CN115150141B - Single sign-on method and single point management equipment - Google Patents
Single sign-on method and single point management equipment Download PDFInfo
- Publication number
- CN115150141B CN115150141B CN202210727908.7A CN202210727908A CN115150141B CN 115150141 B CN115150141 B CN 115150141B CN 202210727908 A CN202210727908 A CN 202210727908A CN 115150141 B CN115150141 B CN 115150141B
- Authority
- CN
- China
- Prior art keywords
- unified
- user
- login
- access system
- identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 230000001960 triggered effect Effects 0.000 claims abstract description 76
- 238000012795 verification Methods 0.000 claims description 94
- 238000013507 mapping Methods 0.000 claims description 58
- 238000004891 communication Methods 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 14
- 238000012545 processing Methods 0.000 description 10
- 238000004590 computer program Methods 0.000 description 9
- 230000002452 interceptive effect Effects 0.000 description 9
- 230000003993 interaction Effects 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 235000014510 cooky Nutrition 0.000 description 5
- 230000010365 information processing Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 238000013475 authorization Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the application provides a single sign-on method and single point management equipment, wherein the method is applied to the single point management equipment and comprises the following steps: responding to a first login instruction triggered by a target user side, determining a target identification of a target user corresponding to the first login instruction, and generating a temporary password of the target user; the first login instruction is a login instruction aiming at a unified system, which is triggered after a target user logs in a non-unified access system; generating login information of the target user based on the target identifier and the temporary password; and carrying out identity authentication on the basis of the login information in a unified access system in the unified system. According to the embodiment, the login information of the target user can be obtained by generating the temporary password to simulate the login of the target user in the unified access system, and the user identification and the password are not required to be input again when the target user accesses the unified access system subsequently, so that single sign-on can be realized through the non-unified access system.
Description
Technical Field
The embodiment of the application relates to the technical field of single sign-on, in particular to a single sign-on method and single sign-on management equipment.
Background
With the development of technology, single sign-on technology is becoming more and more popular. Single sign-on refers to that in an environment where multiple systems coexist, after a user logs in one system, the user does not need to log in the other systems again, that is, the user can obtain the trust of all the other systems after one login.
In the related art, a multi-system (unified access system) is accessed into a unified system, so that single sign-on is realized in the unified system.
However, for the non-uniform access system, after the user logs in the non-uniform access system, the user accesses other systems or needs to log in again, i.e. single sign-on cannot be realized through the non-uniform access system.
Disclosure of Invention
The embodiment of the application provides a single sign-on method and single sign-on management equipment, which are used for realizing single sign-on through a non-uniform access system.
In a first aspect, an embodiment of the present application provides a single sign-on method, which is applied to a single point management device, where the method includes:
responding to a first login instruction triggered by a target user side, determining a target identification of a target user corresponding to the first login instruction, and generating a temporary password of the target user; the first login instruction is a login instruction aiming at a unified system, which is triggered after a target user logs in a non-unified access system;
Generating login information of the target user based on the target identifier and the temporary password;
and carrying out identity authentication on the basis of the login information in a unified access system in the unified system.
According to the scheme, the single point management device cannot learn the login password of the target user, but the processing logic of the single point management device generates the login information according to the login user name and the login password, so that the login information of the target user can be obtained by simulating the login of the target user in the unified access system by generating the temporary password, and the single point login can be realized through the non-unified access system without inputting the user identification and the password again when the subsequent target user accesses the unified access system.
In some alternative embodiments, the login information includes login credentials and authentication information;
after generating the login information of the target user, the method further comprises the following steps:
the login credentials are sent to the target user side, so that when the target user side triggers a second login instruction aiming at a unified access system, the login credentials are placed in the second login instruction;
and carrying out identity authentication on the basis of the login information in a unified access system in the unified system, wherein the method comprises the following steps:
Responding to a second login instruction triggered by any user side, after determining that the second login instruction triggered by the user side comprises login credentials, sending verification information corresponding to the second login instruction triggered by the user side to the user side, so that the user side sends a login request carrying the verification information to the unified access system after receiving the verification information, and carrying out identity verification based on the verification information through the unified access system.
According to the scheme, the login credentials represent that the user logs in the unified system, the login credentials are sent to the user side which is successfully logged in, the second login instructions triggered by the user side all try to carry the login credentials, namely the login credentials are placed in the second login instructions if the user side has the login credentials, and the login credentials cannot be placed in the second login instructions if the user side does not have the login credentials. Therefore, if the second login instruction triggered by the user side contains login credentials, the user does not need to input the user identifier and the password again, and verification information corresponding to the second login instruction triggered by the user side is directly sent to the user side, so that the user side requests access to the unified access system based on the verification information.
In some optional embodiments, before sending the verification information corresponding to the second login instruction triggered by the user side to the user side, the method further includes:
if the identification of the same user in the unified system is the same as the identification in the unified access system, the user identification carried by the second login instruction is placed in the verification information; or alternatively
If the identification of the same user in the unified system is different from the identification in the unified access system, determining the identification of the user corresponding to the second login instruction in the unified access system based on a first mapping relation, and placing the determined identification in the verification information; wherein the first mapping relationship comprises a mapping between the identities in the unified access system and the identities in the unified system.
According to the scheme, aiming at the condition that the identity of the same user in the unified system is the same as the identity of the same user in the unified access system, the user identity carried by the second login instruction is the identity of the corresponding user in the unified access system, so that the user identity carried by the second login instruction can be directly placed in the verification information corresponding to the second login instruction, and the subsequent unified access system can verify the identity of the user corresponding to the second login instruction based on the verification information. Aiming at the situation that the identity of the same user in the unified system is different from the identity in the unified access system, the user identity carried by the second login instruction is not the identity of the corresponding user in the unified access system, the identity of the user in the unified access system also needs to be determined, and the subsequent unified access system can correctly perform identity verification based on verification information; based on the first mapping relation between the identifier in the unified access system and the identifier in the unified system, the identifier mapped by the user identifier carried by the second login instruction (the identifier of the user corresponding to the second login instruction in the unified access system) can be determined, and the identifier is placed in the verification information, so that the subsequent unified access system performs identity verification on the user corresponding to the second login instruction based on the verification information. Therefore, the account system and the authority configuration in the unified access system do not need to be changed, and the unified system can be accessed to realize single sign-on.
In some optional embodiments, if the identifier of the same user in the unified system is different from the identifier in the non-unified access system, determining the target identifier of the target user corresponding to the first login instruction includes:
determining the identification of the target user in the unified system based on a second mapping relation, and taking the determined identification as the target identification of the target user; wherein the second mapping relationship comprises a mapping between the identities in the non-uniform access system and the identities in the uniform system.
According to the scheme, aiming at the situation that the identity of the same user in the unified system is different from the identity of the same user in the non-unified access system, the user identity carried by the first login instruction is not the identity of the corresponding user in the unified system, the identity of the user in the unified system also needs to be determined, and login information can be accurately generated afterwards; based on a second mapping relationship between the identifications in the non-uniform access system and the identifications in the uniform system; the identifier mapped by the user identifier carried by the first login instruction (the identifier of the user corresponding to the first login instruction in the non-uniform access system) can be determined, and login information corresponding to the identifier is generated. Therefore, single sign-on can be realized without changing the account system and the authority configuration in the non-uniform access system.
