CN114785590A - Login method, device, equipment and storage medium - Google Patents

Abstract

The embodiment of the application discloses a login method, a login device, equipment and a storage medium, wherein the method comprises the following steps: the method comprises the steps that in response to a first login request of a target user sent by a unified authentication service, an application service to be logged in is determined, and first login credential information of the target user is obtained based on a first authentication protocol matched with the unified authentication service; determining at least one target credential field of the target user based on the first login credential information; determining second login credential information for the target user based on the at least one target credential field and a second authentication protocol matching the application service; and sending a second login request to the application service based on the second login credential information so that the application service performs login authentication based on the second login credential information.

Description

Login method, device, equipment and storage medium

Technical Field

The present application relates to, but not limited to, the field of information technologies, and in particular, to a login method, apparatus, device, and storage medium.

Background

With the development of information technology, unified authentication services (such as Single Sign On (SSO) systems) are applied more and more widely. The unified authentication service is an authorization authentication center with a standard protocol, and a user only needs to log in and authenticate in the unified authentication service once in the using process, and can automatically complete login authentication when accessing other application services accessed into the unified authentication service. The user management system in each independent application service can realize the communication by accessing the unified authentication service. For the user, the operation of the user can be simplified, and the threshold of the user for using the application service is reduced; for enterprises, management and operation capabilities of related application services can be enhanced through the unified authentication service.

For the application of the unified authentication service, no matter whether the enterprise develops by itself or adopts the scheme provided by other manufacturers, the biggest problem is that the workload of the access adaptation of a plurality of application services is huge. In the adaptation scheme of the application service access unified authentication service of the related technology, or the secondary development of the original application service is needed, so that the cost is high, the invasive influence is caused, and the risk is large; or the user needs to install the plug-in the browser, so that the use threshold of the user is increased, the user can sense the use of the plug-in, the use experience of the user is influenced, and in addition, the compatibility problems of different browsers, operating systems and the like can be involved.

Disclosure of Invention

In view of this, embodiments of the present application provide a login method, apparatus, device, and storage medium.

The technical scheme of the embodiment of the application is realized as follows:

in one aspect, an embodiment of the present application provides a login method, where the method is applied to an adaptation proxy service, and includes:

the method comprises the steps that in response to a first login request of a target user sent by a unified authentication service, an application service to be logged in is determined, and first login credential information of the target user is obtained based on a first authentication protocol matched with the unified authentication service;

determining at least one target credential field of the target user based on the first login credential information;

determining second login credential information for the target user based on the at least one target credential field and a second authentication protocol matching the application service;

and sending a second login request to the application service based on the second login credential information so that the application service performs login authentication based on the second login credential information.

On the other hand, an embodiment of the present application provides a login apparatus, which is applied to an adaptation proxy service, and includes:

the first determining module is used for responding to a first login request of a target user sent by a unified authentication service, determining an application service to be logged in, and acquiring first login credential information of the target user based on a first authentication protocol matched with the unified authentication service;

a second determining module for determining at least one target credential field of the target user based on the first login credential information;

a third determining module for determining second login credential information of the target user based on the at least one target credential field and a second authentication protocol matched with the application service;

and the sending module is used for sending a second login request to the application service based on the second login credential information so that the application service performs login authentication based on the second login credential information.

In another aspect, an embodiment of the present application provides a computer device, which includes a memory and a processor, where the memory stores a computer program that is executable on the processor, and the processor executes the computer program to implement some or all of the steps in the method.

In yet another aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements some or all of the steps of the above method.

In yet another aspect, the present application provides a computer program, which includes computer readable code, when the computer readable code runs in a computer device, a processor in the computer device executes some or all of the steps for implementing the method.

In yet another aspect, the present application provides a computer program product, which includes a non-transitory computer-readable storage medium storing a computer program, and when the computer program is read and executed by a computer, the computer program implements some or all of the steps of the above method.

In the embodiment of the application, in response to receiving a first login request of a target user sent by a unified authentication service, determining an application service to be logged in, and acquiring first login credential information of the target user based on a first authentication protocol matched with the unified authentication service; determining at least one target credential field of a target user based on the first login credential information; determining second login credential information for the target user based on the at least one target credential field and a second authentication protocol matched with the application service; and sending a second login request to the application service based on the second login credential information so that the application service performs login authentication based on the second login credential information. In this way, through at least one target credential field of the target user and the second authentication protocol matched with the application service, the first login credential information obtained based on the first authentication protocol matched with the unified authentication service can be converted into the second login credential information used for sending the second login request to the application service, so that different first authentication protocols and second authentication protocols can be adapted, and further different unified authentication services and application services can be adapted, so as to support single-point login authentication of the application service through the unified authentication service. Therefore, intrusion and secondary development of the existing application service can be reduced, development, operation and maintenance costs can be reduced, adaptation between the application service and the unified authentication service in the login authentication process is not sensitive to a user, the use experience of the user can be improved, the application can be applied to different browsers and operating systems, and the application universality of the unified authentication service can be improved. In addition, the adaptation proxy service does not depend on a persistent database, only serves as an intermediate adaptation layer, is light in weight and stateless, and can perform dynamic capacity expansion well according to load, so that the application universality and the service performance can be further improved.

Drawings

Fig. 1 is a schematic flowchart illustrating an implementation process of a login method according to an embodiment of the present application;

fig. 2 is a schematic flowchart illustrating an implementation process of a login method according to an embodiment of the present application;

fig. 3 is a schematic flowchart illustrating an implementation process of a login method according to an embodiment of the present application;

fig. 4A is a schematic structural diagram of a component of an adaptive proxy service according to an embodiment of the present disclosure;

fig. 4B is a schematic flowchart illustrating an implementation process of a login method according to an embodiment of the present application;

fig. 5 is a schematic structural diagram of a login apparatus according to an embodiment of the present application;

fig. 6 is a hardware entity diagram of a computer device according to an embodiment of the present disclosure.

Detailed Description

In order to make the purpose, technical solutions and advantages of the present application clearer, the technical solutions of the present application are further described in detail with reference to the drawings and the embodiments, the described embodiments should not be considered as limiting the present application, and all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the protection scope of the present application. In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is understood that "some embodiments" may be the same subset or different subsets of all possible embodiments, and may be combined with each other without conflict.

In the following description, references to the terms "first/second/third" merely distinguish between similar items and do not denote a particular order, but rather denote a particular order, and it is to be understood that "first/second/third" may, where permissible, be interchanged with a particular order or sequence, such that embodiments of the application described herein may be practiced in other than that shown or described herein. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the present application.

In order to better understand the login method provided by the embodiment of the present application, a single sign-on scheme in the related art is described below.

In the related technology, the biggest problem is that the workload of accessing and adapting a plurality of application services is huge no matter the application schemes of the unified authentication service developed by enterprises or provided by other manufacturers are adopted. In an adaptation scheme for accessing the application service to the unified authentication service in the related art, either secondary development adaptation needs to be performed on the original application service, or a plug-in needs to be installed in a browser by a client, for example, a traffic hijacking plug-in needs to be installed in the browser of the client.

In the scheme of performing secondary development adaptation on the original application service, on one hand, the application service to be accessed into the unified authentication service probably does not support an authentication protocol (such as oauth2.0) adopted by the unified authentication service; on the other hand, the application service to be accessed to the unified authentication service may be purchased from other manufacturers, and additional cost is required for secondary development required for adapting to the unified authentication service, and even more, the application service is no longer maintained and cannot support secondary development. Therefore, the scheme is high in cost, and the secondary development has invasive influence and high risk on the original application system.

In the scheme of installing the plug-in the browser, each user is required to execute the operation of installing the plug-in the browser, so that the use threshold of the user is increased, and the user can sense the use of the plug-in and the use experience of the user is influenced. In addition, the solution may also involve compatibility problems of different browsers and operating systems, etc., and individual debugging is required during the plug-in installation process, and the workload is difficult to predict.

On this basis, the embodiment of the present application provides a login method, which may be performed by an adaptation proxy service for adapting a unified authentication service and an application service. The adaptation proxy service may be implemented by any suitable computer device, which may refer to a data processing capable device such as a server, laptop, tablet, desktop, smart television, set-top box, mobile device (e.g., mobile phone, portable video player, personal digital assistant, dedicated messaging device, portable gaming device), and so on. Fig. 1 is a schematic flow chart of an implementation of a login method provided in an embodiment of the present application, as shown in fig. 1, the method includes the following steps S101 to S104:

step S101, responding to a first login request of a target user sent by a unified authentication service, determining an application service to be logged in, and acquiring first login credential information of the target user based on a first authentication protocol matched with the unified authentication service.

Here, the unified authentication service may be a service that implements authorization authentication based on any suitable authorization authentication protocol, and may include, but is not limited to, at least one of a unified login platform for implementing single login, a unified portal platform for implementing portal access, and the like. In implementation, the functions supported by the unified authentication service and the adopted authorization authentication protocol may be determined according to actual situations, which is not limited in the embodiment of the present application.

The application service may be an application that provides any suitable business service, such as an online shopping system, an enterprise information management system, a blog platform, a social platform, and so forth. The application service may access the unified authentication service through the adaptation proxy service to enable single sign-on authentication through the unified authentication service. A unified authentication service may access at least one application service. In implementation, the application service accessed to the unified authentication service may be determined according to an actual situation, which is not limited in the embodiment of the present application. In some embodiments, each adaptation proxy service may correspond to an application service, and the application service to be logged in is the application service corresponding to the adaptation proxy service. In some embodiments, each adaptive proxy service may correspond to more than two application services, information of the application service to be logged in is carried in a first login request of a target user, and the application service to be logged in may be determined by analyzing the first login request.

The target user may be any suitable user in the unified authentication service that requests to log in to the application service, and the target user may be a user that is already registered in the application service to be logged in, or a user that is not yet registered in the application service.

The first login request may be a login request generated by the unified authentication service for the target user based on its own authentication rules. The first login request may include, but is not limited to, at least one of identity information of the target user, information of an application service to be logged in, a password for acquiring the identity information of the target user, and the like. In implementation, a person skilled in the art may determine the information included in the first login request according to an actual situation, which is not limited in this embodiment of the present application.

In some embodiments, a target user may access a unified authentication service through a browser, client, etc., which may send a first login request of the target user to an adaptation proxy service according to its own authentication rules. For example, a target user may access the unified portal platform through the browser, and input a user name, a password, and the like for performing authentication on the unified portal platform through the browser, after the target user is authenticated by the unified portal platform, the unified portal platform may determine, based on its own authority control rule, identity authentication protocol, and the like, information to be sent to the adaptive proxy service, such as identity information of the target user, information of an application service to be logged in, a password for acquiring the identity information of the target user, and generate a first login request of the target user based on the information to be sent to the adaptive proxy service.

The first authentication protocol is a protocol for realizing the authorization authentication by the unified authentication service, and may include a standard authorization authentication protocol, such as oauth2.0 protocol, oauth1.0 protocol, SAML2.0 protocol, OpenID protocol, and the like, and may also include a customized authentication protocol. In implementation, each unified authentication service matches one first authentication protocol, and those skilled in the art may determine, according to the actually used unified authentication service, the first authentication protocol matching the unified authentication service, which is not limited herein. In some embodiments, the adaptive proxy service may determine a first authentication protocol matching the unified authentication service based on a set first matching relationship, where the first matching relationship may be a preset matching relationship between each unified authentication service and the first authentication protocol. In some embodiments, a first login request of a target user sent by a unified authentication service may carry a first authentication protocol matched with the unified authentication service, and the first authentication protocol may be acquired by parsing the login request.

The first login credential information of the target user may be determined based on a first authentication protocol matched with the unified authentication service, and the first login credential information may include an authentication element in the unified authentication service for authenticating the identity of the target user. In implementation, the content included in the first login credential information may be determined according to a first authentication protocol actually adopted by the unified authentication service, which is not limited in this embodiment of the present application.

In some embodiments, the first authentication protocol may include a rule that parses the first login credential information from the first login request, and the adaptation proxy service may parse the first login credential information from the first login request based on the first authentication protocol. For example, the first login request may include encrypted first login credential information, the first authentication protocol may include a decryption algorithm and a key for decrypting the encrypted first login credential information, and the encrypted first login credential information may be decrypted based on the decryption algorithm and the key to obtain the decrypted first login credential information.

In some embodiments, the first authentication protocol may include an interaction protocol that interacts with the unified authentication service to obtain the first login credential information, and the adaptation agent service may interact with the unified authentication service based on the first authentication protocol to obtain the first login credential information of the target user. For example, in a case that the first authentication protocol is an oauth2.0 protocol, the unified authentication service may carry the signed interaction key of the target user in the first login request, and the adaptation proxy service may use the public key of the unified authentication service to check the signed interaction key, obtain the interaction key, obtain an authentication token from the unified authentication service using the interaction key, and obtain first login credential information, such as a user name and a password, of the target user from the unified authentication service using the authentication token.

Step S102, based on the first login credential information, at least one target credential field of the target user is determined.

Here, the target credential field may comprise a credential field in the adaptation proxy service for adapting the at least one unified authentication service and the at least one application service. The target credential field of the target user may be used to convert first login credential information of the target user provided by the unified authentication service into second login credential information for the target user to log in to the application service. In implementation, the meaning of each field in the target credential field may be determined in advance according to practical situations, and is not limited here.

In some embodiments, the at least one target credential field may include at least one of a username, a password, an authentication token, descriptive information, and the like. For example, when at least one target credential field includes a user name, a password, and an authentication token, the first login credential information may be analyzed to obtain the user name, the password, and the authentication token of the target user, or the configuration information set based on the first login credential information may be queried to determine the user name, the password, and the authentication token matching the first login credential information, and determine the user name, the password, and the authentication token as the at least one target credential field of the target user.

Step S103, determining second login credential information of the target user based on the at least one target credential field and a second authentication protocol matched with the application service.

Here, the second authentication protocol is a protocol for application services to implement authorization authentication. In implementation, each application service matches one second authentication protocol, and the second authentication protocol matching the application service may be determined according to a user management system actually adopted by the application service, which is not limited in this embodiment of the present application. In some embodiments, the adaptation agent service may determine a second authentication protocol matching the application service based on a set second matching relationship, where the second matching relationship may be a preset matching relationship between each application service and the second authentication protocol. In some embodiments, each adaptive proxy service may correspond to an application service, such that each adaptive proxy service may bind a second authentication protocol, and the adaptive proxy service may determine the second authentication protocol matching the application service by determining the bound second authentication protocol.

The second login credential information of the target user may be determined based on a second authentication protocol matched with the application service and the at least one target credential field, and the second login credential information may include an authentication element of the application service for authenticating the identity of the target user. In implementation, the content included in the second login credential information may be determined according to the second authentication protocol actually adopted by the application service, which is not limited in this embodiment of the present application.

In some embodiments, the second authentication protocol may include a rule to convert the at least one target credential field to the second login credential information, and the adaptation proxy service may convert the at least one target credential field of the target user to the second login credential information of the target user based on the rule. For example, the second authentication protocol may include a mapping relationship between at least one target credential field and at least one authentication element included in the second login credential information, and based on the mapping relationship, the at least one target credential field of the target user may be converted into at least one authentication element used in the application service for authenticating the identity of the target user, and then the second login credential information of the target user may be obtained based on the at least one authentication element.

In some embodiments, the second authentication protocol may include an interaction protocol that interacts with the application service to obtain the second login credential information, and the adaptation agent service may interact with the application service based on the interaction protocol to obtain the second login credential information of the target user.

Step S104, based on the second login credential information, sending a second login request to the application service, so that the application service performs login authentication based on the second login credential information.

Here, the second login request may be a request for requesting to login to the target user in an application service, and the application service may perform login authentication based on the second login credential information. In implementation, the appropriate second login request may be determined according to an actual application service, and the second login request may be sent to the application service in an appropriate manner, which is not limited herein.

In some embodiments, the adaptation proxy service is co-domain with the application service, the second login credential information of the target user may be stored in the local storage space of the browser, the adaptation proxy service may send the second login request to the application service through the browser by redirecting the browser to the login page of the application service, and the front end of the application service may read the second login credential information of the target user from the local storage space of the browser, so that the application service may perform login authentication based on the read second login credential information.

In some embodiments, the adaptation proxy service may carry second login credential information of the target user in a second login request, and send the second login request to the application service, so that the application service performs login authentication based on the second login credential information carried in the second login request.

In some embodiments, the method further comprises at least one of step S111 and step S112:

step S111, based on the unified authentication service, inquiring a set first matching relation to obtain a first authentication protocol matched with the unified authentication service.

Here, the adaptation agent service may determine a first authentication protocol matching the current unified authentication service by querying a set first matching relationship, where the first matching relationship may be a preset matching relationship between at least one unified authentication service and at least one first authentication protocol. Different unified authentication services may be matched with the same first authentication protocol, and may also be matched with different first authentication protocols, which is not limited in the embodiment of the present application.

And step S112, inquiring the set second matching relation based on the application service to obtain a second authentication protocol matched with the application service.

Here, the adaptation proxy service may determine a second authentication protocol matching the current application service by querying a set second matching relationship, where the second matching relationship may be a preset matching relationship between each application service and the second authentication protocol. Different application services may match the same second authentication protocol, and may also match different second authentication protocols, which is not limited in the embodiment of the present application.

In the embodiment of the application, in response to receiving a first login request of a target user sent by a unified authentication service, determining an application service to be logged in, and acquiring first login credential information of the target user based on a first authentication protocol matched with the unified authentication service; determining at least one target credential field of a target user based on the first login credential information; determining second login credential information for the target user based on the at least one target credential field and a second authentication protocol matched with the application service; and sending a second login request to the application service based on the second login credential information so that the application service performs login authentication based on the second login credential information. In this way, through at least one target credential field of the target user and the second authentication protocol matched with the application service, the first login credential information obtained based on the first authentication protocol matched with the unified authentication service can be converted into the second login credential information used for sending the second login request to the application service, so that different first authentication protocols and second authentication protocols can be adapted, and further different unified authentication services and application services can be adapted, so as to support single-point login authentication of the application service through the unified authentication service. Therefore, intrusion and secondary development of the existing application service can be reduced, development, operation and maintenance costs can be reduced, adaptation between the application service and the unified authentication service in the login authentication process is not sensitive to the user, the use experience of the user can be improved, the application can be applied to different browsers and operating systems, and the application universality of the unified authentication service can be improved. In addition, the adaptation proxy service does not depend on a persistent database, only serves as an intermediate adaptation layer, is light in weight and stateless, and can perform dynamic capacity expansion well according to load, so that the application universality and the service performance can be further improved.

In some embodiments, the acquiring the first login credential information of the target user based on the first authentication protocol matched with the unified authentication service in step S101 may include the following steps S121 to S122:

step S121, acquiring a first protocol script matched with the first authentication protocol.

Here, the first protocol script matching the first authentication protocol may be any suitable script for implementing the first authentication protocol. The first protocol script may be implemented based on any suitable scripting Language such as a Bash script, a Shell script, a Groovy script, a JavaScript script, a hypertext markup Language (HTML), Perl, Python, Ruby, or the like, or may be implemented based on a custom scripting Language, which is not limited herein. In implementation, the first protocol script may be implemented in a suitable scripting language according to the actual first authentication protocol.

Step S122, obtaining first login credential information of the target user by using the first protocol script.

Here, the adaptation proxy service may acquire first login credential information of the target user by executing the first protocol script.

In some embodiments, where the first authentication protocol includes a rule that parses the first login credential information from the first login request, the adaptation proxy service may parse the first login credential information from the first login request by executing a first protocol script that matches the first authentication protocol. For example, the first login request may include encrypted first login credential information, and the encrypted first login credential information may be decrypted based on the first protocol script to obtain the decrypted first login credential information.

In some embodiments, where the first authentication protocol comprises an interaction protocol that interacts with the unified authentication service to obtain the first login credential information, the adaptation proxy service may interact with the unified authentication service by executing a first protocol script that matches the first authentication protocol to obtain the first login credential information of the target user. For example, in a case that the first authentication protocol is an oauth2.0 protocol, the unified authentication service may carry the signed interaction key of the target user in the first login request, the adaptation proxy service may execute the first protocol script, check and sign the signed interaction key using the public key of the unified authentication service, obtain the interaction key, obtain an authentication token from the unified authentication service using the interaction key, and obtain first login credential information such as a user name and a password of the target user from the unified authentication service using the authentication token.

In the above embodiment, the first protocol script matched with the first authentication protocol is acquired, and the first login credential information of the target user is acquired by using the first protocol script. Therefore, the first login credential information of the target user can be simply and conveniently acquired through the first protocol script, and the same first protocol script can be reused for the unified authentication service adopting the same first authentication protocol, so that the cost for adapting a plurality of unified authentication services and application services can be reduced.

In some embodiments, the step S122 may include:

step S131, executing the first protocol script in a dynamic loading mode to obtain first login credential information of the target user.

Here, the first protocol script may be any suitable script that supports dynamic loading, and the embodiment of the present application is not limited thereto. For example, in a case where the first protocol script is a Groovy script, the first login credential of the target user may be obtained by hot-loading and executing the Groovy script. For another example, in the case that the first protocol script is a Java class file, the Java class file may be dynamically loaded and executed through a Java reflection mechanism to obtain the first login credential of the target user.

In the above embodiment, the first protocol script is executed in a dynamic loading manner, so as to obtain the first login credential information of the target user, which can improve the operability of adapting the unified authentication service and the application service, and the first protocol script can be loaded and executed in a dynamic loading manner under the condition that the adaptation proxy service is running, so that the influence on the currently running unified authentication service and the currently running application service can be reduced when a new unified authentication service or application service is adapted.

In some embodiments, the step S103 may include the following steps S141 to S142:

step S141, acquiring a second protocol script matched with the second authentication protocol.

Here, the second protocol script matching the second authentication protocol may be any suitable script for implementing the second authentication protocol. The second protocol script may be implemented based on any suitable scripting Language such as a Bash script, a Shell script, a Groovy script, a JavaScript script, a hypertext markup Language (HTML), Perl, Python, Ruby, or the like, or may be implemented based on a custom scripting Language, which is not limited herein. In implementation, the second protocol script may be implemented in a suitable scripting language according to the actual second authentication protocol.

And step S142, processing the at least one target credential field by using the second protocol script to obtain second login credential information of the target user.

Here, the adaptation proxy service may process the at least one target credential field by executing the second protocol script to obtain second login credential information of the target user.

In some embodiments, where the second authentication protocol includes a rule to convert at least one target credential field into second login credential information, the adaptation proxy service may convert the at least one target credential field of the target user into the second login credential information of the target user based on the rule by executing a second protocol script that matches the second authentication protocol. For example, the second authentication protocol may include a mapping relationship between at least one target credential field and at least one authentication element included in the second login credential information, and by executing the second protocol script, the at least one target credential field of the target user may be converted into the at least one authentication element in the application service for authenticating the identity of the target user based on the mapping relationship, and the second login credential information of the target user may be obtained based on the at least one authentication element.

In some embodiments, where the second authentication protocol includes an interaction protocol that interacts with the application service to obtain the second login credential information, the adaptation proxy service may obtain the second login credential information of the target user by executing a second protocol script that matches the second authentication protocol, interacting with the application service based on the interaction protocol.

In the above embodiment, the second protocol script matched with the second authentication protocol is acquired, and the second protocol script is used to process the at least one target credential field, so as to obtain the second login credential information of the target user. Therefore, the second login credential information of the target user can be simply and conveniently acquired through the second protocol script, and the same second protocol script can be reused for the application service adopting the same second authentication protocol, so that the cost for adapting a plurality of unified authentication services and the application service can be reduced.

In some embodiments, the step S142 may include:

step S151, executing the second protocol script by adopting a dynamic loading mode, and processing the at least one target credential field to obtain second login credential information of the target user.

Here, the second protocol script may be any suitable script that supports dynamic loading, and the embodiment of the present application is not limited thereto. For example, when the second protocol script is a Groovy script, the Groovy script may be hot-loaded and executed to process at least one target credential field, so as to obtain a second login credential of the target user. For another example, when the second protocol script is a Java class file, the Java class file may be dynamically loaded and executed through a Java reflection mechanism to process at least one target credential field, so as to obtain a second login credential of the target user.

In the above embodiment, the second protocol script is executed in a dynamic loading manner, and the at least one target credential field is processed to obtain the second login credential of the target user. Therefore, the operability of adapting the unified authentication service and the application service can be improved, the second protocol script can be loaded and executed under the condition that the adaptation agent service is operated in a dynamic loading mode, and the influence on the currently operated unified authentication service and the currently operated application service can be reduced when the new unified authentication service or the new application service is adapted.

The embodiment of the application provides a login method which can be applied to adaptive proxy service. As shown in fig. 2, the method includes steps S201 to S205:

step S201, responding to a first login request of a target user sent by a unified authentication service, determining an application service to be logged in, and acquiring first login credential information of the target user based on a first authentication protocol matched with the unified authentication service; the first login credential information includes identification information of the target user.

Here, step S201 corresponds to step S101, and in practice, reference may be made to a specific implementation of step S101.

The identification information of the target user may include any suitable information for identifying the target user, and may include, for example, but is not limited to, at least one of a username, password, access token, etc. of the target user.

Step S202, based on the identification information of the target user, inquiring the set configuration information.

Here, at least one credential field of at least one user may be included in the configuration information. The user's credential field may include, but is not limited to, at least one of a user name, password, authentication token, descriptive information, etc. of the user. At least one credential field of the user in the configuration information may be queried by the identification information of the user. The configuration information may be preset by the user, or may be cached by the adaptation proxy service after obtaining at least one credential field of the user from the application service.

Step S203, determining at least one credential field as at least one target credential field of the target user when it is found that there is at least one credential field matching the identification information in the configuration information.

Step S204, based on the at least one target credential field and a second authentication protocol matched with the application service, determining second login credential information of the target user.

Step S205, sending a second login request to the application service based on the second login credential information, so that the application service performs login authentication based on the second login credential information.

Here, steps S204 to S205 correspond to steps S103 to S104, respectively, and the detailed implementation of steps S103 to S104 can be referred to.

In some embodiments, the above method further comprises:

step S211, when it is found that there is no at least one credential field matching the identification information in the configuration information, acquiring at least one target credential field of the target user from the application service based on the identification information.

Here, in a case where there is no at least one credential field in the configuration information that matches the identification information of the target user, the adaptation proxy service may obtain the at least one target credential field of the target user from the application service based on the identification information. In implementation, at least one target credential field of the target user may be obtained in a suitable manner according to a user management system actually adopted by the application service, which is not limited in the embodiment of the present application.

In some embodiments, the adaptation proxy service may obtain second login credential information for a target user from an application service based on identification information of the target user, and determine at least one target credential field for the target user based on a third authentication protocol matched with the application service and the second login credential information. Here, the third authentication protocol may be any suitable protocol for determining the target credential field based on the second login credential information, and in implementation, the suitable third authentication protocol may be determined according to an actual application service, which is not limited in this embodiment of the present application. For example, the third authentication protocol may include a rule to convert the second login credential information to at least one target credential field, and the adaptation proxy service may convert the second login credential information for the target user to the at least one target credential field for the target user based on the rule. As another example, the third authentication protocol may include an interaction protocol that interacts with the application service to obtain the at least one target credential field using the second login credential information, and the adaptation proxy service may interact with the application service based on the interaction protocol to obtain the at least one target credential field of the target user using the second login credential information.

In some embodiments, the target user may be a user that has registered in an application service to be logged in, and the adaptation proxy service may request at least one target credential field of the target user directly from the application service based on identification information of the target user, or request second login credential information of the target user directly from the application service, and determine the at least one target credential field of the target user based on a third authentication protocol matching the application service and the second login credential information.

In some embodiments, the target user may be a user that has not been registered in the application service, and the adaptive proxy service may request the application service to register the target user based on the identification information of the target user by using a pre-applied administrator account of the application service, and obtain at least one target credential field of the target user after registering the target user, or request the application service for second login credential information of the target user, and determine the at least one target credential field of the target user based on a third authentication protocol matched with the application service and the second login credential information.

In an embodiment of the present application, the first login credential information may include identification information of the target user, and when it is found that, based on the identification information of the target user, at least one credential field matching the identification information exists in the set configuration information, the at least one credential field is determined as the at least one target credential field of the target user. Therefore, the adaptive proxy service can cache at least one credential field of the user through the set configuration information, so that the times of acquiring the target credential field from the application service can be reduced, and the login efficiency can be improved.

The embodiment of the application provides a login method which can be applied to adaptive proxy service. As shown in fig. 3, the method includes steps S301 to S304 as follows:

step S301, in response to receiving a first login request of a target user sent by a unified authentication service, determining an application service to be logged in, and acquiring first login credential information of the target user based on a first authentication protocol matched with the unified authentication service; the unified authentication service and the adaptation proxy service are communicated in a reverse proxy mode, the adaptation proxy service and the application service are communicated in a reverse proxy mode, and the adaptation proxy service and the application service are reversely proxied to the same domain.

Here, the adaptation proxy service and the application service may be proxied to the same domain through the reverse proxy, that is, the same domain name, port, and communication protocol may be configured for the adaptation proxy service and the application service to be registered in the reverse proxy. The unified authentication service may communicate with the adaptation proxy service in a reverse proxy manner, and the adaptation proxy service may also communicate with the application service in a reverse proxy manner.

In some embodiments, the adaptation proxy service and the application service may be proxied to the same domain through a reverse proxy service; the unified authentication service may send the first login request to the reverse proxy service, which may send the first login request to the adaptation proxy service; the adaptation proxy service may send a second login request to the reverse proxy service during communication with the application service, and the reverse proxy service may send the second login request to an application service in the same domain as the adaptation proxy service. When implemented, the reverse proxy service may be any suitable service that enables a reverse proxy, e.g., Nginx, HAProxy, etc.; the adaptation proxy service may also be a proxy layer in the adaptation proxy service for implementing a reverse proxy service, and is not limited herein.

Step S302, based on the first login credential information, at least one target credential field of the target user is determined.

Step S303, determining second login credential information of the target user based on the at least one target credential field and a second authentication protocol matched with the application service.

Step S304, based on the second login credential information, sending a second login request to the application service, so that the application service performs login authentication based on the second login credential information.

In the embodiment of the application, the adaptation proxy service and the application service are reversely proxied to the same domain, so that the communication between the unified authentication service and the adaptation proxy service is realized in a reverse proxy mode, and in the process of the communication between the adaptation proxy service and the application service in the reverse proxy mode, the communication of front-end data between the adaptation proxy service and the application service can be realized, and the limitation caused by cross-domain access is reduced.

In some embodiments, the determining, in response to receiving the first login request of the target user sent by the unified authentication service in step S301, an application service to be logged in may include the following step S311:

step 311, in response to receiving the first login request of the target user sent by the unified authentication service through the browser, determining the application service to be logged in.

Here, the unified authentication service may transmit a first login request of the target user through the browser. For example, in the case that the unified authentication service is a unified portal platform, a target user may access the unified portal platform through a browser and input an authentication element required by the unified portal platform, and then the unified portal platform may perform authentication based on the input authentication element, and after the authentication is completed, the target user may trigger the same portal platform to send a first login request of the target user through the browser by clicking an application service to be logged in a front-end page of the unified portal platform.

The step S304 may include the following steps S312 to S313:

step S312, opening a transfer page of the adapted proxy service in the browser, and storing the second login credential information into a storage space of the browser through the transfer page.

Here, the transit page of the adapted proxy service may be any suitable front-end page of the adapted proxy service, through which the adapted proxy service may store the second login credential information into the memory space of the browser.

The storage space of the browser may include, but is not limited to, at least one of a local storage space (localstorage), a local cache (Cookie), a session storage space (sessionStorage) of the browser, and the like.

Step 313, sending a second login request to the application service through the browser, so that the application service performs login authentication based on the second login credential information stored in the storage space.

Here, the adaptation proxy service may send the second login request to the application service by redirecting the browser to a login page of the application service, or opening a login page of the application service in the browser, or any other suitable manner. Since the adaptive proxy service and the application service are reversely proxied to the same domain, the front-end page of the application service can read the second login credential information stored by the adaptive proxy service through the transfer page from the memory space of the browser, so that the application service can perform login authentication based on the second login credential information.

In the above embodiment, the adaptation proxy service opens a transfer page of the adaptation proxy service in the browser, stores the second login credential information into a storage space of the browser through the transfer page, and sends the second login request to the application service through the browser, so that the application service performs login authentication based on the second login credential information stored in the storage space. Therefore, the user can perform the unaware login operation through the browser, and the unaware adaptation between the application service and the unified authentication system is realized.

The following describes an application of the login method provided by the embodiment of the present application in an actual scene.

The embodiment of the present application provides an adaptation proxy service for implementing non-intrusive application service single sign-on integration, as shown in fig. 4A, the adaptation proxy service 400 includes a first reverse proxy layer 410 and a first protocol rule parsing engine 420 facing a unified authentication service side, a unified data format conversion engine 430, and a second protocol rule parsing engine 440 and a second reverse proxy layer 450 facing an application service side, where:

the first reverse proxy layer 410 and the second reverse proxy layer 450 may both be implemented by Nginx, and by the first reverse proxy layer 410 and the second reverse proxy layer 450, cross-domain restriction of a browser may be bypassed, proxies for an adaptation proxy service and an application service to be logged in may be implemented, respectively, and all application services to be logged in and adaptation proxy services may be proxied to the same domain. For example, the first reverse proxy layer 410 and the second reverse proxy layer 450 may be implemented by two different reverse proxy routers in a Nginx reverse proxy server, respectively.

The first reverse proxy layer 410 is configured to receive a first login request of a target user sent by the unified authentication service in a reverse proxy manner, and determine an application service to be logged in.

The first protocol rule parsing engine 420 is configured to obtain first login credential information of a target user through hot loading of a first protocol script implemented based on a Groovy scripting language, so as to implement adaptation to a unified authentication service. The first protocol script is matched with a first authentication protocol adopted by the unified authentication service, and the first protocol script can be reused as long as the first authentication protocol adopted by the unified authentication service is unchanged.

The unified data format conversion engine 430 is configured to uniformly convert the first login credential information of the target user, which is obtained by the first protocol rule parsing engine 420, into at least one target credential field of the target user, such as a user identifier, a user name, an access token, description information, and the like, so that the second protocol rule parsing engine 440 may determine the second login credential information of the target user based on the at least one target credential field of the target user, thereby implementing decoupling between the first protocol rule parsing engine 420 and the second protocol rule parsing engine 440.

And the second protocol rule parsing engine 440 is configured to process at least one target credential field through hot loading of a second protocol script implemented based on a Groovy scripting language to obtain second login credential information of a target user, so as to implement adaptation of the application service, and further implement adaptation of different application services by writing different Groovy scripts.

The second reverse proxy layer 450 is configured to initiate a unified login request for the application service based on information such as a request address of the application service, convert, by using the unified data format conversion engine 430, second login credential information of the target user into at least one target credential field of the target user after the second login credential information of the target user is obtained from the application service, and cache the at least one target credential field of the target user, where the unified data format conversion engine is configured to directly obtain the at least one target credential field of the target user from the cache during multiple logins in a short time.

Based on the adaptive proxy service provided by the foregoing embodiment, an embodiment of the present application provides a login method, as shown in fig. 4B, the method includes the following steps S401 to S409:

step S401, a target user accesses the unified authentication service through a browser and inputs authentication elements required by the unified authentication service; here, the authentication element required by the unified authentication service may include, but is not limited to, at least one of a user name, a password, a verification code, and the like.

Step S402, after the unified authentication service completes authentication based on the input authentication elements, displaying the application service to be logged in on a browser;

step S403, the target user clicks the application service to be logged in the front-end page of the unified authentication service;

step S404, the unified authentication service sends a first login request to an adaptive agent service in the same domain with the application service according to the authentication rule of the unified authentication service; here, the authentication rule may be, for example, an authority control rule, an authentication logic, or the like.

Step S405, the adaptation agent service converts the first login credential information of the target user in the unified authentication service into second login credential information of the target user in the application service by realizing the adaptation of the protocol between the unified authentication service and the application service;

step S406, the adaptation proxy service opens a transfer page of the adaptation proxy service in the browser, stores the second login credential information of the target user into a local storage space of the browser through the transfer page, and redirects the browser to a login path of the application service;

step S407, the browser opens a login page of the application service;

step S408, the application service acquires second login credential information of the target user stored in the local storage space of the browser on the login page;

step S409, the application service performs login authentication based on the second login credential information.

In some embodiments, at least one target credential field of the target user corresponding to the second login credential information may be cached in the set configuration information, so that the second login credential information of the target user is determined based on the cached at least one target credential field of the target user in the case of multiple jumps. As shown in fig. 4B, the step S405 may include the following steps S411 to S415:

step S411, the adaptation agent service inquires whether at least one valid credential field of the target user exists in the configured information; if yes, go to step S412; if not, go to step S413;

step S412, the adaptation agent service determines the inquired at least one valid credential field as at least one target credential field of the target user; the flow advances to step S415;

step S413, the adaptation agent service requests the application service to acquire at least one target credential field of the target user according to the identification information of the target user;

step S414, the application service returns at least one target certificate field of the target user to the adaptive proxy service;

step S415, the adaptation proxy service determines second login credential information of the target user based on the at least one target credential field of the target user.

In the embodiment of the application, the adaptation of the authentication protocol between the unified authentication service and the application service is realized through a first protocol rule analysis engine and a second protocol rule analysis engine of the adaptation agent service, the data decoupling between the login credential information between the first protocol rule analysis engine and the second protocol rule analysis engine is realized through a unified data format conversion engine, and the adaptation agent service and the application service are proxied to the same domain through a reverse agent. Therefore, the cross-domain limitation of the browser can be bypassed, and the docking adaptation of the application service in the unified authentication service can be realized in a non-invasive manner without secondary development. For example, based on the login method provided in the embodiment of the present application, after a new application service is delivered, an operation and maintenance worker may configure, in an adaptation proxy service corresponding to the application service, a Groovy script matched with a first authentication protocol according to the first authentication protocol used by a unified authentication service to be accessed, and then configure, according to a second authentication protocol used by the application service, the Groovy script matched with the second authentication protocol, so that a single-point login full-flow based on the unified authentication service can be completed.

Fig. 5 is a schematic structural diagram of a login apparatus according to an embodiment of the present application, and as shown in fig. 5, the login apparatus 500 includes: a first determining module 510, a second determining module 520, a third determining module 530, and a sending module 540, wherein:

a first determining module 510, configured to determine, in response to receiving a first login request of a target user sent by a unified authentication service, an application service to be logged in, and obtain first login credential information of the target user based on a first authentication protocol matched with the unified authentication service;

a second determining module 520, configured to determine at least one target credential field of the target user based on the first login credential information;

a third determining module 530, configured to determine second login credential information of the target user based on the at least one target credential field and a second authentication protocol matching the application service;

a sending module 540, configured to send a second login request to the application service based on the second login credential information, so that the application service performs login authentication based on the second login credential information.

In some embodiments, the first determining module is further configured to: acquiring a first protocol script matched with the first authentication protocol; and acquiring first login credential information of the target user by using the first protocol script.

In some embodiments, the first determining module is further configured to: and executing the first protocol script by adopting a dynamic loading mode to obtain first login credential information of the target user.

In some embodiments, the third determination module is further configured to: acquiring a second protocol script matched with the second authentication protocol; and processing the at least one target credential field by using the second protocol script to obtain second login credential information of the target user.

In some embodiments, the third determination module is further to: and executing the second protocol script in a dynamic loading mode, and processing the at least one target credential field to obtain second login credential information of the target user.

In some embodiments, the first login credential information includes identification information of the target user; the second determination module is further to: inquiring set configuration information based on the identification information of the target user; determining at least one credential field as at least one target credential field of the target user if the configuration information is inquired that the at least one credential field matched with the identification information exists.

In some embodiments, the second determining module is further configured to: and under the condition that at least one credential field matched with the identification information does not exist in the configuration information, acquiring at least one target credential field of the target user from the application service based on the identification information.

In some embodiments, the unified authentication service communicates with the adaptation proxy service in a reverse proxy manner, the adaptation proxy service communicates with the application service in a reverse proxy manner, and the adaptation proxy service and the application service are reverse-proxied to the same domain.

In some embodiments, the first determining module is further configured to: determining an application service to be logged in response to receiving a first login request of a target user, which is sent by a unified authentication service through a browser; the sending module is further configured to: opening a transfer page of the adaptive proxy service in the browser, and storing the second login credential information into a storage space of the browser through the transfer page; and sending a second login request to the application service through the browser so that the application service performs login authentication based on the second login credential information stored in the storage space.

In some embodiments, the apparatus further comprises at least one of: the fourth determining module is used for inquiring the set first matching relation based on the unified authentication service to obtain a first authentication protocol matched with the unified authentication service; and the fifth determining module is used for inquiring the set second matching relation based on the application service to obtain a second authentication protocol matched with the application service.

The above description of the apparatus embodiments, similar to the above description of the method embodiments, has similar beneficial effects as the method embodiments. For technical details not disclosed in the embodiments of the apparatus of the present application, reference is made to the description of the embodiments of the method of the present application for understanding.

In the embodiment of the present application, if the login method is implemented in the form of a software functional module and sold or used as a standalone product, the login method may also be stored in a computer-readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be essentially implemented or a part contributing to the related art may be embodied in the form of a software product stored in a storage medium, and including several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read Only Memory (ROM), a magnetic disk, or an optical disk. Thus, embodiments of the present application are not limited to any specific combination of hardware and software.

The embodiment of the present application provides a computer device, which includes a memory and a processor, where the memory stores a computer program that can be executed on the processor, and the processor implements the steps in the above method when executing the program.

An embodiment of the present application provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the steps in the above method. The computer readable storage medium may be transitory or non-transitory.

Embodiments of the present application provide a computer program product, which includes a non-transitory computer readable storage medium storing a computer program, and when the computer program is read and executed by a computer, the computer program implements some or all of the steps of the above method. The computer program product may be embodied in hardware, software or a combination thereof. In an alternative embodiment, the computer program product is embodied in a computer storage medium, and in another alternative embodiment, the computer program product is embodied in a Software product, such as a Software Development Kit (SDK), or the like.

Here, it should be noted that: the above description of the storage medium, the computer program product and the device embodiments is similar to the description of the method embodiments described above, with similar advantageous effects as the method embodiments. For technical details not disclosed in the embodiments of the storage medium, the computer program product and the device of the present application, reference is made to the description of the embodiments of the method of the present application for understanding.

It should be noted that fig. 6 is a schematic diagram of a hardware entity of a computer device in an embodiment of the present application, and as shown in fig. 6, the hardware entity of the computer device 600 includes: a processor 601, a communication interface 602, and a memory 603, wherein:

the processor 601 generally controls the overall operation of the computer device 600.

The communication interface 602 may enable the computer device to communicate with other terminals or servers via a network.

The Memory 603 is configured to store instructions and applications executable by the processor 601, and may also buffer data (e.g., image data, audio data, voice communication data, and video communication data) to be processed or already processed by the processor 601 and modules in the computer apparatus 600, and may be implemented by a FLASH Memory (FLASH) or a Random Access Memory (RAM). Data may be transferred between the processor 601, the communication interface 602, and the memory 603 via the bus 604.

It should be appreciated that reference throughout this specification to "one embodiment" or "an embodiment" means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present application. Thus, the appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. It should be understood that, in the various embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application. The above-mentioned serial numbers of the embodiments of the present application are merely for description, and do not represent the advantages and disadvantages of the embodiments.

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element identified by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.

In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The above-described device embodiments are merely illustrative, for example, the division of the unit is only one logical function division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units; can be located in one place or distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, all functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may be separately regarded as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.

Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: various media that can store program codes, such as a removable Memory device, a Read Only Memory (ROM), a magnetic disk, or an optical disk.

Alternatively, the integrated unit described above may be stored in a computer-readable storage medium if it is implemented in the form of a software functional module and sold or used as a separate product. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: various media that can store program code, such as removable storage devices, ROMs, magnetic or optical disks, etc.

The above description is only an embodiment of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think of the changes or substitutions within the technical scope of the present application, and shall cover the scope of the present application.

Claims (13)

1. A login method, applied to an adaptive proxy service, the method comprising:

the method comprises the steps that in response to a first login request of a target user sent by a unified authentication service, an application service to be logged in is determined, and first login credential information of the target user is obtained based on a first authentication protocol matched with the unified authentication service;

determining at least one target credential field of the target user based on the first login credential information;

determining second login credential information for the target user based on the at least one target credential field and a second authentication protocol matching the application service;

and sending a second login request to the application service based on the second login credential information so that the application service performs login authentication based on the second login credential information.

2. The method of claim 1, wherein obtaining the first login credential information of the target user based on the first authentication protocol matched with the unified authentication service comprises:

acquiring a first protocol script matched with the first authentication protocol;

and acquiring first login credential information of the target user by using the first protocol script.

3. The method of claim 2, wherein the obtaining first login credential information of the target user using the first protocol script comprises:

and executing the first protocol script by adopting a dynamic loading mode to obtain first login credential information of the target user.

4. The method according to any of claims 1 to 3, wherein the determining second login credential information for the target user based on the at least one target credential field and a second authentication protocol matching the application service comprises:

acquiring a second protocol script matched with the second authentication protocol;

and processing the at least one target credential field by using the second protocol script to obtain second login credential information of the target user.

5. The method according to claim 4, wherein said processing the at least one target credential field using the second protocol script to obtain second login credential information of the target user comprises:

and executing the second protocol script in a dynamic loading mode, and processing the at least one target credential field to obtain second login credential information of the target user.

6. The method of any of claims 1 to 5, wherein the first login credential information comprises identification information of the target user;

determining, by the server, at least one target credential field of the target user based on the first login credential information, including:

inquiring set configuration information based on the identification information of the target user;

determining at least one credential field matching the identification information as at least one target credential field of the target user if the configuration information is queried to exist in the at least one credential field.

7. The method of claim 6, wherein determining at least one target credential field of the target user based on the first login credential information further comprises:

and under the condition that at least one credential field matched with the identification information does not exist in the configuration information, acquiring at least one target credential field of the target user from the application service based on the identification information.

8. The method according to any one of claims 1 to 7, wherein the unified authentication service and the adaptation proxy service communicate with each other by means of a reverse proxy, the adaptation proxy service and the application service communicate with each other by means of a reverse proxy, and the adaptation proxy service and the application service are reverse-proxied to the same domain.

9. The method according to claim 8, wherein the determining the application service to be logged in response to receiving the first login request of the target user sent by the unified authentication service comprises:

determining an application service to be logged in response to receiving a first login request of a target user, which is sent by a unified authentication service through a browser;

the sending a second login request to the application service based on the second login credential information comprises:

opening a transfer page of the adaptive proxy service in the browser, and storing the second login credential information into a storage space of the browser through the transfer page;

sending a second login request to the application service through the browser, so that the application service performs login authentication based on the second login credential information stored in the storage space.

10. The method according to any one of claims 1 to 9, further comprising at least one of:

inquiring a set first matching relation based on the unified authentication service to obtain a first authentication protocol matched with the unified authentication service;

and inquiring a set second matching relation based on the application service to obtain a second authentication protocol matched with the application service.

11. A login apparatus, applied to an adaptation proxy service, comprising:

the system comprises a first determining module, a second determining module and a third determining module, wherein the first determining module is used for responding to a first login request of a target user sent by a unified authentication service, determining an application service to be logged in, and acquiring first login credential information of the target user based on a first authentication protocol matched with the unified authentication service;

a second determining module for determining at least one target credential field of the target user based on the first login credential information;

a third determining module for determining second login credential information of the target user based on the at least one target credential field and a second authentication protocol matched with the application service;

and the sending module is used for sending a second login request to the application service based on the second login credential information so that the application service performs login authentication based on the second login credential information.

12. A computer device comprising a memory and a processor, the memory storing a computer program operable on the processor, wherein the processor implements the steps of the method of any one of claims 1 to 10 when executing the program.

13. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 10.

Images