CN114430340A - Cross-domain single sign-on method, device and equipment - Google Patents

Cross-domain single sign-on method, device and equipment Download PDF

Info

Publication number
CN114430340A
CN114430340A CN202111609576.4A CN202111609576A CN114430340A CN 114430340 A CN114430340 A CN 114430340A CN 202111609576 A CN202111609576 A CN 202111609576A CN 114430340 A CN114430340 A CN 114430340A
Authority
CN
China
Prior art keywords
user
login
authentication
identity
identity authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111609576.4A
Other languages
Chinese (zh)
Inventor
魏本洁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Cloud Technology Co Ltd
Original Assignee
China Telecom Cloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Cloud Technology Co Ltd filed Critical China Telecom Cloud Technology Co Ltd
Priority to CN202111609576.4A priority Critical patent/CN114430340A/en
Publication of CN114430340A publication Critical patent/CN114430340A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

本发明实施例提供一种跨域单点登录方法、装置及设备,该方法包括:接收用户的登录请求;向认证系统发送查询所述用户登录状态的ajax请求,所述ajax请求用于提取所述用户的身份认证信息;若所述用户登录状态为已登录,获取所述认证系统基于所述身份认证信息反馈的身份验证令牌;基于所述身份验证令牌对所述用户进行身份认证;若身份认证通过,则允许所述用户登录。本发明通过ajax请求提取用户的身份认证信息,并对应生成身份验证令牌,从而能够避免应用系统和认证系统反复跳转、页面重定向后之后post请求的data数据丢失的缺陷。

Figure 202111609576

Embodiments of the present invention provide a method, device, and device for cross-domain single sign-on. The method includes: receiving a login request from a user; sending an ajax request for querying the user's login status to an authentication system, where the ajax request is used to extract all The identity authentication information of the user; if the user's login status is logged in, obtain an identity verification token fed back by the authentication system based on the identity authentication information; perform identity authentication on the user based on the identity verification token; If the identity authentication is passed, the user is allowed to log in. The present invention extracts the user's identity authentication information through the ajax request, and generates the identity authentication token correspondingly, thereby avoiding the defects of repeated jumping of the application system and the authentication system and the loss of the data data of the post request after page redirection.

Figure 202111609576

Description

一种跨域单点登录方法、装置及设备A cross-domain single sign-on method, device and device

技术领域technical field

本发明涉及网络信息安全技术领域,具体涉及一种跨域单点登录方法、装置及设备。The invention relates to the technical field of network information security, in particular to a cross-domain single sign-on method, device and equipment.

背景技术Background technique

随着互联网技术的迅猛发展,各种网络应用系统应运而生,同一用户在不同的系统中有不同的账号密码,造成了用户名密码的泛滥,同时也带来了安全隐患。With the rapid development of Internet technology, various network application systems emerge as the times require. The same user has different account passwords in different systems, resulting in the proliferation of user names and passwords, and also brings security risks.

单点登录(Single Sign-On,SSO)技术的出现,解决了同一用户在互联网不同系统中的登录问题。该技术将身份认证交由统一的认证服务端,认证服务端产生统一的认证凭证,实现用户身份的认证与校验。The emergence of single sign-on (Single Sign-On, SSO) technology solves the login problem of the same user in different systems on the Internet. This technology transfers the identity authentication to a unified authentication server, and the authentication server generates a unified authentication certificate to realize the authentication and verification of the user's identity.

然而现有的单点登录技术在实际应用过程中存在以下一些问题:基于浏览器重定向的单点登录技术,应用系统和认证系统反复跳转,影响用户体验;页面重定向之后post请求的data数据丢失,不利于应用系统之间的信息和数据交流。However, the existing single sign-on technology has the following problems in the actual application process: the single sign-on technology based on browser redirection, the application system and the authentication system jump repeatedly, which affects the user experience; after the page is redirected, the data of the post request Data loss is not conducive to the exchange of information and data between application systems.

发明内容SUMMARY OF THE INVENTION

因此,本发明要解决的技术问题在于克服现有技术中应用系统和认证系统反复跳转、页面重定向之后post请求的data数据丢失的缺陷,从而提供一种跨域单点登录方法、装置及设备。Therefore, the technical problem to be solved by the present invention is to overcome the defects in the prior art that the application system and the authentication system are repeatedly jumped and the data data of the post request is lost after page redirection, thereby providing a cross-domain single sign-on method, device and method. equipment.

根据第一方面,本发明实施例提供了一种跨域单点登录方法,应用于应用系统,包括如下步骤:接收用户的登录请求;向认证系统发送查询所述用户登录状态的ajax请求,所述ajax请求用于提取所述用户的身份认证信息;若所述用户登录状态为已登录,获取所述认证系统基于所述身份认证信息反馈的身份验证令牌;基于所述身份验证令牌对所述用户进行身份认证;若身份认证通过,则允许所述用户登录。According to a first aspect, an embodiment of the present invention provides a cross-domain single sign-on method, which is applied to an application system and includes the following steps: receiving a user's login request; sending an Ajax request for querying the user's login status to an authentication system, so The ajax request is used to extract the user's identity authentication information; if the user's login status is logged in, obtain the identity verification token fed back by the authentication system based on the identity authentication information; based on the identity verification token pair The user performs identity authentication; if the identity authentication is passed, the user is allowed to log in.

可选地,所述跨域单点登录方法还包括:若所述用户登录状态为未登录,则获取用户输入的用户登录信息,以使所述用户登录所述应用系统;向所述认证系统发送登录ajax请求,以使所述认证系统基于所述登录ajax请求中包含的所述用户的第二身份认证信息生成所述用户的登录凭证身份验证令牌,并存储所述第二身份认证信息与登录凭证身份验证令牌的映射关系;确认用户登录成功,并返回执行接收用户的登录请求的步骤至向认证系统发送查询所述用户登录状态的ajax请求的步骤,以查询所述用户的登录状态。Optionally, the cross-domain single sign-on method further includes: if the user's login status is not logged in, acquiring user login information input by the user, so that the user can log in to the application system; Send a login ajax request, so that the authentication system generates the user's login credential authentication token based on the user's second identity authentication information included in the login ajax request, and stores the second identity authentication information The mapping relationship with the login credential authentication token; confirming that the user has successfully logged in, and returning to the step of executing the step of receiving the user's login request to the step of sending an ajax request to query the user's login status to the authentication system to query the user's login state.

根据第二方面,本发明实施例还提供一种跨域单点登录装置,包括:登录接收模块,用于接收登录请求;请求发送模块,用于向认证系统发送查询所述用户登录状态的ajax请求,所述ajax请求用于提取所述用户的身份认证信息;信息验证模块,用于若所述用户登录状态为已登录,获取所述认证系统基于所述身份认证信息反馈的身份验证令牌;认证模块,用于基于所述身份验证令牌对所述用户进行身份认证;通信模块,用于若身份认证通过,则允许所述用户登录。According to a second aspect, an embodiment of the present invention further provides a cross-domain single sign-on device, including: a login receiving module, configured to receive a login request; and a request sending module, configured to send an ajax query for querying the user's login status to an authentication system request, the ajax request is used to extract the identity authentication information of the user; the information verification module is used to obtain the authentication token fed back by the authentication system based on the identity authentication information if the user's login status is logged in an authentication module for performing identity authentication on the user based on the identity verification token; a communication module for allowing the user to log in if the identity authentication is passed.

根据第三方面,本发明实施例还提供一种跨域单点登录方法,应用于认证系统,包括如下步骤:获取应用系统发送的查询所述用户登录状态的ajax请求,所述ajax请求用于提取所述用户的身份认证信息;若所述用户登录状态为已登录,向所述应用系统反馈基于所述身份认证信息生成的身份验证令牌,以使所述应用系统基于所述身份验证令牌对所述用户进行身份认证。According to a third aspect, an embodiment of the present invention further provides a cross-domain single sign-on method, which is applied to an authentication system and includes the following steps: acquiring an ajax request sent by an application system to query the user's login status, where the ajax request is used for Extract the identity authentication information of the user; if the login status of the user is logged in, feedback the identity authentication token generated based on the identity authentication information to the application system, so that the application system can make the authentication token based on the identity authentication token The card authenticates the user.

可选地,所述跨域单点登录方法还包括:若所述用户登录状态为未登录,获取所述应用系统基于所述用户的登录信息发送的登录ajax请求;所述登录ajax请求中包含所述用户的第二身份认证信息;基于所述第二身份认证信息获得第二身份验证令牌,并存储所述第二身份认证信息和第二身份验证令牌的映射关系。Optionally, the cross-domain single sign-on method further includes: if the user's login status is not logged in, acquiring a login ajax request sent by the application system based on the user's login information; the login ajax request includes: The second identity authentication information of the user; a second identity authentication token is obtained based on the second identity authentication information, and the mapping relationship between the second identity authentication information and the second identity authentication token is stored.

可选地,判断所述用户是否处于登录状态的过程,所述方法包括:基于所述用户的身份认证信息提取出身份验证令牌,则所述用户的登录状态为已登录;若基于所述用户的身份认证信息未提取出身份验证令牌,则所述用户的登录状态为未登录。Optionally, the process of judging whether the user is in a logged-in state, the method includes: extracting an authentication token based on the identity authentication information of the user, the login state of the user is logged in; If no authentication token is extracted from the user's identity authentication information, the user's login status is not logged in.

根据第四方面,本发明实施例还提供一种跨域单点登录装置,应用于认证系统,包括:请求接收模块,用于获取应用系统发送的查询所述用户登录状态的ajax请求,所述ajax请求用于提取所述用户的身份认证信息;判断模块,用于若所述用户登录状态为已登录,向所述应用系统反馈基于所述身份认证信息生成的身份验证令牌,以使所述应用系统基于所述身份验证令牌对所述用户进行身份认证。According to a fourth aspect, an embodiment of the present invention further provides a cross-domain single sign-on device, which is applied to an authentication system, including: a request receiving module, configured to obtain an Ajax request sent by an application system to query the user's login status, the The ajax request is used to extract the identity authentication information of the user; the judgment module is used to feed back the authentication token generated based on the identity authentication information to the application system if the user's login status is logged in, so that all The application system performs identity authentication on the user based on the identity verification token.

根据第五方面,本发明实施例还提供一种跨域单点登录系统,包括认证系统、应用系统,所述应用系统用于接收用户的登录请求,并基于所述登录请求发送查询所述用户登录状态的ajax请求至所述认证系统;所述认证系统用于基于所述ajax请求,提取所述用户的身份认证信息,基于所述身份认证信息获取身份验证令牌,向所述应用系统反馈所述身份验证令牌;所述应用系统用于基于所述身份验证令牌对所述用户进行身份认证,若身份认证通过,则允许所述用户登录。According to a fifth aspect, an embodiment of the present invention further provides a cross-domain single sign-on system, including an authentication system and an application system, where the application system is configured to receive a user's login request, and send a query to the user based on the login request The ajax request in the login state is sent to the authentication system; the authentication system is configured to extract the user's identity authentication information based on the ajax request, obtain an authentication token based on the identity authentication information, and feed back to the application system the identity verification token; the application system is configured to perform identity authentication on the user based on the identity verification token, and if the identity authentication is passed, the user is allowed to log in.

根据第六方面,本发明实施例提供一种跨域单点登录设备,包括:存储器和处理器,所述存储器和所述处理器之间互相通信连接,所述存储器中存储有计算机指令,所述处理器通过执行所述计算机指令,从而执行第一方面或者任意一种可选方式中任一项所述的方法。According to a sixth aspect, an embodiment of the present invention provides a cross-domain single sign-on device, including: a memory and a processor, the memory and the processor are connected in communication with each other, the memory stores computer instructions, and the The processor executes the method described in any one of the first aspect or any optional manner by executing the computer instructions.

根据第七方面,一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机指令,所述计算机指令用于使所述计算机执行第一方面或者任意一种可选实施方式中所述的方法。According to a seventh aspect, a computer-readable storage medium, characterized in that, the computer-readable storage medium stores computer instructions, and the computer instructions are used to cause the computer to execute the first aspect or any optional implementation. method described in the method.

本发明技术方案,具有如下优点:The technical scheme of the present invention has the following advantages:

本发明实施例提供一种跨域单点登录方法,应用于应用系统,该方法包括如下步骤:接收用户的登录请求;向认证系统发送查询所述用户登录状态的ajax请求,所述ajax请求用于提取所述用户的身份认证信息;若所述用户登录状态为已登录,获取所述认证系统基于所述身份认证信息反馈的身份验证令牌;基于所述身份验证令牌对所述用户进行身份认证。本发明通过ajax请求提取用户的身份认证信息,并对应生成身份验证令牌,从而能够避免应用系统和认证系统反复跳转、页面重定向后之后post请求的data数据丢失的缺陷。An embodiment of the present invention provides a cross-domain single sign-on method, which is applied to an application system. The method includes the following steps: receiving a user's login request; sending an ajax request to query the user's login status to an authentication system, and the ajax request uses to extract the identity authentication information of the user; if the login status of the user is logged in, obtain the identity authentication token fed back by the authentication system based on the identity authentication information; Authentication. The present invention extracts the user's identity authentication information through ajax request, and generates an identity authentication token correspondingly, thereby avoiding the defects of repeated jumping of the application system and the authentication system and the loss of data data of the post request after page redirection.

本发明实施例还提供一种跨域单点登录方法,应用于认证系统,该方法包括如下步骤:获取应用系统发送的查询用户登录状态的ajax请求,并根据所述ajax请求提取所述用户的身份认证信息,若所述用户登录状态为已登录,向所述应用系统反馈基于所述身份认证信息生成的身份验证令牌,以使所述应用系统基于所述身份验证令牌对所述用户进行身份认证。本发明通过ajax请求提取用户的身份认证信息,对应生成身份验证令牌,从而能够避免应用系统和认证系统反复跳转、页面重定向后之后post请求的data数据丢失的缺陷。An embodiment of the present invention also provides a cross-domain single sign-on method, which is applied to an authentication system. The method includes the following steps: acquiring an Ajax request sent by an application system to query the login status of a user, and extracting the user's login status according to the Ajax request. Identity authentication information, if the user's login status is logged in, feedback the authentication token generated based on the identity authentication information to the application system, so that the application system can identify the user based on the authentication token Authenticate. The present invention extracts the user's identity authentication information through the ajax request, and generates the identity authentication token correspondingly, thereby avoiding the defects of repeated jumping of the application system and the authentication system and the loss of the data data of the post request after page redirection.

本发明实施例还提供一种跨域单点登录系统,该系统的工作流程包括以下步骤:首先应用系统接收用户的登录请求,并基于所述登录请求发送查询用户登录状态的ajax请求至所述认证系统;而后所述认证系统基于所述ajax请求提取所述用户的身份认证信息,基于所述身份认证信息获取身份验证令牌,向所述应用系统反馈所述身份验证令牌;所述应用系统用于基于所述身份验证令牌对所述用户进行身份认证,若身份认证通过,则允许所述用户登录。本发明通过ajax请求提取用户的身份认证信息,对应生成身份验证令牌,并保存身份认证信息和身份验证令牌之间的映射关系,从而能够避免应用系统和认证系统反复跳转、页面重定向后之后post请求的data数据丢失的缺陷,同时便于用户在后续访问应用系统时,能基于该映射关系快速访问,提升了用户登录速度。An embodiment of the present invention further provides a cross-domain single sign-on system, and the workflow of the system includes the following steps: first, the application system receives a user's login request, and based on the login request, sends an ajax request for querying the user's login status to the authentication system; then the authentication system extracts the identity authentication information of the user based on the ajax request, obtains an authentication token based on the identity authentication information, and feeds back the authentication token to the application system; the application The system is used to authenticate the user based on the identity verification token, and if the identity authentication is passed, the user is allowed to log in. The present invention extracts the user's identity authentication information through ajax request, generates an identity authentication token correspondingly, and saves the mapping relationship between the identity authentication information and the identity authentication token, thereby avoiding repeated jumps and page redirection between the application system and the authentication system The defect that the data data requested by the post is lost later, and at the same time, it is convenient for users to quickly access the application system based on the mapping relationship when they subsequently access the application system, which improves the user login speed.

附图说明Description of drawings

为了更清楚地说明本发明具体实施方式或现有技术中的技术方案,下面将对具体实施方式或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施方式,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the specific embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the specific embodiments or the prior art. Obviously, the accompanying drawings in the following description The drawings are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained based on these drawings without creative efforts.

图1为本发明实施例一种跨域单点登录系统的交互流程图;1 is an interactive flowchart of a cross-domain single sign-on system according to an embodiment of the present invention;

图2为本发明实施例一种跨域单点登录方法的一个具体示例流程图;2 is a specific example flowchart of a cross-domain single sign-on method according to an embodiment of the present invention;

图3为本发明实施例一种跨域单点登录方法的又一个具体示例流程图;3 is a flowchart of another specific example of a cross-domain single sign-on method according to an embodiment of the present invention;

图4为本发明实施例一种跨域单点登录装置的一个具体示例装置原理框图;4 is a schematic block diagram of a specific example device of a cross-domain single sign-on device according to an embodiment of the present invention;

图5为本发明实施例一种跨域单点登录方法的又一个具体示例流程图;5 is a flowchart of another specific example of a cross-domain single sign-on method according to an embodiment of the present invention;

图6为本发明实施例一种跨域单点登录装置的又一个具体示例装置原理框图;6 is a schematic block diagram of another specific example device of a cross-domain single sign-on device according to an embodiment of the present invention;

图7为本发明实施例的一种跨域单点登录设备一个具体示例结构图。FIG. 7 is a specific example structure diagram of a cross-domain single sign-on device according to an embodiment of the present invention.

具体实施方式Detailed ways

下面将结合附图对本发明的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

此外,下面所描述的本发明不同实施方式中所涉及的技术特征只要彼此之间未构成冲突就可以相互结合。In addition, the technical features involved in the different embodiments of the present invention described below can be combined with each other as long as they do not conflict with each other.

本发明实施例是基于ajax请求使得应用系统与认证系统在交互过程中完成对用户信息的认证,让用户成功登录。The embodiment of the present invention enables the application system and the authentication system to complete the authentication of the user information in the interaction process based on the ajax request, so that the user can log in successfully.

本发明实施例提供了一种跨域单点登录系统,包括认证系统1、应用系统2,所述认证系统1、应用系统2之间的交互过程如图1所示。An embodiment of the present invention provides a cross-domain single sign-on system, including an authentication system 1 and an application system 2, and an interaction process between the authentication system 1 and the application system 2 is shown in FIG. 1 .

当应用系统1接收到用户的登录请求后,执行步骤S10:向认证系统1发送查询所述用户登录状态的ajax请求,所述ajax请求用于提取所述用户的身份认证信息。After the application system 1 receives the user's login request, step S10 is performed: sending an ajax request for querying the user's login status to the authentication system 1, where the ajax request is used to extract the user's identity authentication information.

在一可选实施例中,在向认证系统1发送查询所述用户登录状态的ajax请求后,若所述用户登录状态为未登录,则获取用户输入的用户登录信息,以使所述用户登录所述应用系统1,向所述认证系统2发送登录ajax请求。In an optional embodiment, after sending an ajax request to the authentication system 1 for querying the login status of the user, if the login status of the user is not logged in, the user login information input by the user is obtained to enable the user to log in. The application system 1 sends a login ajax request to the authentication system 2 .

认证系统1执行步骤S11:获取应用系统2发送的查询所述用户登录状态的ajax请求,所述ajax请求用于提取所述用户的身份认证信息。The authentication system 1 executes step S11 : acquiring the ajax request sent by the application system 2 for querying the login status of the user, where the ajax request is used to extract the identity authentication information of the user.

在一可选实施例中,所述认证系统1基于所述登录ajax请求中包含的所述用户的身份认证信息生成所述用户的登录凭证身份验证令牌,所述身份验证令牌为基于ajax请求生成的对应于用户的身份认证信息的Token,并存储所述第二身份认证信息与登录凭证身份验证令牌的映射关系,确认用户登录成功,并返回执行接收用户的登录请求的步骤至向认证系统1发送查询所述用户登录状态的ajax请求的步骤,以查询所述用户的登录状态。在实际应用中,为提高身份验证的安全性,所述Token可以设置有效期限,且将所述有效期限保存,用户每次操作自动刷新Token的过期时间。In an optional embodiment, the authentication system 1 generates the user's login credential authentication token based on the user's identity authentication information included in the login ajax request, and the authentication token is based on ajax Request the generated Token corresponding to the user's identity authentication information, and store the mapping relationship between the second identity authentication information and the login credential authentication token, confirm that the user's login is successful, and return to executing the steps of receiving the user's login request. The authentication system 1 sends an ajax request for querying the login status of the user, so as to query the login status of the user. In practical applications, in order to improve the security of identity verification, the Token can be set with an expiration date, and the expiration date can be saved, and the expiration time of the Token is automatically refreshed every time the user operates.

应用系统2执行步骤S12:若所述用户登录状态为已登录,获取所述认证系统1基于所述身份认证信息反馈的身份验证令牌。The application system 2 performs step S12: if the user's login status is logged in, obtain the identity verification token fed back by the authentication system 1 based on the identity authentication information.

认证系统1执行步骤S13:向所述应用系统2反馈基于所述身份认证信息生成的身份验证令牌。The authentication system 1 performs step S13 : feeding back the identity verification token generated based on the identity authentication information to the application system 2 .

具体的,认证系统1基于所述身份认证信息生成对应的身份验证令牌,并将所述身份认证信息与身份验证令牌的映射关系保存。基于所述用户的身份认证信息,判断所述用户登录状态是否为已登录,若基于所述用户的身份认证信息可以提取出对应的身份验证令牌,则用户为已登录状态。在实际应用中,所述身份验证令牌可以例如是Token及Token失效时间。Specifically, the authentication system 1 generates a corresponding identity verification token based on the identity authentication information, and saves the mapping relationship between the identity authentication information and the identity verification token. Based on the user's identity authentication information, it is determined whether the user's login status is logged in, and if a corresponding identity verification token can be extracted based on the user's identity authentication information, the user is in a logged-in status. In practical applications, the authentication token may be, for example, a Token and an expiration time of the Token.

应用系统2执行步骤S14:基于所述身份验证令牌对所述用户进行身份认证。The application system 2 performs step S14: performing identity authentication on the user based on the identity verification token.

应用系统2执行步骤S15:若身份认证通过,则允许所述用户登录。The application system 2 executes step S15: if the identity authentication is passed, the user is allowed to log in.

在一可选实施例中,如图2所示,若所述用户登录状态为未登录,则应用系统2执行步骤S16:获取用户输入的用户登录信息,以使所述用户登录所述应用系统2。In an optional embodiment, as shown in FIG. 2 , if the user login status is not logged in, the application system 2 executes step S16 : obtains the user login information input by the user, so that the user logs in to the application system. 2.

具体的,基于ajax的登录页面自动跳转至登录界面,获取用户输入的用户名及密码,以使用户登录所述应用系统2。Specifically, the ajax-based login page automatically jumps to the login interface, and obtains the user name and password input by the user, so that the user logs in to the application system 2 .

认证系统1执行步骤S17:获取所述应用系统2基于所述用户的登录信息发送的登录ajax请求。The authentication system 1 executes step S17: obtains the login ajax request sent by the application system 2 based on the user's login information.

具体的,认证系统1获取应用系统2发送的登录ajax请求,所述ajax请求中包含所述用户的第二身份认证信息,基于所述第二身份认证信息获得第二身份验证令牌,并存储所述第二身份认证信息和第二身份验证令牌的映射关系。Specifically, the authentication system 1 obtains a login ajax request sent by the application system 2, the ajax request includes the second identity authentication information of the user, obtains a second identity authentication token based on the second identity authentication information, and stores The mapping relationship between the second identity authentication information and the second identity authentication token.

在本发明实施例提供的跨域单点登录方法,通过应用系统2接收用户的登录请求,并向认证系统1发送查询所述用户登录状态的ajax请求,认证系统2基于所述ajax请求提取所述用户的身份认证信息,根据所述身份认证信息获取对应的身份验证令牌,基于所述身份验证令牌的获取判断所述用户登录状态是否为已登录,向所述应用系统2反馈基于身份认证信息生成的身份验证令牌,完成对所述用户的身份认证,允许用户登录并保存所述身份认证信息和身份验证令牌的映射关系,从而能够避免应用系统2和认证系统1反复跳转、页面重定向后之后post请求的data数据丢失的缺陷,同时便于用户在后续访问应用系统2时,能基于该映射关系快速访问,提升了用户登录速度。In the cross-domain single sign-on method provided by the embodiment of the present invention, the user's login request is received through the application system 2, and an Ajax request for querying the user's login status is sent to the authentication system 1, and the authentication system 2 extracts all the data based on the Ajax request. the identity authentication information of the user, obtain the corresponding identity authentication token according to the identity authentication information, determine whether the user's login status is logged in based on the acquisition of the identity authentication token, and feed back to the application system 2 based on the identity The identity verification token generated by the authentication information completes the identity authentication of the user, allows the user to log in and saves the mapping relationship between the identity authentication information and the identity verification token, thereby avoiding repeated jumps between the application system 2 and the authentication system 1 , After the page is redirected, the data data of the post request is lost, and at the same time, it is convenient for the user to access the application system 2 later based on the mapping relationship, which improves the user's login speed.

本发明实施例还提供了一种跨域单点登录方法,应用于应用系统2,如图3所示,包括:The embodiment of the present invention also provides a cross-domain single sign-on method, which is applied to the application system 2, as shown in FIG. 3, including:

步骤S20:接收用户的登录请求;Step S20: receiving a login request from the user;

步骤S21:向认证系统发送查询所述用户登录状态的ajax请求,所述ajax请求用于提取所述用户的身份认证信息,详细内容参见上述实施例中对步骤S10的描述;Step S21: Send an Ajax request for querying the login status of the user to the authentication system, where the Ajax request is used to extract the identity authentication information of the user. For details, refer to the description of Step S10 in the above embodiment;

步骤S22:若所述用户登录状态为已登录,获取所述认证系统基于所述身份认证信息反馈的身份验证令牌,详细内容参见上述实施例中对步骤S12的描述;Step S22: if the user's login status is logged in, obtain the identity verification token fed back by the authentication system based on the identity authentication information. For details, refer to the description of step S12 in the above embodiment;

步骤S23:基于所述身份验证令牌对所述用户进行身份认证,详细内容参见上述实施例中对步骤S14的描述;Step S23: Perform identity authentication on the user based on the identity verification token. For details, refer to the description of step S14 in the above embodiment;

步骤S24:若身份认证通过,则允许所述用户登录,详细内容参见上述实施例中对步骤S15的描述。Step S24: If the identity authentication is passed, the user is allowed to log in. For details, refer to the description of step S15 in the above embodiment.

本发明提供的提供一种跨域单点登录方法,应用于应用系统2,该方法包括如下步骤:接收用户的登录请求;向认证系统1发送查询所述用户登录状态的ajax请求,所述ajax请求用于提取所述用户的身份认证信息;若所述用户登录状态为已登录,获取所述认证系统1基于所述身份认证信息反馈的身份验证令牌;基于所述身份验证令牌对所述用户进行身份认证。本发明通过ajax请求提取用户的身份认证信息,并对应生成身份验证令牌,从而能够避免应用系统2和认证系统1反复跳转、页面重定向后之后post请求的data数据丢失的缺陷。The present invention provides a cross-domain single sign-on method, which is applied to the application system 2. The method includes the following steps: receiving a user's login request; sending an ajax request for querying the user's login status to the authentication system 1; The request is used to extract the identity authentication information of the user; if the login status of the user is logged in, obtain the identity authentication token fed back by the authentication system 1 based on the identity authentication information; The user is authenticated. The present invention extracts the user's identity authentication information through the ajax request, and generates the identity authentication token correspondingly, thereby avoiding the defect of repeated jumping of the application system 2 and the authentication system 1 and the loss of the data data of the post request after page redirection.

在一可选实施例中,所述跨域单点登录方法还包括以下步骤:In an optional embodiment, the cross-domain single sign-on method further includes the following steps:

(1)若所述用户登录状态为未登录,则获取用户输入的用户登录信息,以使所述用户登录所述应用系统2;(1) If the user login status is not logged in, obtain the user login information input by the user, so that the user logs in to the application system 2;

(2)向所述认证系统1发送登录ajax请求,以使所述认证系统1基于所述登录ajax请求中包含的所述用户的第二身份认证信息生成所述用户的登录凭证身份验证令牌,并存储所述第二身份认证信息与登录凭证身份验证令牌的映射关系;(2) Send a login ajax request to the authentication system 1, so that the authentication system 1 generates the user's login credential authentication token based on the user's second identity authentication information included in the login ajax request , and store the mapping relationship between the second identity authentication information and the login credential authentication token;

(3)确认用户登录成功,并返回执行接收用户的登录请求的步骤至向认证系统1发送查询所述用户登录状态的ajax请求的步骤,以查询所述用户的登录状态。(3) Confirm that the user has successfully logged in, and return to the step of receiving the user's login request to the step of sending an ajax request for querying the user's login status to the authentication system 1 to query the user's login status.

在本发明实施例中,若所述用户登录状态为未登录,则重新获取用户输入的登录信息,并向认证系统1发送登录ajax请求,所述登录ajax请求用于认证系统1基于所述登录ajax请求获取所述用户的第二身份认证信息生成所述用户的登录凭证身份验证令牌,并存储所述第二身份认证信息与登录凭证身份验证令牌的映射关系,确认用户登录成功,并返回执行接收用户的登录请求,重新向认证系统1发送查询所述用户登录状态的ajax请求的步骤,以查询所述用户的登录状态。通过ajax请求,将未登录状态的用户重新建立第二身份认证信息与登录凭证身份验证令牌的映射关系,从而能够使用户在后续访问应用系统2时,能基于该映射关系快速访问,提升了用户登录速度。In the embodiment of the present invention, if the login status of the user is not logged in, the login information input by the user is re-acquired, and a login ajax request is sent to the authentication system 1, and the login ajax request is used by the authentication system 1 based on the login Ajax requests to obtain the user's second identity authentication information to generate the user's login credential authentication token, and stores the mapping relationship between the second identity authentication information and the login credential authentication token, confirms that the user has successfully logged in, and Return to the step of receiving the user's login request, and re-send the ajax request for querying the user's login status to the authentication system 1, so as to query the user's login status. Through the ajax request, the mapping relationship between the second identity authentication information and the login credential authentication token is re-established for the user who is not logged in, so that the user can quickly access the application system 2 based on the mapping relationship when accessing the application system 2 later. User login speed.

如图4所示,本发明实施例还提供了一种跨域单点登录装置,应用于应用系统,包括:登录接收模块3、请求发送模块4、信息验证模块5、认证模块6、通信模块7等。As shown in FIG. 4 , an embodiment of the present invention also provides a cross-domain single sign-on device, which is applied to an application system and includes: a login receiving module 3, a request sending module 4, an information verification module 5, an authentication module 6, and a communication module 7 and so on.

登录接收模块3,用于接收登录请求,详细内容参见上述实施例中对步骤S20的描述;The login receiving module 3 is used to receive a login request, and for details, refer to the description of step S20 in the above-mentioned embodiment;

请求发送模块4,用于向认证系统发送查询所述用户登录状态的ajax请求,所述ajax请求用于提取所述用户的身份认证信息,详细内容参见上述实施例中对步骤S21的描述;The request sending module 4 is used to send an Ajax request for querying the login status of the user to the authentication system, and the Ajax request is used to extract the identity authentication information of the user. For details, refer to the description of step S21 in the above embodiment;

信息验证模块5,用于若所述用户登录状态为已登录,获取所述认证系统基于所述身份认证信息反馈的身份验证令牌,详细内容参见上述实施例中对步骤S22的描述;The information verification module 5 is configured to obtain the identity verification token fed back by the authentication system based on the identity authentication information if the user's login status is logged in. For details, refer to the description of step S22 in the above embodiment;

认证模块6,用于基于所述身份验证令牌对所述用户进行身份认证,详细内容参见上述实施例中对步骤S23的描述;An authentication module 6, configured to perform identity authentication on the user based on the identity verification token. For details, refer to the description of step S23 in the above embodiment;

通信模块7,用于若身份认证通过,则允许所述用户登录,详细内容参见上述实施例中对步骤S24的描述。The communication module 7 is configured to allow the user to log in if the identity authentication is passed. For details, please refer to the description of step S24 in the above embodiment.

本发明提供的提供一种跨域单点登录方法,应用于应用系统2,该方法包括如下步骤:接收用户的登录请求;向认证系统1发送查询所述用户登录状态的ajax请求,所述ajax请求用于提取所述用户的身份认证信息;若所述用户登录状态为已登录,获取所述认证系统1基于所述身份认证信息反馈的身份验证令牌;基于所述身份验证令牌对所述用户进行身份认证。本发明通过ajax请求提取用户的身份认证信息,并对应生成身份验证令牌,从而能够避免应用系统2和认证系统1反复跳转、页面重定向后之后post请求的data数据丢失的缺陷。The present invention provides a cross-domain single sign-on method, which is applied to the application system 2. The method includes the following steps: receiving a user's login request; sending an ajax request for querying the user's login status to the authentication system 1; The request is used to extract the identity authentication information of the user; if the login status of the user is logged in, obtain the identity authentication token fed back by the authentication system 1 based on the identity authentication information; The user is authenticated. The present invention extracts the user's identity authentication information through the ajax request, and generates the identity authentication token correspondingly, thereby avoiding the defect of repeated jumping of the application system 2 and the authentication system 1 and the loss of the data data of the post request after page redirection.

关于跨域单点登录装置的具体限定以及有益效果可以参见上文中对于跨域单点登录方法的限定,在此不再赘述。上述跨域单点登录装置的各个模块可全部或部分通过软件、硬件及其组合来实现。上述各模块可以硬件形式内嵌于或独立于电子设备中的处理器中,也可以以软件形式存储于电子设备中的存储器中,以便于处理器调用执行以上各个模块对应的操作。For the specific limitations and beneficial effects of the cross-domain single sign-on apparatus, reference may be made to the above limitations on the cross-domain single sign-on method, which will not be repeated here. Each module of the above-mentioned cross-domain single sign-on device may be implemented in whole or in part by software, hardware and combinations thereof. The above modules can be embedded in or independent of the processor in the electronic device in the form of hardware, or stored in the memory in the electronic device in the form of software, so that the processor can call and execute the operations corresponding to the above modules.

如图5所示,本发明实施例还提供了一种跨域单点登录方法,应用于认证系统1,包括如下步骤:As shown in FIG. 5 , an embodiment of the present invention further provides a cross-domain single sign-on method, which is applied to the authentication system 1 and includes the following steps:

步骤S30:获取应用系统2发送的查询所述用户登录状态的ajax请求,所述ajax请求用于提取所述用户的身份认证信息,详细内容参见上述实施例中对步骤S11的描述。Step S30: Obtain the ajax request sent by the application system 2 for querying the login status of the user, where the ajax request is used to extract the identity authentication information of the user. For details, refer to the description of step S11 in the above embodiment.

步骤S31:若所述用户登录状态为已登录,向所述应用系统2反馈基于所述身份认证信息生成的身份验证令牌,以使所述应用系统2基于所述身份验证令牌对所述用户进行身份认证,详细内容参见上述实施例中对步骤S12的描述。Step S31: If the user's login status is logged in, feedback the identity verification token generated based on the identity verification information to the application system 2, so that the application system 2 can verify the identity verification token based on the identity verification token. The user performs identity authentication. For details, refer to the description of step S12 in the foregoing embodiment.

本发明实施例还提供一种跨域单点登录方法,应用于认证系统1,该方法包括如下步骤:获取应用系统2发送的查询用户登录状态的ajax请求,并根据所述ajax请求提取所述用户的身份认证信息,若所述用户登录状态为已登录,向所述应用系统2反馈基于所述身份认证信息生成的身份验证令牌,以使所述应用系统2基于所述身份验证令牌对所述用户进行身份认证。本发明通过ajax请求提取用户的身份认证信息,对应生成身份验证令牌,从而能够避免应用系统2和认证系统1反复跳转、页面重定向后之后post请求的data数据丢失的缺陷。The embodiment of the present invention also provides a cross-domain single sign-on method, which is applied to the authentication system 1. The method includes the following steps: acquiring an ajax request sent by the application system 2 to query the user's login status, and extracting the ajax request according to the ajax request. The user's identity authentication information, if the user's login status is logged in, the identity authentication token generated based on the identity authentication information is fed back to the application system 2, so that the application system 2 is based on the identity authentication token. The user is authenticated. The present invention extracts the user's identity authentication information through the ajax request, and generates the identity authentication token correspondingly, thereby avoiding the defect of repeated jumping of the application system 2 and the authentication system 1 and the loss of the data data of the post request after page redirection.

在一可选实施例中,所述跨域单点登录方法,还包括以下步骤:In an optional embodiment, the cross-domain single sign-on method further includes the following steps:

(1)若所述用户登录状态为未登录,获取所述应用系统2基于所述用户的登录信息发送的登录ajax请求;(1) If the login status of the user is not logged in, obtain the login ajax request sent by the application system 2 based on the login information of the user;

(2)所述登录ajax请求中包含所述用户的第二身份认证信息;(2) The login ajax request contains the second identity authentication information of the user;

(3)基于所述第二身份认证信息获得第二身份验证令牌,并存储所述第二身份认证信息和第二身份验证令牌的映射关系。(3) Obtaining a second identity verification token based on the second identity verification information, and storing the mapping relationship between the second identity verification information and the second identity verification token.

在本发明实施例中,若所述用户登录状态为未登录,则重新获取认证系统1发送登录ajax请求,所述登录ajax请求用于认证系统1基于所述登录ajax请求获取所述用户的第二身份认证信息生成所述用户的登录凭证身份验证令牌,并存储所述第二身份认证信息与登录凭证身份验证令牌的映射关系。通过ajax请求,将未登录状态的用户重新建立第二身份认证信息与登录凭证身份验证令牌的映射关系,从而能够使用户在后续访问应用系统2时,能基于该映射关系快速访问,提升了用户登录速度。In this embodiment of the present invention, if the user's login status is not logged in, the authentication system 1 sends a login ajax request again, and the login ajax request is used for the authentication system 1 to obtain the user's first login based on the login ajax request. The second identity authentication information generates the user's login credential authentication token, and stores the mapping relationship between the second identity authentication information and the login credential authentication token. Through the ajax request, the mapping relationship between the second identity authentication information and the login credential authentication token is re-established for the user who is not logged in, so that the user can quickly access the application system 2 based on the mapping relationship when accessing the application system 2 later. User login speed.

在一可选实施例中,所述ajax请求用于提取所述用户的身份认证信息之后,包括以下步骤:In an optional embodiment, after the ajax request is used to extract the identity authentication information of the user, the following steps are included:

(1)基于所述用户的身份认证信息,判断所述用户登录状态是否为已登录,若基于所述用户的身份认证信息提取出身份验证令牌,则用户登录状态为已登录;(1) Based on the identity authentication information of the user, determine whether the login status of the user is logged in, and if an identity verification token is extracted based on the identity authentication information of the user, the login status of the user is logged in;

(2)若基于所述用户的身份认证信息未提取出身份验证令牌,则用户登录状态为未登录。(2) If the identity authentication token is not extracted based on the identity authentication information of the user, the user login status is not logged in.

在本发明实施例中,根据所述身份认证信息是否能够提取对应的身份验证令牌来判断所述用户是否为登录状态,若基于所述用户的身份认证信息提取出身份验证令牌,则用户登录状态为已登录,若基于所述用户的身份认证信息未提取出身份验证令牌,则用户登录状态为未登录。在实际应用中,身份验证令牌可以是Token,当用户使用其账号密码成功登录后,便对应生成一个Token及Token失效时间,并返回给应用系统,再次登录时,则可以基于Token的映射关系之间登录,无需再次输入账号密码,若没有登录则不会生成Token及Token失效时间。通过身份验证令牌的生成与否能够更加准确判断用户是否登录,且能根据身份验证令牌与身份认证信息的对应关系快速登录。In this embodiment of the present invention, it is determined whether the user is in a logged-in state according to whether the identity authentication information can extract the corresponding authentication token. If the identity authentication token is extracted based on the user's identity authentication information, the user The login state is logged in, and if no authentication token is extracted based on the user's identity authentication information, the user login state is not logged in. In practical applications, the authentication token can be a Token. After the user successfully logs in with his account and password, a Token and Token expiration time are generated correspondingly and returned to the application system. When logging in again, the mapping relationship of the Token can be used. There is no need to enter the account password again. If you do not log in, the Token and Token expiration time will not be generated. Whether the user is logged in can be more accurately determined by whether the authentication token is generated, and the user can log in quickly according to the corresponding relationship between the authentication token and the identity authentication information.

如图6所示,本发明实施例还提供了一种跨域单点登录装置,应用于认证系统,包括:请求接收模块8、判断模块9,其中,As shown in FIG. 6 , an embodiment of the present invention also provides a cross-domain single sign-on device, which is applied to an authentication system and includes: a request receiving module 8 and a judging module 9, wherein:

请求接收模块8,用于获取应用系统发送的查询所述用户登录状态的ajax请求,所述ajax请求用于提取所述用户的身份认证信息,详细内容参见上述实施例中对步骤S30的描述;The request receiving module 8 is configured to obtain the ajax request sent by the application system to query the login status of the user, and the ajax request is used to extract the identity authentication information of the user. For details, refer to the description of step S30 in the above embodiment;

判断模块9,用于若所述用户登录状态为已登录,向所述应用系统反馈基于所述身份认证信息生成的身份验证令牌,以使所述应用系统基于所述身份验证令牌对所述用户进行身份认证,详细内容参见上述实施例中对步骤S31的描述。Judgment module 9, configured to feed back the authentication token generated based on the identity authentication information to the application system if the user's login status is logged in, so that the application system can identify all users based on the authentication token. The user performs identity authentication. For details, refer to the description of step S31 in the above embodiment.

本发明实施例还提供一种跨域单点登录方法,应用于认证系统1,该方法包括如下步骤:获取应用系统2发送的查询用户登录状态的ajax请求,并根据所述ajax请求提取所述用户的身份认证信息,若所述用户登录状态为已登录,向所述应用系统2反馈基于所述身份认证信息生成的身份验证令牌,以使所述应用系统2基于所述身份验证令牌对所述用户进行身份认证。本发明通过ajax请求提取用户的身份认证信息,对应生成身份验证令牌,从而能够避免应用系统2和认证系统1反复跳转、页面重定向后之后post请求的data数据丢失的缺陷。The embodiment of the present invention also provides a cross-domain single sign-on method, which is applied to the authentication system 1. The method includes the following steps: acquiring an ajax request sent by the application system 2 to query the user's login status, and extracting the ajax request according to the ajax request. The user's identity authentication information, if the user's login status is logged in, the identity authentication token generated based on the identity authentication information is fed back to the application system 2, so that the application system 2 is based on the identity authentication token. The user is authenticated. The present invention extracts the user's identity authentication information through the ajax request, and generates the identity authentication token correspondingly, thereby avoiding the defect of repeated jumping of the application system 2 and the authentication system 1 and the loss of the data data of the post request after page redirection.

关于跨域单点登录装置的具体限定以及有益效果可以参见上文中对于跨域单点登录方法的限定,在此不再赘述。上述跨域单点登录装置的各个模块可全部或部分通过软件、硬件及其组合来实现。上述各模块可以硬件形式内嵌于或独立于电子设备中的处理器中,也可以以软件形式存储于电子设备中的存储器中,以便于处理器调用执行以上各个模块对应的操作。For the specific limitations and beneficial effects of the cross-domain single sign-on apparatus, reference may be made to the above limitations on the cross-domain single sign-on method, which will not be repeated here. Each module of the above-mentioned cross-domain single sign-on device may be implemented in whole or in part by software, hardware and combinations thereof. The above modules can be embedded in or independent of the processor in the electronic device in the form of hardware, or stored in the memory in the electronic device in the form of software, so that the processor can call and execute the operations corresponding to the above modules.

本发明实施例还提供一种跨域单点登录设备,如图7所示,图7是本发明可选实施例提供的一种跨域单点登录设备的结构示意图,该跨域单点登录设备可以包括至少一个处理器41、至少一个通信接口42、至少一个通信总线43和至少一个存储器44,其中,通信接口42可以包括显示屏(Display)、键盘(Keyboard),可选通信接口42还可以包括标准的有线接口、无线接口。存储器44可以是高速RAM存储器(Random Access Memory,易挥发性随机存取存储器),也可以是非不稳定的存储器(non-volatile memory),例如至少一个磁盘存储器。存储器44可选的还可以是至少一个位于远离前述处理器41的存储装置。其中处理器41可以结合图4、图6所描述的装置,存储器44中存储应用程序,且处理器41调用存储器44中存储的程序代码,以用于执行上述任意方法实施例的跨域单点登录方法的步骤。An embodiment of the present invention further provides a cross-domain single sign-on device, as shown in FIG. 7, which is a schematic structural diagram of a cross-domain single sign-on device provided by an optional embodiment of the present invention. The device may include at least one processor 41, at least one communication interface 42, at least one communication bus 43, and at least one memory 44, wherein the communication interface 42 may include a display screen (Display), a keyboard (Keyboard), and the optional communication interface 42 may also Can include standard wired interface, wireless interface. The memory 44 may be a high-speed RAM memory (Random Access Memory, volatile random access memory), or may be a non-volatile memory (non-volatile memory), such as at least one disk memory. The memory 44 can optionally also be at least one storage device located away from the aforementioned processor 41 . The processor 41 may be combined with the devices described in FIG. 4 and FIG. 6 , the memory 44 stores application programs, and the processor 41 calls the program codes stored in the memory 44 to execute the cross-domain single point of any of the above method embodiments. The steps of the login method.

其中,通信总线43可以是外设部件互连标准(peripheral componentinterconnect,简称PCI)总线或扩展工业标准结构(extended industry standardarchitecture,简称EISA)总线等。通信总线43可以分为地址总线、数据总线、控制总线等。为便于表示,图7中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。The communication bus 43 may be a peripheral component interconnect (PCI for short) bus or an extended industry standard architecture (EISA for short) bus or the like. The communication bus 43 can be divided into an address bus, a data bus, a control bus, and the like. For ease of presentation, only one thick line is used in FIG. 7, but it does not mean that there is only one bus or one type of bus.

其中,存储器44可以包括易失性存储器(英文:volatile memory),例如随机存取存储器(英文:random-access memory,缩写:RAM);存储器也可以包括非易失性存储器(英文:non-volatile memory),例如快闪存储器(英文:flash memory),硬盘(英文:hard diskdrive,缩写:HDD)或固态硬盘(英文:solid-state drive,缩写:SSD);存储器44还可以包括上述种类的存储器的组合。The memory 44 may include volatile memory (English: volatile memory), such as random-access memory (English: random-access memory, abbreviation: RAM); the memory may also include non-volatile memory (English: non-volatile memory) memory), such as flash memory (English: flash memory), hard disk (English: hard diskdrive, abbreviation: HDD) or solid-state drive (English: solid-state drive, abbreviation: SSD); the memory 44 may also include the above-mentioned types of memory The combination.

其中,处理器41可以是中央处理器(英文:central processing unit,缩写:CPU),网络处理器(英文:network processor,缩写:NP)或者CPU和NP的组合。The processor 41 may be a central processing unit (English: central processing unit, abbreviation: CPU), a network processor (English: network processor, abbreviation: NP), or a combination of CPU and NP.

其中,处理器41还可以进一步包括硬件芯片。上述硬件芯片可以是专用集成电路(英文:application-specific integrated circuit,缩写:ASIC),可编程逻辑器件(英文:programmable logic device,缩写:PLD)或其组合。上述PLD可以是复杂可编程逻辑器件(英文:complex programmable logic device,缩写:CPLD),现场可编程逻辑门阵列(英文:field-programmable gate array,缩写:FPGA),通用阵列逻辑(英文:generic arraylogic,缩写:GAL)或其任意组合。The processor 41 may further include a hardware chip. The above-mentioned hardware chip may be an application-specific integrated circuit (English: application-specific integrated circuit, abbreviation: ASIC), a programmable logic device (English: programmable logic device, abbreviation: PLD) or a combination thereof. The above-mentioned PLD may be a complex programmable logic device (English: complex programmable logic device, abbreviation: CPLD), a field programmable gate array (English: field-programmable gate array, abbreviation: FPGA), a general-purpose array logic (English: generic arraylogic , abbreviation: GAL) or any combination thereof.

可选地,存储器44还用于存储程序指令。处理器41可以调用程序指令,实现如本发明图3实施例中所示的跨域单点登录方法。Optionally, memory 44 is also used to store program instructions. The processor 41 may invoke program instructions to implement the cross-domain single sign-on method as shown in the embodiment of FIG. 3 of the present invention.

本发明实施例还提供了一种非暂态计算机存储介质,所述计算机存储介质存储有计算机可执行指令,该计算机可执行指令可执行上述任意方法实施例中的跨域单点登录方法。其中,所述存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)、随机存储记忆体(Random Access Memory,RAM)、快闪存储器(Flash Memory)、硬盘(Hard DiskDrive,缩写:HDD)或固态硬盘(Solid-State Drive,SSD)等;所述存储介质还可以包括上述种类的存储器的组合。Embodiments of the present invention further provide a non-transitory computer storage medium, where the computer storage medium stores computer-executable instructions, where the computer-executable instructions can execute the cross-domain single sign-on method in any of the foregoing method embodiments. Wherein, the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), a random access memory (Random Access Memory, RAM), a flash memory (Flash Memory), a hard disk (Hard) DiskDrive, abbreviation: HDD) or solid-state drive (Solid-State Drive, SSD), etc.; the storage medium may also include a combination of the above-mentioned types of memories.

显然,上述实施例仅仅是为清楚地说明所作的举例,而并非对实施方式的限定。对于所属领域的普通技术人员来说,在上述说明的基础上还可以做出其它不同形式的变化或变动。这里无需也无法对所有的实施方式予以穷举。而由此所引伸出的显而易见的变化或变动仍处于本发明创造的保护范围之中。Obviously, the above-mentioned embodiments are only examples for clear description, and are not intended to limit the implementation manner. For those of ordinary skill in the art, changes or modifications in other different forms can also be made on the basis of the above description. There is no need and cannot be exhaustive of all implementations here. And the obvious changes or changes derived from this are still within the protection scope of the present invention.

Claims (10)

1.一种跨域单点登录方法,应用于应用系统,其特征在于,包括如下步骤:1. a cross-domain single sign-on method, applied to an application system, is characterized in that, comprises the steps: 接收用户的登录请求;Receive the user's login request; 向认证系统发送查询所述用户登录状态的ajax请求,所述ajax请求用于提取所述用户的身份认证信息;Send an Ajax request for querying the login status of the user to the authentication system, where the Ajax request is used to extract the identity authentication information of the user; 若所述用户登录状态为已登录,获取所述认证系统基于所述身份认证信息反馈的身份验证令牌;If the user's login status is logged in, obtain the authentication token fed back by the authentication system based on the identity authentication information; 基于所述身份验证令牌对所述用户进行身份认证;Authenticating the user based on the authentication token; 若身份认证通过,则允许所述用户登录。If the identity authentication is passed, the user is allowed to log in. 2.根据权利要求1所述的跨域单点登录方法,其特征在于,所述方法还包括:2. The cross-domain single sign-on method according to claim 1, wherein the method further comprises: 若所述用户登录状态为未登录,则获取用户输入的用户登录信息,以使所述用户登录所述应用系统;If the user login status is not logged in, obtain the user login information input by the user, so that the user logs in to the application system; 向所述认证系统发送登录ajax请求,以使所述认证系统基于所述登录ajax请求中包含的所述用户的第二身份认证信息生成所述用户的登录凭证身份验证令牌,并存储所述第二身份认证信息与登录凭证身份验证令牌的映射关系;Send a login ajax request to the authentication system, so that the authentication system generates the user's login credential authentication token based on the user's second identity authentication information included in the login ajax request, and stores the The mapping relationship between the second identity authentication information and the login credential authentication token; 确认用户登录成功,并返回执行接收用户的登录请求的步骤至向认证系统发送查询所述用户登录状态的ajax请求的步骤,以查询所述用户的登录状态。Confirm that the user has successfully logged in, and return to the step of receiving the user's login request to the step of sending an ajax request for querying the user's login status to the authentication system, so as to query the user's login status. 3.一种跨域单点登录装置,应用于应用系统,其特征在于,包括:3. A cross-domain single sign-on device, applied to an application system, characterized in that, comprising: 登录接收模块,用于接收登录请求;The login receiving module is used to receive the login request; 请求发送模块,用于向认证系统发送查询所述用户登录状态的ajax请求,所述ajax请求用于提取所述用户的身份认证信息;A request sending module, configured to send an Ajax request for querying the login status of the user to the authentication system, where the Ajax request is used to extract the identity authentication information of the user; 信息验证模块,用于若所述用户登录状态为已登录,获取所述认证系统基于所述身份认证信息反馈的身份验证令牌;an information verification module, configured to obtain an identity verification token fed back by the authentication system based on the identity authentication information if the user's login status is logged in; 认证模块,用于基于所述身份验证令牌对所述用户进行身份认证;an authentication module, configured to authenticate the user based on the authentication token; 通信模块,用于若身份认证通过,则允许所述用户登录。The communication module is used for allowing the user to log in if the identity authentication is passed. 4.一种跨域单点登录方法,应用于认证系统,其特征在于,包括如下步骤:4. A cross-domain single sign-on method, applied to an authentication system, is characterized in that, comprising the following steps: 获取应用系统发送的查询所述用户登录状态的ajax请求,所述ajax请求用于提取所述用户的身份认证信息;Obtain the ajax request sent by the application system to query the login status of the user, where the ajax request is used to extract the user's identity authentication information; 若所述用户登录状态为已登录,向所述应用系统反馈基于所述身份认证信息生成的身份验证令牌,以使所述应用系统基于所述身份验证令牌对所述用户进行身份认证。If the user's login status is logged in, an authentication token generated based on the identity authentication information is fed back to the application system, so that the application system authenticates the user based on the identity authentication token. 5.根据权利要求4所述的跨域单点登录方法,其特征在于,还包括:5. The cross-domain single sign-on method according to claim 4, further comprising: 若所述用户登录状态为未登录,获取所述应用系统基于所述用户的登录信息发送的登录ajax请求;If the login status of the user is not logged in, obtain the login ajax request sent by the application system based on the login information of the user; 所述登录ajax请求中包含所述用户的第二身份认证信息;The login ajax request includes the user's second identity authentication information; 基于所述第二身份认证信息获得第二身份验证令牌,并存储所述第二身份认证信息和第二身份验证令牌的映射关系。Obtain a second identity verification token based on the second identity verification information, and store the mapping relationship between the second identity verification information and the second identity verification token. 6.根据权利要求1-5任一项所述的跨域单点登录方法,其特征在于,判断所述用户是否处于登录状态的过程,包括:6. The cross-domain single sign-on method according to any one of claims 1-5, wherein the process of judging whether the user is in a logged-in state comprises: 基于所述用户的身份认证信息提取出身份验证令牌,则所述用户的登录状态为已登录;An identity verification token is extracted based on the identity authentication information of the user, and the login status of the user is logged in; 若基于所述用户的身份认证信息未提取出身份验证令牌,则所述用户的登录状态为未登录。If no authentication token is extracted based on the identity authentication information of the user, the login status of the user is not logged in. 7.一种跨域单点登录装置,应用于认证系统,其特征在于,包括:7. A cross-domain single sign-on device, applied to an authentication system, characterized in that, comprising: 请求接收模块,用于获取应用系统发送的查询所述用户登录状态的ajax请求,所述ajax请求用于提取所述用户的身份认证信息;a request receiving module, configured to obtain an Ajax request sent by an application system to query the login status of the user, where the Ajax request is used to extract the user's identity authentication information; 判断模块,用于若所述用户登录状态为已登录,向所述应用系统反馈基于所述身份认证信息生成的身份验证令牌,以使所述应用系统基于所述身份验证令牌对所述用户进行身份认证。A judgment module, configured to feed back an authentication token generated based on the identity authentication information to the application system if the user's login status is logged in, so that the application system can identify the authentication token based on the authentication token to the application system. User authenticates. 8.一种跨域单点登录系统,其特征在于,包括认证系统、应用系统,8. A cross-domain single sign-on system, comprising an authentication system and an application system, 所述应用系统用于接收用户的登录请求,并基于所述登录请求发送查询所述用户登录状态的ajax请求至所述认证系统;The application system is configured to receive a user's login request, and send an Ajax request for querying the user's login status to the authentication system based on the login request; 所述认证系统用于基于所述ajax请求,提取所述用户的身份认证信息,基于所述身份认证信息获取身份验证令牌,向所述应用系统反馈所述身份验证令牌;The authentication system is configured to extract the identity authentication information of the user based on the ajax request, obtain an authentication token based on the identity authentication information, and feed back the authentication token to the application system; 所述应用系统用于基于所述身份验证令牌对所述用户进行身份认证,若身份认证通过,则允许所述用户登录。The application system is configured to perform identity authentication on the user based on the identity verification token, and if the identity authentication is passed, the user is allowed to log in. 9.一种跨域单点登录设备,其特征在于,包括:9. A cross-domain single sign-on device, comprising: 通信单元、存储器和处理器,所述存储器和所述处理器之间互相通信连接,所述存储器中存储有计算机指令,所述处理器通过执行所述计算机指令,从而执行权利要求1-7任一项所述的方法的步骤。A communication unit, a memory, and a processor, the memory and the processor are connected in communication with each other, and computer instructions are stored in the memory, and the processor executes any of claims 1-7 by executing the computer instructions. A step of the method. 10.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机指令,所述计算机指令用于使所述计算机执行权利要求1-7中任一项所述的方法的步骤。10. A computer-readable storage medium, wherein the computer-readable storage medium stores computer instructions, and the computer instructions are used to cause the computer to execute the method according to any one of claims 1-7 A step of.
CN202111609576.4A 2021-12-24 2021-12-24 Cross-domain single sign-on method, device and equipment Pending CN114430340A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111609576.4A CN114430340A (en) 2021-12-24 2021-12-24 Cross-domain single sign-on method, device and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111609576.4A CN114430340A (en) 2021-12-24 2021-12-24 Cross-domain single sign-on method, device and equipment

Publications (1)

Publication Number Publication Date
CN114430340A true CN114430340A (en) 2022-05-03

Family

ID=81310908

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111609576.4A Pending CN114430340A (en) 2021-12-24 2021-12-24 Cross-domain single sign-on method, device and equipment

Country Status (1)

Country Link
CN (1) CN114430340A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117574349A (en) * 2023-11-10 2024-02-20 中移互联网有限公司 Single sign-on authentication method, device, electronic equipment and storage medium
WO2024093964A1 (en) * 2022-11-03 2024-05-10 天翼数字生活科技有限公司 Mobile terminal single sign-on authentication method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103188248A (en) * 2011-12-31 2013-07-03 卓望数码技术(深圳)有限公司 Identity authentication system and method based on single sign-on
CN109688114A (en) * 2018-12-10 2019-04-26 迈普通信技术股份有限公司 Single-point logging method, certificate server and application server
CN111147453A (en) * 2019-12-11 2020-05-12 东软集团股份有限公司 System login method and integrated login system
CN112118238A (en) * 2020-09-04 2020-12-22 腾讯音乐娱乐科技(深圳)有限公司 Method, device, system, equipment and storage medium for authentication login
CN112995131A (en) * 2021-02-01 2021-06-18 北京拉勾网络技术有限公司 Page login method, system and computing device
CN113821784A (en) * 2021-10-13 2021-12-21 鼎道智联(北京)科技有限公司 Multi-system single sign-on method, device and computer-readable storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103188248A (en) * 2011-12-31 2013-07-03 卓望数码技术(深圳)有限公司 Identity authentication system and method based on single sign-on
CN109688114A (en) * 2018-12-10 2019-04-26 迈普通信技术股份有限公司 Single-point logging method, certificate server and application server
CN111147453A (en) * 2019-12-11 2020-05-12 东软集团股份有限公司 System login method and integrated login system
CN112118238A (en) * 2020-09-04 2020-12-22 腾讯音乐娱乐科技(深圳)有限公司 Method, device, system, equipment and storage medium for authentication login
CN112995131A (en) * 2021-02-01 2021-06-18 北京拉勾网络技术有限公司 Page login method, system and computing device
CN113821784A (en) * 2021-10-13 2021-12-21 鼎道智联(北京)科技有限公司 Multi-system single sign-on method, device and computer-readable storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
常艳: "Ajax 跨域访问问题的分析与解决", 《电子技术与软件工程》, pages 38 - 39 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024093964A1 (en) * 2022-11-03 2024-05-10 天翼数字生活科技有限公司 Mobile terminal single sign-on authentication method and system
CN117574349A (en) * 2023-11-10 2024-02-20 中移互联网有限公司 Single sign-on authentication method, device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US10171241B2 (en) Step-up authentication for single sign-on
CN105337949B (en) An SSO authentication method, web server, authentication center and token verification center
CN111556006B (en) Third-party application system login method, device, terminal and SSO service platform
CN108475312B (en) Single sign-on method for device security shell
AU2015289493B2 (en) Tiered connection pooling methods, systems and computer readable storage media
CN112995131B (en) Page login method, system and computing device
US8869258B2 (en) Facilitating token request troubleshooting
US20190068578A1 (en) Hybrid single sign-on for software applications and services using classic and modern identity providers
CN112491776B (en) Security authentication method and related equipment
CN113132402B (en) Single sign-on method and system
CN115021991A (en) Single sign-on for unmanaged mobile devices
CN110784450A (en) Single sign-on method and device based on browser
CN109936579A (en) Single sign-on method, device, equipment and computer readable storage medium
US11777942B2 (en) Transfer of trust between authentication devices
CN111062023A (en) Method and device for realizing single sign-on of multiple application systems
CN114430340A (en) Cross-domain single sign-on method, device and equipment
CN110704820A (en) Login processing method and device, electronic equipment and computer readable storage medium
CN112434054A (en) Audit log updating method and device
US20150244704A1 (en) Techniques to authenticate user requests involving multiple applications
US20150295918A1 (en) User authentication system in web mash-up circumstance and authenticating method thereof
CN112653673A (en) Multi-factor authentication method and system based on single sign-on
CN113691379B (en) Authentication method and device for big data
CN114745125A (en) Application authentication method and device and electronic equipment
CN113901428A (en) Login method and device of multi-tenant system
CN114500091A (en) Login method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20220503