In some optional embodiments, if the identity of the same user in the unified system is the same as the identity in the non-unified access system, determining the target identity of the target user corresponding to the first login instruction includes:
and taking the user identifier carried by the first login instruction as the target identifier of the target user.
According to the scheme, the user identification carried by the first login instruction is the identification of the corresponding user in the unified system aiming at the situation that the identification of the same user in the unified system is the same as the identification of the same user in the non-unified access system, so that login information corresponding to the identification can be directly generated.
In a second aspect, an embodiment of the present application provides a single point management device, including:
the communication unit is used for carrying out data transmission with the user side;
the processor is used for responding to a first login instruction triggered by a target user side, determining a target identification of a target user corresponding to the first login instruction and generating a temporary password of the target user; the first login instruction is a login instruction aiming at a unified system, which is triggered after a target user logs in a non-unified access system; generating login information of the target user based on the target identifier and the temporary password; and carrying out identity authentication on the basis of the login information in a unified access system in the unified system.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic view of an application scenario provided in an embodiment of the present application;
fig. 2 is an interaction flow chart of a first single sign-on method according to an embodiment of the present application;
FIG. 3 is an interactive flow chart of a second single sign-on method according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a first user interface provided in an embodiment of the present application;
FIG. 5 is an interactive flowchart of a third single sign-on method according to an embodiment of the present application;
FIG. 6 is an interactive flow chart of a fourth single sign-on method according to an embodiment of the present application;
FIG. 7 is an interactive flow chart of a fifth single sign-on method according to an embodiment of the present application;
FIG. 8 is a schematic diagram of a second user interface provided in an embodiment of the present application;
FIG. 9 is an interactive flowchart of a sixth single sign-on method according to an embodiment of the present application;
FIG. 10 is a schematic diagram of a unified login interface according to an embodiment of the present disclosure;
FIG. 11 is an interactive flowchart of a seventh single sign-on method according to an embodiment of the present application;
FIG. 12 is a schematic diagram of a third user interface provided in an embodiment of the present application;
FIG. 13 is an interactive flow chart of an eighth single sign-on method provided in an embodiment of the present application;
fig. 14 is a flowchart of a first single sign-on method according to an embodiment of the present application;
fig. 15 is a flowchart of a second single sign-on method according to an embodiment of the present application;
fig. 16 is a flowchart of a third single sign-on method according to an embodiment of the present application;
fig. 17 is a flowchart of a fourth single sign-on method according to an embodiment of the present application;
fig. 18 is a schematic structural diagram of a first single sign-on device according to an embodiment of the present disclosure;
fig. 19 is a schematic structural diagram of a second single sign-on device according to an embodiment of the present application;
fig. 20 is a schematic structural diagram of a single point management device according to an embodiment of the present application.
Detailed Description
For the purpose of promoting an understanding of the principles and advantages of this application, reference will now be made in detail to the drawings, in which it is apparent that the embodiments described are only some, but not all embodiments of the application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
The terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature. In the description of the present application, unless otherwise indicated, the meaning of "a plurality" is two or more.
In the description of the present application, it should be noted that, unless explicitly stated and limited otherwise, the term "connected" should be interpreted broadly, for example, as being directly connected, or indirectly connected through an intermediate medium, or as being in communication with the inside of two devices. The specific meaning of the terms in this application will be understood by those of ordinary skill in the art as the case may be.
The terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a product or apparatus that comprises a list of elements is not necessarily limited to all elements explicitly listed, but may include other elements not expressly listed or inherent to such product or apparatus.
The term "module" refers to any known or later developed hardware, software, firmware, artificial intelligence, fuzzy logic, or combination of hardware or/and software code that is capable of performing the function associated with that element.
In this embodiment, the non-uniform access system refers to a system that is not accessed into a uniform system, such as a Jin Hong office network for government departments.
In this embodiment, the unified access system refers to a system that accesses to a unified system (a website of the unified access system may be mounted to a unified service entry interface corresponding to the unified system), such as a street application system, a grid member application system, an operation and maintenance application system, and the like.
With the development of technology, single sign-on technology is becoming more and more popular. Single sign-on refers to that in an environment where multiple systems coexist, after a user logs in one system, the user does not need to log in the other systems again, that is, the user can obtain the trust of all the other systems after one login.
Referring to fig. 1, a plurality of unified access systems (in fig. 1, unified access system 2 and unified access system 3 are taken as examples) are accessed into a unified system, so that single sign-on is realized in the unified system.
In the scenario shown in fig. 1, the present embodiment provides a single sign-on method, which, referring to fig. 2, includes:
Step S201: after receiving a website of the unified access system 1 input by a user through user equipment, a user terminal sends an access request to the unified access system 1;
step S202: after the unified access system 1 determines that the user is not logged in, returning information representing that the user is not logged in to the user side;
step S203: the user side displays a unified login interface so that a user inputs a user identifier and a login password on the unified login interface, and after the user identifier and the login password are verified by the unified access system 1, the user logs in the unified access system 1;
step S204: the user transmits the user identification and the login password to the single-point management equipment;
step S205: the single point management equipment generates login information (login credentials and verification information) of the user based on the user identification and the login password, and transmits the login credentials to the user side;
step S206: the user terminal receives the website of the unified access system 3 input by the user through the user equipment and sends an access request to the unified access system 3;
step S207: after the unified access system 3 determines that the user is not logged in, returning information representing that the user is not logged in to the user side;
step S208: the user side places the login credentials in a second login instruction and sends the second login instruction to the single-point management equipment;
Step S209: after the single-point management equipment determines that the second login instruction triggered by the user side contains login credentials, sending verification information corresponding to the second login instruction triggered by the user side to the user side;
step S210: the user sends the verification information to the unified access system 3;
step S211: the unified access system 3 performs authentication based on the authentication information, and after the authentication is passed, the user logs in to the unified access system 3.
That is, after the user logs in to the unified access system 1, the user does not need to input the user identification and the login password again, and the user does not need to log in to access the unified access system 3.
The embodiment is not limited to the specific implementation manner of the single point management device, for example, a central authentication service (Central Authentication Service, CAS) server, etc.
However, for the non-uniform access system, after the user logs in the non-uniform access system, the user accesses other systems or needs to log in again, i.e. single sign-on cannot be realized through the non-uniform access system.
In view of this, the embodiments of the present application provide a single sign-on method and a single sign-on device for implementing single sign-on through a non-uniform access system. The method is applied to the single point management equipment, and comprises the following steps: responding to a first login instruction triggered by a target user side, determining a target identification of a target user corresponding to the first login instruction, and generating a temporary password of the target user; the first login instruction is a login instruction aiming at a unified system, which is triggered after a target user logs in a non-unified access system; generating login information of the target user based on the target identifier and the temporary password; and carrying out identity authentication on the basis of the login information in a unified access system in the unified system.
The following describes the technical scheme of the present application and how the technical scheme of the present application solves the above technical problems in detail with reference to the accompanying drawings and specific embodiments. The following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments.
Fig. 3 is an interaction flow chart of a second single sign-on method according to an embodiment of the present application, as shown in fig. 3, including the following steps:
step S301: after a target user logs in a non-uniform access system, when the target user receives a login-free request input by the target user, triggering a first login instruction aiming at a uniform system.
In implementation, an interface for characterizing single sign-on may be provided in the non-uniform access system, and, illustratively, after the target user logs in to the non-uniform access system, the user interface shown in fig. 4 is entered, where the user interface has a "uniform service entry" key, and the user clicks the key to trigger a no-sign-on request; and triggering a first login instruction aiming at the unified system when the target user side receives the login-free request.
Fig. 4 is merely an exemplary illustration of a user interface for a non-uniform access system, and other similar user interfaces may be employed in implementations, such as replacing a "uniform service entry" key with a "no-login" key or a "uniform hierarchy" key, etc.
Step S302: the single-point management equipment responds to a first login instruction triggered by a target user side, determines a target identification of a target user corresponding to the first login instruction, and generates a temporary password of the target user.
The single-point processing logic of the single-point management equipment generates login information according to the user identifier and the password, but the single-point management equipment cannot acquire the login password of the target user; based on this, the present embodiment needs to simulate a temporary password for the target user.
The temporary password is only used for simulating the login of the target user in the unified access system, so the generation mode of the temporary password is not particularly limited, for example, the temporary password is generated randomly, and the temporary password is generated based on a preset algorithm. In addition, the expiration time of the temporary password can be set according to the actual application scenario.
Step S303: and the single-point management equipment generates login information of the target user based on the target identifier and the temporary password.
In this embodiment, by generating the temporary password, the login of the target user in the unified access system (the target user is not actually logged in the unified access system) can be simulated, and the login information of the target user can be obtained.
Step S304: and the single-point management equipment performs identity verification on the basis of the login information in a unified access system in the unified system.
According to the scheme, the single point management device cannot learn the login password of the target user, but the processing logic of the single point management device generates the login information according to the login user name and the login password, so that the login information of the target user can be obtained by simulating the login of the target user in the unified access system by generating the temporary password, and the single point login can be realized through the non-unified access system without inputting the user identification and the password again when the subsequent target user accesses the unified access system.
Fig. 5 is an interactive flowchart of a third single sign-on method according to an embodiment of the present application, as shown in fig. 5, including the following steps:
step S501: after a target user logs in a non-uniform access system, when the target user receives a login-free request input by the user, triggering a first login instruction aiming at a uniform system.
Step S502: the single-point management equipment responds to a first login instruction triggered by a target user side, determines a target identification of a target user corresponding to the first login instruction, and generates a temporary password of the target user.
Step S503: and the single-point management equipment generates login information of the target user based on the target identifier and the temporary password.
Wherein the login information includes login credentials and authentication information.
The specific implementation manner of steps S501 to S503 may refer to the above embodiment, and will not be described herein.
Step S504: and the single-point management equipment sends the login credentials to the target user side.
In this embodiment, the user side is the front end (browser) of the single point management system, the single point management device is the back end of the single point management system, and for the user equipment that has logged in to the non-uniform access system, in order to access the uniform access system through the user equipment without logging in, it is necessary to send the login credentials to the user side, and the user side writes the login credentials into the Cookie (local data) of the browser.
Step S505: and when the target user side triggers a second login instruction aiming at the unified access system, the login credential is placed in the second login instruction.
Illustratively, the ticket authorization ticket (Ticket Granting Ticket, TGT) is a ticket (credential) issued by the single point management system for the user to verify that the user login was successful; the TGT encapsulates the user information corresponding to the Cookie value; the single-point management device inquires whether a TGT (TGC: TGT (value)) exists in the cache for a key through a Ticket authorization Ticket Cookie (TGC), and if so, the single-point management device indicates that the user has logged in. The TGT value is encoded by adding the client IP address and client proxy information (browser information) to the TGT value using the separator. The single point management device will put the generated TGT in session, and the TGC is the unique identifier (session id) of this session, which can be considered as the key of the TGT, the TGT is the value of the TGC, and the TGC is stored in the browser in the form of a cookie, and each second login instruction will attempt to carry the TGC. (each service will save the corresponding TGT and TGC in session and cookie).
Step S506: the single-point management equipment responds to a second login instruction triggered by the user side, and after determining that the second login instruction triggered by the user side contains login credentials, the single-point management equipment sends verification information corresponding to the second login instruction triggered by the user side to the user side.
As described above, the login credentials represent that the user has logged in the unified system, the second login instruction triggered by the user terminal will attempt to carry the login credentials, i.e. if the user terminal has the login credentials, the login credentials are placed in the second login instruction, and if the user terminal does not have the login credentials, the login credentials cannot be placed in the second login instruction. Therefore, if the second login instruction triggered by the user side contains login credentials, the user does not need to input the user identifier and the password again, and verification information corresponding to the second login instruction triggered by the user side is directly sent to the user side, so that the user side requests access to the unified access system based on the verification information.
Step S507: and after receiving the verification information, the user sends a login request carrying the verification information to the unified access system.
Step S508: and the unified access system performs identity authentication on the user corresponding to the second login instruction based on the authentication information.
According to the scheme, the login credentials represent that the user logs in the unified system, the login credentials are sent to the user side which is successfully logged in, the second login instructions triggered by the user side all try to carry the login credentials, namely the login credentials are placed in the second login instructions if the user side has the login credentials, and the login credentials cannot be placed in the second login instructions if the user side does not have the login credentials. Therefore, if the second login instruction triggered by the user side contains login credentials, the user does not need to input the user identifier and the password again, and verification information corresponding to the second login instruction triggered by the user side is directly sent to the user side, so that the user side requests access to the unified access system based on the verification information.
Fig. 6 is an interactive flowchart of a fourth single sign-on method according to an embodiment of the present application, as shown in fig. 6, including the following steps:
step S601: after a target user logs in a non-uniform access system, when the target user receives a login-free request input by the user, triggering a first login instruction aiming at a uniform system.
Step S602: the single-point management equipment responds to a first login instruction triggered by a target user side, determines a target identification of a target user corresponding to the first login instruction, and generates a temporary password of the target user.
Step S603: and the single-point management equipment generates login information of the target user based on the target identifier and the temporary password.
Wherein the login information includes login credentials and authentication information.
Step S604: and the single-point management equipment sends the login credentials to the target user side.
Step S605: and when the target user side triggers a second login instruction aiming at the unified access system, the login credential is placed in the second login instruction.
The specific implementation of steps S601 to S605 may refer to the above embodiment, and will not be described herein.
Step S606: after the single-point management equipment responds to a second login instruction triggered by the user side and determines that the second login instruction triggered by the user side contains login credentials, if the identity of the same user in the unified system is the same as the identity in the unified access system, the user identity carried by the second login instruction is placed in verification information corresponding to the second login instruction.
In implementation, the user identities in the unified system are unified, and the user identities are managed by establishing the unified user system shown in table 1:
TABLE 1
| Identification mark | |
| Name of name | |
| Password code | |
| Mailbox | |
| Mobile phone number | |
| Micro-signal | |
| Address of | |
| Sex (sex) |
The unified access system may be an old system, and the identifier in the unified system is not unified with the identifier in the unified access system, that is, the identifier of the same user in the unified system is different from the identifier in the unified access system; the unified access system may also be a new system, and the identifier in the unified system is unified with the identifier in the unified access system, that is, the identifier of the same user in the unified system is the same as the identifier in the unified access system.
Aiming at the condition that the identity of the same user in the unified system is the same as the identity in the unified access system, the user identity carried by the second login instruction is the identity of the corresponding user in the unified access system, so that the user identity carried by the second login instruction can be directly placed in the verification information corresponding to the second login instruction, and the subsequent unified access system can perform identity verification on the user corresponding to the second login instruction based on the verification information.
Determining whether the identity of the same user in the unified system is the same as the identity in the unified access system may be accomplished by, but is not limited to, the following:
1) The single point management equipment is preset with a first old system identifier (an identifier of a unified access system which is not unified with the identifier in the unified system); the second login instruction comprises a unified access system identifier; after receiving the second login instruction, the single-point management device compares the unified access system identifier in the second login instruction with the first old identifier, and if the first old identifier has the unified access system identifier, determines that the identifier of the same user in the unified system is different from the identifier in the unified access system; if the first old identification does not have the unified access system identification, the identification of the same user in the unified system is determined to be the same as the identification in the unified access system.
2) The second login instruction comprises system information; after receiving the second login instruction, the single-point management device determines that the identity of the same user in the unified system is different from the identity in the unified access system if the system information characterizes the old system; if the system information characterizes the new system, the identity of the same user in the unified system is determined to be the same as the identity in the unified access system.
Step S607: and sending verification information corresponding to the second login instruction triggered by the user side to the user side.
Step S608: and after receiving the verification information, the user sends a login request carrying the verification information to the unified access system.
Step S609: and the unified access system performs identity authentication on the user corresponding to the second login instruction based on the authentication information.
The specific implementation of steps S607 to S609 can refer to the above embodiment, and will not be described herein.
According to the scheme, aiming at the condition that the identity of the same user in the unified system is the same as the identity of the same user in the unified access system, the user identity carried by the second login instruction is the identity of the corresponding user in the unified access system, so that the user identity carried by the second login instruction can be directly placed in the verification information corresponding to the second login instruction, and the subsequent unified access system can verify the identity of the user corresponding to the second login instruction based on the verification information.
Fig. 7 is an interaction flow chart of a fifth single sign-on method according to an embodiment of the present application, as shown in fig. 7, including the following steps:
step S701: after a target user logs in a non-uniform access system, triggering a first login instruction aiming at a uniform system when the target user side receives a login-free request input by the target user;
step S702: the single-point management equipment responds to a first login instruction triggered by a target user side, determines a target identification of a target user corresponding to the first login instruction, and generates a temporary password of the target user.
Step S703: and the single-point management equipment generates login information of the target user based on the target identifier and the temporary password.
Wherein the login information includes login credentials and authentication information.
Step S704: and the single-point management equipment sends the login credentials to the target user side.
Step S705: and when the target user side triggers a second login instruction aiming at the unified access system, the login credential is placed in the second login instruction.
The specific implementation manner of the steps S701 to S705 may refer to the above embodiment, and will not be described herein.
Step S706: after the second login instruction triggered by the user side is determined to contain login credentials, if the identity of the same user in the unified system is different from the identity in the unified access system, the single-point management device determines the identity of the user corresponding to the second login instruction in the unified access system based on a first mapping relation, and places the determined identity in the verification information.
Wherein the first mapping relationship comprises a mapping between the identities in the unified access system and the identities in the unified system.
In the implementation, the unified access system may be an old system, and the identifier in the unified system is not unified with the identifier in the unified access system, that is, the identifier of the same user in the unified system is different from the identifier in the unified access system; the unified access system may also be a new system, and the identifier in the unified system is unified with the identifier in the unified access system, that is, the identifier of the same user in the unified system is the same as the identifier in the unified access system.
Aiming at the situation that the identity of the same user in the unified system is different from the identity of the same user in the unified access system, the user identity carried by the second login instruction is not the identity of the corresponding user in the unified access system, the identity of the user in the unified access system also needs to be determined, and the subsequent unified access system can correctly perform identity verification based on verification information.
Based on the first mapping relation between the identifier in the unified access system and the identifier in the unified system is preset in the embodiment; according to the first mapping relation, an identifier mapped by a user identifier carried by the second login instruction (an identifier of a user corresponding to the second login instruction in the unified access system) can be determined, and the identifier is placed in the authentication information, so that the subsequent unified access system performs identity authentication on the user corresponding to the second login instruction based on the authentication information.
In implementation, the first mapping relationship may be managed through the user interface shown in fig. 8, and the user types in the identifier of the user in the unified access system by clicking an input box beside the unified access system; and clicking an input box beside the unified system to key in the identification of the user in the unified system, so as to obtain a group of mapping relations corresponding to the user.
And obtaining a plurality of groups of mapping relations corresponding to different users through a plurality of groups of input by the users, and further obtaining the first mapping relation.
The implementation manner of determining whether the identity of the same user in the unified system is the same as the identity in the unified access system may refer to the above embodiment, and will not be described herein.
Step S707: and sending verification information corresponding to the second login instruction triggered by the user side to the user side.
Step S708: and after receiving the verification information, the user sends a login request carrying the verification information to the unified access system.
Step S709: and the unified access system performs identity authentication on the user corresponding to the second login instruction based on the authentication information.
The specific implementation of steps S707 to S709 may refer to the above embodiment, and will not be described herein.
According to the scheme, aiming at the situation that the identity of the same user in the unified system is different from the identity of the same user in the unified access system, the user identity carried by the second login instruction is not the identity of the corresponding user in the unified access system, the identity of the user in the unified access system also needs to be determined, and the subsequent unified access system can correctly perform identity verification based on verification information; based on the first mapping relation between the identifier in the unified access system and the identifier in the unified system, the identifier mapped by the user identifier carried by the second login instruction (the identifier of the user corresponding to the second login instruction in the unified access system) can be determined, and the identifier is placed in the verification information, so that the subsequent unified access system performs identity verification on the user corresponding to the second login instruction based on the verification information. Therefore, the account system and the authority configuration in the unified access system do not need to be changed, and the unified system can be accessed to realize single sign-on.
Of course, for the user terminal that does not login successfully, the triggered second login instruction has no login credential, and the user needs to input a user identifier and a password to login. The specific implementation process can be shown in fig. 9:
Step S901: the user side triggers a second login instruction which does not contain login credentials.
As described above, the second login instruction triggered by the user terminal will try to carry the login credentials, but the user corresponding to the user terminal will not receive the login credentials without successful login in the unified system, and the login credentials cannot be placed in the second login instruction.
Step S902: and the single-point management equipment responds to a second login instruction triggered by the user side, and displays a unified login interface through the user side after determining that the second login instruction triggered by the user side does not contain login credentials.
The embodiment does not limit the specific implementation manner of the unified login interface, but the unified login interface at least comprises a user identification input box and a password input box. Referring to FIG. 10, for one possible implementation of a unified login interface, a user types in a user identification by clicking an input box next to "user name"; by clicking on the input box next to "password", the password is entered. In other possible implementations, there may also be a verification code entry box, or the like.
Step S903: the single point management device generates login information of the corresponding user based on the input user identification and the password.
Step S904: and the single-point management equipment performs identity verification on the basis of the login information in a unified access system in the unified system.
The specific implementation of steps S903 to S904 may refer to the above embodiment, and will not be described herein.
Fig. 11 is an interaction flow chart of a seventh single sign-on method according to an embodiment of the present application, as shown in fig. 11, including the following steps:
step S1101: after a target user logs in a non-uniform access system, triggering a first login instruction aiming at a uniform system when the target user side receives a login-free request input by the target user;
the specific implementation of this step S1101 may refer to the above embodiment, and will not be described herein.
Step S1102: and the single-point management equipment responds to a first login instruction triggered by a target user end, if the identification of the same user in the unified system is different from the identification in the non-unified access system, the identification of the target user in the unified system is determined based on a second mapping relation, the determined identification is used as the target identification of the target user, and a temporary password of the target user is generated.
Wherein the second mapping relationship comprises a mapping between the identities in the non-uniform access system and the identities in the uniform system.
In the implementation, the non-unified access system may be an old system, and the identifiers in the unified system and the non-unified access system are not unified, i.e. the identifiers of the same user in the unified system are different from the identifiers in the non-unified access system; the non-uniform access system may also be a new system, and the identifiers in the uniform system are uniform with the identifiers in the non-uniform access system, i.e. the identifiers of the same user in the uniform system are the same as the identifiers in the non-uniform access system.
Aiming at the situation that the identification of the same user in the unified system is different from the identification of the same user in the non-unified access system, the user identification carried by the first login instruction is not the identification of the corresponding user in the unified system, the identification of the user in the unified system also needs to be determined, and login information can be accurately generated afterwards.
Based on the above, the second mapping relation between the identifier in the non-uniform access system and the identifier in the uniform system is preset in the embodiment; according to the second mapping relation, an identifier mapped by the user identifier carried by the first login instruction (an identifier of the user corresponding to the first login instruction in the non-uniform access system) can be determined, and login information corresponding to the identifier is generated.
In practice, the second mapping relationship may be managed through the user interface shown in fig. 12, and the user types in the identifier of the user in the non-uniform access system by clicking an input box beside the non-uniform access system; and clicking an input box beside the unified system to key in the identification of the user in the unified system, so as to obtain a group of mapping relations corresponding to the user.
And obtaining a plurality of groups of mapping relations corresponding to different users through a plurality of groups of input by the users, and further obtaining the second mapping relation.
Determining whether the identity of the same user in the unified system is the same as the identity in the non-unified access system may be accomplished by, but is not limited to, the following:
1) The single point management equipment is preset with a second old identifier (the identifier of a non-unified access system which is not unified with the identifier in the unified system); the first login instruction comprises a non-uniform access system identifier; after receiving the first login instruction, the single-point management device compares the non-uniform access system identifier in the first login instruction with the second old identifier, and if the second old identifier has the non-uniform access system identifier, determines that the identifier of the same user in the uniform system is different from the identifier in the non-uniform access system; if the second old identification does not have the non-uniform access system identification, the identification of the same user in the uniform system is determined to be the same as the identification in the non-uniform access system.
2) The first login instruction comprises system information; after receiving the first login instruction, the single-point management equipment determines that the identity of the same user in the unified system is different from the identity in the non-unified access system if the system information characterizes the old system; if the system information characterizes the new system, the identity of the same user in the unified system is determined to be the same as the identity in the non-unified access system.
Step S1103: and the single-point management equipment generates login information of the target user based on the target identifier and the temporary password.
Step S1104: and the single-point management equipment performs identity verification on the basis of the login information in a unified access system in the unified system.
The specific implementation manner of the steps S1103 to S1104 may refer to the above embodiment, and will not be described herein.
According to the scheme, aiming at the situation that the identity of the same user in the unified system is different from the identity of the same user in the non-unified access system, the user identity carried by the first login instruction is not the identity of the corresponding user in the unified system, the identity of the user in the unified system also needs to be determined, and login information can be accurately generated afterwards; based on a second mapping relationship between the identifications in the non-uniform access system and the identifications in the uniform system; the identifier mapped by the user identifier carried by the first login instruction (the identifier of the user corresponding to the first login instruction in the non-uniform access system) can be determined, and login information corresponding to the identifier is generated. Therefore, single sign-on can be realized without changing the account system and the authority configuration in the non-uniform access system.
Fig. 13 is an interaction flow chart of an eighth single sign-on method according to an embodiment of the present application, as shown in fig. 13, including the following steps:
step S1301: after a target user logs in a non-uniform access system, triggering a first login instruction aiming at a uniform system when the target user side receives a login-free request input by the target user;
the specific implementation of step S1301 may refer to the above embodiment, and will not be described herein.
Step S1302: and if the identification of the same user in the unified system is the same as the identification in the non-unified access system, taking the user identification carried by the first login instruction as the target identification of the target user.
In the implementation, the non-unified access system may be an old system, and the identifiers in the unified system and the non-unified access system are not unified, i.e. the identifiers of the same user in the unified system are different from the identifiers in the non-unified access system; the unified access system may also be a new system, and the identifiers in the unified system are unified with the identifiers in the non-unified access system, i.e. the identifiers of the same user in the unified system are the same as the identifiers in the non-unified access system.
Aiming at the condition that the identification of the same user in the unified system is the same as the identification of the same user in the non-unified access system, the user identification carried by the first login instruction is the identification of the corresponding user in the unified system, so that login information corresponding to the identification can be directly generated.
The implementation manner of determining whether the identity of the same user in the unified system is the same as the identity of the same user in the non-unified access system may refer to the above embodiment, and will not be described herein.
Step S1303: and the single-point management equipment generates login information of the target user based on the target identifier and the temporary password.
Step S1304: and the single-point management equipment performs identity verification on the basis of the login information in a unified access system in the unified system.
The specific implementation manner of the steps S1303 to S1304 may refer to the above embodiment, and will not be described herein.
According to the scheme, the user identification carried by the first login instruction is the identification of the corresponding user in the unified system aiming at the situation that the identification of the same user in the unified system is the same as the identification of the same user in the non-unified access system, so that login information corresponding to the identification can be directly generated.
Fig. 14 is a single sign-on method executed by a first single point management device according to an embodiment of the present application, as shown in fig. 14, including the following steps:
step S1401: responding to a first login instruction triggered by a target user side, determining a target identification of a target user corresponding to the first login instruction, and generating a temporary password of the target user; the first login instruction is a login instruction aiming at a unified system, which is triggered after a target user logs in a non-unified access system;
Step S1402: generating login information of the target user based on the target identifier and the temporary password;
step S1403: and carrying out identity authentication on the basis of the login information in a unified access system in the unified system.
In some alternative embodiments, the login information includes login credentials and authentication information; correspondingly, fig. 15 is a schematic diagram of a single sign-on method executed by a second single point management device according to an embodiment of the present application, including the following steps:
step S1501: responding to a first login instruction triggered by a target user side, determining a target identification of a target user corresponding to the first login instruction, and generating a temporary password of the target user; the first login instruction is a login instruction aiming at a unified system, which is triggered after a target user logs in a non-unified access system;
step S1502: generating login information of the target user based on the target identifier and the temporary password;
step S1503: the login credentials are sent to the target user side, so that when the target user side triggers a second login instruction aiming at a unified access system, the login credentials are placed in the second login instruction;
Step S1504: responding to a second login instruction triggered by any user side, after determining that the second login instruction triggered by the user side comprises login credentials, sending verification information corresponding to the second login instruction triggered by the user side to the user side, so that the user side sends a login request carrying the verification information to the unified access system after receiving the verification information, and carrying out identity verification based on the verification information through the unified access system.
In some optional embodiments, before sending the verification information corresponding to the second login instruction triggered by the user side to the user side, the method further includes:
if the identification of the same user in the unified system is the same as the identification in the unified access system, the user identification carried by the second login instruction is placed in the verification information; or alternatively
If the identification of the same user in the unified system is different from the identification in the unified access system, determining the identification of the user corresponding to the second login instruction in the unified access system based on a first mapping relation, and placing the determined identification in the verification information; wherein the first mapping relationship comprises a mapping between the identities in the unified access system and the identities in the unified system.
In some alternative embodiments, the identity of the same user in the unified hierarchy is different from the identity in the non-unified access system; correspondingly, fig. 16 is a single sign-on method executed by a third single point management device according to the embodiment of the present application, including the following steps:
step S1601: responding to a first login instruction triggered by a target user side, determining the identification of the target user in the unified system based on a second mapping relation, taking the determined identification as the target identification of the target user, and generating a temporary password of the target user;
the first login instruction is a login instruction aiming at a unified system, which is triggered after a target user logs in a non-unified access system; the second mapping relation comprises mapping between the identifiers in the non-uniform access system and the identifiers in the uniform system;
step S1602: generating login information of the target user based on the target identifier and the temporary password;
step S1603: and carrying out identity authentication on the basis of the login information in a unified access system in the unified system.
In some optional embodiments, the identity of the same user in the unified system is the same as the identity in the non-unified access system; correspondingly, fig. 17 is a single sign-on method executed by a fourth single point management device according to the embodiment of the present application, including the following steps:
Step S1701: responding to a first login instruction triggered by a target user side, taking a user identifier carried by the first login instruction as a target identifier of the target user, and generating a temporary password of the target user; the first login instruction is a login instruction aiming at a unified system, which is triggered after a target user logs in a non-unified access system;
step S1702: generating login information of the target user based on the target identifier and the temporary password;
step S1703: and carrying out identity authentication on the basis of the login information in a unified access system in the unified system.
The method executed by the single point management device may refer to implementation of the above interaction method, and the repetition is not repeated.
As shown in fig. 18, based on the same inventive concept as the single sign-on method performed by the single sign-on device, the embodiment of the present application provides a first single sign-on apparatus 1800 applied to the single sign-on device, the apparatus includes:
the login information processing module 1801 is configured to determine a target identifier of a target user corresponding to a first login instruction, and generate a temporary password of the target user, in response to the first login instruction triggered by the target user; the first login instruction is a login instruction aiming at a unified system, which is triggered after a target user logs in a non-unified access system;
The login information processing module 1801 is further configured to generate login information of the target user based on the target identifier and the temporary password;
and the verification module 1802 is configured to perform identity verification on the unified access system in the unified system based on the login information.
In some alternative embodiments, the login information includes login credentials and authentication information; correspondingly, the embodiment of the present application provides a first single sign-on device 1900, which further includes a sending module 1803, configured to send the login credential to the target ue after the login information processing module 1801 generates the login information of the target ue, so that when the target ue triggers a second login instruction for the unified access system, the login credential is placed in the second login instruction;
the verification module 1802 is specifically configured to:
responding to a second login instruction triggered by any user side, after determining that the second login instruction triggered by the user side comprises login credentials, sending verification information corresponding to the second login instruction triggered by the user side to the user side, so that the user side sends a login request carrying the verification information to the unified access system after receiving the verification information, and carrying out identity verification based on the verification information through the unified access system.
In some optional embodiments, before sending the verification information corresponding to the second login instruction triggered by the user side to the user side, the sending module 1803 is further configured to:
if the identification of the same user in the unified system is the same as the identification in the unified access system, the user identification carried by the second login instruction is placed in the verification information; or alternatively
If the identification of the same user in the unified system is different from the identification in the unified access system, determining the identification of the user corresponding to the second login instruction in the unified access system based on a first mapping relation, and placing the determined identification in the verification information; wherein the first mapping relationship comprises a mapping between the identities in the unified access system and the identities in the unified system.
In some optional embodiments, if the identity of the same user in the unified system is different from the identity in the non-unified access system, the login information processing module 1801 is specifically configured to:
determining the identification of the target user in the unified system based on a second mapping relation, and taking the determined identification as the target identification of the target user; wherein the second mapping relationship comprises a mapping between the identities in the non-uniform access system and the identities in the uniform system.
In some optional embodiments, if the identity of the same user in the unified system is the same as the identity in the non-unified access system, the login information processing module 1801 is specifically configured to:
and taking the user identifier carried by the first login instruction as the target identifier of the target user.
The specific implementation of the embodiments of fig. 18 to 19 may refer to the implementation of the above interaction method, and the repetition is not repeated.
Based on the same technical concept, the embodiment of the present application further provides a single point management device 2000, as shown in fig. 20, including at least one processor 2001 and a memory 2002 connected to the at least one processor, where a specific connection medium between the processor 2001 and the memory 2002 is not limited in the embodiment of the present application, and in fig. 10, the processor 2001 and the memory 2002 are connected by a bus 2003 as an example. The buses may be divided into address buses, data buses, control buses, etc. For ease of illustration, only one thick line is shown in fig. 20, but not only one bus or one type of bus.
The single point management device further includes a communication unit (not shown in the figure) for performing data transmission with the user terminal.
Among them, the processor 2001 is a control center of the single point management device, and various interfaces and lines can be used to connect various parts of the single point management device, and data processing can be realized by executing or executing instructions stored in the memory 2002 and calling data stored in the memory 2002. Alternatively, the processor 2001 may include one or more processing units, and the processor 2001 may integrate an application processor and a modem processor, wherein the application processor primarily processes operating systems, user interfaces, application programs, etc., and the modem processor primarily processes issuing instructions. It will be appreciated that the modem processor described above may not be integrated into the processor 2001. In some embodiments, processor 2001 and memory 2002 may be implemented on the same chip, or they may be implemented separately on separate chips in some embodiments.
The processor 2001 may be a general purpose processor such as a Central Processing Unit (CPU), digital signal processor, application specific integrated circuit (Application Specific Integrated Circuit, ASIC), field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, and may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present application. The general purpose processor may be a microprocessor or any conventional processor or the like. The steps of a method disclosed in connection with a single sign-on method embodiment may be embodied directly in a hardware processor for execution, or in a combination of hardware and software modules in the processor for execution.
The memory 2002 is used as a non-volatile computer-readable storage medium for storing non-volatile software programs, non-volatile computer-executable programs, and modules. The Memory 2002 may include at least one type of storage medium, and may include, for example, flash Memory, hard disk, multimedia card, card Memory, random access Memory (Random Access Memory, RAM), static random access Memory (Static Random Access Memory, SRAM), programmable Read-Only Memory (Programmable Read Only Memory, PROM), read-Only Memory (ROM), charged erasable programmable Read-Only Memory (Electrically Erasable Programmable Read-Only Memory, EEPROM), magnetic Memory, magnetic disk, optical disk, and the like. Memory 2002 is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory 2002 in the embodiments of the present application may also be circuitry or any other device capable of performing storage functions for storing program instructions and/or data.
In the present embodiment, the memory 2002 stores a computer program that, when executed by the processor 2001, causes the processor 2001 to perform:
Responding to a first login instruction triggered by a target user side, determining a target identification of a target user corresponding to the first login instruction, and generating a temporary password of the target user; the first login instruction is a login instruction aiming at a unified system, which is triggered after a target user logs in a non-unified access system;
generating login information of the target user based on the target identifier and the temporary password;
and carrying out identity authentication on the basis of the login information in a unified access system in the unified system.
In some alternative embodiments, the login information includes login credentials and authentication information;
after generating the login information of the target user, the processor 2001 further executes:
the login credentials are sent to the target user side, so that when the target user side triggers a second login instruction aiming at a unified access system, the login credentials are placed in the second login instruction;
the processor 2001 specifically performs:
responding to a second login instruction triggered by any user side, after determining that the second login instruction triggered by the user side comprises login credentials, sending verification information corresponding to the second login instruction triggered by the user side to the user side, so that the user side sends a login request carrying the verification information to the unified access system after receiving the verification information, and carrying out identity verification based on the verification information through the unified access system.
In some optional embodiments, before sending the authentication information corresponding to the second login instruction triggered by the user side to the user side, the processor 2001 further performs:
if the identification of the same user in the unified system is the same as the identification in the unified access system, the user identification carried by the second login instruction is placed in the verification information; or alternatively
If the identification of the same user in the unified system is different from the identification in the unified access system, determining the identification of the user corresponding to the second login instruction in the unified access system based on a first mapping relation, and placing the determined identification in the verification information; wherein the first mapping relationship comprises a mapping between the identities in the unified access system and the identities in the unified system.
In some alternative embodiments, if the identity of the same user in the unified system is different from the identity in the non-unified access system, the processor 2001 specifically performs:
determining the identification of the target user in the unified system based on a second mapping relation, and taking the determined identification as the target identification of the target user; wherein the second mapping relationship comprises a mapping between the identities in the non-uniform access system and the identities in the uniform system.
In some alternative embodiments, if the identity of the same user in the unified system is the same as the identity in the non-unified access system, the processor 2001 specifically performs:
and taking the user identifier carried by the first login instruction as the target identifier of the target user.
Based on the same technical idea, the embodiments of the present application further provide a computer-readable storage medium storing a computer program executable by a processor, which when executed on the processor, causes the processor to perform the steps of the single sign-on method described above.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present application without departing from the spirit or scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims and the equivalents thereof, the present application is intended to cover such modifications and variations.
Claims (8)
1. A single sign-on method for a single point management device, the method comprising:
responding to a first login instruction triggered by a target user side, determining a target identification of a target user corresponding to the first login instruction, and generating a temporary password of the target user; the first login instruction is a login instruction aiming at a unified system, which is triggered after a target user logs in a non-unified access system;
generating login information of the target user based on the target identifier and the temporary password;
performing identity verification on the basis of the login information in a unified access system in the unified system;
if the identity of the same user in the unified system is different from the identity in the non-unified access system, determining the target identity of the target user corresponding to the first login instruction comprises: determining the identification of the target user in the unified system based on a second mapping relation, and taking the determined identification as the target identification of the target user; wherein the second mapping relation comprises mapping between the identifiers in the non-uniform access system and the identifiers in the uniform system;
Determining whether the identity of the same user in the unified system is the same as the identity in the non-unified access system by:
comparing the non-uniform access system identifier in the first login instruction with a second old identifier preset in the single-point management device; if the second old identifier has the non-uniform access system identifier, determining that the identifier of the same user in the uniform system is different from the identifier in the non-uniform access system; otherwise, determining that the identification of the same user in the unified system is the same as the identification in the non-unified access system; wherein the second old identifier is an identifier of a non-unified access system which is not unified with the identifier in the unified system; or alternatively
If the system information of the first login instruction represents an old system, determining that the identification of the same user in a unified system is different from the identification in a non-unified access system; otherwise, the identity of the same user in the unified system is determined to be the same as the identity in the non-unified access system.
2. The method of claim 1, wherein the login information includes login credentials and authentication information;
after generating the login information of the target user, the method further comprises the following steps:
The login credentials are sent to the target user side, so that when the target user side triggers a second login instruction aiming at a unified access system, the login credentials are placed in the second login instruction;
and carrying out identity authentication on the basis of the login information in a unified access system in the unified system, wherein the method comprises the following steps:
responding to a second login instruction triggered by any user side, after determining that the second login instruction triggered by the user side comprises login credentials, sending verification information corresponding to the second login instruction triggered by the user side to the user side, so that the user side sends a login request carrying the verification information to the unified access system after receiving the verification information, and carrying out identity verification based on the verification information through the unified access system.
3. The method of claim 2, wherein before sending the authentication information corresponding to the second login instruction triggered by the user side to the user side, the method further comprises:
if the identification of the same user in the unified system is the same as the identification in the unified access system, the user identification carried by the second login instruction is placed in the verification information; or alternatively
If the identification of the same user in the unified system is different from the identification in the unified access system, determining the identification of the user corresponding to the second login instruction in the unified access system based on a first mapping relation, and placing the determined identification in the verification information; wherein the first mapping relationship comprises a mapping between the identities in the unified access system and the identities in the unified system.
4. The method of claim 1, wherein determining the target identifier of the target user corresponding to the first login instruction if the identifier of the same user in the unified system is the same as the identifier in the non-unified access system comprises:
and taking the user identifier carried by the first login instruction as the target identifier of the target user.
5. A single point management device, the device comprising:
the communication unit is used for carrying out data transmission with the user side;
the processor is used for responding to a first login instruction triggered by a target user side, determining a target identification of a target user corresponding to the first login instruction and generating a temporary password of the target user; the first login instruction is a login instruction aiming at a unified system, which is triggered after a target user logs in a non-unified access system; generating login information of the target user based on the target identifier and the temporary password; performing identity verification on the basis of the login information in a unified access system in the unified system;
If the identity of the same user in the unified system is different from the identity in the non-unified access system, the processor is specifically configured to:
determining the identification of the target user in the unified system based on a second mapping relation, and taking the determined identification as the target identification of the target user; wherein the second mapping relation comprises mapping between the identifiers in the non-uniform access system and the identifiers in the uniform system;
determining whether the identity of the same user in the unified system is the same as the identity in the non-unified access system by:
comparing the non-uniform access system identifier in the first login instruction with a second old identifier preset in the single-point management device; if the second old identifier has the non-uniform access system identifier, determining that the identifier of the same user in the uniform system is different from the identifier in the non-uniform access system; otherwise, determining that the identification of the same user in the unified system is the same as the identification in the non-unified access system; wherein the second old identifier is an identifier of a non-unified access system which is not unified with the identifier in the unified system; or alternatively
If the system information of the first login instruction represents an old system, determining that the identification of the same user in a unified system is different from the identification in a non-unified access system; otherwise, the identity of the same user in the unified system is determined to be the same as the identity in the non-unified access system.
6. The apparatus of claim 5, wherein the login information includes login credentials and authentication information;
after generating the login information of the target user, the processor is further configured to:
the login credentials are sent to the target user side, so that when the target user side triggers a second login instruction aiming at a unified access system, the login credentials are placed in the second login instruction;
the processor is specifically configured to:
responding to a second login instruction triggered by any user side, after determining that the second login instruction triggered by the user side comprises login credentials, sending verification information corresponding to the second login instruction triggered by the user side to the user side, so that the user side sends a login request carrying the verification information to the unified access system after receiving the verification information, and carrying out identity verification based on the verification information through the unified access system.
7. The device of claim 6, wherein before sending the authentication information corresponding to the second login instruction triggered by the user side to the user side, the processor is further configured to:
if the identification of the same user in the unified system is the same as the identification in the unified access system, the user identification carried by the second login instruction is placed in the verification information; or alternatively
If the identification of the same user in the unified system is different from the identification in the unified access system, determining the identification of the user corresponding to the second login instruction in the unified access system based on a first mapping relation, and placing the determined identification in the verification information; wherein the first mapping relationship comprises a mapping between the identities in the unified access system and the identities in the unified system.
8. The apparatus of claim 5, wherein if the identity of the same user in the unified hierarchy is the same as the identity in the non-unified access system, the processor is specifically configured to:
and taking the user identifier carried by the first login instruction as the target identifier of the target user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210727908.7A CN115150141B (en) | 2022-06-22 | 2022-06-22 | Single sign-on method and single point management equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210727908.7A CN115150141B (en) | 2022-06-22 | 2022-06-22 | Single sign-on method and single point management equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115150141A CN115150141A (en) | 2022-10-04 |
| CN115150141B true CN115150141B (en) | 2024-03-08 |
Family
ID=83407954
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210727908.7A Active CN115150141B (en) | 2022-06-22 | 2022-06-22 | Single sign-on method and single point management equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115150141B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2010204903A (en) * | 2009-03-03 | 2010-09-16 | Nippon Telegr & Teleph Corp <Ntt> | Authentication system, authentication method, and temporary password issuing device |
| JP2011238036A (en) * | 2010-05-11 | 2011-11-24 | Ikutoku Gakuen | Authentication system, single sign-on system, server device and program |
| CN109165499A (en) * | 2018-08-21 | 2019-01-08 | 努比亚技术有限公司 | Single-point logging method, mobile terminal and computer readable storage medium |
| CN111259355A (en) * | 2020-02-12 | 2020-06-09 | 深信服科技股份有限公司 | Single sign-on method, portal system and service platform |
| CN112995219A (en) * | 2021-05-06 | 2021-06-18 | 四川省明厚天信息技术股份有限公司 | Single sign-on method, device, equipment and storage medium |
| CN114157434A (en) * | 2021-11-30 | 2022-03-08 | 中国光大银行股份有限公司 | Login verification method and device, electronic equipment and storage medium |
| CN114238927A (en) * | 2021-12-07 | 2022-03-25 | 中国建设银行股份有限公司 | Business system login method, system, device, computer equipment and storage medium |
| CN114510701A (en) * | 2022-01-21 | 2022-05-17 | 佛山市海天调味食品股份有限公司 | Single sign-on method, device, equipment and storage medium |
-
2022
- 2022-06-22 CN CN202210727908.7A patent/CN115150141B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2010204903A (en) * | 2009-03-03 | 2010-09-16 | Nippon Telegr & Teleph Corp <Ntt> | Authentication system, authentication method, and temporary password issuing device |
| JP2011238036A (en) * | 2010-05-11 | 2011-11-24 | Ikutoku Gakuen | Authentication system, single sign-on system, server device and program |
| CN109165499A (en) * | 2018-08-21 | 2019-01-08 | 努比亚技术有限公司 | Single-point logging method, mobile terminal and computer readable storage medium |
| CN111259355A (en) * | 2020-02-12 | 2020-06-09 | 深信服科技股份有限公司 | Single sign-on method, portal system and service platform |
| CN112995219A (en) * | 2021-05-06 | 2021-06-18 | 四川省明厚天信息技术股份有限公司 | Single sign-on method, device, equipment and storage medium |
| CN114157434A (en) * | 2021-11-30 | 2022-03-08 | 中国光大银行股份有限公司 | Login verification method and device, electronic equipment and storage medium |
| CN114238927A (en) * | 2021-12-07 | 2022-03-25 | 中国建设银行股份有限公司 | Business system login method, system, device, computer equipment and storage medium |
| CN114510701A (en) * | 2022-01-21 | 2022-05-17 | 佛山市海天调味食品股份有限公司 | Single sign-on method, device, equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 普适计算环境中的访问安全性研究;徐金芳;张永胜;;计算机技术与发展(第03期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115150141A (en) | 2022-10-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107396360B (en) | Block verification method and device | |
| CN110912707B (en) | Block chain-based digital certificate processing method, device, equipment and storage medium | |
| CN107276765B (en) | Processing method and device for consensus in block chain | |
| CN108769230B (en) | Transaction data storage method, device, server and storage medium | |
| US20190312877A1 (en) | Block chain mining method, device, and node apparatus | |
| CN110213223B (en) | Service management method, device, system, computer equipment and storage medium | |
| CN111478986B (en) | Method, device and equipment for generating equipment fingerprint and storage medium | |
| CN107689870A (en) | Client method for authenticating and system | |
| CN111176794B (en) | Container management method, device and readable storage medium | |
| CN110365684B (en) | Access control method and device for application cluster and electronic equipment | |
| Yao et al. | PBCert: privacy-preserving blockchain-based certificate status validation toward mass storage management | |
| CN110599342B (en) | Block chain-based identity information authorization method and device | |
| CN109600366A (en) | The method and device of protection user data privacy based on block chain | |
| CN111666565A (en) | Sandbox simulation test method and device, computer equipment and storage medium | |
| CN110597673B (en) | Disaster recovery method, device and equipment of storage system and computer readable storage medium | |
| CN113474804A (en) | Transaction and account verification method, device and storage medium of digital currency | |
| JP2021048546A (en) | Communication device, communication method, communication system, and program | |
| CN111737365A (en) | Storage certificate processing method, device, equipment and storage medium | |
| CN112181599B (en) | Model training method, device and storage medium | |
| CN111866993B (en) | Wireless local area network connection management method, device, software program and storage medium | |
| CN115150141B (en) | Single sign-on method and single point management equipment | |
| KR20210004842A (en) | Method for providing virtual asset service based on dicentralized identity and virtual asset service providing server using them | |
| CN114554251B (en) | Multimedia data requesting method and device, storage medium and electronic device | |
| CN111147235A (en) | Object access method and device, electronic equipment and machine-readable storage medium | |
| CN112182009B (en) | Block chain data updating method and device and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |