CN115001808A - Domain user login method, device, equipment and medium - Google Patents

Domain user login method, device, equipment and medium Download PDF

Info

Publication number
CN115001808A
CN115001808A CN202210606577.1A CN202210606577A CN115001808A CN 115001808 A CN115001808 A CN 115001808A CN 202210606577 A CN202210606577 A CN 202210606577A CN 115001808 A CN115001808 A CN 115001808A
Authority
CN
China
Prior art keywords
domain
user login
login information
user
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210606577.1A
Other languages
Chinese (zh)
Inventor
杜天文
王敏
陈智胜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202210606577.1A priority Critical patent/CN115001808A/en
Publication of CN115001808A publication Critical patent/CN115001808A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Abstract

The application provides a domain user login method, a domain user login device and a domain user login medium, which can be applied to the field of network security or the field of finance. The method comprises the following steps: acquiring user login information for logging in a system in a target domain; sending the user login information to a domain server corresponding to the target domain so that the domain server can verify the user login information and return verification information; and receiving the verification information, if the verification information represents that the user login information is verified successfully, generating a token corresponding to the user login information, and finally sending the token to the front-end server so that the front-end server can enable the domain user corresponding to the user login information to log in the system in the target domain based on the token. In the application, the domain user can generate the token based on the user login information under the condition that the domain user is not connected with the external network, and can simultaneously log in a plurality of systems based on the generated token, so that the time for the user to register the systems is saved, the user does not need to remember a plurality of account information, and the user experience is improved.

Description

Domain user login method, device, equipment and medium
Technical Field
The present application relates to the field of network security, and in particular, to a domain user login method, apparatus, device, and medium.
Background
At present, a system is provided with a user login mode, which generally requires that a user logs in through a registered account and password after registering in the system, or logs in through a third party such as qq, WeChat, microblog and the like.
Since an enterprise may have multiple systems, such as a business system, a payroll system, an employee information management system, etc., each system requires that employees register first and then log in, registering in each system will consume a lot of time for the employees, and the employees need to memorize account numbers and passwords of each system, which is unfriendly from the aspects of convenience of system use and convenience of management of the employees on their accounts.
The mode of using the third party to log in avoids a series of problems caused by the fact that a user registers in each system, but the mode needs that enterprises can be connected with an extranet, and most enterprises cannot be connected with the extranet due to safety considerations, so that staff cannot use the third party to log in each system, and the requirement of the enterprises cannot be met by using the mode of using the third party to log in.
In summary, there is a need for a method for enabling a user to log in a plurality of systems without connecting to an external network.
Disclosure of Invention
In view of the above, the present application provides a domain user login method, apparatus, device and medium, which are used for enabling a user to login in a plurality of systems in a unified manner without connecting to an external network, and the technical scheme is as follows:
a domain user login method comprises the following steps:
acquiring user login information for logging in a system in a target domain;
sending the user login information to a domain server corresponding to the target domain so that the domain server can verify the user login information and return verification information;
receiving the verification information, and if the verification information represents that the user login information is successfully verified, generating a token corresponding to the user login information;
and sending the token to a front-end server so that the front-end server enables a domain user corresponding to the user login information to log in the system in the target domain based on the token.
Optionally, the sending the user login information to the domain server corresponding to the target domain includes:
preprocessing the user login information by using an authentication domain user API (application program interface) to obtain preprocessed user login information;
and sending the preprocessed user login information to a domain server corresponding to the target domain.
Optionally, the preprocessing the user login information by using the user API interface in the authentication domain to obtain the preprocessed user login information includes:
encrypting the user login information through the verification domain user API interface to obtain encrypted user login information;
and processing the encrypted user login information into a command line format through the authentication domain user API interface to obtain the preprocessed user login information.
Optionally, the generating a token corresponding to the user login information includes:
and generating a token corresponding to the user login information by using a JWT authentication mechanism.
Optionally, the user login information includes a domain user account and a domain password.
A domain user login device, comprising:
the login information acquisition module is used for acquiring user login information for logging in a system in a target domain;
the login information sending module is used for sending the user login information to a domain server corresponding to the target domain so that the domain server can verify the user login information and return verification information;
the token generation module is used for receiving the verification information, and if the verification information represents that the user login information is successfully verified, a token corresponding to the user login information is generated;
and the token sending module is used for sending the token to a front-end server so that the front-end server can enable the domain user corresponding to the user login information to log in the system in the target domain based on the token.
Optionally, the login information sending module includes:
the login information preprocessing module is used for preprocessing the user login information by using an authentication domain user API (application program interface) to obtain preprocessed user login information;
and the processed login information sending module is used for sending the preprocessed user login information to a domain server corresponding to the target domain.
Optionally, the login information preprocessing module includes:
the encryption processing module is used for encrypting the user login information through the authentication domain user API interface to obtain encrypted user login information;
and the command line processing module is used for processing the encrypted user login information into a command line format through the authentication domain user API interface to obtain the preprocessed user login information.
A domain user login device includes a memory and a processor;
the memory is used for storing programs;
the processor is configured to execute the program to implement the steps of the domain user login method according to any one of the above items.
A readable storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of a domain user login method as claimed in any one of the preceding claims.
According to the technical scheme, the domain user login method comprises the steps of firstly obtaining user login information for logging in a system in a target domain, then sending the user login information to a domain server corresponding to the target domain, so that the domain server can verify the user login information, returning verification information, then receiving the verification information, generating a token corresponding to the user login information if the verification information represents that the user login information is verified successfully, and finally sending the token to a front-end server, so that the front-end server can enable a domain user corresponding to the user login information to log in the system in the target domain based on the token. According to the method and the device, the domain user can generate the token based on the user login information under the condition that the domain user is not connected with the external network, and can simultaneously log in a plurality of systems based on the generated token, so that the time for the user to register the systems is saved, the user does not need to remember a plurality of account information, and the user experience is improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only the embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic flowchart of a domain user login method according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a process by which an enterprise domain user accesses a system within a target domain;
fig. 3 is a schematic structural diagram of a domain user login device according to an embodiment of the present application;
fig. 4 is a block diagram of a hardware structure of a domain user login device according to an embodiment of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In view of the problems in the prior art, the present inventors have conducted intensive studies and finally propose a domain user login method, apparatus, device and medium.
It should be noted that the domain user login method, apparatus, device and medium provided by the present invention can be applied to the network security field or the financial field. The foregoing is merely an example, and does not limit the application fields of the domain user login method, apparatus, device and medium provided by the present invention.
Before describing the domain user login method, apparatus, device and medium provided by the present application, several terms referred to in the present application will be described.
The domain user: the domain is a logical organization unit of the windows network operating system, and is also a logical organization of the internet, and in the windows network operating system, the domain is a security boundary. The administrator can only manage the inside of the domain unless other domains are explicitly assigned to the domain he manages. Each domain has its own security policy, as well as its secure trust relationships with other domains.
django frame: django is an open source web application framework, written by python.
JWT: JWT is a json-based open specification that allows us to use JWT to communicate secure and reliable information between users and servers. Two usage scenarios for JWT are authentication and data exchange.
django _ rest _ frame: the django rest is a plug-in of the django web framework, and the establishment of the rest api through the django rest frame is very convenient and quick, and is particularly suitable for the current front-end and back-end separation mode.
Next, the domain user login method provided in the present application will be described in detail through the following embodiments.
The domain user login method provided by the application can be applied to a background server. In order to make those skilled in the art understand the present application better, please refer to fig. 1, which shows a flowchart of a domain user login method provided in an embodiment of the present application, where the domain user login method may include:
and step S101, obtaining user login information for logging in a system in a target domain.
Specifically, the front-end server interacting with the background server may provide a login interface, and the user may input user login information on the login interface provided by the front-end server, so as to log in and access all systems in the target domain through the user login information.
Optionally, the user login information may include a domain user account and a domain password corresponding to the domain user account.
Of course, the user login information may also include other information, such as an identifier of the target domain, which is not limited in this application.
Alternatively, the system in the target domain may be a windows system developed using django.
In this step, after the user inputs the user login information on the login interface, the front-end server may send the user login information to the backend server, so that the backend server may obtain the user login information of the system in which the user logs in the target domain.
It should be noted that, in this step, the target domain may include one system or may include a plurality of systems, and whether the target domain includes one system or a plurality of systems, the user only needs to register the user login information once, and the user login information is input once when the system in the target domain needs to be accessed, and there is no need to register and log in each system separately.
And step S102, sending the user login information to a domain server corresponding to the target domain so that the domain server can verify the user login information and return verification information.
It will be appreciated that each domain has a corresponding domain server. In this step, the background server may send the user login information obtained in the previous step to the domain server corresponding to the target domain for verification (i.e., authentication).
Here, when a user initially uses a system in a target domain, the user may register personal information in a registration interface, and when the user registers the personal information (the registered personal information is user login information in this embodiment), a domain server corresponding to the target domain may store the registered user login information, so that after the domain server corresponding to the target domain receives the user login information sent by the backend server, the received user login information may be compared with the pre-stored user login information to check whether the received user login information is correct, if the authentication is correct, authentication information representing that the user login information is successfully authenticated may be returned to the backend server, otherwise, if the authentication is wrong, authentication information representing that the user login information is unsuccessfully authenticated may be returned to the backend server.
And step S103, receiving the verification information, and if the verification information represents that the user login information is successfully verified, generating a token corresponding to the user login information.
In this embodiment, the user login mode of the windows system developed by django is a session authentication mechanism, and the session authentication mechanism requires that a user registers personal information in each system respectively and logs in each system respectively based on the registered personal information.
Because the session authentication mechanism cannot realize unified login of a plurality of systems without connecting to an external network, the embodiment provides a token authentication mechanism for user-defined login so as to realize a user login function.
Here, the token authentication mechanism provided in this embodiment specifically refers to: and after receiving the authentication information sent by the domain server corresponding to the target domain, the background server analyzes the received authentication information to determine whether the user login information acquired in the previous step is successfully authenticated. If the received authentication information represents that the user login information is successfully authenticated, the background server generates a token corresponding to the user login information, that is, if the user inputs correct user login information, the background server can generate the token for the user.
In an optional embodiment, the process of "generating a token corresponding to the user login information" in this step may include: and generating a token corresponding to the user login information by using a JWT authentication mechanism.
Specifically, in this step, a token may be generated by using a JWT authentication mechanism of the django restfraemwork, that is, in this step, a token corresponding to the domain user may be generated by using a JWT component of the django restfraemwork.
And step S104, sending the token to the front-end server so that the front-end server can enable the domain user corresponding to the user login information to log in the system in the target domain based on the token.
Under the condition that the background server receives verification information representing successful verification of the user login information, a token corresponding to the generated user login information can be sent to the front-end server (vue framework), after the front-end server receives the token, whether the user has the authority to access the system in the target domain or not can be verified according to the token, if the user has the corresponding token, the user can access the system in the target domain, and at the moment, the domain user corresponding to the user login information logs in the system in the target domain based on the token and accesses the system in the target domain.
It should be noted that, after receiving the token corresponding to the user login information, the front-end server stores the token. Then, the process of accessing the system in the target domain by the domain user includes: and when the domain user needs to access the system in the target domain, generating an access request carrying the token, sending the access request carrying the token to the front-end server, intercepting the request after the front-end server receives the access request, and verifying the token. If the token is checked to be correct, the front-end server allows the domain user to access the page, and the domain user can enter the access page at the moment, otherwise, if the token is checked to be failed, the front-end server rejects the domain user from accessing the page, and the domain user cannot enter the access page at the moment.
Optionally, the token may be stored in the client by the front-end server, and optionally may be stored in cookies of the client.
The foregoing step introduces a detailed processing procedure in the case that the background server receives the authentication information indicating that the user login information is successfully authenticated. As introduced in the foregoing steps, the background server may also receive authentication information indicating that the user login information authentication fails, in this case, optionally, the background server may return error information to the front-end server, and the front-end server receives the error information, and directly refuses the domain user corresponding to the user login information to log in and access the system in the target domain.
The domain user login method comprises the steps of firstly obtaining user login information for logging in a system in a target domain, then sending the user login information to a domain server corresponding to the target domain, so that the domain server verifies the user login information and returns verification information, then receiving the verification information, if the verification information represents that the user login information is verified successfully, generating a token corresponding to the user login information, and finally sending the token to a front-end server, so that the front-end server enables a domain user corresponding to the user login information to log in the system in the target domain based on the token. In the application, the domain user can generate the token based on the user login information under the condition that the domain user is not connected with the external network, and can simultaneously log in a plurality of systems based on the generated token, so that the time for the user to register the systems is saved, the user does not need to remember a plurality of account information, and the user experience is improved.
In addition, the domain user login method provided by the embodiment can realize the unified registration and login of all systems in the target domain without additionally investing resources to build a set of user management system, and the cost is reduced.
The following embodiment describes the aforementioned "step S102, sending the user login information to the domain server corresponding to the target domain".
Optionally, in this embodiment, the domain user authentication may be implemented through an API for domain user authentication of the python third party package Idap3, and specifically, the process of "step S102, sending the user login information to the domain server corresponding to the target domain" may include:
and step S1, preprocessing the user login information by using the authentication domain user API interface to obtain preprocessed user login information.
Specifically, after receiving the user login information, the background server calls an authentication domain user API interface, and sends the user login information to the domain server corresponding to the target domain.
Here, the purpose of the preprocessing is to process the user login information into information that can be recognized and processed by the domain server corresponding to the target domain.
In an optional embodiment, the step of "preprocessing the user login information using the authentication domain user API interface to obtain preprocessed user login information" may include:
and step S11, encrypting the user login information through the authentication domain user API interface to obtain the encrypted user login information.
And step S12, processing the encrypted user login information into a command line format through the authentication domain user API interface to obtain the preprocessed user login information.
In the present application, the domain server corresponding to the target domain needs to verify the user login information in a command line verification manner, so that the encrypted user login information needs to be processed into a command line format in this step.
And step S2, sending the preprocessed user login information to a domain server corresponding to the target domain.
The embodiment can process the user login information into the information which can be identified and processed by the domain server corresponding to the target domain, so that the domain server corresponding to the target domain can verify the correctness of the preprocessed user login information.
In order to make those skilled in the art understand the present application, a plurality of systems owned by enterprise a, which are systems in a target domain, will be described below as an example.
Referring to fig. 2, fig. 2 is a schematic diagram illustrating a process for accessing a system in a target domain by a user of an enterprise domain.
Step S1, the user logs in.
Specifically, after the employee of the enterprise a (enterprise domain user) registers the user login information in the target domain, the employee can log in on the front-end login interface based on the user login information, and after receiving the user login information, the front-end server can send the user login information to the back-end server.
And step S2, the back-end server calls a domain server corresponding to the target domain to verify the user login information.
Specifically, the back-end server may obtain the user login information, and send the user login information to the domain server corresponding to the target domain, so as to verify the user login information through the domain server corresponding to the target domain.
And (5) if the domain server corresponding to the target domain returns the verification information representing the successful verification to the back-end server, jumping to step (S3), and if the domain server corresponding to the target domain returns the verification information representing the failed verification to the back-end server, jumping to step (S1) to enable the domain user to input the user login information again so as to perform the verification of the step again.
In this step, the process of the back-end server sending the user login information to the domain server corresponding to the target domain may refer to the description in the foregoing embodiment, and is not described herein again.
And step S3, the back-end server generates a token and returns the token to the front-end server.
Specifically, the back-end server may generate a token corresponding to the user login information that is successfully verified, and return the generated token to the front-end server.
The process of generating the token by the backend server may refer to the description in the foregoing embodiments, and details are not described here.
And step S4, the front-end server receives the token and stores the token into the cookies.
Specifically, the front-end server may store the token into the cookies after receiving the token, so as to check the access request based on the stored token in the following.
And step S5, successfully logging in, and jumping to an access page.
Specifically, after the front-end server checks that the token passes, the domain user can successfully log in a plurality of systems in the target domain and jump to the page accessed this time.
In the process from login to login quitting, if a plurality of systems in the target domain need to be accessed or one system needs to be accessed for a plurality of times, the front-end server can verify each access request based on the stored token, and after the verification is passed, the corresponding system page can be accessed.
It should be noted that the implementation scenario provided in this embodiment is only an example, and is not a limitation to the present application.
The domain user login device provided by the embodiment of the present application is described below, and the domain user login device described below and the domain user login method described above may be referred to in a mutually corresponding manner.
Referring to fig. 3, a schematic structural diagram of a domain user login device according to an embodiment of the present application is shown, and as shown in fig. 3, the domain user login device may include: a login information acquisition module 301, a login information transmission module 302, a token generation module 303, and a token transmission module 304.
A login information obtaining module 301, configured to obtain user login information for logging in a system in a target domain.
A login information sending module 302, configured to send the user login information to a domain server corresponding to the target domain, so that the domain server verifies the user login information and returns verification information.
A token generating module 303, configured to receive the authentication information, and generate a token corresponding to the user login information if the authentication information indicates that the user login information is successfully authenticated.
A token sending module 304, configured to send the token to a front-end server, so that the front-end server logs a domain user corresponding to the user login information in a system in the target domain based on the token.
The domain user login device provided by the application firstly acquires user login information for logging in a system in a target domain, then sends the user login information to a domain server corresponding to the target domain, so that the domain server verifies the user login information and returns verification information, then receives the verification information, if the verification information represents that the user login information is verified successfully, a token corresponding to the user login information is generated, and finally the token is sent to a front-end server, so that the front-end server enables the domain user corresponding to the user login information to log in the system in the target domain based on the token. According to the method and the device, the domain user can generate the token based on the user login information under the condition that the domain user is not connected with the external network, and can simultaneously log in a plurality of systems based on the generated token, so that the time for the user to register the systems is saved, the user does not need to remember a plurality of account information, and the user experience is improved.
In a possible implementation manner, the login information sending module may include: the system comprises a login information preprocessing module and a processed login information sending module.
And the login information preprocessing module is used for preprocessing the user login information by using an authentication domain user API (application program interface) to obtain preprocessed user login information.
And the processed login information sending module is used for sending the preprocessed user login information to a domain server corresponding to the target domain.
In a possible implementation manner, the login information preprocessing module may include: an encryption processing module and a command line processing module.
And the encryption processing module is used for encrypting the user login information through the authentication domain user API interface to obtain the encrypted user login information.
And the command line processing module is used for processing the encrypted user login information into a command line format through the authentication domain user API interface to obtain the preprocessed user login information.
In a possible implementation manner, the token generation module may be specifically configured to generate a token corresponding to the user login information by using a JWT authentication mechanism.
In a possible implementation manner, the user login information includes a domain user account and a domain password.
The embodiment of the application also provides domain user login equipment. Alternatively, fig. 4 is a block diagram illustrating a hardware structure of a domain user login device, and referring to fig. 4, the hardware structure of the domain user login device may include: at least one processor 401, at least one communication interface 402, at least one memory 403 and at least one communication bus 404;
in the embodiment of the present application, the number of the processor 401, the communication interface 402, the memory 403, and the communication bus 404 is at least one, and the processor 401, the communication interface 402, and the memory 403 complete communication with each other through the communication bus 404;
processor 401 may be a central processing unit CPU, or an application Specific Integrated circuit asic, or one or more Integrated circuits configured to implement embodiments of the present invention, or the like;
the memory 403 may include a high-speed RAM memory, and may further include a non-volatile memory (non-volatile memory) or the like, such as at least one disk memory;
wherein the memory 403 stores a program and the processor 401 may call the program stored in the memory 403 for:
acquiring user login information for logging in a system in a target domain;
sending the user login information to a domain server corresponding to the target domain so that the domain server can verify the user login information and return verification information;
receiving the verification information, and if the verification information represents that the user login information is successfully verified, generating a token corresponding to the user login information;
and sending the token to a front-end server so that the front-end server enables a domain user corresponding to the user login information to log in the system in the target domain based on the token.
Alternatively, the detailed function and the extended function of the program may be as described above.
The embodiment of the application also provides a readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the domain user login method is realized.
Alternatively, the detailed function and the extended function of the program may be as described above.
Finally, it is further noted that, herein, relational terms such as, for example, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A domain user login method is characterized by comprising the following steps:
acquiring user login information for logging in a system in a target domain;
sending the user login information to a domain server corresponding to the target domain so that the domain server can verify the user login information and return verification information;
receiving the verification information, and if the verification information represents that the user login information is successfully verified, generating a token corresponding to the user login information;
and sending the token to a front-end server so that the front-end server enables a domain user corresponding to the user login information to log in the system in the target domain based on the token.
2. The domain user login method according to claim 1, wherein said sending the user login information to the domain server corresponding to the target domain comprises:
preprocessing the user login information by using an authentication domain user API (application program interface) to obtain preprocessed user login information;
and sending the preprocessed user login information to a domain server corresponding to the target domain.
3. The domain user login method of claim 2, wherein the preprocessing the user login information using an authenticated domain user API interface to obtain preprocessed user login information comprises:
encrypting the user login information through the verification domain user API interface to obtain encrypted user login information;
and processing the encrypted user login information into a command line format through the authentication domain user API interface to obtain the preprocessed user login information.
4. The domain user login method according to claim 1, wherein the generating a token corresponding to the user login information comprises:
and generating a token corresponding to the user login information by using a JWT authentication mechanism.
5. The domain user login method of claim 1, wherein the user login information comprises a domain user account and a domain password.
6. A domain user login device, comprising:
the login information acquisition module is used for acquiring user login information for logging in a system in a target domain;
the login information sending module is used for sending the user login information to a domain server corresponding to the target domain so that the domain server can verify the user login information and return verification information;
the token generation module is used for receiving the verification information, and if the verification information represents that the user login information is successfully verified, a token corresponding to the user login information is generated;
and the token sending module is used for sending the token to a front-end server so that the front-end server can enable the domain user corresponding to the user login information to log in the system in the target domain based on the token.
7. The domain user login device according to claim 6, wherein the login information sending module comprises:
the login information preprocessing module is used for preprocessing the user login information by using an authentication domain user API (application program interface) to obtain preprocessed user login information;
and the processed login information sending module is used for sending the preprocessed user login information to a domain server corresponding to the target domain.
8. The domain user login device of claim 7, wherein the login information preprocessing module comprises:
the encryption processing module is used for encrypting the user login information through the authentication domain user API interface to obtain encrypted user login information;
and the command line processing module is used for processing the encrypted user login information into a command line format through the authentication domain user API interface to obtain the preprocessed user login information.
9. A domain user login device, comprising a memory and a processor;
the memory is used for storing programs;
the processor, for executing the program, realizes the steps of the domain user login method according to any one of claims 1 to 5.
10. A readable storage medium having stored thereon a computer program, wherein the computer program, when executed by a processor, performs the steps of the domain user login method according to any one of claims 1 to 5.
CN202210606577.1A 2022-05-31 2022-05-31 Domain user login method, device, equipment and medium Pending CN115001808A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210606577.1A CN115001808A (en) 2022-05-31 2022-05-31 Domain user login method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210606577.1A CN115001808A (en) 2022-05-31 2022-05-31 Domain user login method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN115001808A true CN115001808A (en) 2022-09-02

Family

ID=83030910

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210606577.1A Pending CN115001808A (en) 2022-05-31 2022-05-31 Domain user login method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN115001808A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120291114A1 (en) * 2011-05-13 2012-11-15 Cch Incorporated Single sign-on between applications
CN105282095A (en) * 2014-06-18 2016-01-27 中兴通讯股份有限公司 Login verification method and device of virtual desktop
CN109379369A (en) * 2018-11-09 2019-02-22 中国平安人寿保险股份有限公司 Single-point logging method, device, server and storage medium
CN110730171A (en) * 2019-10-10 2020-01-24 北京东软望海科技有限公司 Service request processing method, device and system, electronic equipment and storage medium
CN112910904A (en) * 2021-02-03 2021-06-04 叮当快药科技集团有限公司 Login method and device of multi-service system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120291114A1 (en) * 2011-05-13 2012-11-15 Cch Incorporated Single sign-on between applications
CN105282095A (en) * 2014-06-18 2016-01-27 中兴通讯股份有限公司 Login verification method and device of virtual desktop
CN109379369A (en) * 2018-11-09 2019-02-22 中国平安人寿保险股份有限公司 Single-point logging method, device, server and storage medium
CN110730171A (en) * 2019-10-10 2020-01-24 北京东软望海科技有限公司 Service request processing method, device and system, electronic equipment and storage medium
CN112910904A (en) * 2021-02-03 2021-06-04 叮当快药科技集团有限公司 Login method and device of multi-service system

Similar Documents

Publication Publication Date Title
US20200236147A1 (en) Brokered authentication with risk sharing
US10673866B2 (en) Cross-account role management
CN112154639B (en) Multi-factor authentication without user footprint
US9300653B1 (en) Delivery of authentication information to a RESTful service using token validation scheme
US7865931B1 (en) Universal authorization and access control security measure for applications
US8898752B2 (en) Efficiently throttling user authentication
US20200106766A1 (en) Method and system for security assertion markup language (saml) service provider-initiated single sign-on
CN111786969B (en) Single sign-on method, device and system
US20140026205A1 (en) Federated Realm Discovery
CN107770192A (en) Identity authentication method and computer-readable recording medium in multisystem
CN113742676B (en) Login management method, login management device, login management server, login management system and storage medium
CN105162775A (en) Logging method and device of virtual machine
CN112583834B (en) Method and device for single sign-on through gateway
CN111371725A (en) Method for improving security of session mechanism, terminal equipment and storage medium
CN112491776A (en) Security authentication method and related equipment
CN107453872A (en) A kind of unified safety authentication method and system based on Mesos container cloud platforms
US8656468B2 (en) Method and system for validating authenticity of identity claims
CN116415217A (en) Instant authorization system based on zero trust architecture
Gordin et al. Moving forward passwordless authentication: challenges and implementations for the private cloud
US11374915B1 (en) Security challenge bypass
US20190089541A1 (en) Configuration updates for access-restricted hosts
CN110113346A (en) A kind of network verification method, user terminal and server
CN115001808A (en) Domain user login method, device, equipment and medium
CN107105046B (en) Remotely access the method and system of big data
CN116170234B (en) Single sign-on method and system based on virtual account authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination