CN114024727A - Cross-domain single sign-on method, system, authentication server and readable medium - Google Patents
Cross-domain single sign-on method, system, authentication server and readable medium Download PDFInfo
- Publication number
- CN114024727A CN114024727A CN202111261496.4A CN202111261496A CN114024727A CN 114024727 A CN114024727 A CN 114024727A CN 202111261496 A CN202111261496 A CN 202111261496A CN 114024727 A CN114024727 A CN 114024727A
- Authority
- CN
- China
- Prior art keywords
- client terminal
- server
- resource server
- resource
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000012795 verification Methods 0.000 claims abstract description 97
- 235000014510 cooky Nutrition 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims description 3
- 238000013475 authorization Methods 0.000 description 26
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 238000012797 qualification Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention relates to a cross-domain single sign-on method, a cross-domain single sign-on system, an authentication server and a readable medium. A cross-domain single sign-on method is applied to an authentication server and comprises the following steps: responding to first request data of a client terminal, and sending first feedback data to the client terminal so that the client terminal logs in a first resource server according to the first feedback data; the first request data comprises user login data and a first website of the first resource server; the first feedback data comprises user credentials and a first verification code. The first feedback data is sent to the client terminal as long as the first request data sent by the client terminal is received, and under the condition that the verification is passed, the client terminal can log in the first resource server by using the first feedback data, and meanwhile, the first verification code is obtained based on the first website of the first resource server and can only be used for logging in the first resource server, so that the method is safe and convenient.
Description
Technical Field
The invention relates to the field of website login, in particular to a cross-domain single sign-on method, a cross-domain single sign-on system, an authentication server and a readable medium.
Background
The existing single sign-on technology can solve the problem of multiple systems under the same domain name, so that a user can access multiple web systems by logging on at one time.
However, most browsers prohibit cross-domain access, so if domain names of multiple subsystems are inconsistent, even multiple subsystems under the same domain name cannot be accessed by using single sign-on, which brings inconvenience to clients and causes poor experience.
Disclosure of Invention
In view of the above-mentioned shortcomings in the prior art, an object of the present invention is to provide a cross-domain single sign-on method, which can realize single sign-on by using the same authentication server to perform login verification regardless of whether the two subsystems have the same domain name.
The invention also aims to provide a cross-domain single sign-on system.
The invention also aims to provide an authentication server.
It is a further object of the present invention to provide a computer readable medium.
In order to achieve the purpose, the invention adopts the following technical scheme:
in one aspect, the present invention provides a cross-domain single sign-on method, applied to an authentication server, including:
responding to first request data of a client terminal, and sending first feedback data to the client terminal so that the client terminal logs in a first resource server according to the first feedback data; the first request data comprises user login data and a first website of the first resource server; the first feedback data comprises user credentials and a first verification code; the first verification code is generated based on the user login data and the first website.
Further, in the cross-domain single sign-on method, during the process that the client terminal logs on to the first resource server, the login method further includes:
responding to first verification request data of a first resource server, and sending a first verification result to the first resource server so that the first resource server can realize whether the login of the client terminal is successful or not according to the first verification result; the first verification request data comprises the verification code, and the verification code is sent to the first resource server for the client terminal to log in to the first resource server.
Further, the cross-domain single sign-on method further includes:
responding to second request data of the client terminal, and sending second feedback data to the client terminal so that the client terminal logs in a second resource server according to the second feedback data; the second request data comprises the user credentials and a second web address of the second resource server; the second feedback data comprises a second verification code; the second authentication code is generated based on the user credentials and the second web address.
Further, in the cross-domain single sign-on method, during the process that the client terminal logs in to the second resource server, the login method further includes:
responding to second check request data of a second resource server, and sending a second check result to the second resource server so that the second resource server realizes whether the login of the client terminal is successful or not according to the second check result; the second check-up request data includes the verification code, which is sent to the second resource server for the client terminal to log on to the second resource server.
Further, after receiving the second request data, the cross-domain single sign-on method further includes:
judging whether a time difference value between the sending of the first feedback data and the receiving of the second request data is smaller than a first preset time, if so, sending the second feedback data to the client terminal; and if not, sending a login interface to the client terminal, wherein the second resource server is used as the first resource server.
Further, the cross-domain single sign-on method includes that before sending the second request data, the client terminal sends an access request to the second resource server based on a user request, and returns a redirection website of the authentication server to the client terminal, so that the client terminal sends the second request data to the authentication server after receiving the redirection website of the authentication server;
the second feedback data further comprises a second website, and the second verification code is spliced behind the second website.
Further, the cross-domain single sign-on method includes that before sending first request data, a client terminal sends an access request to a first resource server based on a user request, and after the first resource server verifies that a user does not log on, a redirection website of an authentication server is returned to the client terminal, so that the client terminal sends the first request data to the authentication server after receiving the redirection website of the authentication server;
the first feedback data further comprises a first website, and the first verification code is spliced behind the first website;
and after receiving the first feedback data, the client terminal stores the user certificate in the Cookie.
In another aspect, the present invention provides an authentication server using any one of the foregoing cross-domain single sign-on methods, including:
the acquisition module is used for receiving first request data of a client terminal; the first request data comprises user login data and a first website of the first resource server;
the feedback module is used for responding to first request data of a client terminal and sending first feedback data to the client terminal so that the client terminal can log in a first resource server according to the first feedback data; the first feedback data comprises user credentials and a first verification code; the first verification code is generated based on the user login data and the first website.
In another aspect, the present invention provides a cross-domain single sign-on system, including:
a client terminal;
the authentication server;
the resource server which the client terminal firstly requests to log in is a first resource server, and the other resource servers are second resource servers; and more than two resource servers carry out login verification through the authentication server.
In another aspect, the present invention provides a computer storage medium storing a computer program which, when executed by a processor, implements any of the cross-domain single sign-on methods described above.
Compared with the prior art, the cross-domain single sign-on method, the cross-domain single sign-on system, the authentication server and the readable medium provided by the invention have the following beneficial effects:
by using the cross-domain single sign-on method provided by the invention, the first feedback data is sent to the client terminal as long as the first request data sent by the client terminal is received, and under the condition that the verification is passed, the client terminal can use the first feedback data to sign on the first resource server, and meanwhile, the first verification code is obtained based on the first website of the first resource server, can only be used for the sign-on of the first resource server, and is safe and convenient.
By using the cross-domain single sign-on method provided by the invention, when logging on the second resource server, data such as a user name, a password and the like do not need to be provided again, and only the user certificate and the second website are provided, so that the method is convenient and fast; based on this, the invention can realize single sign-on only by using the same authentication server to perform sign-on verification no matter whether the two subsystems have the same domain name or not.
Drawings
FIG. 1 is a flow chart of a cross-domain single sign-on method for a first resource server;
FIG. 2 is a flowchart of a cross-domain single sign-on method for logging on a second resource server;
FIG. 3 is a flowchart of one embodiment of a cross-domain single sign-on method provided by the present invention;
fig. 4 is a block diagram of an authentication server according to the present invention.
Detailed Description
In order to make the objects, technical solutions and effects of the present invention clearer and clearer, the present invention is further described in detail below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
It is to be understood by those skilled in the art that the foregoing general description and the following detailed description are exemplary and explanatory of specific embodiments of the invention, and are not intended to limit the invention.
The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process or method that comprises a list of steps does not include only those steps, but may include other steps not expressly listed or inherent to such process or method. Also, without further limitation, one or more devices or subsystems, elements or structures or components beginning with "comprise. The appearances of the phrases "in one embodiment," "in another embodiment," and similar language throughout this specification may, but do not necessarily, all refer to the same embodiment.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
The invention provides a cross-domain single sign-on method, which is applied to an authentication server.
In other embodiments, the authentication server may also provide login authentication services for multiple subsystems (i.e., multiple resource servers) with different domain names, that is, multiple resource servers do not belong to the same domain name, but all use the authentication server for login authentication.
When a client terminal wants to log in a certain resource server, if the resource server is a resource server which receives a login request of the client terminal and is the first resource server in a plurality of resource servers which use the authentication server for login authentication, the resource server is used as a first resource server.
At this time, the specific process is as follows:
the first resource server sends the login authentication website of the authentication server to the client terminal;
the client terminal can log in the authentication server according to the login authentication website, further receives a login interface sent by the authentication server, and inputs user login data (comprising a user name, a password and the like) through the login interface;
the authentication server executes the cross-domain single sign-on method provided by the invention so that the client terminal uses the first verification code to sign on the first resource server. The first verification code can be verified only once, namely the first verification code is generated according to the website correspondence of the first resource server, the client terminal can only log in the first resource server, and the client terminal cannot be used for logging in other resource servers, so that the method has great safety.
In a further embodiment, after receiving the first feedback data of the authentication server, the client terminal stores the first feedback data into cache data corresponding to the authentication server, that is, the first feedback data can be called as long as the authentication server needs to perform login authentication, so that other resource servers can be quickly logged in, and user experience is improved.
The cross-domain single sign-on method comprises the following steps:
responding to first request data of a client terminal, and sending first feedback data to the client terminal so that the client terminal logs in a first resource server according to the first feedback data; the first request data comprises user login data and a first website of the first resource server; the first feedback data comprises user credentials and a first verification code; the first verification code is generated based on the user login data and the first website. The user login data comprises a user name, a user password and/or a short message authentication code and the like.
Specifically, the generating step of the first verification code includes:
after receiving the user login data, the authentication server verifies whether the user login data passes or not, if so, a successful check code (such as a secret) with a user code is generated, and then a user unique identifier (namely a user name, such as admin) and a first website are integrated to generate a first verification code; if not, returning a failure check code which fails to pass the verification, and feeding back the failure check code to the user terminal.
In the following, a detailed description is given by taking an example that a plurality of resource servers all use an authentication server to perform login authentication, where there are two or more resource servers resource _ servers under the same or different domain names, each resource server resource _ server uses an authentication server authorization _ server to perform login authentication, a first resource server of the plurality of resource servers resource _ servers to be logged in at a client terminal is a first resource server resource1_ server, and other resource servers are second resource servers resource2_ servers:
1) the user terminal sends a request for accessing the first resource server resource1_ server through the browser, i.e. prepares to open the first web address of the first resource server resource1_ server.
In a further embodiment, the client terminal may click a login button on a first website page of the first resource server resource1_ server, and directly enter a login interface, where the login interface is sent to the client terminal by the authentication server authorization _ server.
2) After the first resource server resource1_ server verifies that the user is not logged in, the first resource server resource1_ server redirects the user to the authentication server authorization _ server for login verification. Namely, the first resource server resource1_ server sends the authentication website of the authentication server authorization _ server to the client terminal, and the client terminal opens the authentication website and executes step 3).
3) The client terminal sends a login request to the authentication server authorization _ server, and the parameters should include the first website url1 of the first resource server resource1_ server to indicate which system forwards the request.
4) The authentication server authorization _ server returns a login page to the client terminal.
5) The client terminal receives user login data filled by a user, namely a user name and a password, and sends the user login data and a first website url1 of a first resource server resource1_ server to the authentication server authorization _ server for verification.
6) After the authentication server authorization _ server verifies that the user name and the password are correct, a first authentication data node session01 is created locally in the server storage, and first feedback data of the browser is returned, where the first feedback data includes a user credential authorization _ token and a first verification code1 about the authentication server authorization _ server.
7) After receiving the first feedback data fed back by the authentication server authorization _ server, the browser of the client terminal stores the user credential authorization _ token in a cookie under a domain name corresponding to the authentication server authorization _ server, and takes the first verification code authCode1 to access the first website url1 of the first resource server resource1_ server, thereby realizing login aiming at the first resource server resource1_ server. In this embodiment, the first verification code authCode1 is verified only once, so that the security of website login is greatly improved.
In this embodiment, the login of the client terminal to the first resource server resource1_ server is not limited, and as long as the authentication server authorization _ server passes, the first feedback data is fed back to the client terminal, that is, the client terminal is proved to pass the authentication, that is, the client terminal has the qualification of logging in the first resource server resource1_ server, so that the login can be realized; in case the authentication is not passed, the authentication server does not feed back the first feedback data to the client terminal. When logging in the first resource server resource1_ server, a person skilled in the art can select an appropriate login method to log in the first resource server resource1_ server according to requirements.
By using the cross-domain single sign-on method provided by the invention, the first feedback data is sent to the client terminal as long as the first request data sent by the client terminal is received, and under the condition that the verification is passed, the client terminal can use the first feedback data to sign on the first resource server, and meanwhile, the first verification code is obtained based on the first website of the first resource server, can only be used for the sign-on of the first resource server, and is safe and convenient.
Further, as a preferred solution, in this embodiment, during the process that the client terminal logs in to the first resource server, the login method further includes:
responding to first verification request data of a first resource server, and sending a first verification result to the first resource server so that the first resource server can realize whether the login of the client terminal is successful or not according to the first verification result; the first verification request data comprises the first verification code, and the first verification code is sent to the first resource server for the client terminal to log in to the first resource server.
The embodiment provides a technical scheme for a client terminal to log in a first resource server, which specifically includes:
8) and after receiving the first verification code authCode sent by the client terminal, the first resource server resource1_ server sends the first verification code authCode to the authentication server authorization _ server for verification.
9) And the authentication server authorization _ server verifies the first verification code authCode, and after a successful result is obtained, the first resource server resource1_ server creates a first resource data node session1 in the server storage.
10) The first resource server resource1_ server returns to the resource that the client terminal browser wants to access and the first login flag resource1_ token representing successful login of the first resource server resource1_ server, and the browser stores the first login flag resource1_ token in the cookie under the domain name corresponding to the first resource server resource1_ server.
Further, as a preferable scheme, in this embodiment, the method further includes:
responding to second request data of the client terminal, and sending second feedback data to the client terminal so that the client terminal logs in a second resource server according to the second feedback data; the second request data comprises the user credentials and a second web address of the second resource server; the second feedback data comprises a second verification code; the second authentication code is generated based on the user credentials and the second web address.
Specifically, the generating step of the second verification code includes:
after receiving the user certificate, the authentication server verifies whether the user certificate passes or not, if so, a successful check code (such as a secret) with a user code is generated, and then the unique certificate (i.e. the user certificate authorization _ token) which passes the verification of the user by the authentication server is integrated with the second website to generate a second verification code; if not, returning a failure check code which fails to pass the verification, and feeding back the failure check code to the user terminal.
In this embodiment, the user uses the client terminal to prepare to log in the second resource server resource2_ server to access the resource of the second resource server resource2_ server, and the specific process is as follows:
11) the client terminal sends a request for accessing the second resource server resource2_ server through the browser, and in actual operation, starts to open the second web address url2 of the second resource server resource2_ server.
In some embodiments, it may be that the login button on the second resource server resource2_ server website is clicked, i.e. step 12) is triggered.
12) And after the second resource server resource2_ server verifies that the user does not log in the second resource server resource2_ server, the redirection is carried out, so that the client terminal opens the authentication website of the authentication server authorization _ server to carry out login verification.
13) The client terminal sends the second request data for login to the authentication server authorization _ server, at this time, because the user credential is already stored in the cookie of the corresponding authentication server authorization _ server when logging in the first resource server resource1_ server, the user credential authorization _ token in the second request data can be directly called and obtained. Meanwhile, the second request data further includes a second website url2 of the second resource server resource2_ server.
14) Since the authentication server authorization _ server judges that the user has successfully logged in according to the user credential authorization _ token, the second feedback data is directly returned to the browser of the client terminal, where the second feedback data includes a second verification code2, and the client terminal can log in the second resource server resource2_ server according to the second verification code 2.
15) The client terminal takes the second verification code authCode2 and logs in the second resource server resource2_ server. In this embodiment, the second verification code authCode2 is verified only once, so that the security of website login is greatly improved.
In this embodiment, the login of the client terminal to the second resource server resource2_ server is not limited, and as long as the authentication server authorization _ server passes, the second feedback data is fed back to the client terminal, that is, the client terminal is proved to pass the authentication, that is, the client terminal has the qualification of logging in the second resource server resource2_ server, so that the login can be realized; in case the authentication is not passed, the authentication server does not feed back the second feedback data to the client terminal. When logging in the second resource server resource2_ server, a person skilled in the art can select an appropriate login method to log in the second resource server resource2_ server according to requirements.
By using the technical scheme provided by the embodiment, when logging in the second resource server, the user credentials and the second website are provided without providing the data such as the user name, the password and the like again, which is convenient and fast.
Further, as a preferred solution, in this embodiment, during the process that the client terminal logs in to the second resource server, the login method further includes:
responding to second check request data of a second resource server, and sending a second check result to the second resource server so that the second resource server realizes whether the login of the client terminal is successful or not according to the second check result; the second check-up request data includes the second verification code, and the second verification code is sent to the second resource server for the client terminal to log in to the second resource server.
The embodiment provides a technical scheme for a client terminal to log in a second resource server, which specifically includes:
16) and the second resource server resource2_ server receives the second verification code2 sent by the client terminal and then sends the second verification code to the authentication server authorization _ server for verification.
17) And the authentication server authorization _ server checks the second verification code authCode2, and after a successful result, the second resource server resource12_ server creates a second resource data node session2 locally at the server. And checking the first/second verification codes every time to ensure that the logged-in client terminal is a correct client terminal.
18) The second resource server resource2_ server returns the resource requested to be accessed by the browser to the client terminal and a second login mark resource2_ token representing that the client terminal successfully logs in the second resource server resource2_ server, and the browser stores the resource requested to be accessed by the browser in the cookie under the domain name of the second resource server resource2_ server.
Further, as a preferred solution, in this embodiment, after receiving the second request data, the method further includes:
judging whether a time difference value between the sending of the first feedback data and the receiving of the second request data is smaller than a first preset time, if so, sending the second feedback data to the client terminal; and if not, sending a login interface to the client terminal, wherein the second resource server is used as the first resource server. Preferably, the first predetermined time is 30-600 minutes, and more preferably 30 minutes, that is, if the login of the client terminal to the first resource server is successful, the user credential may be used to log in to the second resource server, and if the login data exceeds the first predetermined time, the user login data needs to be re-filled, so that the data security of the user can be ensured. Of course, other time determinations are possible, such as 1-30 days, etc., to facilitate user login.
Further, as a preferred scheme, in this embodiment, before sending the first request data, the client terminal sends an access request to the first resource server based on the user request, and after the first resource server verifies that the user is not logged in, the first resource server returns a redirection website of the authentication server to the client terminal, so that the client terminal sends the first request data to the authentication server after receiving the redirection website of the authentication server; see steps 1) -4 of the previous examples for specific embodiments).
The first feedback data further comprises a first website, and the first verification code is spliced behind the first website;
and after receiving the first feedback data, the client terminal stores the user certificate in the Cookie. And the user credentials need to be acquired again as long as the cookie is deleted, namely login verification is carried out again.
Further, as a preferred scheme, in this embodiment, before sending the second request data, the client terminal sends an access request to the second resource server based on the user request, and returns a redirection website of the authentication server to the client terminal, so that the client terminal sends the second request data to the authentication server after receiving the redirection website of the authentication server; see steps 11) -12 of the previous examples for specific embodiments).
The second feedback data further comprises a second website, and the second verification code is spliced behind the second website.
Whether the client terminal can be directly connected with the first/second resource server after receiving the first/second feedback data or not, the first/second website is attached to the first/second feedback data, so that the website confirmation of the first/second resource server can be ensured before login, and login information is safer.
The present invention further provides an authentication server using the cross-domain single sign-on method of any of the foregoing embodiments, including:
the acquisition module is used for receiving first request data of a client terminal; the first request data comprises user login data and a first website of the first resource server;
the feedback module is used for responding to first request data of a client terminal and sending first feedback data to the client terminal so that the client terminal can log in a first resource server according to the first feedback data; the first feedback data comprises user credentials and a first verification code; the first verification code is generated based on the user login data and the first website.
Further, as a preferred scheme, in this embodiment, the obtaining module is further configured to receive first verification request data sent by a first resource server; the feedback module is further configured to feed back a first verification result to the first resource server; to realize that:
responding to first verification request data of a first resource server, and sending a first verification result to the first resource server so that the first resource server can realize whether the login of the client terminal is successful or not according to the first verification result; the first verification request data comprises the verification code, and the verification code is sent to the first resource server for the client terminal to log in to the first resource server.
Further, as a preferred scheme, in this embodiment, the obtaining module is further configured to receive second request data sent by the client terminal; the feedback module is further used for feeding back the second feedback data to the client terminal; to realize that:
responding to second request data of the client terminal, and sending second feedback data to the client terminal so that the client terminal logs in a second resource server according to the second feedback data; the second request data comprises the user credentials and a second web address of the second resource server; the second feedback data comprises a second verification code; the second authentication code is generated based on the user credentials and the second web address.
Further, as a preferred scheme, in this embodiment, the obtaining module is further configured to receive second verification request data sent by a second resource server; the feedback module is further configured to feed back a second check result to the second resource server; to realize that:
responding to second check request data of a second resource server, and sending a second check result to the second resource server so that the second resource server realizes whether the login of the client terminal is successful or not according to the second check result; the second check-up request data includes the verification code, which is sent to the second resource server for the client terminal to log on to the second resource server.
Further, as a preferred scheme, in this embodiment, after receiving the second request data, the feedback module further includes:
judging whether a time difference value between the sending of the first feedback data and the receiving of the second request data is smaller than a first preset time, if so, sending the second feedback data to the client terminal; and if not, sending a login interface to the client terminal, wherein the second resource server is used as the first resource server.
The invention also provides a cross-domain single sign-on system, comprising:
a client terminal;
the authentication server described in the preceding embodiment;
the resource server which the client terminal firstly requests to log in is a first resource server, and the other resource servers are second resource servers; and more than two resource servers carry out login verification through the authentication server.
The present invention also provides a computer storage medium storing a computer program, which when executed by a processor implements the cross-domain single sign-on method of any of the foregoing embodiments.
More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof.
It should be understood that equivalents and modifications of the technical solution and inventive concept thereof may occur to those skilled in the art, and all such modifications and alterations should fall within the scope of the appended claims.
Claims (10)
1. A cross-domain single sign-on method is applied to an authentication server and comprises the following steps:
responding to first request data of a client terminal, and sending first feedback data to the client terminal so that the client terminal logs in a first resource server according to the first feedback data; the first request data comprises user login data and a first website of the first resource server; the first feedback data comprises user credentials and a first verification code; the first verification code is generated based on the user login data and the first website.
2. The cross-domain single sign-on method of claim 1, wherein during the process of the client terminal logging on to the first resource server, the login method further comprises:
responding to first verification request data of a first resource server, and sending a first verification result to the first resource server so that the first resource server can realize whether the login of the client terminal is successful or not according to the first verification result; the first verification request data comprises the first verification code, and the first verification code is sent to the first resource server for the client terminal to log in to the first resource server.
3. The cross-domain single sign-on method of claim 1, further comprising:
responding to second request data of the client terminal, and sending second feedback data to the client terminal so that the client terminal logs in a second resource server according to the second feedback data; the second request data comprises the user credentials and a second web address of the second resource server; the second feedback data comprises a second verification code; the second authentication code is generated based on the user credentials and the second web address.
4. The cross-domain single sign-on method of claim 3, wherein during the process of the client terminal logging on to the second resource server, the login method further comprises:
responding to second check request data of a second resource server, and sending a second check result to the second resource server so that the second resource server realizes whether the login of the client terminal is successful or not according to the second check result; the second check-up request data includes the second verification code, and the second verification code is sent to the second resource server for the client terminal to log in to the second resource server.
5. The cross-domain single sign-on method of claim 3, further comprising, after receiving the second request data:
judging whether a time difference value between the sending of the first feedback data and the receiving of the second request data is smaller than a first preset time, if so, sending the second feedback data to the client terminal; and if not, sending a login interface to the client terminal, wherein the second resource server is used as the first resource server.
6. The cross-domain single sign-on method according to claim 3, wherein the client terminal sends an access request to the second resource server based on the user request before sending the second request data, and returns the redirected website of the authentication server to the client terminal, so that the client terminal sends the second request data to the authentication server after receiving the redirected website of the authentication server;
the second feedback data further comprises a second website, and the second verification code is spliced behind the second website.
7. The cross-domain single sign-on method according to claim 1, wherein the client terminal sends an access request to the first resource server based on a user request before sending the first request data, and after the first resource server verifies that the user is not logged on, the first resource server returns a redirection website of the authentication server to the client terminal, so that the client terminal sends the first request data to the authentication server after receiving the redirection website of the authentication server;
the first feedback data further comprises a first website, and the first verification code is spliced behind the first website;
and after receiving the first feedback data, the client terminal stores the user certificate in the Cookie.
8. An authentication server using the cross-domain single sign-on method of any one of claims 1 to 7, comprising:
the acquisition module is used for receiving first request data of a client terminal; the first request data comprises user login data and a first website of the first resource server;
the feedback module is used for responding to first request data of a client terminal and sending first feedback data to the client terminal so that the client terminal can log in a first resource server according to the first feedback data; the first feedback data comprises user credentials and a first verification code; the first verification code is generated based on the user login data and the first website.
9. A cross-domain single sign-on system, comprising:
a client terminal;
the authentication server of claim 8;
the resource server which the client terminal firstly requests to log in is a first resource server, and the other resource servers are second resource servers; and more than two resource servers carry out login verification through the authentication server.
10. A computer storage medium, in which a computer program is stored, which, when executed by a processor, implements the cross-domain single sign-on method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111261496.4A CN114024727A (en) | 2021-10-28 | 2021-10-28 | Cross-domain single sign-on method, system, authentication server and readable medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111261496.4A CN114024727A (en) | 2021-10-28 | 2021-10-28 | Cross-domain single sign-on method, system, authentication server and readable medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114024727A true CN114024727A (en) | 2022-02-08 |
Family
ID=80058103
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111261496.4A Pending CN114024727A (en) | 2021-10-28 | 2021-10-28 | Cross-domain single sign-on method, system, authentication server and readable medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114024727A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115589336A (en) * | 2022-11-25 | 2023-01-10 | 云筑信息科技(成都)有限公司 | Cross-domain login method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103139200A (en) * | 2013-01-06 | 2013-06-05 | 深圳市元征科技股份有限公司 | Single sign-on method of web service |
| CN109672680A (en) * | 2018-12-24 | 2019-04-23 | 成都四方伟业软件股份有限公司 | Cross-domain login method |
| CN111209557A (en) * | 2019-12-24 | 2020-05-29 | 中移(杭州)信息技术有限公司 | Cross-domain single sign-on method and device, electronic equipment and storage medium |
| CN112688937A (en) * | 2020-12-22 | 2021-04-20 | 武汉烽火众智数字技术有限责任公司 | Login method for system single sign-on under cross-application heterogeneous application |
| CN112966253A (en) * | 2021-02-08 | 2021-06-15 | 北京金和网络股份有限公司 | Third-party application integrated login method, login device and platform |
-
2021
- 2021-10-28 CN CN202111261496.4A patent/CN114024727A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103139200A (en) * | 2013-01-06 | 2013-06-05 | 深圳市元征科技股份有限公司 | Single sign-on method of web service |
| CN109672680A (en) * | 2018-12-24 | 2019-04-23 | 成都四方伟业软件股份有限公司 | Cross-domain login method |
| CN111209557A (en) * | 2019-12-24 | 2020-05-29 | 中移(杭州)信息技术有限公司 | Cross-domain single sign-on method and device, electronic equipment and storage medium |
| CN112688937A (en) * | 2020-12-22 | 2021-04-20 | 武汉烽火众智数字技术有限责任公司 | Login method for system single sign-on under cross-application heterogeneous application |
| CN112966253A (en) * | 2021-02-08 | 2021-06-15 | 北京金和网络股份有限公司 | Third-party application integrated login method, login device and platform |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115589336A (en) * | 2022-11-25 | 2023-01-10 | 云筑信息科技(成都)有限公司 | Cross-domain login method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109309683B (en) | Token-based client identity authentication method and system | |
| CN106936853B (en) | Cross-domain single sign-on method based on system integration-oriented cross-domain single sign-on system | |
| US6629246B1 (en) | Single sign-on for a network system that includes multiple separately-controlled restricted access resources | |
| CN110781482B (en) | Login method, login device, computer equipment and storage medium | |
| CN112597472B (en) | Single sign-on method, device and storage medium | |
| WO2017028804A1 (en) | Web real-time communication platform authentication and access method and device | |
| US7500262B1 (en) | Implementing single sign-on across a heterogeneous collection of client/server and web-based applications | |
| US8621589B2 (en) | Cross domain single sign on | |
| CN103139200B (en) | A kind of method of Web service single-sign-on | |
| CN110278187B (en) | Multi-terminal single sign-on method, system, synchronous server and medium | |
| CN112995219B (en) | Single sign-on method, device, equipment and storage medium | |
| CN111062023B (en) | Method and device for realizing single sign-on of multi-application system | |
| KR960035299A (en) | A method for managing communication between a remote user and an application server, a subject authentication method for a remote user, a network and a program storage device providing a distributed computer environment | |
| CN104378376A (en) | SOA-based single-point login method, authentication server and browser | |
| CN102469075A (en) | Integration authentication method based on WEB single sign on | |
| CN109495486B (en) | Single-page Web application integration CAS method based on JWT | |
| CN104954330A (en) | Method of accessing data resources, device and system | |
| CN111953681B (en) | DNS identity authentication method and terminal | |
| CN106161475B (en) | Method and device for realizing user authentication | |
| CN111818088A (en) | Authorization mode management method and device, computer equipment and readable storage medium | |
| CN106453396A (en) | Double token account login method and login verification device | |
| CN108259457B (en) | WEB authentication method and device | |
| CN112583834A (en) | Method and device for single sign-on through gateway | |
| CN115022047B (en) | Account login method and device based on multi-cloud gateway, computer equipment and medium | |
| CN113821784A (en) | Multi-system single sign-on method and device and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |