CN113922982A - Login method, electronic device and computer-readable storage medium - Google Patents
Login method, electronic device and computer-readable storage medium Download PDFInfo
- Publication number
- CN113922982A CN113922982A CN202111012706.6A CN202111012706A CN113922982A CN 113922982 A CN113922982 A CN 113922982A CN 202111012706 A CN202111012706 A CN 202111012706A CN 113922982 A CN113922982 A CN 113922982A
- Authority
- CN
- China
- Prior art keywords
- login
- user
- vpn
- server
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 89
- 230000004044 response Effects 0.000 claims description 81
- 238000012795 verification Methods 0.000 claims description 35
- 238000004590 computer program Methods 0.000 claims description 17
- 230000003044 adaptive effect Effects 0.000 claims description 15
- 230000006978 adaptation Effects 0.000 claims description 6
- 230000003213 activating effect Effects 0.000 claims description 2
- 230000008569 process Effects 0.000 abstract description 22
- 230000003993 interaction Effects 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 10
- 238000013515 script Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000009191 jumping Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
The application discloses a login method, electronic equipment and a computer readable storage medium, and the interaction among a login management server, a business server and a VPN server enables a user to simultaneously login the VPN server and the business server by inputting an account password of the business server once, so that the login process is simplified, the error rate is reduced, and the user experience is improved.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a login method, an electronic device, and a computer-readable storage medium.
Background
With the rapid development of internet technology, enterprises establish an enterprise internal network, and various business systems are deployed by using the enterprise internal network to improve office efficiency. Common business systems include mail systems, office automation systems (OA), and the like.
In general, when a user works in a company, if the user wants to access a certain service system, the user inputs an account number and a password of the service system for verification, and service access can be performed only after the verification is passed. However, sometimes the user goes on business and needs to work at home. In order to facilitate public Network users to access each system in the internal Network of an enterprise and simultaneously ensure access safety, Virtual Private Networks (VPNs) have come into play, and most enterprises can choose to purchase VPN services of Network service providers to realize the access of the public Network users to the internal Network services in consideration of factors such as operation cost, service specialties and the like.
In the application scenario, in order to identify the validity of the user, the network service provider verifies the identity of the user, and the service system in the intranet also needs to verify the validity of the identity of the user. Therefore, if an enterprise user accesses each service system in the intranet through the public network, the enterprise user can access the intranet smoothly only by inputting login information twice, the process is complicated, errors are easy to occur, and the user experience is poor.
Disclosure of Invention
By providing the login method, the electronic device and the computer-readable storage medium, a user can simultaneously login the VPN service and the service server only by inputting the account number and the password of the service server once, the login process is simplified, the error rate is reduced, and the user experience is improved.
In a first aspect, an embodiment of the present application provides a login method, which is applied to a login management server deployed in a public network, and the method includes: after determining that a user is a legal user of a service server, acquiring an identity of the user through the service server, and communicating between the login management server and the service server based on a VPN network; determining whether the user is a legal user of the VPN service based on the identity of the user to generate a login response, wherein the login response is used for indicating whether the user successfully logs in the business server and the VPN service through a browser of the terminal equipment; and sending the login response to the terminal equipment.
In one implementation, the obtaining, by the service server, the identity of the user after determining that the user is a valid user of the service server includes: receiving a login page request sent by the user through the browser, wherein the login page request is used for requesting to login the business server and the VPN service; sending a redirection response to the terminal equipment, so that the browser sends the login page request to the service server according to the redirection response, and submits login information based on the login page fed back by the service server, so that the service server can confirm whether the user is legal or not; receiving an adaptive page request carrying login success parameters from the browser; and sending a data stream for displaying an adaptive page to the browser so that the browser displays the adaptive page, and requesting the identity of the user from the service server according to the login success parameter.
In one implementation, the determining whether the user is a legitimate user of VPN services to generate a login response based on the identity of the user includes: verifying the identity of the user based on locally stored legal user information, and generating the login response based on a verification result; or sending a trust request to a Virtual Private Network (VPN) server deployed in a public network, wherein the trust request carries the identity of the user, and the VPN server is used for providing the VPN service; and receiving a trust response from the VPN server, and generating the login response according to the trust response.
In one implementation, the sending the login response to the terminal device includes: and when the trust response carries a token aiming at the user, sending a login response carrying the token and used for displaying a login success page to the browser, wherein the token is used for indicating that the user is a legal user of the VPN service.
In a second aspect, an embodiment of the present application provides a login method, which is applied to a virtual private network VPN server deployed in a public network, where the method includes: receiving a trust request from a login management server deployed in a public network, wherein the trust request carries an identity of a user, and the trust request is sent by the login management server after the login management server determines that the user is a legal user of a service server; carrying out validity verification on the user based on the identity identification to obtain a validity verification result, wherein the validity verification result is used for indicating whether the user is a valid user of the VPN service; and sending a trust response carrying the validity verification result to the login management server.
In one implementation, the method further comprises: and when the validity verification result indicates that the user is a valid user of the VPN service, generating a token aiming at the user, and carrying the token in the trust response.
In an implementation, after sending the trust response carrying the validity verification result to the login management server, the method further includes: receiving an authentication request sent by the terminal equipment through VPN client application, wherein the authentication request carries the token; verifying whether the token is legal or not to obtain a feedback result, wherein the feedback result is used for indicating whether the user successfully logs in the service server and the VPN service through the VPN client application or not; and sending the feedback result to the application program VPN client application of the terminal equipment.
In one implementation, the verifying whether the token is legal to obtain the feedback result includes: verifying whether the token is generated by the VPN server side and whether the state of the token is normal; if the token is generated by the VPN server and the state is normal, generating a feedback result for indicating that the token is legal; otherwise, a feedback result indicating that the token is not legitimate is generated.
In one implementation, after sending the feedback result to the VPN client application, the method further includes: if the feedback result indicates that the VPN client application successfully logs in the service server and the VPN service, a VPN tunnel is established with the VPN client application so as to receive a service request sent by the user through the VPN client application through the VPN tunnel.
In a third aspect, an embodiment of the present application provides a login method, which is applied to a service server deployed in an intranet, and the method includes: receiving a login page request sent by a user through a browser on terminal equipment, wherein the login page request is generated and sent by the browser based on a redirection response sent by a login management server; sending a data stream for displaying a login page to the terminal equipment; receiving login information submitted by the terminal equipment based on the login page; carrying out validity verification on the user according to the login information; if the user is a legal user of the service server, sending a redirection response carrying login success parameters to the terminal equipment, wherein the redirection response is used for indicating a browser of the terminal equipment to send an adaptive page request carrying the login success parameters to the login management server.
In a fourth aspect, an embodiment of the present application provides a login method, which is applied to a terminal device, and the method includes: acquiring a data stream for displaying a login page through a browser and displaying the login page, wherein the login page is used for logging in a business server and VPN service; sending login information to the service server based on the login page; receiving a redirection response carrying a login success parameter from the service server; sending an adaptive page request carrying the login success parameter to the login management server through the browser; receiving a data stream for displaying an adaptation page from the login management server and displaying the adaptation page; and receiving a login response from the login management server, wherein the login response is used for indicating whether the user successfully logs in the business server and the VPN service through a browser.
In a fifth aspect, an embodiment of the present application provides an electronic device, including: a processor, a memory and a computer program stored on the memory and executable on the processor, the processor when executing the computer program causing the electronic device to implement the method as described above in the first aspect or in various possible implementations of the first aspect; or, the processor, when executing the computer program, causes the electronic device to implement the method according to the second aspect or various possible implementations of the second aspect; or, the processor, when executing the computer program, causes the electronic device to implement the method according to the third aspect or various possible implementations of the third aspect; alternatively, the processor, when executing the computer program, causes the electronic device to implement the method according to the fourth aspect or various possible implementations of the fourth aspect.
In a sixth aspect, embodiments of the present application provide a computer-readable storage medium, in which computer instructions are stored, and when executed by a processor, the computer instructions are configured to implement the method according to the first aspect or various possible implementations of the first aspect; or, the computer instructions, when executed by a processor, are for implementing a method as set forth in the second aspect above or in various possible implementations of the second aspect; or, the computer instructions, when executed by a processor, are for implementing a method as set forth in the third aspect or various possible implementations of the third aspect; alternatively, the computer instructions, when executed by a processor, are adapted to implement a method as described in the fourth aspect or various possible implementations of the fourth aspect.
In a seventh aspect, embodiments of the present application provide a computer program product comprising a computer program, which when executed by a processor, implements the method according to the first aspect or various possible implementations of the first aspect; or the computer program, when executed by a processor, implements the method as described above in the second aspect or in various possible implementations of the second aspect; or, the computer program, when executed by a processor, implements a method as described in the third aspect or various possible implementations of the third aspect; alternatively, the computer program, when executed by a processor, implements the method as described above in the fourth aspect or in various possible implementations of the fourth aspect.
According to the login method, the electronic device and the computer readable storage medium provided by the embodiment of the application, after the login management server determines that the user is a legal user of the service server, the identity of the user is obtained through the service server, and the trust request carrying the identity is sent to the VPN server deployed in the public network. And the VPN server side carries out validity verification on the user according to the identity and sends a trust response carrying a validity verification result to the login management server. And the login management server sends a login response to the terminal equipment of the user according to the trust response, wherein the login response is used for indicating whether the user successfully logs in the service server and the VPN service through the browser. By adopting the scheme, the user can simultaneously log in the VPN service and the service server only by inputting the account number and the password of the service server once through the interaction among the login management server, the service server and the VPN service terminal, so that the login process is simplified, the error rate is reduced, and the user experience is improved. Moreover, the login information is independently managed by the service server, and the service server does not need to synchronize the user login information to the VPN server side, so that the safety of the internal data of the client is guaranteed.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic diagram of an implementation environment of a login method provided in an embodiment of the present application;
fig. 2 is a flowchart of a login method provided in an embodiment of the present application;
fig. 3 is a schematic diagram of an interface change process of a terminal device in a login method provided in an embodiment of the present application;
FIG. 4 is a schematic diagram illustrating an authentication process of a token in a login method according to an embodiment of the present application;
FIG. 5 is a process diagram of a login method provided by an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
In the prior art, especially in an application scenario where an enterprise customer purchases a VPN service of a network service provider, in order to ensure data security, a VPN system and a business system each separately manage their own account system, so that before a user logs in the VPN service through a VPN client, the VPN system performs identity authentication on the user by using its own function module for user identity authentication. After the identity authentication is passed, the user can use the VPN service. The VPN client application comprises an Android (Android) client application, an IOS client application, a window PC client application and the like.
After a user in a public network logs in a VPN system, when the user accesses a service system in an intranet through VPN service, the service system also needs to verify the validity of the user identity.
In the process of logging in the service system, the login information is input for the first time for the identity authentication of the VPN system, and the login information is input for the second time for the identity authentication of the service system. Taking the example that a user accesses a business system in a company intranet in a public network, in the access process, firstly, authentication information such as an account number, a password and the like of a VPN service is input to log in a VPN service terminal. After the VPN service is successfully logged in, the homepages of some business systems of the company are entered, and the business systems to be accessed are selected on the homepages for logging in. For example, accessing the OA system may require the user to enter authentication information for the OA system by jumping out of the login page.
Obviously, the login mode has the disadvantages of complicated process, easy error, poor user experience and inconvenience for the user to manage login information.
Based on this, the embodiments of the present application provide a login method, an electronic device, and a computer-readable storage medium, where a login management server receives and processes a user login request, so that a user can simultaneously login a VPN service and a service server by inputting login information of the service server once, thereby simplifying a login process, reducing an error rate, and improving user experience.
Fig. 1 is a schematic diagram of an implementation environment of a login method according to an embodiment of the present application. Referring to fig. 1, the present embodiment includes: a login management server 11 deployed in a public Network, a Virtual Private Network (VPN) service end 12 deployed in the public Network, a service server 13 deployed in an intranet (such as a customer local area Network), and a user terminal device 14. The login management server 11 and the VPN server 12 are connected to each other via a network, and the login management server 11 and the service server 13 communicate with each other via a VPN network. At least one VPN server 12 is provided, and the VPN server 12 and the service server 13 are connected via a network.
In some embodiments, communication is performed between the login management server 11 and the service server 13, between the login management server 11 and the VPN server 12, and between the VPN server 12 and the service server 13 based on a VPN network, so as to ensure security of data transmission. In some implementations, the VPN Network may be constructed based on Software Defined Wide Area Network (SD-WAN) technology, and the VPN server 12 is deployed on a point-of-presence (POP) node server in the SD-WAN Network.
Referring to fig. 1, the login management server 11 is a service application deployed in a public network by a network service provider and used for receiving and processing a user login request. The VPN service end 12 is a service application deployed in a public network by a network service provider for providing VPN services. In a practical application scenario, the number of VPN servers 12 may be many. The VPN service may include forwarding intranet requests of users to the requested intranet servers through a VPN tunnel.
In an application scenario, the service server 13 is, for example, a server of a Single Sign-On (SSO) system, that is, the VPN client has implemented a Single Sign-On function for its service based On the SSO service. When the service server 13 is a server of the SSO system, the user can successfully log in the servers of the VPN service and the SSO system at the same time by inputting the account number and the password of the SSO system once, and then can directly access the service system that has accessed the SSO system, such as an Office Automation (OA) system, a mail system, an attendance system, a performance system, and the like, based on the login success state of the SSO system.
In another application scenario, the business server 13 may be a server of an OA system, a server of a mail system, or the like. Taking the OA system as an example, once the user inputs the account password of the OA system, the user can log in the VPN service and the server of the OA system at the same time, and thus can access the OA system.
In addition, if one VPN client purchases VPN services from a plurality of business systems in the intranet and an SSO system is not yet introduced, the user can log in the VPN services and the business servers at the same time by inputting the account and the password of the business system once for each business system. After the login management server 11 determines that the user is a valid user of the service system, when further verifying whether the user is a valid user of the VPN service, the login management server obtains the identity of the user from the service server 13, and can verify whether the user is a valid user of the VPN service based on the identity of the user. After the authentication is legitimate, the login management server 11 provides the VPN server 12 with information of the service server that the user has logged in, so that the VPN server determines whether to provide the VPN service for the user request based on the received service server information.
The terminal device 14 is, for example, an electronic device such as a mobile phone, a tablet computer, and a personal computer, which is installed with an android operating system, a microsoft operating system, a saiban operating system, a Linux operating system, or an apple iOS operating system. The terminal device 14 has a browser and a VPN client application installed thereon, such as an Android (Android) client application, an IOS client application, or a window PC client application.
Fig. 2 is a flowchart of a login method provided in an embodiment of the present application. The embodiment is described from the perspective of interaction between the login management server, the VPN server, the service server, and the terminal device. The embodiment comprises the following steps:
201. and the login management server determines that the user is a legal user of the service server.
202. And the login management server acquires the identity of the user through a service server, and the login management server and the service server communicate based on a VPN network.
It is worth to be noted that the login method provided in the embodiment of the present application is applicable to a scenario in which a user logs in through a VPN client application, and specifically, refer to fig. 3; the method is also applicable to the scene that the user logs in directly based on the browser, namely, the user can directly access the login page through the browser.
Fig. 3 is a schematic diagram of an interface change process of a terminal device in a login method provided in an embodiment of the present application. Referring to fig. 3, after the user clicks the VPN client application on the desktop of the electronic device, the VPN client application is opened. The user interface of the VPN client application displays two buttons of joint login and common login, the common login mode is a login mode of inputting login information at least twice, and the joint login mode is a login mode provided by the embodiment of the application.
And clicking the joint login button by the user so as to select the login mode provided by the embodiment of the application. Thereafter, the VPN client application automatically invokes the browser. The terminal device requests a login page from the login management server through the browser. The login management server redirects the browser to the service server based on replying 302 to the browser for jumping and the like, so that the browser acquires a data stream for displaying a login page from the service server and displays the login page.
It can be understood that, in a scenario where a user logs in directly through a browser, an access address of a login management server may be directly input in the browser, and the login management server redirects the browser to a service server by replying 302 a response to the user browser after receiving an access request.
It should be noted that, since the service server is deployed in the intranet and the user browser needs to request the service server for the login page, the service server needs to provide the public network IP. Furthermore, when the login management server sends the redirection request to the browser, the login management server can carry a dynamically generated verification parameter for verification and identification of the service server, and if the verification is passed, the request is responded, otherwise, the request is discarded.
After the browser displays the login page, the user inputs login information in the login page through modes of voice, touch and the like and sends the login information to the service server. The login information includes a login account, a password, and the like, and may further include an authentication code, an enterprise identifier, and the like. The login account and the password are independently maintained by the service server, generally, the login account and the password are generated by registering a user when the user logs in the service server for the first time, and for enterprise users, the login account can be well allocated by an enterprise for employees.
The service server can collect and store the login information (except the verification code) of the legal user and the related information such as the identity mark and the like in the user registration process, and the related information of the user can also be uniformly managed by an enterprise and is issued to the service server. The identity identifier is information used by the enterprise to identify the user identity, such as a mobile phone number, an identification card number, a job number, and the like of the user, and the specific form can be set according to the actual situation of the enterprise client, and the invention is not limited once.
When a user requests to log in the business server and the VPN service through the browser, the login management server redirects the browser to the business server, and the business server provides a login page for the user browser. And then, the user inputs login information such as an account password and the like on a login page and submits the login information, the service server verifies whether the user is a legal user according to the login information submitted by the user and feeds the legal user back to the terminal equipment, and meanwhile, the browser is redirected to the login management server. And then, the browser reports whether the user is a legal user of the service server to the login management server.
Specifically, in the process that the service server determines whether the user is a valid user of the service server, the stored valid user information is compared with login information submitted by the user during login, and if the login information submitted by the user exists in the stored information, the user is determined to be a valid user of the service server. In addition, the service server can also verify the verification code submitted by the user so as to further ensure the validity of the operator.
If the user is a legal user of the service server, the service server redirects the browser to the login management server by replying 302 response and the like to the browser, and the login success parameter is carried in the 302 response message. And the browser sends an adaptive page request carrying login success parameters to the login management server based on the 302 response message. The login management server obtains the user identity from the service server according to the login success parameter, in one implementation, the login success parameter comprises service server information and a user login identity, wherein the service server information is used for indicating the address of the service server for legality verification of the user, such as an intranet IP, the user login identity is the unique identity generated by the service server according to the login record, the login management server can parse the login success parameter after receiving the login success parameter to obtain the service server information and the user login identity, and requests the service server pointed by the service server information for the identity of the user corresponding to the user login identity based on the VPN network, and when receiving the request from the login management server, the service server can determine the identity of the user based on the user login identity, and the data interaction between the login management server and the business server is transmitted based on the VPN network, so that the data transmission safety can be ensured, the information leakage is prevented, and the user information safety of enterprise customers can be ensured.
If the user is not a legal user of the service server, the service server triggers the browser to pop up prompt information to prompt that the user fails to log in, cannot log in a combined login mode and the like.
It should be noted that, although fig. 3 is described above, two buttons of joint login and normal login are simultaneously displayed on the user interface of the VPN client application. However, the embodiment of the present application is not limited, and in other possible implementations, only the joint login button is displayed on the user interface of the VPN client application, that is, the VPN client application only provides the login method described in the embodiment of the present application. At this time, after the user clicks the VPN client application on the desktop of the electronic device and requests login, the VPN client application invokes the browser to request a login page from the login management server. The user does not need to select a joint login mode.
203. And determining whether the user is a legal user of the VPN service based on the identity of the user to generate a login response, wherein the login response is used for indicating whether the user successfully logs in the service server and the VPN service through a browser of the terminal equipment.
Illustratively, after the login management server determines that the user is a legal user of the service server, the user interacts with the service server to obtain the identity of the user. And then, the login management server determines whether the user is a legal user of the VPN service based on the identity of the user, or the login management server sends the identity of the user to a VPN service end for providing the VPN service for the user, and the VPN service end determines whether the user is the legal user of the VPN service.
204. And the login management server sends the login response to the terminal equipment of the user.
Illustratively, if the user is a valid user of the VPN service, the login response is a data stream for generating a login success page, and the login response is used to indicate that the user successfully logs in the service server and the VPN service through the browser. If the user is not a legal user of the VPN service, the login response is a data stream used for generating a login failure page, and the login response is used for indicating that the user fails to successfully log in the service server and the VPN service through the browser.
If the login is successful, the user can access the service server through the VPN service.
According to the login method provided by the embodiment of the application, after the login management server determines that the user is a legal user of the service server, the identity of the user is obtained through the service server, and whether the user is the legal user of the VPN service is determined based on the identity of the user, so that a login response is generated and sent to the terminal equipment. The login response is used to indicate whether the user successfully logs in to the business server and the VPN service through the browser.
By adopting the scheme, the interaction among the login management server, the service server and the VPN server is realized, so that a user can simultaneously login the VPN service and the service server only by inputting the login information of the service server once, the login process is simplified, the error rate is reduced, and the user experience is improved. Moreover, the login information is independently managed by the service server, and the service server does not need to synchronize the user login information to the VPN server side, so that the safety of the internal data of the client is guaranteed. The login management server or the VPN server can directly verify the user validity based on the user identity, a set of user login account does not need to be maintained independently, and processing pressure is relieved.
Optionally, in step 203 in fig. 2, the login management server verifies the identity of the user according to the information of the valid user, and generates the login response based on the verification result.
In particular, the legitimate user information may be pre-provided by the enterprise customer purchasing the VPN service to the VPN service provider (i.e., the network service provider), which the VPN service provider may store on its own server, such as a login management server, a VPN server, or other server or cluster for managing legitimate user information. The legal user information may include user identification and access authority, where the access authority refers to authority of the user to access the VPN service, and it may be understood that, when the legal user information changes, the enterprise customer may provide the changed information to the VPN service provider to update the stored information.
Based on this, when the legal user information is stored in the login management server, the login management server can verify the user identity obtained from the service server based on the locally stored user legal information, so as to determine whether the user corresponding to the user identity has the right to access the VPN service.
In another implementation, the login management server may also request to verify whether the user has the right to access the VPN service by sending the user identity to other servers holding information about legitimate users.
In one example, the login management server determines that the user is a legal user of the service server, and after obtaining the identity of the user through the service server, the identity is carried in the trust request and is sent to the VPN server. After receiving the trust request, the VPN server compares the identity in the trust request with the locally stored legal user information, and if the identity exists in the legal user information, the user is determined to be a legal user of the VPN service; and if the stored legal user information does not have the identity, determining that the user is not the legal user of the VPN service.
It should be noted that, in order to ensure the security of data transmission, the trust request sent by the login management server needs to be transmitted based on a VPN network, and the VPN network is deployed between the VPN server and the login management server. Moreover, the login management server can encrypt the user identity carried in the trust request based on an encryption mode negotiated with the VPN server in advance so as to further prevent the leakage of user information. Correspondingly, when receiving the encrypted user identity, the VPN server side needs to decrypt the encrypted user identity first.
Optionally, in the above embodiment, the login response is used to indicate whether the user successfully logs in the service server and the VPN service through the browser, and since the browser and the VPN client application are two different programs, in order to improve security, in a scenario where the user logs in through the VPN client application, login verification at the VPN client application side needs to be further completed. For this reason, the login management server or the VPN server may generate a token for the authentication process shown in fig. 4 after determining that the user is a valid user of the VPN service.
For example, please refer to fig. 4, fig. 4 is a schematic diagram illustrating an authentication process of a token in a login method according to an embodiment of the present application. The embodiment comprises the following steps:
401. the VPN server receives a trust request from the login management server. Wherein, the trust request carries the identity of the user.
402. And the VPN server performs validity verification on the user based on the identity to obtain a validity verification result. The validity verification result is used for indicating whether the user is a valid user of the VPN service.
403. The VPN server generates a token for the user.
Illustratively, after discovering that a user is a valid user of the VPN service, the VPN server generates a token (token) for the user, and the token is used for verifying the validity of the VPN client application.
404. And the VPN server side sends a trust response carrying the token to the login management server.
405. And the login management server sends a login response carrying the token to the terminal equipment.
Illustratively, the login management server sends the token to the browser of the terminal device in a login response.
406. And displaying a login success page by a browser of the terminal equipment.
407. And the browser of the terminal equipment activates the VPN client application by utilizing the login success page and sends the token to the VPN client application.
In the embodiment of the application, the browser activates the VPN client application in modes of running scripts and the like in the login success page. For example, the terminal device displays a login success page through a browser, and automatically runs a script in the login success page to activate the VPN client after displaying a preset time period, where the preset time period is, for example, 3 seconds, 4 seconds, and the like, and the embodiment of the present application is not limited.
For another example, the terminal device displays a login success page through the browser, and the user clicks a close button on the login success page to trigger the script to run, so as to activate the VPN client.
408. And the VPN client application sends an authentication request carrying the token to a VPN server providing the VPN service.
For example, the address information of the VPN server providing the VPN service may be pre-configured in the VPN client application, and after the VPN client application is activated by the browser, the VPN client application will automatically send an authentication request to the VPN service based on the received token. In another example, the address of the VPN server may be selected by the login management server based on proximity rules or load balancing policies and issued to the user.
409. And the VPN server side verifies the authentication request to obtain a feedback result.
Illustratively, the VPN server verifies the token carried by the authentication request itself.
For example, the VPN server generates a token and stores the token. When the VPN server receives an authentication request sent to the VPN server by the VPN client application, the VPN server verifies the token carried by the authentication request based on the stored token to obtain a feedback result. Wherein the feedback result is used for indicating whether the user successfully logs in the business server and the VPN service through the VPN client application.
In the embodiment shown in fig. 4, the VPN server verifies the validity of the user, and in the embodiment where the login management server directly verifies the validity of the user, the operation of generating the token may also be completed by the login management server, and after the login management server generates the token, on one hand, the token is transmitted to the VPN client application of the user in the same manner as described above, and on the other hand, the token is transmitted to the VPN server, so that the VPN server verifies the token when receiving a token verification request due to the VPN client.
In addition, the authentication request is likely not to carry a token, and at this time, the VPN server directly determines that the application of the VPN client is illegal, that is, the user cannot successfully log in the service server and the VPN service through the VPN application.
By adopting the scheme, the token carried by the authentication request is verified through the VPN server, so that the validity of the VPN client application can be ensured, and the login process of the user through the VPN client application is completed.
Optionally, in the above embodiment, after the login management server or the VPN server generates the token, the state of the token may be set based on the validity period or other information, and the token may be stored. For example, if the token is expired, the token is set to be in an invalid state, and if the VPN server receives a notification that the user is invalid, the user is set to be in the invalid state; if the VPN service purchased by the company of the user has expired, the token is set to be in an invalid state. The token generated and stored by the VPN server is referred to as a first token hereinafter.
And then, the VPN client application sends an authentication request carrying the token to the VPN server, and the VPN server verifies the token carried by the authentication request according to the previously generated and stored token. Hereinafter, the token generated and stored before is referred to as a first token, and the token carried in the authentication request is referred to as a second token. If the VPN server determines a token identical to the second token from the stored multiple first tokens, the VPN server determines that the second token is a token generated by the VPN server, and further judges whether the state of the second token is normal. And if the second token is in a normal state, the VPN server side generates a feedback result for indicating that the second token is legal. If the second token is not generated by the VPN service terminal or the state is abnormal, if the second token is invalid, the VPN service terminal generates a feedback result for indicating that the second token is illegal.
By adopting the scheme, the purpose of accurately verifying the validity of the token in real time can be realized by further verifying whether the state of the token is normal.
410. And the VPN server side sends the feedback result to the VPN client side application of the terminal equipment.
The VPN server side determines whether to provide VPN service for the VPN client side application or not based on the feedback result. Specifically, if the feedback result indicates that the user successfully logs in the service server and the VPN service through the VPN client application, step 411 is executed.
411. And the VPN server side and the VPN client side establish a VPN tunnel.
The VPN server side normally responds to a VPN tunnel establishment request sent by the VPN client side application to establish a VPN tunnel between the VPN client side application and the VPN server side, and the VPN tunnel is used for transmitting a service request which is sent by a user through the VPN client side application and aims at a service server; or, the VPN tunnel is to be used for transmitting a service request that the user sends to another service server accessing the service server through the VPN client application, and after receiving the service request from the VPN tunnel, the VPN server may send the service request to the service server based on the VPN network.
It can be understood that, in a scenario where the service server is an SSO system server, the service request sent by the user for the service server includes service requests sent by the user for all services accessing the SSO system server.
And if the feedback result indicates that the user does not successfully log in the service server and the VPN service through the VPN client application, the VPN server refuses to establish a VPN tunnel with the VPN client application, so that the intranet access request of the user is refused to be received. And simultaneously, popping up prompt information by the VPN client application of the terminal equipment to prompt that the user fails to log in, and refusing to establish a VPN tunnel with the VPN client application.
In the embodiment, after the user successfully logs in the service server and the VPN service through the browser, the VPN client application is called, and the validity of the VPN client application is confirmed based on the token, so that whether the user successfully logs in the service server and the VPN service through the VPN client application is determined.
The complete process of implementing a login based on a VPN client application will be illustrated in connection with fig. 5.
Fig. 5 is a process schematic diagram of a login method provided in an embodiment of the present application. Referring to fig. 5, the present embodiment includes:
501. and the terminal equipment identifies the clicking operation of the user on the VPN client application and determines that the user selects the combined login mode.
Illustratively, a user opens a VPN client application on a desktop of a terminal device, and clicks on a user interface of the VPN client application to select a federated login manner. Refer specifically to the description of fig. 3, which is not repeated here.
502. And the terminal equipment pops up the browser.
Illustratively, the VPN client application automatically invokes the browser, designating it to access a login management server deployed in the public network, in response to a user-selected federated login mode operation.
503. The browser sends a login page request to a login management server, wherein the login page request is used for requesting to login a business server and VPN service.
504. The browser receives a redirection response from the login management server.
Illustratively, the login management server sends a redirection response to the browser based on replying to the browser with an http 302 jump or the like, so as to provide the browser with an access address of the service server to redirect the browser to the service server.
505. And the browser sends the login page request to the service server according to the redirection response. Illustratively, the browser sends a login page request to the service server based on the received 302 jump, i.e., the redirect response described above.
506. And the browser receives the data stream from the service server and is used for displaying the login page and displaying the login page.
Illustratively, the business server feeds back the data stream to the browser after receiving the login page request. And rendering and displaying the login page after the browser receives the data stream.
507. The browser acquires login information input by a user on a login page.
Illustratively, the user enters login information such as an account number, a password, an enterprise identifier, an authentication code, and the like into a login page.
508. The browser submits the login information to the service server.
509. And the service server performs validity verification on the user according to the login information.
For example, if the user is a valid user of the service server, step 510 is executed; if the user is not a legal user of the service server, the service server triggers the browser to display prompt information to prompt that the user fails to log in.
510. And the service server sends a redirection response carrying the login success parameter to the browser.
Illustratively, if the user is a valid user of the service server, the service server sends 302 a jump to the browser, that is, a redirection response carrying a login success parameter, so as to redirect the browser to the login management server.
511. And the browser sends an adaptive page request carrying the login success parameter to the login management server.
And after receiving the 302 jump in the step 510, the browser sends an adaptive page request to the login management server along with the received login success parameter. The login success parameter comprises a user login identifier generated by the service server according to the user login, and is used for uniquely identifying the user login record.
512. And the browser receives the data stream for displaying the adaptive page from the login management server and displays the adaptive page.
Illustratively, the browser displays "authentication" and the like.
513. And the login management server acquires the identity of the user from the service server.
Illustratively, the login management server obtains the identity of the user from the service server according to the login success parameter, where the identity includes a user name and the like.
514. And logging in the management server and the VPN server side to perform mutual trust authentication aiming at the legal user of the service server.
For example, after obtaining the identity of the user from the service server, the login management server considers that the user is a valid user of the service server, but cannot determine whether the user is a valid user of the VPN service. Therefore, for the legal user of the service server, the login management server further performs mutual trust authentication with the VPN service terminal to determine whether the user is the legal user of the VPN service.
And the VPN server side carries out validity verification on the user according to the identity of the user. If the user has the VPN right, that is, the user is a valid user of the VPN service, the VPN server executes step 515 to generate a token. If the user does not have the VPN authority, the VPN server side sends prompt information to the login management server, and the login management server sends the prompt information to the terminal equipment and displays the prompt information by the terminal equipment, so that the user is prompted to fail in login.
515. And the VPN server generates a token aiming at the user and sends a trust response carrying the token to the login management server, wherein the token is used for carrying out validity verification on the VPN client application of the terminal equipment.
Illustratively, the VPN server generates a token for the user login, and the token is carried in the trust response and transmitted to the login management server.
The VPN server generates a token based on the user's identity, etc., where the token is, for example, a character string generated from the user's identity. Furthermore, the VPN service end sets a valid duration for each token, and the token is valid only in the valid duration, so that the security problem caused by the loss of the token is avoided.
516. And the login management server sends a login response carrying the token to the browser.
517. The browser activates the VPN client application based on the login success page.
And after the browser displays the login success page, activating a VPN client application by running a script in the page, wherein the script in the login success page invokes the VPN client application and carries a token by a browser built-in method, so that the token is transmitted to the VPN client application. The browser built-in method is as follows: appName:// truthLoginToken ═ 123456.
518. And the VPN client application sends an authentication request carrying the token to a VPN server side providing VPN service.
Illustratively, after the VPN client application is activated, a token transmitted by the browser is received, and the token is automatically carried in the authentication request and sent to the VPN server.
After receiving the authentication request, the VPN server verifies the validity of the token to obtain a feedback result so as to determine whether the VPN client application is legal.
519. And the VPN server side sends the feedback result to the VPN client side application to complete login. If the feedback result indicates that the VPN client application successfully logs in the service server and the VPN service, the VPN client application can display login success information and display a service access interface for a user to operate; and if the feedback result indicates that the login fails, the VPN client application displays login failure information to the user and refuses the request or operation of the user for the service access interface.
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 6, the electronic device 600 is, for example, one of the login management server, the VPN authentication end, the VPN service end, the service server, or the terminal device, and the electronic device 600 includes:
a processor 601 and a memory 602;
the memory 602 stores computer instructions;
the processor 601 executes the computer instructions stored in the memory 602, so that the processor 601 executes the login method implemented by the login management server, the VPN authentication terminal, the VPN service terminal, the service server or the terminal device.
For a specific implementation process of the processor 601, reference may be made to the above method embodiments, which implement the principle and the technical effect similarly, and details of this embodiment are not described herein again.
Optionally, the electronic device 600 further comprises a communication component 603. The processor 601, the memory 602, and the communication section 603 may be connected by a bus 604.
An embodiment of the present application further provides a computer-readable storage medium, in which computer instructions are stored, and when executed by a processor, the computer instructions are used to implement the login method implemented by the login management server, the VPN authentication end, the VPN service end, the service server, or the terminal device.
An embodiment of the present application further provides a computer program product, where the computer program product includes a computer program, and when executed by a processor, the computer program implements the login method implemented by the login management server, the VPN authentication terminal, the VPN service terminal, the service server, or the terminal device.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It will be understood that the present application is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.
Claims (16)
1. A login method is applied to a login management server deployed in a public network, and comprises the following steps:
after determining that a user is a legal user of a service server, acquiring an identity of the user through the service server, and communicating between the login management server and the service server based on a VPN network;
determining whether the user is a legal user of the VPN service based on the identity of the user to generate a login response, wherein the login response is used for indicating whether the user successfully logs in the business server and the VPN service through a browser of a terminal device;
and sending the login response to the terminal equipment.
2. The method of claim 1, wherein obtaining, by the service server, the identity of the user after determining that the user is a valid user of the service server comprises:
receiving a login page request sent by the user through the browser, wherein the login page request is used for requesting to login the business server and the VPN service;
sending a redirection response to the terminal equipment, so that the browser sends the login page request to the service server according to the redirection response, and submits login information based on the login page fed back by the service server, so that the service server can confirm whether the user is legal or not;
receiving an adaptive page request carrying login success parameters from the browser;
and sending a data stream for displaying an adaptive page to the browser so that the browser displays the adaptive page, and requesting the identity of the user from the service server according to the login success parameter.
3. The method of claim 1, wherein said determining whether said user is a valid user of a VPN service based on an identity of said user to generate a login response comprises:
verifying the identity of the user based on locally stored legal user information, and generating the login response based on a verification result; alternatively, the first and second electrodes may be,
sending a trust request to a Virtual Private Network (VPN) server deployed in a public network, wherein the trust request carries the identity of the user, and the VPN server is used for providing the VPN service; and receiving a trust response from the VPN server, and generating the login response according to the trust response.
4. The method of claim 3, wherein sending the login response to the terminal device comprises:
and when the trust response carries a token aiming at the user, sending a login response carrying the token and used for displaying a login success page to the browser, wherein the token is used for indicating that the user is a legal user of the VPN service.
5. A login method is applied to a Virtual Private Network (VPN) server deployed in a public network, and comprises the following steps:
receiving a trust request from a login management server deployed in a public network, wherein the trust request carries an identity of a user, and the trust request is sent by the login management server after the login management server determines that the user is a legal user of a service server;
carrying out validity verification on the user based on the identity identification to obtain a validity verification result, wherein the validity verification result is used for indicating whether the user is a valid user of the VPN service;
and sending a trust response carrying the validity verification result to the login management server.
6. The method of claim 5, further comprising:
and when the validity verification result indicates that the user is a valid user of the VPN service, generating a token aiming at the user, and carrying the token in the trust response.
7. The method according to claim 6, wherein after sending the trust response carrying the validity verification result to the login management server, further comprising:
receiving an authentication request sent by a terminal device through VPN client application, wherein the authentication request carries the token;
verifying whether the token is legal or not to obtain a feedback result, wherein the feedback result is used for indicating whether the user successfully logs in the service server and the VPN service through the VPN client application or not;
and sending the feedback result to the application program VPN client application of the terminal equipment.
8. The method of claim 7, wherein verifying whether the token is legitimate to obtain the feedback result comprises:
verifying whether the token is generated by the VPN server side and whether the state of the token is normal;
if the token is generated by the VPN server and the state is normal, generating a feedback result for indicating that the token is legal;
otherwise, a feedback result indicating that the token is not legitimate is generated.
9. The method according to claim 7 or 8, wherein after said sending said feedback result to said VPN client application, further comprising:
if the feedback result indicates that the VPN client application successfully logs in the service server and the VPN service, a VPN tunnel is established with the VPN client application so as to receive a service request sent by the user through the VPN client application through the VPN tunnel.
10. A login method is applied to a service server deployed in an intranet, and comprises the following steps:
receiving a login page request sent by a user through a browser on terminal equipment, wherein the login page request is generated and sent by the browser based on a redirection response sent by a login management server;
sending a data stream for displaying a login page to the terminal equipment;
receiving login information submitted by the terminal equipment based on the login page;
carrying out validity verification on the user according to the login information;
if the user is a legal user of the service server, sending a redirection response carrying login success parameters to the terminal equipment, wherein the redirection response is used for indicating a browser of the terminal equipment to send an adaptive page request carrying the login success parameters to the login management server.
11. A login method is applied to a terminal device, and comprises the following steps:
acquiring a data stream for displaying a login page through a browser and displaying the login page, wherein the login page is used for logging in a business server and VPN service;
sending login information to the service server based on the login page;
receiving a redirection response carrying a login success parameter from the service server;
sending an adaptive page request carrying the login success parameter to the login management server through the browser;
receiving a data stream for displaying an adaptation page from the login management server and displaying the adaptation page;
and receiving a login response from the login management server, wherein the login response is used for indicating whether the user successfully logs in the business server and the VPN service through a browser.
12. The method of claim 11, wherein the obtaining a data stream for displaying a landing page through a browser and displaying the landing page comprises:
sending a login page request to a login management server through a browser, wherein the login page request is used for requesting to login a business server and VPN service;
receiving a redirection response from the login management server;
sending the login page request to the service server according to the redirection response;
and receiving a data stream for displaying a login page from the service server and displaying the login page.
13. The method according to claim 11 or 12, wherein after receiving the login response from the login management server, the method further comprises:
when the login response carries a token, switching from the adaptation page to a login success page according to the login response, wherein the login success page carries the token;
activating an application VPN client application by utilizing the login success page;
sending an authentication request carrying the token to a VPN server side providing the VPN service by utilizing the VPN client side application;
and receiving a feedback result from the VPN server, wherein the feedback result is used for indicating whether the user successfully logs in the service server and the VPN service through the VPN client application.
14. The method of claim 13, wherein after receiving the feedback result from the VPN server, further comprising:
if the feedback result indicates that the user successfully logs in the service server and the VPN service through the VPN client application, establishing a VPN tunnel with the VPN server through the VPN client application request;
and sending a service request to the VPN server through the VPN tunnel.
15. An electronic device comprising a processor, a memory, and a computer program stored on the memory and executable on the processor, wherein execution of the computer program by the processor causes the electronic device to carry out the method of any one of claims 1 to 14.
16. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1 to 14.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111012706.6A CN113922982B (en) | 2021-08-31 | 2021-08-31 | Login method, electronic equipment and computer readable storage medium |
| PCT/CN2021/121317 WO2023029138A1 (en) | 2021-08-31 | 2021-09-28 | Login method, electronic device and computer-readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111012706.6A CN113922982B (en) | 2021-08-31 | 2021-08-31 | Login method, electronic equipment and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113922982A true CN113922982A (en) | 2022-01-11 |
| CN113922982B CN113922982B (en) | 2024-06-21 |
Family
ID=79233639
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111012706.6A Active CN113922982B (en) | 2021-08-31 | 2021-08-31 | Login method, electronic equipment and computer readable storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN113922982B (en) |
| WO (1) | WO2023029138A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115865562A (en) * | 2022-11-30 | 2023-03-28 | 浪潮通用软件有限公司 | Method, device and medium for integrating VPN (virtual private network) by application program under multi-tenant architecture |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116506237B (en) * | 2023-06-30 | 2023-09-22 | 深圳市今天国际物流技术股份有限公司 | Remote identity verification and transmission method completely off-line |
| CN116962088B (en) * | 2023-09-20 | 2023-11-28 | 上海金电网安科技有限公司 | Login authentication method, zero trust controller and electronic equipment |
| CN117811847B (en) * | 2024-03-01 | 2024-05-28 | 北京长亭科技有限公司 | Man-machine verification method and device based on combination of public network and intranet |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101651666A (en) * | 2008-08-14 | 2010-02-17 | 中兴通讯股份有限公司 | Method and device for identity authentication and single sign-on based on virtual private network |
| CN104767621A (en) * | 2015-04-16 | 2015-07-08 | 深圳市高星文网络科技有限公司 | Single-point security certification method for having access to enterprise data through mobile application |
| CN106330918A (en) * | 2016-08-26 | 2017-01-11 | 杭州迪普科技有限公司 | Multi-system login method and device |
| CN106850517A (en) * | 2015-12-04 | 2017-06-13 | 北京京东尚科信息技术有限公司 | A kind of method, apparatus and system for solving intranet and extranet repeat logon |
| WO2019000092A1 (en) * | 2017-06-30 | 2019-01-03 | Open Text Corporation | Hybrid authentication systems and methods |
| CA3104122A1 (en) * | 2018-06-25 | 2019-06-24 | Citrix Systems, Inc. | Unified display for virtual resources |
| US10387980B1 (en) * | 2015-06-05 | 2019-08-20 | Acceptto Corporation | Method and system for consumer based access control for identity information |
| WO2021133694A1 (en) * | 2019-12-26 | 2021-07-01 | Vmware, Inc. | Single sign on (sso) capability for services accessed through messages |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101388774A (en) * | 2008-10-24 | 2009-03-18 | 焦点科技股份有限公司 | Method for automatically authenticate and recognize customer identity between different customers and login |
| US9432334B2 (en) * | 2014-12-01 | 2016-08-30 | Intermedia.Net, Inc. | Native application single sign-on |
-
2021
- 2021-08-31 CN CN202111012706.6A patent/CN113922982B/en active Active
- 2021-09-28 WO PCT/CN2021/121317 patent/WO2023029138A1/en unknown
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101651666A (en) * | 2008-08-14 | 2010-02-17 | 中兴通讯股份有限公司 | Method and device for identity authentication and single sign-on based on virtual private network |
| CN104767621A (en) * | 2015-04-16 | 2015-07-08 | 深圳市高星文网络科技有限公司 | Single-point security certification method for having access to enterprise data through mobile application |
| US10387980B1 (en) * | 2015-06-05 | 2019-08-20 | Acceptto Corporation | Method and system for consumer based access control for identity information |
| CN106850517A (en) * | 2015-12-04 | 2017-06-13 | 北京京东尚科信息技术有限公司 | A kind of method, apparatus and system for solving intranet and extranet repeat logon |
| CN106330918A (en) * | 2016-08-26 | 2017-01-11 | 杭州迪普科技有限公司 | Multi-system login method and device |
| WO2019000092A1 (en) * | 2017-06-30 | 2019-01-03 | Open Text Corporation | Hybrid authentication systems and methods |
| CA3104122A1 (en) * | 2018-06-25 | 2019-06-24 | Citrix Systems, Inc. | Unified display for virtual resources |
| WO2021133694A1 (en) * | 2019-12-26 | 2021-07-01 | Vmware, Inc. | Single sign on (sso) capability for services accessed through messages |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115865562A (en) * | 2022-11-30 | 2023-03-28 | 浪潮通用软件有限公司 | Method, device and medium for integrating VPN (virtual private network) by application program under multi-tenant architecture |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113922982B (en) | 2024-06-21 |
| WO2023029138A1 (en) | 2023-03-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106131079B (en) | Authentication method, system and proxy server | |
| US10574646B2 (en) | Managing authorized execution of code | |
| US9992206B2 (en) | Enhanced security for electronic communications | |
| CN113922982B (en) | Login method, electronic equipment and computer readable storage medium | |
| US9401909B2 (en) | System for and method of providing single sign-on (SSO) capability in an application publishing environment | |
| US7356694B2 (en) | Security session authentication system and method | |
| US8832787B1 (en) | Implementing single sign-on across a heterogeneous collection of client/server and web-based applications | |
| US8683565B2 (en) | Authentication | |
| EP2307982B1 (en) | Method and service integration platform system for providing internet services | |
| EP1484894B1 (en) | Method and system for connecting a remote client to a local client desktop via an Intranet server | |
| US8099768B2 (en) | Method and system for multi-protocol single logout | |
| US8191123B2 (en) | Provisioning a network appliance | |
| US20100199086A1 (en) | Network transaction verification and authentication | |
| JP2005538434A (en) | Method and system for user-based authentication in a federated environment | |
| US8191122B2 (en) | Provisioning a network appliance | |
| WO2015102872A1 (en) | Split-application infrastructure | |
| CN111355713B (en) | Proxy access method, device, proxy gateway and readable storage medium | |
| US8694993B1 (en) | Virtualization platform for secured communications between a user device and an application server | |
| KR20040069339A (en) | Method and system for secure handling of electronic business transactions on the internet | |
| CN113746811A (en) | Login method, device, equipment and readable storage medium | |
| CN111786969A (en) | Single sign-on method, device and system | |
| US8671442B2 (en) | Modifying a user account during an authentication process | |
| US9210155B2 (en) | System and method of extending a host website | |
| US20060122936A1 (en) | System and method for secure publication of online content | |
| CN114338078B (en) | CS client login method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |