first login credential information and the temporary credential information to the first front end, and the first front end sends the temporary credential information to the second front end, so that the second front end sends the temporary credential information to the second user authentication service center for verification, receives and stores the second login credential information sent by the second user authentication service center. Therefore, in a scene that different heterogeneous systems have independent user authentication service centers, the user login states are synchronized, single sign-on of the global system is achieved, the user can access all the systems through one-time login, repeated login of the user during switching among the systems is avoided, and user experience is improved.
In a possible implementation manner of the embodiment of the present application, bidirectional synchronization of user login information is performed between the user authentication service centers of the first system and the second system, including synchronization of historical stock user account data and data of user account addition, update, and deletion operations, so as to achieve data consistency between the two user centers, which is described in detail below with reference to fig. 2 and 3.
Specifically, as shown in fig. 2, the method further includes, on the basis of fig. 1:
And step 202, the first user authentication service center updates the account to be updated according to the update information.
In the embodiment of the application, when the user login information such as an account, a password, a mobile phone, and the like is updated, a user login information update request may be sent to the first user authentication service center through the first front end, the user login information update request is processed to obtain an account to be updated and update information, and the account to be updated is updated according to the update information, for example, the account 0001 is updated to the account 0002. Thus, data consistency between the user authentication service centers is further improved.
Specifically, as shown in fig. 3, the method further includes, on the basis of fig. 1:
In the embodiment of the application, when deleting user login information such as an account, a password, a mobile phone, and the like, a user login information deletion request may be sent to the first user authentication service center through the first front end, the user login information deletion request is processed, an account to be deleted is obtained, and a deletion process is performed on the account to be deleted, for example, if the account to be deleted is an account 0002, the account 0002 is directly deleted. Thus, data consistency between the user authentication service centers is further improved.
The foregoing is directed to embodiments of a method performed by a first system, and embodiments of the present application further provide embodiments of a method performed by a second system.
Fig. 4 is a flowchart illustrating a system login method according to a fourth embodiment of the present application.
The system login method of the embodiment of the application can be applied to a second system.
As shown in fig. 4, the system login method may include the steps of:
And step 403, after the second front end sends the temporary credential information to the second user authentication service center for verification, receiving and storing second login credential information sent by the second user authentication service center.
In the embodiment of the application, after the user login information is verified and the user is shown to realize single sign-on in the first system, the first system may send login notification information to the second user authentication service center through the first user authentication service center according to a preset system information sharing mechanism, where the login notification information may also be understood as information that the user Y has logged in the first system, for example, the user Y is identified by Y01 plus the first system identifier, and is specifically set according to the application scenario requirements.
In this embodiment of the application, after receiving the login notification information, the second user authentication service center may know that the target user has logged in the first system, and therefore, generate temporary credential information corresponding to the target user and send the temporary credential information to the first user authentication service center, that is, the second user authentication service center stores the user login information to obtain the temporary credential information corresponding to the target user, which may be temporary credential information such as an account and a password of the target user in the second system.
In the embodiment of the present application, it can be understood that, since the user logs in the first system at the first front end and the currently displayed display interface of the first front end is provided, after the first user authentication service center sends the first login credential information and the temporary credential information to the first front end, in the embodiment of the present application, the first front end stores the first login credential information, so that the first front end can perform operation processing without logging in again.
In the embodiment of the application, the first front end may interact with the second front end and cannot directly interact with the second authentication service center, and the first front end sends the temporary credential information to the second front end, so that after the second front end sends the temporary credential information to the second user authentication service center for verification, the second front end receives and stores the second login credential information sent by the second user authentication service center, thereby implementing single sign-on of the user in the second system.
According to the system login method, the login notification information sent by the first user authentication service center is received through the second user authentication service center; after receiving the login notification information, the second user authentication service center generates temporary credential information and sends the temporary credential information to the first user authentication service center, so that the first user authentication service center sends the temporary credential information to the second front end through the first front end; and the second front end sends the temporary certificate information to a second user authentication service center for verification, and then receives and stores second login certificate information sent by the second user authentication service center. Therefore, in a scene that different heterogeneous systems have independent user authentication service centers, the user login states are synchronized, single sign-on of the global system is achieved, the user can access all the systems through one-time login, repeated login of the user during switching among the systems is avoided, and user experience is improved.
Based on the description of the above embodiment, the specific interaction flow described above is illustrated below with reference to fig. 5.
Specifically, as shown in fig. 5, the system a and the system B are two heterogeneous systems, and there are independent user authentication service centers. The system A is provided with a user authentication service center 1, and each application in the system A carries out user account login authentication through the user authentication service center 1 and realizes single sign-on in the system A. The system B is provided with a user authentication service center 2, and each application in the system B performs user account login authentication through the user authentication service center 2 and realizes single sign-on in the system B.
Specifically, a user logs in through the user authentication service center 1 in the system a, the user authentication service center 1 verifies user login information, and generates a login credential of the user after the user login information passes the verification, thereby creating a login session. Meanwhile, a cookie or token mechanism can be selected to be returned to the front end of the system A according to the system characteristics of the system A, and the front end of the system A stores the information of the current user login credentials, so that single-point login among multiple applications in the system A is realized.
Specifically, after the user successfully logs in the system a user authentication service center 1, the back-end system of the user authentication service center 1 calls the interface of the system B user authentication service center 2 to notify the corresponding user login information. And a system B user authentication service center 2 back-end system generates a temporary certificate and returns the temporary certificate to a system A user authentication service center 1 back-end system.
Specifically, after the system a user authentication service center 1 receives the temporary certificate, the temporary certificate is returned to the system a front end. The front end of the system A jumps to a user login address of the system B and carries a temporary certificate and a redirection address returned by the user authentication service center 2 of the system B (the temporary certificate and the redirection address are returned to the system A after the user authentication service center 2 of the system B completes processing).
Specifically, the front end of the system B transmits the corresponding temporary credential to the back-end system of the user authentication service center 2 of the system B, and after the back-end system of the user authentication service center 2 of the system B verifies the temporary credential, the login credential of the current user in the system B is generated. Meanwhile, a cookie or token mechanism can be selected to return to the front end of the system B according to the system characteristics of the system B, and the front end of the system B stores the information of the current user login credentials, so that single sign-on in the system B is realized. At this point, the synchronization of the user login state between the system a user authentication service center 1 and the system B user authentication service center 2 is completed.
Specifically, after the front-end processing of the system B is completed, the system B jumps to the redirection address carried by the system a and returns to the system a, thereby completing the complete process of user login.
Specifically, when the user jumps to the system B through the system a, the user authentication service center 2 of the system B is already in the login state, and the user does not need to perform repeated login operation, so that the single sign-on of the global system is realized.
It should be noted that the process of the user login through the system B user authentication service center 2 is the same as the above process.
Therefore, when a user logs in the system A user authentication service center 1, the user actively informs the system B user authentication service center to log in, the user login processing of front and back end systems of the system B is completed, and the synchronization of login states between the system A user authentication service and the system B user authentication service is realized; the system A and the system B interact through generating the temporary voucher which is not related to the technology, thereby shielding the difference of the technical schemes of the two systems. Different single sign-on implementation schemes can be selected according to the characteristics of the system in different heterogeneous systems, the difference of the technical schemes is shielded between the systems, and forced transformation is not needed. Meanwhile, each application module is only connected with the user authentication service in each system, and additional transformation is not needed, so that the integration difficulty and the implementation cost among the systems are greatly reduced.
Corresponding to the system login method provided in the embodiments of fig. 1 to 3, the present application also provides a system login apparatus, and since the system login apparatus provided in the embodiments of the present application corresponds to the system login method provided in the embodiments of fig. 1 to 3, the implementation of the system login method is also applicable to the system login apparatus provided in the embodiments of the present application, and will not be described in detail in the embodiments of the present application.
Fig. 6 is a schematic structural diagram of a system login device according to a sixth embodiment of the present application.
As shown in fig. 8, the system login apparatus 600 is applied to an electronic device, and includes: a receiving generation module 601, a first sending module 602, and a second sending module 603.
The receiving and generating module 601 is configured to receive, by the first user authentication service center, user login information sent by the first front end, and generate first login credential information after the user login information is verified.
A first sending module 602, configured to send login notification information to a second user authentication service center by the first user authentication service center, so that the second user authentication service center generates temporary credential information after receiving the login notification information, and sends the temporary credential information to the first user authentication service center.
A second sending module 603, configured to send, by the first user authentication service center, the first login credential information and the temporary credential information to the first front end, where the first front end sends the temporary credential information to a second front end, so that after the second front end sends the temporary credential information to the second user authentication service center for verification, the second front end receives and stores the second login credential information sent by the second user authentication service center.
Further, in a possible implementation manner of the embodiment of the application, the storage module is configured to store the first login credential information by the first front end.
Further, in a possible implementation manner of the embodiment of the present application, the first skipping module is configured to skip to a display interface of the second front end according to the second system login address.
Further, in a possible implementation manner of the embodiment of the present application, the third sending module is configured to send the first system redirection address to the second front end, so that the second front end jumps to the display interface of the first front end according to the first system redirection address after receiving and storing the second login credential information sent by the second user authentication service center.
Further, in a possible implementation manner of the embodiment of the present application, the obtaining module is configured to obtain, by the first front end, a login address; and the first skipping module is used for skipping from the display interface of the first front end to the display interface of the second front end according to the login address so that the second front end performs operation processing according to the operation request when receiving the operation request.
Further, in a possible implementation manner of the embodiment of the present application, the system login apparatus 600 may further include:
the receiving processing module is used for the first user authentication service center to receive a user login information updating request, process the user login information updating request and acquire an account number to be updated and updating information;
and the updating module is used for updating the account to be updated by the first user authentication service center according to the updating information.
Further, in a possible implementation manner of the embodiment of the present application, the system login apparatus 600 may further include:
the first receiving module is used for the first user authentication service center to receive a user login information deleting request, process the user login information deleting request and acquire an account number to be deleted;
and the deleting module is used for deleting the account to be deleted by the first user authentication service center.
The system login device receives user login information sent by a first front end through a first user authentication service center, and generates first login credential information after the user login information is verified; the first user authentication service center sends login notification information to the second user authentication service center, so that the second user authentication service center generates temporary credential information and sends the temporary credential information to the first user authentication service center after receiving the login notification information; the first user authentication service center sends the first login credential information and the temporary credential information to the first front end, and the first front end sends the temporary credential information to the second front end, so that the second front end sends the temporary credential information to the second user authentication service center for verification, receives and stores the second login credential information sent by the second user authentication service center. Therefore, in a scene that different heterogeneous systems have independent user authentication service centers, the user login states are synchronized, single sign-on of the global system is achieved, the user can access all the systems through one-time login, repeated login of the user during switching among the systems is avoided, and user experience is improved.
Corresponding to the system login method provided in the embodiment of fig. 4, the present application also provides a system login apparatus, and since the system login apparatus provided in the embodiment of the present application corresponds to the system login method provided in the embodiment of fig. 4, the implementation manner of the system login method is also applicable to the system login apparatus provided in the embodiment of the present application, and is not described in detail in the embodiment of the present application.
Fig. 7 is a schematic structural diagram of a system login device according to a seventh embodiment of the present application.
As shown in fig. 7, the system login apparatus 700 is applied to a second system, and includes: a second receiving module 701, a receiving generating module 702 and a third receiving module 703.
A second receiving module 701, configured to receive, by the second user authentication service center, the login notification information sent by the first user authentication service center.
A receiving and generating module 702, configured to, after receiving the login notification information, the second user authentication service center generates temporary credential information and sends the temporary credential information to the first user authentication service center, so that the first user authentication service center sends the temporary credential information to a second front end through the first front end.
A third receiving module 703, configured to, after the second front end sends the temporary credential information to the second user authentication service center for verification, receive and store second login credential information sent by the second user authentication service center.
The system login device receives login notification information sent by a first user authentication service center through a second user authentication service center; after receiving the login notification information, the second user authentication service center generates temporary credential information and sends the temporary credential information to the first user authentication service center, so that the first user authentication service center sends the temporary credential information to the second front end through the first front end; and the second front end sends the temporary certificate information to a second user authentication service center for verification, and then receives and stores second login certificate information sent by the second user authentication service center. Therefore, in a scene that different heterogeneous systems have independent user authentication service centers, the user login states are synchronized, single sign-on of the global system is achieved, the user can access all the systems through one-time login, repeated login of the user during switching among the systems is avoided, and user experience is improved.
In order to implement the foregoing embodiments, the present application further provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the electronic device implements the system login method as set forth in any of the foregoing embodiments of the present application.
In order to implement the above embodiments, the present application also proposes a non-transitory computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements a system login method as proposed in any of the previous embodiments of the present application.
In order to implement the foregoing embodiments, the present application also proposes a computer program product, wherein when the instructions in the computer program product are executed by a processor, the system login method proposed by any one of the foregoing embodiments of the present application is executed.
FIG. 8 illustrates a block diagram of an exemplary electronic device or server suitable for use in implementing embodiments of the present application. The electronic device or server 12 shown in fig. 8 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 8, the electronic device or server 12 is in the form of a general purpose computing device. The components of the electronic device or server 12 may include, but are not limited to: one or more processors or processing units 16, a system memory 28, and a bus 18 that couples various system components including the system memory 28 and the processing unit 16.
The electronic device or server 12 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by the electronic device or server 12 and includes both volatile and nonvolatile media, removable and non-removable media.
A program/utility 40 having a set (at least one) of program modules 42 may be stored, for example, in memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 42 generally perform the functions and/or methodologies of the embodiments described herein.
The electronic device or server 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), with one or more devices that enable a user to interact with the electronic device or server 12, and/or with any devices (e.g., network card, modem, etc.) that enable the electronic device or server 12 to communicate with one or more other computing devices. Such communication may be through an input/output (I/O) interface 22. Also, the electronic device or server 12 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public Network such as the Internet) via the Network adapter 20. As shown, the network adapter 20 communicates with the electronic device or other module of the server 12 over the bus 18. It should be understood that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device or server 12, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The processing unit 16 executes various functional applications and data processing, for example, implementing the methods mentioned in the foregoing embodiments, by executing programs stored in the system memory 28.
In the description herein, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present application, "plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing steps of a custom logic function or process, and alternate implementations are included within the scope of the preferred embodiment of the present application in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present application.
The logic and/or steps represented in the flowcharts or otherwise described herein, e.g., an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. If implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present application may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc. Although embodiments of the present application have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present application, and that variations, modifications, substitutions and alterations may be made to the above embodiments by those of ordinary skill in the art within the scope of the present application.
Claims (19)
1. A system login method is characterized in that any system is provided with a corresponding front end and a user authentication service center, and the method is applied to a first system and comprises the following steps:
the first user authentication service center receives user login information sent by a first front end, and generates first login credential information after the user login information is verified;
the first user authentication service center sends login notification information to a second user authentication service center, so that the second user authentication service center generates temporary credential information and sends the temporary credential information to the first user authentication service center after receiving the login notification information;
the first user authentication service center sends the first login credential information and the temporary credential information to the first front end, and the first front end sends the temporary credential information to the second front end, so that the second front end receives and stores the second login credential information sent by the second user authentication service center after the temporary credential information is sent to the second user authentication service center for verification.
2. The system login method of claim 1,
the first front end stores the first login credential information.
3. The system login method of claim 1, wherein when the first front end sends the temporary credential information to a second front end, further comprising:
and jumping to a display interface at the second front end according to the second system login address.
4. The system login method of claim 1, wherein the first front end, when sending the temporary credential information to the second front end, further comprises:
and sending the first system redirection address to the second front end, so that the second front end jumps to a display interface of the first front end according to the first system redirection address after receiving and storing second login credential information sent by the second user authentication service center.
5. The system login method of claim 1, further comprising:
the first front end acquires a login address;
and jumping from the display interface of the first front end to the display interface of the second front end according to the login address so that the second front end performs operation processing according to the operation request when receiving the operation request.
6. The system login method of claim 1, further comprising:
the first user authentication service center receives a user login information updating request, processes the user login information updating request and acquires an account number to be updated and updating information;
and the first user authentication service center updates the account to be updated according to the updating information.
7. The system login method of claim 1, further comprising:
the first user authentication service center receives a user login information deleting request, processes the user login information deleting request and acquires an account to be deleted;
and the first user authentication service center deletes the account to be deleted.
8. A system login method is characterized in that any system is provided with a corresponding front end and a user authentication service center, and the method is applied to a second system and comprises the following steps:
the second user authentication service center receives login notification information sent by the first user authentication service center;
after receiving the login notification information, the second user authentication service center generates temporary credential information and sends the temporary credential information to the first user authentication service center, so that the first user authentication service center sends the temporary credential information to a second front end through the first front end;
and the second front end sends the temporary credential information to the second user authentication service center for verification, and then receives and stores second login credential information sent by the second user authentication service center.
9. A system login device is characterized in that any system is provided with a corresponding front end and a user authentication service center, the device is applied to a first system, and the method comprises the following steps:
the receiving and generating module is used for the first user authentication service center to receive user login information sent by the first front end, and generate first login credential information after the user login information is verified;
the first sending module is used for sending login notification information to a second user authentication service center by the first user authentication service center so that the second user authentication service center generates temporary credential information and sends the temporary credential information to the first user authentication service center after receiving the login notification information;
and the second sending module is used for sending the first login credential information and the temporary credential information to the first front end by the first user authentication service center, and sending the temporary credential information to the second front end by the first front end so that the second front end receives and stores the second login credential information sent by the second user authentication service center after sending the temporary credential information to the second user authentication service center for verification.
10. The system login apparatus of claim 9,
and the storage module is used for storing the first login credential information by the first front end.
11. The system login apparatus of claim 9, further comprising:
and the first jumping module is used for jumping to a display interface at the second front end according to the second system login address.
12. The system login apparatus of claim 9, further comprising:
and the third sending module is used for sending the first system redirection address to the second front end so that the second front end jumps to a display interface of the first front end according to the first system redirection address after receiving and storing second login credential information sent by the second user authentication service center.
13. The system login apparatus of claim 9, further comprising:
the acquisition module is used for acquiring a login address by the first front end;
and the first skipping module is used for skipping from the display interface of the first front end to the display interface of the second front end according to the login address so that the second front end performs operation processing according to the operation request when receiving the operation request.
14. The system login apparatus of claim 9, further comprising:
the receiving processing module is used for the first user authentication service center to receive a user login information updating request, process the user login information updating request and acquire an account number to be updated and updating information;
and the updating module is used for updating the account to be updated by the first user authentication service center according to the updating information.
15. The system login apparatus of claim 9, further comprising:
the first receiving module is used for the first user authentication service center to receive a user login information deleting request, process the user login information deleting request and acquire an account number to be deleted;
and the deleting module is used for deleting the account to be deleted by the first user authentication service center.
16. A system login device is characterized in that any system is provided with a corresponding front end and a user authentication service center, and the method is applied to a second system and comprises the following steps:
the second receiving module is used for the second user authentication service center to receive the login notification information sent by the first user authentication service center;
a receiving and generating module, configured to generate, by the second user authentication service center, temporary credential information after receiving the login notification information, and send the temporary credential information to the first user authentication service center, so that the first user authentication service center sends the temporary credential information to a second front end through the first front end;
and the third receiving module is used for receiving and storing the second login credential information sent by the second user authentication service center after the second front end sends the temporary credential information to the second user authentication service center for verification.
17. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the system login method according to any one of claims 1 to 7 or implements the system login method according to claim 8 when executing the program.
18. A non-transitory computer-readable storage medium on which a computer program is stored, the program, when executed by a processor, implementing the system login method according to any one of claims 1-7, or implementing the system login method according to claim 8.
19. A computer program product, characterized in that instructions in the computer program product, when executed by a processor, perform a system login method according to any one of claims 1-7 or implement a system login method according to claim 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110357400.8A CN113179254B (en) | 2021-04-01 | 2021-04-01 | System login method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110357400.8A CN113179254B (en) | 2021-04-01 | 2021-04-01 | System login method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113179254A true CN113179254A (en) | 2021-07-27 |
| CN113179254B CN113179254B (en) | 2023-03-24 |
Family
ID=76922739
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110357400.8A Active CN113179254B (en) | 2021-04-01 | 2021-04-01 | System login method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113179254B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114244607A (en) * | 2021-12-16 | 2022-03-25 | 建信金融科技有限责任公司 | Single sign-on method, system, device, medium, and program |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100146611A1 (en) * | 2008-12-09 | 2010-06-10 | Microsoft Corporation | Credential Sharing Between Multiple Client Applications |
| CN106254319A (en) * | 2016-07-22 | 2016-12-21 | 杭州华三通信技术有限公司 | A kind of light application log-in control method and device |
| CN111628965A (en) * | 2020-04-03 | 2020-09-04 | 北京奇艺世纪科技有限公司 | Cross-domain name login method and device |
| CN112333198A (en) * | 2020-11-17 | 2021-02-05 | 中国银联股份有限公司 | Secure cross-domain login method, system and server |
-
2021
- 2021-04-01 CN CN202110357400.8A patent/CN113179254B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100146611A1 (en) * | 2008-12-09 | 2010-06-10 | Microsoft Corporation | Credential Sharing Between Multiple Client Applications |
| CN106254319A (en) * | 2016-07-22 | 2016-12-21 | 杭州华三通信技术有限公司 | A kind of light application log-in control method and device |
| CN111628965A (en) * | 2020-04-03 | 2020-09-04 | 北京奇艺世纪科技有限公司 | Cross-domain name login method and device |
| CN112333198A (en) * | 2020-11-17 | 2021-02-05 | 中国银联股份有限公司 | Secure cross-domain login method, system and server |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114244607A (en) * | 2021-12-16 | 2022-03-25 | 建信金融科技有限责任公司 | Single sign-on method, system, device, medium, and program |
| CN114244607B (en) * | 2021-12-16 | 2023-06-30 | 建信金融科技有限责任公司 | Single sign-on method, system, device, medium, and program |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113179254B (en) | 2023-03-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109395400B (en) | Cross-game chat information processing method and device, electronic equipment and storage medium | |
| US8875269B2 (en) | User initiated and controlled identity federation establishment and revocation mechanism | |
| US11188560B2 (en) | Synchronizing object in local object storage node | |
| CN107666493B (en) | Database configuration method and equipment thereof | |
| JP6615997B2 (en) | Synchronization of server-side keyboard layout and client-side keyboard layout in virtual sessions | |
| CN107665141B (en) | Database configuration method and equipment thereof | |
| CN110139118B (en) | Function running method and device of application program, electronic equipment and storage medium | |
| CN107430514A (en) | Use the low latency application of multiserver | |
| US20120143943A1 (en) | Cloud service system and method, and recording medium | |
| US10855776B2 (en) | Method and device for managing sessions | |
| CN113179254B (en) | System login method and device, electronic equipment and storage medium | |
| CN107533596A (en) | Fingerprint identification method and mobile terminal | |
| CN113407286A (en) | Server remote management method and device | |
| CN112333289A (en) | Reverse proxy access method, device, electronic equipment and storage medium | |
| CN109241128A (en) | A kind of expired events automatic trigger method and system | |
| US20120023551A1 (en) | Information processing system, information processing apparatus, and computer-readable storage medium | |
| US11722550B2 (en) | Sharing an input device between remote desktops of multiple client devices | |
| CN108683586B (en) | Data processing method, device, medium and computing equipment in instant communication system | |
| CN114422236B (en) | Intelligent device access method and device and electronic device | |
| CN113893528A (en) | Game team processing method, game team processing device, game team processing medium, and electronic device | |
| CN114125732A (en) | Message processing method and device, storage medium and electronic equipment | |
| KR20230011126A (en) | Method and Apparatus for checking Integrated Equipment Based on Markup Language | |
| CN115277662B (en) | Proxy service switching test method, system, electronic equipment and readable medium | |
| CN111339188A (en) | Block chain-based media content processing method, apparatus, device, and medium | |
| CN111142820B (en) | Remote control method, device and system based on multiple screens |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |