CN113852622B - Single sign-on method, device, equipment and storage medium based on government affair application - Google Patents

Single sign-on method, device, equipment and storage medium based on government affair application Download PDF

Info

Publication number
CN113852622B
CN113852622B CN202111111218.0A CN202111111218A CN113852622B CN 113852622 B CN113852622 B CN 113852622B CN 202111111218 A CN202111111218 A CN 202111111218A CN 113852622 B CN113852622 B CN 113852622B
Authority
CN
China
Prior art keywords
application
login
group
government
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111111218.0A
Other languages
Chinese (zh)
Other versions
CN113852622A (en
Inventor
李祖金
罗新良
邹鹤良
陈劲鸿
王子战
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Digital Guangdong Network Construction Co Ltd
Original Assignee
Digital Guangdong Network Construction Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Digital Guangdong Network Construction Co Ltd filed Critical Digital Guangdong Network Construction Co Ltd
Priority to CN202111111218.0A priority Critical patent/CN113852622B/en
Publication of CN113852622A publication Critical patent/CN113852622A/en
Application granted granted Critical
Publication of CN113852622B publication Critical patent/CN113852622B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The embodiment of the invention discloses a single sign-on method, a single sign-on device, single sign-on equipment and a storage medium based on government affair application. The method comprises the following steps: acquiring a grouping authentication identifier carried in a login request of a target government application; if the group authentication identification is empty, or if the group authentication identification is non-empty and the group authentication identification is not matched with the group to which the target government application belongs, configuring the group authentication identification of the group to which the target government application belongs and the application authentication identification of the target government application to the login party according to the login information input by the login party; and if the group authentication identifier is non-null and the group authentication identifier is matched with the group to which the target government application belongs, configuring the application authentication identifier of the target government application to the login party. Single sign-on is executed among all government applications in the same group, the sign-on operation among all government applications in different groups is not affected, the group sign-on management of all government applications in single sign-on is realized, and the limitation of single sign-on of all-platform government applications is avoided.

Description

Single sign-on method, device, equipment and storage medium based on government affair application
Technical Field
The embodiment of the invention relates to the technical field of application login, in particular to a single sign-on method, device, equipment and storage medium based on government affair application.
Background
With the rapid development of digital governments, government applications for executing various government functions are gradually increased, so that users can log in each government application respectively by executing multiple login operations, and certain inconvenience is brought to the government applications. Therefore, a single sign-on mechanism is adopted to realize the sign-on between the multi-government applications, so that the sign-on operation of the multi-government applications is simplified.
At present, a full-platform mutual trust mechanism is established between all government applications, and then when a user logs in a certain government application in the full-platform government application for the first time, login information of the user is saved, and a verification function of login states is provided for other trusted government applications, so that single sign-on between all government applications of mutual trust is realized.
However, due to the variety of government applications, each government application has a certain difference on the login or logout time of the user, however, single sign-on between the government applications of full-platform mutual trust cannot adapt to the login differentiation requirement of each government application, so that the existing single sign-on mechanism has a certain limitation.
Disclosure of Invention
The embodiment of the invention provides a single sign-on method, device, equipment and storage medium based on government affair application, which realize grouping sign-on management of each government affair application in single sign-on, avoid the limitation of the single sign-on of the government affair application, realize grouping constraint of each government affair application aiming at single sign-on differentiation from grouping dimension on the basis of ensuring convenience of the single sign-on of the government affair application, and improve the safety of the single sign-on of the government affair application.
In a first aspect, an embodiment of the present invention provides a single sign-on method based on government affairs applications, which is applied to a central authentication server that dynamically stores grouping information to which each government affair application belongs, where the method includes:
acquiring a grouping authentication identifier carried in a login request of a target government application;
if the grouping authentication identification is empty, or if the grouping authentication identification is non-empty and the grouping authentication identification is not matched with the grouping to which the target government application belongs, configuring the grouping authentication identification of the grouping to which the target government application belongs and the application authentication identification of the target government application to the login party according to login information input by the login party so as to realize single sign-on of the target government application;
And if the group authentication identifier is not null and the group authentication identifier is matched with the group to which the target government application belongs, configuring the application authentication identifier of the target government application to the login party so as to realize single sign-on of the target government application.
In a second aspect, an embodiment of the present invention provides a single sign-on device based on government affairs applications, configured in a central authentication server that dynamically stores grouping information to which each government affair application belongs, where the device includes:
the login request analysis module is used for acquiring a grouping authentication identifier carried in a login request of the target government application;
the first login module is used for configuring the group authentication identifier of the group to which the target government application belongs and the application authentication identifier of the target government application to the login party according to login information input by the login party if the group authentication identifier is empty or if the group authentication identifier is non-empty and the group authentication identifier is not matched with the group to which the target government application belongs so as to realize single sign-on of the target government application;
and the second login module is used for configuring the application authentication identifier of the target government application to the login party if the group authentication identifier is non-null and the group authentication identifier is matched with the group to which the target government application belongs so as to realize single sign-on of the target government application.
In a third aspect, an embodiment of the present invention provides a computer apparatus, including:
one or more processors;
a storage means for storing one or more programs;
and when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the single sign-on method based on government affairs application according to any embodiment of the present invention.
In a fourth aspect, an embodiment of the present invention provides a computer readable storage medium, where a computer program is stored, where the program when executed by a processor implements the single sign-on method based on government applications according to any embodiment of the present invention.
The embodiment of the invention provides a single sign-on method, a device, equipment and a storage medium based on government affair applications, wherein the grouping information of each government affair application is dynamically stored through a central authentication server, so that when a sign-on request of any target government affair application is sent to the central authentication server, the sign-on request is required to carry a corresponding grouping authentication identifier. At this time, if the group authentication identifier is null or the group authentication identifier is non-null, but the group authentication identifier is not matched with the group to which the target government application belongs, which means that the login party logs in for the first time, the login party is required to actively input login information, and the group authentication identifier of the group to which the target government application belongs and the application authentication identifier of the target government application are configured to the login party according to the login information, so as to realize single sign-on of the target government application; however, if the group authentication identifier is not null and the group authentication identifier is matched with the group to which the target government application belongs, which means that the login party is not first logged in to the group to which the target government application belongs, the application authentication identifier of the target government application is directly configured to the login party without the login party executing the actively inputted login operation, so as to realize single sign-on of the target government application. The group authentication identifier of the group to which the target government application belongs is configured to the login party, and the group authentication identifier is carried in a login request initiated to the central authentication server, so that single sign-on is executed among the government applications in the same group, login operations among the government applications in different groups are not affected, group login management during single sign-on of the government applications is realized, the limitation of single sign-on of the government applications in a whole platform is avoided, on the basis of ensuring single sign-on convenience of the government applications, grouping constraint of the government applications aiming at single sign-on differentiation is realized from grouping dimensions, and the safety of single sign-on of the government applications is improved.
Drawings
Other features, objects and advantages of the present invention will become more apparent upon reading of the detailed description of non-limiting embodiments, made with reference to the accompanying drawings in which:
fig. 1 is a schematic diagram of a scenario suitable for a single sign-on method based on government applications according to an embodiment of the present invention;
fig. 2 is a flowchart of a single sign-on method based on government affair application according to an embodiment of the present invention;
fig. 3 is a flowchart of a single sign-on method based on government affair application according to a second embodiment of the present invention;
fig. 4 is a flowchart of a single sign-on method based on government affair application according to a third embodiment of the present invention;
fig. 5A is a signaling interaction diagram of a single sign-on of a government application according to a fourth embodiment of the present invention;
fig. 5B is a signaling interaction diagram of a government application logout operation provided in a fourth embodiment of the present invention;
fig. 6 is a schematic structural diagram of a single sign-on device based on government affairs application according to a fifth embodiment of the present invention;
fig. 7 is a schematic structural diagram of a computer device according to a sixth embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting thereof. It should be further noted that, for convenience of description, only some, but not all of the structures related to the present invention are shown in the drawings.
The embodiment of the invention mainly aims at the problem that single sign-on among all-platform mutually trusted government applications cannot adapt to the login differentiation requirements of all government applications, so that a single sign-on mechanism has certain limitation, a central authentication server is provided outside all government applications, all government applications are divided into a plurality of groups according to the login and logout differentiation requirements of all government applications, and the group information of all government applications is dynamically stored in the central authentication server, so that the central authentication server configures the group authentication identifier of the completed first login for a login party, single sign-on is executed among all government applications in the same group, the login operation among all government applications in different groups is not influenced, the group login management of all government applications in single sign-on is realized, and the limitation of single sign-on of all-platform government applications is avoided.
Fig. 1 is a schematic diagram of a scenario suitable for a single sign-on method based on government affairs applications according to an embodiment of the present invention, which is applicable to a scenario for single sign-on of each government affair application. As shown in fig. 1, a scenario to which the single sign-on method based on the government affair application is applicable may include a central authentication server 10 and two or more government affair applications 20.
Specifically, the login packets can be divided into three types of non-single sign-on groups, full single sign-on groups and custom single sign-on groups. When each member application in the non-single sign-on group performs a login operation, the central authentication Server 10 (denoted as cas_server) will not set the logged-in authentication information (such as Cookie information) in the browser of the login party, so that when the rest member applications in the non-single sign-on group perform the login operation, the cas_server will perform a forced login page jump, and will not perform single sign-on. When each member application in the full single sign-on group performs a login operation, the member applications match Cookie information set during the first login, so that other member applications in the full single sign-on group skip the login operation and perform single sign-on.
At this time, each member application in the non-single sign-on group can force the original login page to jump, so that the convenience of application login is greatly affected; the single sign-on of each member application in the full single sign-on group cannot adapt to the sign-on differentiation requirement of each application, and has certain limitation.
Therefore, the embodiment of the invention mainly describes single sign-on of the custom single sign-on group.
Specifically, according to the login and logout differentiated requirements of each government application 20, each government application 20 may be divided into a plurality of groups (recorded as groups), and the Group information of each government application 20 is dynamically stored in the central authentication server 10. At this time, by setting packet authentication information (such as Cookie information) of a packet to which a certain logged-in application belongs to a login party, it is possible to make the government applications 20 in the same packet execute single sign-on operation and unified log-out operation, while log-in and log-out operations between the government applications 20 in different packets do not affect each other, so that on the basis of ensuring convenience of single sign-on of the government applications, packet constraint of each government application for single sign-on differentiation is realized from a packet dimension, packet sign-on management of the government applications during single sign-on is realized, and limitation of single sign-on of the government applications of all platforms is avoided.
In addition, in order to adaptively adjust the grouping divided by each government application, the central authentication server 10 may perform visual grouping configuration on grouping information of each government application 20 through a background management platform, so as to implement dynamic grouping adjustment during single sign-on of each government application.
The specific single sign-on procedure for each government application within the belonging group is described in detail by the following examples.
Example 1
Fig. 2 is a flowchart of a single sign-on method based on government affair application according to an embodiment of the present invention. The embodiment is applicable to the situation of performing single sign-on any government application, and can be applied to the center authentication server provided by the embodiment which dynamically stores grouping information of each government application. The single sign-on method based on the government affair application provided by the embodiment of the invention can be implemented by the single sign-on based on the government affair application, and the device can be implemented in a software and/or hardware mode and is integrated in computer equipment for executing the method.
Specifically, referring to fig. 2, the method specifically includes the following steps:
s110, acquiring a group authentication identifier carried in a login request of the target government application.
Optionally, when any target government application in the login direction initiates access, a corresponding access request is first sent to the target government application, and the access request carries an application authentication identifier (e.g. Cookie information) configured by the target government application to the login party, and whether single sign-on can be realized in the target government application is analyzed through the application authentication identifier.
At this time, if the login party does not access the target government application for the first time, which means that the target government application has been configured with a corresponding application authentication identifier when logging in for the first time, the application authentication identifier carried in the access request is not null, and the target government application can implement single sign-on of the target government application by verifying the application authentication identifier carried in the access request. However, if the target government application is accessed by the login party for the first time, which means that the target government application has not configured the corresponding application authentication identifier on the login party, the application authentication identifier carried in the access request is empty, and the target government application cannot directly realize single sign-on. Therefore, the target government application initiates a corresponding redirection request to the central authentication server, so that the single sign-on operation of the target government application is analyzed and executed through the central authentication server.
In this embodiment, when the login request of the target government application may be that the application authentication identifier carried in the access request initiated by the target government application in the login direction is empty, the target government application initiates a redirection request to the central authentication server, where the redirection request includes a redirection notification corresponding to feedback of the target government application to the login party, so that the login party initiates an access request to the central authentication server for accessing the target government application according to the redirection notification.
In this embodiment, when receiving a login request of a target government application, a central authentication server first analyzes a group authentication identifier of a group to which each government application that has logged in by a login party carried in the login request belongs, and then can determine a type of the login party for the current login of the target government application according to the group authentication identifier, so as to accurately execute a single sign-on operation set under the type.
The login of any target government application by the login party executed by the central authentication server can be divided into three categories, namely, first login for all government applications in a group, login for government applications in other groups after the government applications in a group are logged in, and login for other government applications in the same group after the government applications in a group are logged in.
It should be noted that, the group authentication identifier in this embodiment may be configured in a key-value pair (key is a group name of a group to which the logged-in party has logged in an application, and value is a string, in which the encrypted application identifier of each government application that the logged-in party has logged in the group and indicated by the group name. For example, if the registrar has registered a number of government applications within Group1 (Group 1) and a number of government applications within Group2 (Group 2), and the encrypted string is W2FwcDEsYXBwM for the application identification of a number of government applications within Group1 (Group 1), and the encrypted string is W2FwcDEsYXBwMl0 for the application identification of a number of government applications within Group1 (Group 2), then the configured Group authentication identification of the registrar is Cookie: group1 = W2FwcDEsYXBwM; group2=w2 fwcdesyxmml 0.
In addition, by analyzing the login request of the target government application, signature information and application identification of the target government application are obtained, and the target government application can be subjected to preliminary identity verification through the signature information and the application identification so as to ensure safe login of the target government application. The signature information of the target government application can be formed by arranging an application identifier, an application key, a time stamp and random noise according to a contracted arrangement mode to obtain a corresponding character string and encrypting the character string by utilizing an asymmetric encryption algorithm.
S120, judging whether the group authentication mark is empty, if so, executing S150; if not, S130 is performed.
By judging whether the group authentication mark is empty, whether the login party is logged in a certain group internal administration application before the login party logs in the target government administration application at the time can be analyzed. If the group authentication identifier is null, which indicates that the login party has not configured any group authentication identifier of the group (such as Cookie information of a certain group), that is, the login party logs in the target government application for the first time for all government applications in the group, then a common page login operation and a configuration operation of the group authentication identifier and the application authentication identifier of the target government application in the login party need to be executed so as to realize single sign-on of all government applications in the same group.
However, if the group authentication identifier is not null, which indicates that the login party has logged in a certain group internal administration application and has configured the group authentication identifier of the group, it is necessary to further determine whether the login party logs in the other group internal administration applications outside the logged-in group or the other group internal administration applications within the same group within the logged-in group for the purpose of accurately executing the single sign-on procedure set under the category to which the login party belongs.
S130, judging whether the grouping authentication identifier is matched with a grouping to which the target government application belongs, if so, executing S140; if not, execution proceeds to S150.
After the grouping authentication identifier is determined to be non-empty, whether the grouping authentication identifier is matched with the grouping to which the target government application belongs or not is judged, so that the category to which the login party logs in the target government application for the time is further judged. At this time, by comparing whether the group name indicated by the key in the group authentication identifier is the same as the group name of the group to which the target government application belongs, it is possible to determine whether the group authentication identifier and the group to which the target government application belongs match.
And if the group authentication identifier is matched with the group to which the target government affair application belongs, the login party logs in the target government affair application this time as the login of other government affair applications in the same group facing the logged-in group. And if the group authentication identifier is not matched with the group to which the target government affair application belongs, the login party logs in the target government affair application in the other groups except the logged-in group.
And S140, configuring an application authentication identifier of the target government affair application to the login party so as to realize single sign-on of the target government affair application.
In this embodiment, if the packet authentication identifier is not null and the packet authentication identifier is matched with the packet to which the target government application belongs, it is described that the current login of the target government application by the login party belongs to the login of other government applications in the same packet facing the logged-in packet, for example, the login party has logged in to the government application 1 (denoted as grou1_app1) in the packet 1, and continues to log in to the government application 2 (denoted as grou1_app2) in the packet 1. Therefore, on the basis that the login party is configured with the grouping authentication identifier of the grouping to which the target government application belongs, the application authentication identifier of the target government application can be further configured directly to the login party, and an application page of the target government application is returned to the login party, so that the login party is not required to actively execute the login operation in the login page, and single sign-on of the target government application is realized.
In addition, because the configured group authentication identifier of the login party contains the encrypted character string of the application identifier of each logged-in application in the group, the embodiment also updates the group authentication identifier of the group to which the target government application belongs, which is configured in the browser of the login party, according to the application identifier of the target government application, so that the application identifier of the target government application is newly added in the group authentication identifier of the group to which the target government application belongs, thereby ensuring the configuration accuracy of the group authentication identifier.
S150, according to login information input by a login party, configuring a group authentication identifier of a group to which the target government affair application belongs and an application authentication identifier of the target government affair application to the login party so as to realize single sign-on of the target government affair application.
In this embodiment, if the packet authentication identifier is null, or if the packet authentication identifier is not null and the packet authentication identifier does not match with the packet to which the target government application belongs, it is stated that the current login of the target government application by the login party belongs to the first login of the login party in the packet to which the target government application belongs, for example, the login party does not log in any government application, directly logs in to the target government application, or the login party logs in to the government application 1 in the packet 1 (denoted as grou1_app1), continues to log in to the government application 1 in the packet 2 (denoted as grou2_app1), and the government application 1 in the packet 2 is the target government application in this embodiment.
Therefore, whether the login party successfully logs in the target authentication application or not is ensured by informing the login party to actively input login information when the login party is registered in the target authentication application and then verifying the login information, so that a complete common login operation is performed on the target government application. At this time, after the login information input by the login device passes the verification, the group authentication identifier of the group to which the target government application belongs and the application authentication identifier of the target government application are sent to the login party, so that the login party directly configures the group authentication identifier of the group to which the target government application belongs and the application authentication identifier of the target government application in the browser, and performs the single sign-on operation of S140 on other government applications in the group to which the target government application belongs, thereby realizing the group login management during single sign-on of each government application.
According to the technical scheme provided by the embodiment, the central authentication server dynamically stores the grouping information of each government application, so that when a login request of any target government application is sent to the central authentication server, the login request is required to carry a corresponding grouping authentication identifier. At this time, if the group authentication identifier is null or the group authentication identifier is non-null, but the group authentication identifier is not matched with the group to which the target government application belongs, which means that the login party logs in for the first time, the login party is required to actively input login information, and the group authentication identifier of the group to which the target government application belongs and the application authentication identifier of the target government application are configured to the login party according to the login information, so as to realize single sign-on of the target government application; however, if the group authentication identifier is not null and the group authentication identifier is matched with the group to which the target government application belongs, which means that the login party is not first logged in to the group to which the target government application belongs, the application authentication identifier of the target government application is directly configured to the login party without the login party executing the actively inputted login operation, so as to realize single sign-on of the target government application. The group authentication identifier of the group to which the target government application belongs is configured to the login party, and the group authentication identifier is carried in a login request initiated to the central authentication server, so that single sign-on is executed among the government applications in the same group, login operations among the government applications in different groups are not affected, group login management during single sign-on of the government applications is realized, the limitation of single sign-on of the government applications in a whole platform is avoided, on the basis of ensuring single sign-on convenience of the government applications, grouping constraint of the government applications aiming at single sign-on differentiation is realized from grouping dimensions, and the safety of single sign-on of the government applications is improved.
Example two
Fig. 3 is a flowchart of a single sign-on method based on government affair application according to a second embodiment of the present invention. The embodiment of the invention is optimized based on the embodiment. Optionally, the embodiment mainly explains the specific execution process of single sign-on of the target government application under different categories in detail.
Specifically, referring to fig. 3, the method of this embodiment may specifically include:
s210, acquiring a group authentication identifier carried in a login request of a target government application.
S220, judging whether the group authentication mark is empty, if so, executing S250; if not, S230 is performed.
S230, judging whether the grouping authentication identifier is matched with a grouping to which the target government application belongs, if so, executing S240; if not, S250 is performed.
S240, adding an application identifier of the target government application in a group authentication identifier of a group to which the target government application belongs, and initiating a corresponding redirection verification request to the target government application so as to configure an application authentication identifier of the target government application for a login party when the target government application passes credential verification in the redirection verification request.
Optionally, if the group authentication identifier is non-null and the group authentication identifier is matched with the group to which the target government application belongs, it is described that the current login of the target government application belongs to the login of other government applications in the same group facing the logged-in group, so that the login party does not need to execute any actively triggered login operation, the application identifier of the target government application is directly added into each logged-in application included in the group authentication identifier of the group to which the target government application belongs, and the application identifiers of all logged-in applications in the group to which the target government application belongs are re-encrypted to update the group authentication identifier of the group to which the target government application belongs, which is configured by the login party, so as to ensure the accuracy of the group authentication identifier.
And then, after passing the login authentication of the group to which the target government application belongs, the center authentication server generates a corresponding certificate, and initiates a corresponding redirection authentication request to the target government application by taking the certificate as a request parameter, so that the target government application verifies the validity of the certificate carried in the redirection authentication request to the center authentication server, and the target government application is subjected to secondary login authentication. Furthermore, when the target government application passes the credential verification in the redirection verification request, the application authentication identifier of the target government application can be configured in the browser of the login party. Moreover, the login states of the group to which the target government application belongs and the target government application can be cached through the Redis database, so that when the group authentication information or the application authentication information carried in the login request is received later, the corresponding login states can be queried from the Redis database to judge whether the corresponding login operation is finished or not, and single sign-on among the same group government applications is realized.
S250, if the target government application passes the signature verification in the login request, controlling the login party to enter a preset application login page so as to acquire login information input by the login party in the application login page.
Optionally, if the group authentication identifier is null, or if the group authentication identifier is non-null and the group authentication identifier is not matched with the group to which the target government application belongs, the login party is described as belonging to the first login of the login party in the group to which the target government application belongs. At this time, the central authentication server verifies the signature of the target government application carried in the login request to determine the validity of the target government application. After the target government application passes signature verification in the login request, the login party is directly controlled to jump into a preset application login page, so that the login party actively inputs login information such as an account password and the like registered by the login party in the target government application in the application login page, and the login information input by the login party in the application login page is obtained, so that the login verification is carried out on the target government application by using the login information.
S260, if the login information input by the login party passes the login verification, configuring a group authentication identifier of a group to which the target government application belongs to the login party, and initiating a corresponding redirection verification request to the target government application, so as to configure an application authentication identifier of the target government application to the login party when the target government application passes the credential verification in the redirection verification request.
After login information input by a login party passes login verification, the login party is indicated to be capable of successfully logging in the target government application, so that a complete common login operation is executed on the target government application, a group authentication identifier of a group to which the target government application belongs is sent to the login party, the login party is enabled to directly configure the group authentication identifier of the group to which the target government application belongs in a browser, and single-point login operation of S140 is executed on other government applications in the group to which the target government application belongs, and therefore group login management during single-point login of each government application is achieved.
And then, after the central authentication server configures the group authentication identifier of the group to which the target government application belongs to the login party, generating a corresponding certificate, taking the certificate as a request parameter, and initiating a corresponding redirection authentication request to the target government application, so that the target government application verifies the validity of the certificate carried in the redirection authentication request to the central authentication server, and the target government application is subjected to secondary login authentication. Furthermore, when the target government application passes the certificate verification in the redirection verification request, the application authentication identifier of the target government application can be configured in the browser of the login party, so that single sign-on among the government applications in the same group is realized.
According to the technical scheme provided by the embodiment, when the grouping authentication identifier of the grouping to which the target government application belongs and the application authentication identifier of the target government application are configured for the login party, the grouping authentication identifier is updated in real time, and the certificate verification is performed on the target government application, so that the accuracy of the grouping authentication identifier of the grouping to which the target government application belongs and the application authentication identifier of the target government application is ensured, and the security of single sign-on of the government application is improved.
Example III
Fig. 4 is a flowchart of a single sign-on method based on government affair application according to a third embodiment of the present invention. The embodiment of the invention is optimized based on the embodiment. Optionally, the embodiment mainly explains the specific logout process of the target government application under different groups in detail.
Specifically, referring to fig. 4, the method of this embodiment may specifically include:
s310, acquiring a group authentication identifier carried in a login request of a target government application.
S320, judging whether the group authentication mark is empty, if so, executing S350; if not, S330 is performed.
S330, judging whether the grouping authentication identifier is matched with a grouping to which the target government application belongs, if so, executing S340; if not, S350 is performed.
S340, configuring an application authentication identifier of the target government affair application to the login party so as to realize single sign-on of the target government affair application.
S350, according to login information input by a login party, configuring a group authentication identifier of a group to which the target government affair application belongs and an application authentication identifier of the target government affair application to the login party so as to realize single sign-on of the target government affair application.
S360, screening the target group authentication identification of the group to which the target government application belongs from the group authentication identification carried in the logout request of the target government application so as to decode the logged-in government application in the group to which the target government application belongs.
Optionally, after the login party successfully logs in any target government application, a login operation is further performed on the target government application, and at this time, the login party is converted into the login party. When any target government affair application in the logout direction initiates a logout instruction, the target government affair application responds to the logout instruction and initiates a redirection request corresponding to the logout instruction to the center authentication server so as to analyze and execute the logout operation of the target government affair application through the center authentication server.
The logout request of the target government application in this embodiment may be a redirection request initiated by the target government application to the central authentication server according to a logout instruction initiated by the logout party, where the redirection request includes a corresponding redirection notification fed back by the target government application to the logout party, so that the logout party initiates a logout request for the logout target government application to the central authentication server according to the redirection notification.
In this embodiment, when receiving a logout request of a target government application, a central authentication server first analyzes a packet authentication identifier of a configured packet to which each logged-in government application belongs, which is carried in the logout request, and screens out a target packet authentication identifier of a packet to which the target government application belongs from the packet authentication identifiers of the packets to which each logged-in government application belongs. And then decoding the value in the authentication identifier of the target group to obtain the application identifier of each logged-in government affair application in the group to which the target government affair application belongs, so as to execute unified log-out operation on each logged-in government affair application in the group to which the target government affair application belongs.
In addition, by analyzing the logout request of the target government application, signature information and application identification of the target government application are obtained, and the target government application can be subjected to preliminary identity verification through the signature information and the application identification so as to ensure the logout legitimacy of the target government application.
And S370, forwarding a log-out request to each logged-in government application to remove the configured application authentication identifier of each logged-in government application on a log-out party.
In order to ensure the uniformity of the logout operation of each government application in the same group, after each logged-in government application in the group to which the target government application belongs is decoded, the embodiment forwards a corresponding logout request to each logged-in government application so as to ensure that each logged-in government application in the group to which the target government application belongs can execute the uniform logout operation, and eliminates the application authentication identifier configured on the logout side of each logged-in government application, so that the corresponding application authentication identifier is continuously configured by executing the common page login operation in the next login, and the security of each login of each government application is ensured.
And S380, after the log-out of each logged-in government affair application is completed, clearing the configured group authentication identifier of the group to which the target government affair application belongs on the log-out party.
After the unified logout of each logged-in government application in the group to which the target government application belongs is completed, the group authentication identifier configured on the logout party of the group to which the target government application belongs is also cleared, so that the corresponding group authentication identifier is continuously configured by executing the common page login operation when a certain government application in the group is logged in next time, and the security of each government application login is ensured. At this time, for each government application in the other group except the group to which the target government application belongs, the logout party is still configured with the group authentication identifier of the other group in which the logged-in government application exists, and the single sign-on state of each logged-in government application in the other group can still be maintained, so that the group login management of each government application is realized.
Moreover, when the target government application is successfully logged in, if the group to which the target government application belongs and the login state of the target government application are cached, after the login of each logged-in government application is completed, the group to which the target government application belongs and the login state of the target government application are cleared.
According to the technical scheme provided by the embodiment, the target group authentication identifier of the group to which the target government application belongs is decoded to obtain each logged-in government application in the group to which the target government application belongs, and then a log-out request is forwarded to each logged-in government application to remove the application authentication identifier configured on a log-out party of each logged-in government application, so that unified log-out of each logged-in government application in the same group is realized. And after the log-out of each logged-in government affair application is completed, the group authentication identifier configured on the log-out party of the group to which the target government affair application belongs is cleared, and the security of each re-login after the log-out of each government affair application is ensured.
Example IV
Fig. 5A is a signaling interaction diagram of single sign-on of a government application provided in a fourth embodiment of the present invention, and fig. 5B is a signaling interaction diagram of sign-out operation of a government application provided in a fourth embodiment of the present invention. The embodiment of the invention is optimized based on the embodiment. By way of example, if the government application 1 in the Group1 is denoted as group1_app1, the government application 2 in the Group1 is denoted as group1_app2, and the government application 1 in the Group2 is denoted as group2_app1, the embodiment will exemplarily describe a specific single sign-on procedure under three categories to which the login party logs in the target government application for the time through the above three government applications, and will exemplarily describe a specific sign-on procedure of the logged-in government application.
Alternatively, as shown in fig. 5A, the registration of a registration party for any target government application may be classified into three categories, namely, first registration for all government applications in a group, registration for government applications in a group that have already been registered and registration for government applications in other groups, and registration for other government applications in the same group that have already been registered, where a specific single sign-on procedure under each category is described below:
1) First login for government application in all groups
When the login party needs to access the group1_app1, firstly, an access request is sent to the group1_app1 through the login party browser, and when the application authentication identifier of the group1_app1 is not analyzed from the access request, a redirection notification is fed back to the login party browser, and the login party browser sends a login request to the central authentication server to redirect to the central authentication server. And then, the central authentication server performs identity verification on the Group1_App1 according to the signature information and the application identifier of the Group1_App1 carried in the login request, reads the Group authentication identifier carried in the login request as empty after the successful identity verification, and further controls the login side browser to jump into a preset application login page.
The login side browser sends login information input in the application login page to the center authentication server, the center authentication server verifies the login information, and after verification, a grouping authentication identifier (Cookie information) of a grouping to which the Group1_App1 belongs is configured in the login side browser. Meanwhile, the central authentication server generates a credential of Group1_App1 and redirects the credential to Group1_App1, the Group1_App1 verifies the validity of the credential to the central authentication server, and configures an application authentication identifier (another Cookie information) of Group1_App1 in a login side browser after passing the credential verification, and displays an application page of Group1_App1 to the login side browser to realize single sign-on of Group1_App1.
2) Logging of other government applications in same group facing logged-in group
After the login party logs in the Group1_App1, when the login party needs to continuously access the Group1_App2, the login party browser sends an access request to the Group1_App2, the Group1_App2 does not analyze the application authentication identifier of the Group1_App2 from the access request, and the application authentication identifier is redirected to the central authentication server side, so that the central authentication server side receives the login request of the Group1_App2. Then, the central authentication server performs identity verification on the Group1_App2 according to the signature information and the application identifier of the Group1_App2 carried in the login request, and reads the logged-in information of the Group authentication identifier Group1 carried in the login request after the successful identity verification, thereby indicating that the Group1_App2 belongs to the logged-in Group1.
Therefore, the login side browser does not need to execute page login operation, the central authentication server updates the application identifier of the Group1_App2 into the Group authentication identifier of the Group1, generates the credential of the Group1_App2 and redirects the credential to the Group1_App2. And verifying the validity of the certificate from the Group1_App2 to the central authentication server, configuring an application authentication identifier of the Group1_App2 in the login side browser after the certificate is verified, and displaying an application page of the Group1_App2 in the login side browser to realize single sign-on of the Group1_App2.
3) Logging of government applications in other groups than logged-on groups
After the login party logs in the Group1_App1, when the login party needs to continuously access the Group2_App1, the login party browser sends an access request to the Group2_App1, the Group2_App1 does not analyze the application authentication identifier of the Group2_App1 from the access request, and the application authentication identifier is redirected to the central authentication server side, so that the central authentication server side receives the login request of the Group2_App1. Then, the central authentication server performs identity verification on the Group2_app1 according to the signature information and the application identifier of the Group2_app1 carried in the login request, reads the logged-in information of the Group1 as the Group authentication identifier carried in the login request after the successful identity verification, and does not have the logged-in information of the Group2, which means that the Group2_app1 belongs to the Group2 and does not have the logged-in state, so that the same single sign-on operation is performed on the Group2_app1 according to the specific login process of the Group1_app1, and after the single sign-on of the Group2_app1 is completed, the single sign-on of each government application in the Group2 can be realized, thereby realizing the Group sign-on management of each government application during the single sign-on.
Optionally, as shown in fig. 5B, after the login party successfully logs in to any target government application, a login operation is further performed on the target government application, for example, a login operation is performed on the group1_app1.
When the logout party needs to logout the Group1_App1, a logout instruction is sent to the Group1_App1 through a browser of the logout party, and the Group1_App1 redirects the logout instruction to the central authentication server, so that the central authentication server receives a logout request of the logout party to the Group1_App1. And then, the central authentication server performs identity verification on the Group1_App1 according to the signature information and the application identifier of the Group1_App1 carried in the logon request, screens out the target Group authentication identifier of the Group to which the Group1_App1 belongs from the Group authentication identifier carried in the logon request after the identity verification is successful, and decodes the target Group authentication identifier to obtain each logged-in government application Group1_Appn in the Group to which the Group1_App1 belongs.
Furthermore, the central authentication server sends the logout request to each logged-in government application Group1_app_n in the Group to which Group1_app1 belongs, so that each logged-in government application Group1_app_n in the Group to which Group1_app1 belongs can execute unified logout operation, clears the application authentication identifier of each logged-in government application Group1_app_n and the target Group authentication identifier of the Group to which Group1_app1 belongs in the login browser, and displays the application login page of Group1_app1 in the login browser, thereby completing unified logout of each logged-in government application Group1_app_n in the Group to which Group1_app1 belongs.
According to the technical scheme provided by the embodiment, the central authentication server dynamically stores the grouping information of each government application, so that when a login request of any target government application is sent to the central authentication server, the login request is required to carry a corresponding grouping authentication identifier. At this time, if the group authentication identifier is null or the group authentication identifier is non-null, but the group authentication identifier is not matched with the group to which the target government application belongs, which means that the login party logs in for the first time, the login party is required to actively input login information, and the group authentication identifier of the group to which the target government application belongs and the application authentication identifier of the target government application are configured to the login party according to the login information, so as to realize single sign-on of the target government application; however, if the group authentication identifier is not null and the group authentication identifier is matched with the group to which the target government application belongs, which means that the login party is not first logged in to the group to which the target government application belongs, the application authentication identifier of the target government application is directly configured to the login party without the login party executing the actively inputted login operation, so as to realize single sign-on of the target government application. The group authentication identifier of the group to which the target government application belongs is configured to the login party, and the group authentication identifier is carried in a login request initiated to the central authentication server, so that single sign-on is executed among the government applications in the same group, login operations among the government applications in different groups are not affected, group login management during single sign-on of the government applications is realized, the limitation of single sign-on of the government applications in a whole platform is avoided, on the basis of ensuring single sign-on convenience of the government applications, grouping constraint of the government applications aiming at single sign-on differentiation is realized from grouping dimensions, and the safety of single sign-on of the government applications is improved.
Example five
Fig. 6 is a schematic structural diagram of a single sign-on device based on government affairs application provided in the fifth embodiment of the present invention, which is configured in the central authentication server provided in the above embodiment and dynamically storing grouping information of each government affair application, as shown in fig. 6, the device may include:
the login request analysis module 610 is configured to obtain a packet authentication identifier carried in a login request of a target government application;
a first login module 620, configured to configure, according to login information input by a login party, a group authentication identifier of a group to which the target government application belongs and an application authentication identifier of the target government application to the login party, if the group authentication identifier is null, or if the group authentication identifier is non-null and the group authentication identifier is not matched with the group to which the target government application belongs, so as to implement single sign-on of the target government application;
and the second login module 630 is configured to configure an application authentication identifier of the target government application to the login party if the packet authentication identifier is non-null and the packet authentication identifier is matched with a packet to which the target government application belongs, so as to implement single sign-on of the target government application.
According to the technical scheme provided by the embodiment, the central authentication server dynamically stores the grouping information of each government application, so that when a login request of any target government application is sent to the central authentication server, the login request is required to carry a corresponding grouping authentication identifier. At this time, if the group authentication identifier is null or the group authentication identifier is non-null, but the group authentication identifier is not matched with the group to which the target government application belongs, which means that the login party logs in for the first time, the login party is required to actively input login information, and the group authentication identifier of the group to which the target government application belongs and the application authentication identifier of the target government application are configured to the login party according to the login information, so as to realize single sign-on of the target government application; however, if the group authentication identifier is not null and the group authentication identifier is matched with the group to which the target government application belongs, which means that the login party is not first logged in to the group to which the target government application belongs, the application authentication identifier of the target government application is directly configured to the login party without the login party executing the actively inputted login operation, so as to realize single sign-on of the target government application. The group authentication identifier of the group to which the target government application belongs is configured to the login party, and the group authentication identifier is carried in a login request initiated to the central authentication server, so that single sign-on is executed among the government applications in the same group, login operations among the government applications in different groups are not affected, group login management during single sign-on of the government applications is realized, the limitation of single sign-on of the government applications in a whole platform is avoided, on the basis of ensuring single sign-on convenience of the government applications, grouping constraint of the government applications aiming at single sign-on differentiation is realized from grouping dimensions, and the safety of single sign-on of the government applications is improved.
Further, the first login module 620 may be specifically configured to:
if the login information input by the login party passes the login verification, configuring a group authentication identifier of a group to which the target government application belongs to the login party, and initiating a corresponding redirection verification request to the target government application, so as to configure an application authentication identifier of the target government application to the login party when the target government application passes the credential verification in the redirection verification request.
Further, the single sign-on device based on government affair application may further include:
and the login page entering module is used for controlling the login party to enter a preset application login page if the target government application passes the signature verification in the login request so as to acquire login information input by the login party in the application login page.
Further, the second login module 630 may be specifically configured to:
and adding an application identifier of the target government application in a group authentication identifier of a group to which the target government application belongs, and initiating a corresponding redirection verification request to the target government application so as to configure the application authentication identifier of the target government application for the login party when the target government application passes the credential verification in the redirection verification request.
Further, the single sign-on device based on government affair application may further include:
the logout request analysis module screens the target group authentication identifier of the group to which the target government application belongs from the group authentication identifiers carried in the logout request of the target government application so as to decode the logged-in government application in the group to which the target government application belongs;
the log-out forwarding module is used for forwarding the log-out request to each logged-in government application so as to remove the configured application authentication identifier of each logged-in government application on a log-out party;
and the grouping clearing module is used for clearing the grouping authentication identifier configured on the logout party of the grouping to which the target government application belongs after the logout of each logged-in government application is completed.
Further, the single sign-on device based on government affair application may further include:
and the login state caching module is used for caching the group to which the target government application belongs and the login state of the target government application so as to judge whether the group authentication identifier is matched with the group to which the target government application belongs.
Correspondingly, the single sign-on device based on government affair application may further include:
And the login state clearing module is used for clearing the group to which the target government affair application belongs and the login state of the target government affair application.
Further, when the login request of the target government application is that the application authentication identifier carried in the access request initiated by the target government application in the login direction is empty, the target government application initiates a redirection request to the central authentication server; the logout request of the target government application is a redirection request initiated by the target government application to the center authentication server according to a logout instruction initiated by the logout party.
The single sign-on device based on the government affair application provided by the embodiment can be applied to the single sign-on method based on the government affair application provided by any embodiment, and has corresponding functions and beneficial effects.
Example six
Fig. 7 is a schematic structural diagram of a computer device according to a sixth embodiment of the present invention. As shown in fig. 7, the computer apparatus includes a processor 70, a storage device 71, and a communication device 72; the number of processors 70 in the computer device may be one or more, one processor 70 being taken as an example in fig. 7; the processor 70, the storage 71 and the communication means 72 of the computer device may be connected by a bus or other means, in fig. 7 by way of example.
The storage device 71 is used as a computer readable storage medium for storing software programs, computer executable programs, and modules, such as modules corresponding to the single sign-on method based on government applications in the embodiment of the present invention (for example, the login request parsing module 610, the first login module 620, and the second login module 630 in the single sign-on device based on government applications). The processor 70 executes various functional applications of the computer device and data processing by running software programs, instructions and modules stored in the storage device 71, i.e., implements the above-described single sign-on method based on government applications.
The storage device 71 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, at least one application program required for functions; the storage data area may store data created according to the use of the terminal, etc. In addition, the storage 71 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid-state storage device. In some examples, storage 71 may further include memory remotely located with respect to multifunction controller 70, which may be connected to a computer device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The communication means 72 may be used to enable a network connection or a mobile data connection between devices.
The computer equipment provided by the embodiment can be used for executing the single sign-on method based on the government affair application provided by any embodiment, and has corresponding functions and beneficial effects.
Example seven
The seventh embodiment of the present invention further provides a computer readable storage medium, on which a computer program is stored, where the program when executed by a processor can implement the single sign-on method based on government affair application in any of the above embodiments. The method specifically comprises the following steps:
acquiring a grouping authentication identifier carried in a login request of a target government application;
if the grouping authentication identification is null, or if the grouping authentication identification is non-null and the grouping authentication identification is not matched with the grouping to which the target government application belongs, configuring the grouping authentication identification of the grouping to which the target government application belongs and the application authentication identification of the target government application on the login party according to login information input by the login party so as to realize single sign-on of the target government application;
and if the group authentication identifier is not null and the group authentication identifier is matched with the group to which the target government application belongs, configuring the application authentication identifier of the target government application at the login party so as to realize single sign-on of the target government application.
Of course, the storage medium containing the computer executable instructions provided in the embodiments of the present invention is not limited to the method operations described above, and may also perform the related operations in the single sign-on method based on government affairs application provided in any embodiment of the present invention.
From the above description of embodiments, it will be clear to a person skilled in the art that the present invention may be implemented by means of software and necessary general purpose hardware, but of course also by means of hardware, although in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, etc., and include several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments of the present invention.
It should be noted that, in the embodiment of the single sign-on device based on government application, each unit and module included are only divided according to the functional logic, but not limited to the above division, so long as the corresponding functions can be implemented; in addition, the specific names of the functional units are also only for distinguishing from each other, and are not used to limit the protection scope of the present invention.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, and various modifications and variations may be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (8)

1. A single sign-on method based on government applications is characterized by being applied to a center authentication server for dynamically storing grouping information of each government application, and comprising the following steps:
acquiring a grouping authentication identifier carried in a login request of a target government application;
if the group authentication identifier is null, or if the group authentication identifier is non-null and the group authentication identifier is not matched with the group to which the target government application belongs, acquiring login information input by a login party, if the login information input by the login party passes login verification, configuring the group authentication identifier of the group to which the target government application belongs to the login party, and initiating a corresponding redirection verification request to the target government application so as to configure an application authentication identifier of the target government application to the login party when the target government application passes credential verification in the redirection verification request, thereby realizing single sign-on of the target government application;
If the group authentication identifier is non-null and the group authentication identifier is matched with the group to which the target government application belongs, an application identifier of the target government application is newly added in the group authentication identifier of the group to which the target government application belongs, and a corresponding redirection verification request is initiated to the target government application, so that when the target government application passes the credential verification in the redirection verification request, the application authentication identifier of the target government application is configured to the login party, and single sign-on of the target government application is realized.
2. The method according to claim 1, wherein the method further comprises:
and if the target government application passes the signature verification in the login request, controlling the login party to enter a preset application login page so as to acquire login information input by the login party in the application login page.
3. The method of claim 1, further comprising, after implementing the single sign-on of the target government application:
screening a target group authentication identifier of a group to which the target government application belongs from group authentication identifiers carried in a logout request of the target government application so as to decode a logged-in government application in the group to which the target government application belongs;
Forwarding the log-out request to each logged-in government application so that each logged-in government application can clear the configured application authentication identifier of each logged-in government application on a log-out party;
and after the log-out of each logged-in government affair application is completed, clearing the configured group authentication identifier of the group to which the target government affair application belongs on the log-out party.
4. The method of claim 3, further comprising, after configuring the group authentication identifier of the group to which the target government application belongs and the application authentication identifier of the target government application to the login party:
caching the group to which the target government application belongs and the login state of the target government application to judge whether the group authentication identifier is matched with the group to which the target government application belongs;
accordingly, after forwarding the log-out request to each logged-in government application, the method further includes:
and clearing the group to which the target government affair application belongs and the login state of the target government affair application.
5. The method of claim 3, wherein the login request of the target government application is a redirection request initiated by the target government application to the central authentication server when an application authentication identifier carried in an access request initiated by the target government application in the login direction is empty; the logout request of the target government application is a redirection request initiated by the target government application to the center authentication server according to a logout instruction initiated by the logout party.
6. The utility model provides a single sign-on device based on government affair application which characterized in that is configured in the center authentication server of the packet information that dynamic storage each government affair application belonged to, includes:
the login request analysis module is used for acquiring a grouping authentication identifier carried in a login request of the target government application;
the first login module is used for acquiring login information input by a login party if the group authentication identifier is empty or if the group authentication identifier is non-empty and the group authentication identifier is not matched with a group to which the target government application belongs, configuring the group authentication identifier of the group to which the target government application belongs to the login party if the login information input by the login party passes login verification, and initiating a corresponding redirection verification request to the target government application so as to configure the application authentication identifier of the target government application to the login party when the target government application passes credential verification in the redirection verification request, thereby realizing single point login of the target government application;
and the second login module is used for adding the application identifier of the target government application in the group authentication identifier of the group to which the target government application belongs if the group authentication identifier is non-null and the group authentication identifier is matched with the group to which the target government application belongs, and initiating a corresponding redirection verification request to the target government application so as to configure the application authentication identifier of the target government application to the login party when the target government application passes the credential verification in the redirection verification request, so that single sign-on of the target government application is realized.
7. A computer device, the computer device comprising:
one or more processors;
a storage means for storing one or more programs;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the government application based single sign-on method of any of claims 1-5.
8. A computer readable storage medium having stored thereon a computer program, which when executed by a processor implements a government application based single sign-on method according to any of claims 1-5.
CN202111111218.0A 2021-09-18 2021-09-18 Single sign-on method, device, equipment and storage medium based on government affair application Active CN113852622B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111111218.0A CN113852622B (en) 2021-09-18 2021-09-18 Single sign-on method, device, equipment and storage medium based on government affair application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111111218.0A CN113852622B (en) 2021-09-18 2021-09-18 Single sign-on method, device, equipment and storage medium based on government affair application

Publications (2)

Publication Number Publication Date
CN113852622A CN113852622A (en) 2021-12-28
CN113852622B true CN113852622B (en) 2023-09-19

Family

ID=78979098

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111111218.0A Active CN113852622B (en) 2021-09-18 2021-09-18 Single sign-on method, device, equipment and storage medium based on government affair application

Country Status (1)

Country Link
CN (1) CN113852622B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005267529A (en) * 2004-03-22 2005-09-29 Fujitsu Ltd Login authentication method, login authentication system, authentication program, communication program, and storage medium
CN103414684A (en) * 2013-06-05 2013-11-27 华南理工大学 Single sign-on method and system
CN107888568A (en) * 2017-10-23 2018-04-06 广州星耀悦教育科技有限公司 Unified identity authentication data managing method, electronic equipment, storage medium and system
CN109450890A (en) * 2018-11-02 2019-03-08 北京京东金融科技控股有限公司 The method and apparatus of single-sign-on
CN110032855A (en) * 2019-02-28 2019-07-19 招银云创(深圳)信息技术有限公司 Login method, device, computer equipment and the storage medium of application
CN110866243A (en) * 2019-10-25 2020-03-06 北京达佳互联信息技术有限公司 Login authority verification method, device, server and storage medium
CN112765583A (en) * 2021-01-27 2021-05-07 海尔数字科技(青岛)有限公司 Single sign-on method, device, equipment and medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005267529A (en) * 2004-03-22 2005-09-29 Fujitsu Ltd Login authentication method, login authentication system, authentication program, communication program, and storage medium
CN103414684A (en) * 2013-06-05 2013-11-27 华南理工大学 Single sign-on method and system
CN107888568A (en) * 2017-10-23 2018-04-06 广州星耀悦教育科技有限公司 Unified identity authentication data managing method, electronic equipment, storage medium and system
CN109450890A (en) * 2018-11-02 2019-03-08 北京京东金融科技控股有限公司 The method and apparatus of single-sign-on
CN110032855A (en) * 2019-02-28 2019-07-19 招银云创(深圳)信息技术有限公司 Login method, device, computer equipment and the storage medium of application
CN110866243A (en) * 2019-10-25 2020-03-06 北京达佳互联信息技术有限公司 Login authority verification method, device, server and storage medium
CN112765583A (en) * 2021-01-27 2021-05-07 海尔数字科技(青岛)有限公司 Single sign-on method, device, equipment and medium

Also Published As

Publication number Publication date
CN113852622A (en) 2021-12-28

Similar Documents

Publication Publication Date Title
US10673861B2 (en) Identity proxy to provide access control and single sign on
US10419418B2 (en) Device fingerprint based authentication
US20200099677A1 (en) Security object creation, validation, and assertion for single sign on authentication
US11201778B2 (en) Authorization processing method, device, and system
US8782757B2 (en) Session sharing in secure web service conversations
US9098678B2 (en) Streaming video authentication
EP2898441B1 (en) Mobile multifactor single-sign-on authentication
US10530763B2 (en) Late binding authentication
US10601813B2 (en) Cloud-based multi-factor authentication for network resource access control
US9787678B2 (en) Multifactor authentication for mail server access
CN113852622B (en) Single sign-on method, device, equipment and storage medium based on government affair application
CN114500074B (en) Single-point system security access method and device and related equipment
CN114357397A (en) Method and system for logging in system by user

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant