CN115225354A - Multi-application single sign-on method, device, computer equipment and medium - Google Patents

Multi-application single sign-on method, device, computer equipment and medium Download PDF

Info

Publication number
CN115225354A
CN115225354A CN202210802923.3A CN202210802923A CN115225354A CN 115225354 A CN115225354 A CN 115225354A CN 202210802923 A CN202210802923 A CN 202210802923A CN 115225354 A CN115225354 A CN 115225354A
Authority
CN
China
Prior art keywords
application
token
access request
client
group
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210802923.3A
Other languages
Chinese (zh)
Inventor
罗静
敦建征
张培
陈续福
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CRSC Institute of Smart City Research and Design Co Ltd
Original Assignee
CRSC Institute of Smart City Research and Design Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CRSC Institute of Smart City Research and Design Co Ltd filed Critical CRSC Institute of Smart City Research and Design Co Ltd
Priority to CN202210802923.3A priority Critical patent/CN115225354A/en
Publication of CN115225354A publication Critical patent/CN115225354A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The disclosure provides a multi-application single sign-on method, comprising: receiving an application access request sent by a client, and acquiring a first token carried in the application access request; the application access request is an access request for accessing any target application in a plurality of applications in an application group, and each application in the application group has the same first token; verifying the first token if a client does not access an application within the application group for the first time; and allowing the client to access the target application in response to the first token verification passing. Multiple application systems adopt the same token to perform login verification, seamless switching among systems which are not perceived by users is realized, the complexity of the systems and the coupling among the applications are reduced, the expandability and the scalability are improved, and the development and maintenance cost of the systems is reduced; and the password security risk can be reduced, and the information system security is increased. The present disclosure also provides a multi-application single sign-on apparatus, computer device and medium.

Description

Multi-application single sign-on method, device, computer equipment and medium
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a multi-application single sign-on method, apparatus, computer device, and medium.
Background
With the rapid development of information technology and internet technology, especially mobile internet technology, the application scenario and application value of enterprise informatization cooperation have changed greatly. Various enterprise systems exist in enterprises, and each system realizes a special identity authentication mechanism. The login states of all the systems are not mutually approved, all the sites need to be manually logged in one by one, and the sites can be accessed after the verification is passed. When the user switches the service, the user needs to log in again and needs to record a large amount of login information, so that the service using process is complex, and the using experience of the user is seriously influenced.
In the existing enterprise system, a set of interfaces is developed based on each system or application respectively, and the system interfaces are called with each other, so that seamless switching between systems is realized.
Disclosure of Invention
The disclosure provides a multi-application single sign-on method, a multi-application single sign-on device, a computer device and a medium.
In a first aspect, an embodiment of the present disclosure provides a multi-application single sign-on method, where the method includes:
receiving an application access request sent by a client, and acquiring a first token carried in the application access request; the application access request is an access request for accessing any target application in a plurality of applications in an application group, and each application in the application group has the same first token;
verifying the first token if the client does not access an application within the application group for the first time;
allowing the client to access the target application in response to the first token verification passing.
In some embodiments, after obtaining the first token carried in the application access request, the method further includes:
and under the condition that the client side is determined to access the application in the group for the first time according to the application access request, redirecting the application access request to an application login interface, wherein the application login interface is the application login interface for logging in each application in the application group, and the application login interfaces of all the applications in the application group are the same.
In some embodiments, after receiving the application access request sent by the client, before verifying the first token, the method further includes: acquiring user information carried in the application access request;
after redirecting the application access request to an application login interface, the method further comprises:
under the condition that the user of the client automatically logs in each application in the application group according to the access request, generating a second token according to the user information;
and caching the second token, and sending the second token to the client so that the client can send the application access request carrying the second token again.
In some embodiments, after receiving the application access request sent by the client and before verifying the first token, the method further includes: acquiring user information carried in the application access request;
after redirecting the application access request to an application login interface, the method further comprises:
under the condition that the user of the client-side does not automatically log in each application in the application group according to the access request, the login information of the user is obtained from the client-side;
responding to the login information passing the verification, and generating a third token according to the user information;
caching the third token and allowing the client to access the target application.
In some embodiments, after obtaining the login information of the user to the client, the method further comprises:
in response to failing to verify the login information, redirecting the application access request to an application login interface.
In some embodiments, after receiving the application access request sent by the client and before verifying the first token, the method further includes: acquiring user information carried in the application access request;
said verifying said first token comprises:
acquiring a fourth token corresponding to the user information from a cache;
in response to obtaining the fourth token, verifying the first token according to the fourth token;
the first token is validated, comprising: the first token is the same as the fourth token.
In some embodiments, after retrieving the fourth token of the user of the client from the cache, the method further comprises:
in response to that the fourth token is not obtained, obtaining a fifth token, wherein the fifth token is generated according to user information carried in the application access request;
verifying the first token according to the fifth token;
the first token is validated, comprising: the first token is the same as the fifth token.
In another aspect, an embodiment of the present disclosure further provides a multi-application single sign-on apparatus, including a receiving module, a determining module, and a verifying module, where the receiving module is configured to receive an application access request sent by a client, and obtain a first token carried in the application access request; the application access request is an access request for accessing any target application in a plurality of applications in an application group, and each application in the application group has the same first token;
the judging module is used for judging whether the client accesses the application in the application group for the non-first time;
the verification module is used for verifying the first token under the condition that the client does not access the application in the application group for the first time; allowing the client to access the target application in response to the first token verification passing.
In another aspect, an embodiment of the present disclosure further provides a computer device, including: one or more processors; a storage device having one or more programs stored thereon; the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the multi-application single sign-on method as previously described.
In yet another aspect, the disclosed embodiments also provide a computer readable medium, on which a computer program is stored, wherein the program when executed implements the multi-application single sign-on method as described above.
The multi-application single sign-on method provided by the embodiment of the disclosure comprises the following steps: receiving an application access request sent by a client, and acquiring a first token carried in the application access request; the application access request is an access request for accessing any target application in a plurality of applications in an application group, and each application in the application group has the same first token; verifying the first token if a client does not access an application within the application group for the first time; in response to the first token verification passing, the client is allowed access to the target application. According to the method and the system, the multiple application systems adopt the same token for login verification, seamless switching between systems without perception of users is achieved, the complexity of the systems and the coupling among applications are reduced, the expandability and scalability are improved, and the development and maintenance cost of the systems is reduced; the password security risk can be reduced, and the information system security is improved; the system does not invade the original application system code, can realize seamless access even if the system is distributed under a plurality of domain names in a cross-domain mode, and is suitable for high-concurrency scenes and system integration-oriented scenes supporting the characteristic of time-limited and login-free.
Drawings
Fig. 1 is a first schematic flowchart of a multi-application single sign-on method according to an embodiment of the present disclosure;
fig. 2 is a schematic flowchart of a multi-application single sign-on method according to an embodiment of the present disclosure;
fig. 3 is a third schematic flowchart of a multi-application single sign-on method according to an embodiment of the present disclosure;
fig. 4 is a fourth schematic flowchart of a multi-application single sign-on method according to an embodiment of the present disclosure;
FIG. 5 is a system architecture diagram illustrating an embodiment of the present disclosure;
FIG. 6 is a flow diagram of a multi-application single sign-on method of the embodiment shown in FIG. 5;
fig. 7 is a first schematic structural diagram of a multi-application single sign-on apparatus according to an embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of a multi-application single sign-on apparatus according to an embodiment of the present disclosure;
fig. 9 is a schematic structural diagram of a multi-application single sign-on device according to an embodiment of the present disclosure.
Detailed Description
Example embodiments will be described more fully hereinafter with reference to the accompanying drawings, but which may be embodied in different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," 8230; \8230 "; when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
Embodiments described herein may be described with reference to plan and/or cross-sectional views in idealized representations of the present disclosure. Accordingly, the example illustrations can be modified in accordance with manufacturing techniques and/or tolerances. Accordingly, the embodiments are not limited to the embodiments shown in the drawings, but include modifications of configurations formed based on a manufacturing process. Thus, the regions illustrated in the figures have schematic properties, and the shapes of the regions shown in the figures illustrate specific shapes of regions of elements, but are not intended to be limiting.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and the present disclosure, and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
The embodiment of the present disclosure provides a multi-application single sign-on method, as shown in fig. 1, the multi-application single sign-on method includes the following steps:
step 11, receiving an application access request sent by a client, and acquiring a first token carried in the application access request; the application access request is an access request for accessing any target application in a plurality of applications in the application group, and each application in the application group has the same first token.
In the embodiment of the present disclosure, the client may include, but is not limited to, a third party client, a Web end, and a mobile end.
In this step, the user of the client accesses one application in the application group, and sends an application access request to the multi-application single sign-on device in which the application group is deployed.
And step 12, verifying the first token under the condition that the client does not access the application in the application group for the first time.
If the multi-application single sign-on device acquires a first Token (Token) from the application access request, which indicates that the Token has been issued for the user of the client once, that is, the user of the client does not access the application in the application group for the first time, the first Token can be directly verified.
And step 13, responding to the verification of the first token, and allowing the client to access the target application.
And if the first token passes the verification, the client can access the target application to realize single sign-on.
The multi-application single sign-on method provided by the embodiment of the disclosure comprises the following steps: receiving an application access request sent by a client, and acquiring a first token carried in the application access request; the application access request is an access request for accessing any target application in a plurality of applications in an application group, and each application in the application group has the same first token; verifying the first token if a client does not access an application within the application group for the first time; in response to the first token verification passing, the client is allowed access to the target application. According to the embodiment of the invention, a plurality of application systems adopt the same token to perform login verification, seamless switching between systems without perception of users is realized, the complexity of the systems and the coupling between applications are reduced, the expandability and scalability are improved, and the development and maintenance cost of the systems is reduced; the password security risk can be reduced, and the security of the information system is improved; the system does not invade the original application system code, can realize seamless access even if the system is distributed under a plurality of domain names in a cross-domain mode, and is suitable for high-concurrency scenes and system integration-oriented scenes supporting the characteristic of time-limited and login-free.
In some embodiments, as shown in fig. 2, after obtaining the first token carried in the application access request (i.e. step 11), the multi-application single sign-on method further includes the following steps:
and step 12', redirecting the application access request to an application login interface under the condition that the client-side is determined to access the application in the group for the first time according to the application access request, wherein the application login interface is the application login interface for logging in each application in the application group, and the application login interfaces of all the applications in the application group are the same.
If the multi-application single sign-on device does not acquire the first token from the application access request, the token is not issued to the user of the client before the token is issued, that is, the user of the client accesses the application in the application group for the first time, the application access request is redirected to an application sign-on interface for the user to log in. It should be noted that, in the embodiment of the present disclosure, different application systems in an application group may be logged in through the same login interface, so as to implement multi-application single-point login.
In some embodiments, as shown in fig. 3, after receiving the application access request sent by the client (i.e. step 11), and before verifying the first token (i.e. step 12), the multi-application single sign-on method further comprises the following steps: and acquiring the user information carried in the application access request.
After redirecting the application access request to the application login interface (i.e., step 12'), the multi-application single sign-on method further comprises the steps of:
and step 13', under the condition that the user of the client automatically logs in each application in the application group according to the access request, generating a second token according to the user information.
The multi-application single sign-on device determines that a user of a client automatically logs in each application in an application group by judging whether the access request carries a Cookie or not, if the access request carries the Cookie, the user is indicated to check an automatic login option, and a second token is generated according to the obtained user information; if the access request does not carry the Cookie, the user does not check the automatic login option.
And 14', caching the second token, and sending the second token to the client so that the client sends the application access request carrying the second token again.
The multi-application single sign-on device caches the generated second token in a Redis cache for storage, sends the second token to the client, and the client initiates application access to the multi-application single sign-on device again, namely sends an application access request carrying the second token to the multi-application single sign-on device, so that the multi-application single sign-on device executes the steps 11 to 13.
In some embodiments, as shown in fig. 3, after redirecting the application access request to the application login interface (i.e., step 12'), the multi-application single sign-on method further comprises the steps of:
and step 23', under the condition that the user of the client is determined to not automatically log in each application in the application group according to the access request, the login information of the user is obtained from the client.
In this step, if the multi-application single sign-on device determines that the access request does not carry a Cookie, indicating that the user does not check the automatic sign-on option, that is, the user of the client does not automatically log on each application in the application group, the user is prompted to input sign-on information on the application sign-on interface, where the sign-on information may include a sign-on name, a password, an authentication code, and the like. And clicking to submit after the user selects whether to automatically log in next time. It should be noted that the login information is stored in the Cookie, when logging in next time, the user opens the application login interface, the multi-application single sign-on device directly reads the login information from the Cookie without the user refilling, and the expiration time of the Cookie can be set according to the service requirement.
And 24', responding to the verification of the login information, and generating a third token according to the user information.
In this step, the multi-application single sign-on device generates a unique third token according to the user information in a JWT (JASON WEB token) manner.
Step 25', cache the third token and allow the client to access the target application.
The multi-application single sign-on device caches the generated third token in a Redis cache for storage, and allows the client to access the target application, thereby realizing single sign-on. The third Token is stored in the Redis cache in a format of < JWT ID, user name, token, validation time, survival time, issue time, signature mode (SHA 256) >.
In some embodiments, as shown in fig. 3, after obtaining the login information of the user from the client (i.e. step 23'), the multi-application single sign-on method further comprises the following steps:
in response to the log-in information not being verified, the application access request is redirected to the application log-in interface, step 26'.
And if the multi-application single sign-on device fails to verify the sign-on information, jumping to the application sign-on interface again for the user to input the sign-on information again.
In some embodiments, as shown in fig. 4, the verifying the first token (i.e., step 12) comprises the steps of:
and step 121, obtaining a fourth token corresponding to the user information from the cache.
In this step, the multi-application single sign-on device obtains a corresponding fourth token in the Redis cache according to the user information.
In response to acquiring the fourth token, the first token is verified according to the fourth token, step 122.
In this step, if the multi-application single sign-on device acquires the corresponding fourth token in the Redis cache, the fourth token is compared with the first token, and if the first token is the same as the fourth token, the first token is considered to be verified.
And step 123, responding to that the fourth token is not obtained, obtaining a fifth token, wherein the fifth token is generated according to the user information carried in the application access request.
In this step, if the multi-application single sign-on device does not obtain the corresponding fourth Token in the Redis cache, the user information may be encrypted in a JWT encryption manner, and an authentication request is sent to the Token authentication module of the multi-application single sign-on device, where the authentication request carries the encrypted user information. And if the verification is passed, the Token verification module generates a fifth Token according to the user information and stores the fifth Token in the Redis cache. It should be noted that, if the authentication fails, the application access request is redirected to the application login interface.
The first token is verified 124 against the fifth token.
In this step, the fifth token is compared with the first token, and in the case where the first token is identical to the fifth token, the first token is considered to be authenticated.
For clarity of explaining the solution of the embodiment of the present disclosure, the multi-application single sign-on process of the embodiment of the present disclosure is described in detail below with reference to fig. 5 and 6 by way of a specific example. Fig. 5 is a system architecture diagram of the embodiment, and fig. 6 is a flowchart of the multi-application single sign-on method of the embodiment shown in fig. 5.
As shown in fig. 5, reverse proxy software Nginx is installed and configured on the multi-application single sign-on device to implement load balancing, and application access requests (i.e. HTTP dynamic page requests) initiated by the third-party client, the Web end, and the mobile end are forwarded, and static page and file requests are processed by the Nginx server itself. Installing and configuring a Tomcat cluster of application server software on a multi-application single sign-on device, receiving an HTTP dynamic page request forwarded by Nginx, and executing the following processing: generating Token, processing service, processing user information and transmitting. The Redis cluster is installed and configured on the multi-application single-point login device, a Master-slave sentinel mode is adopted, the status of the Redis main service can be automatically detected in the sentinel mode, and if the main server is down, the slave service is automatically changed into the main server and is changed into a Master which is used for storing Token, user information and the like. The Mysql database cluster is installed and configured on the multi-application single sign-on device, read-write separation is achieved, the pressure of single-node database read-write is shared, asynchronous copy of a master database and a slave database is achieved through binlog (binary log), a module with high delay requirement is achieved through forced reading of the master database, and application service data storage is mainly achieved.
With reference to fig. 5 and 6, the multi-application single sign-on method includes the following steps:
step 1, a third party client, a Web end and a mobile end access a single sign-on application system.
And 2, the proxy server Nginx realizes load balancing, receives and distributes an application access request (HTTP dynamic page request), forwards the application access request, and processes the static page and resource file requests by the Nginx server.
And 3, the service gateway authenticates the application access request, intercepts the application access request, authenticates the user identity/inquires authority information (judges whether the access authority of a certain resource exists after the user identity is confirmed), limits the current and caches the current.
Step 4, the SSO service cluster judges whether a message Header (HTTP Header) of the application access request carries Token (Token 1), if the message Header does not carry Token1, the user is indicated to access the application system for the first time, and the step 5 is entered; if the message header carries token, 1, it indicates that the user does not access the application system for the first time, and proceeds to step 6.
And 5, redirecting the application access request to a unified application login interface configured by the single sign-on service by the SSO service cluster.
And 6, the SSO service cluster acquires the Token of the corresponding user from the Redis cache server, if the Token (Token 4) of the corresponding user is acquired, whether the Token1 is correct is verified according to the Token4, if the Token1 is correct, the step 11 is executed, and if the Token is incorrect, the step 5 is executed.
7, the SSO service cluster reads whether the application access request carries the Cookie or not, if the Cookie carries the Cookie, the user checks the automatic login, and then the step 10 is executed; otherwise, the step 8 is executed for non-automatic login.
And 8, the user submits login information such as a login name, a password, an authentication code, whether to automatically log in next time and the like in the application login interface, and the SSO service cluster verifies the login information. If the verification is passed, step 9 is executed, otherwise, step 5 is executed.
And 9, generating a Token3 by the SSO service cluster according to the user information, storing the Token3 into a Redis cache server, and executing the step 11.
And step 10, generating a Token2 according to the user information, storing the Token2 in a Redis cache server, and sending the Token2 to the third party client, the Web end and the mobile end.
And 11, the third-party client, the Web end and the mobile end access the application system to realize single sign-on.
An access proxy service (Nginx) is deployed on the multi-application single sign-on device, the access proxy service and each application system are under the same domain name, and the original system code is not invaded, and the original system configuration is not changed. An application access request sent by a client to a multi-application single sign-on device firstly needs to pass through an access proxy service, the access proxy service is responsible for processing the request, and a user of the client cannot perceive the existence of the access proxy service.
When a user of a client sends an access request to an application system for the first time, an access proxy service redirects resources accessed by the user to a uniform application login interface, and after the user inputs a correct user name and password, a multi-application single-point login device generates a Token for the user, wherein the Token is used for other application systems to verify whether the user successfully logs in.
When the user of the client accesses the application system or other application systems in the application group again, the issued application access request carries Token, and the multi-application single sign-on device compares the Token with the Token stored in the Redis cache. When the two are the same, allowing the client to access the application system; and when the two are different, the application access request is redirected to the unified application login interface.
The multi-application single sign-on scheme of the embodiment of the disclosure has the following advantages:
the working efficiency is improved, the working efficiency of the staff is improved, and the operation process of an application system is simplified; the security is improved, the strong identity authentication is realized, the password security risk is avoided, the information system security is improved, the realization of all backgrounds of the authentication work of the user is ensured, the seamless switching between systems is realized without perception of the user, and the use experience of the user is greatly improved.
The management cost is reduced, the working intensity of a manager is reduced, and the labor is saved to be put into more meaningful IT construction work. The implementation risk is minimum, the strong technical support is realized, the application deployment period is shortened, and the time-lag economic loss and the invalid loss of internal management resources are avoided.
The investment return is high, an advanced technical system is adopted, a unified user identity authority management framework is provided for subsequent application development, the investment utilization rate is high, the expandability is strong, and the requirements of enterprises and public institutions in different development stages can be met.
Based on the same technical concept, an embodiment of the present disclosure further provides a multi-application single sign-on apparatus, as shown in fig. 7, where the multi-application single sign-on apparatus includes a receiving module 101, a determining module 102, and an authenticating module 103, where the receiving module 101 is configured to receive an application access request sent by a client, and obtain a first token carried in the application access request; the application access request is an access request for accessing any target application in a plurality of applications in an application group, and each application in the application group has the same first token.
The determining module 102 is configured to determine whether the client accesses the application in the application group for a non-first time.
The verification module 103 is configured to verify the first token if the client accesses the application in the application group for a non-first time; allowing the client to access the target application in response to the first token verification passing.
In some embodiments, as shown in fig. 8, the multi-application single sign-on apparatus further includes a redirection module 104, where the redirection module 104 is configured to redirect the application access request to an application login interface when it is determined that the client accesses the application in the group for the first time according to the application access request, where the application login interface is an application login interface for logging in each application in the application group, and the application login interfaces of the applications in the application group are the same.
In some embodiments, the receiving module 101 is further configured to, after receiving an application access request sent by a client, obtain user information carried in the application access request.
The determining module 102 is further configured to, after the redirecting module 104 redirects the application access request to the application login interface, determine whether the user of the client automatically logs in each application in the application group according to the access request.
In some embodiments, as shown in fig. 9, the multi-application single sign-on apparatus further includes a token generation module 105, where the token generation module 105 is configured to generate a second token according to the user information when it is determined that the user of the client automatically logs in to each application in the application group according to the access request; and caching the second token, and sending the second token to the client so that the client can send the application access request carrying the second token again.
In some embodiments, the token generation module 105 is further configured to, when it is determined that the user of the client does not automatically log in to each application in the application group according to the access request, obtain login information of the user from the client; responding to the login information passing the verification, and generating a third token according to the user information; caching the third token and allowing the client to access the target application.
In some embodiments, the redirection module 104 is further configured to redirect the application access request to an application login interface in response to a failure to verify the login information.
In some embodiments, the verification module 103 is configured to obtain a fourth token corresponding to the user information from a cache; in response to obtaining the fourth token, verifying the first token according to the fourth token; wherein the first token is validated, comprising: the first token is the same as the fourth token.
In some embodiments, the token generation module 105 is further configured to, in response to not obtaining the fourth token, obtain a fifth token, where the fifth token is generated according to the user information carried in the application access request.
The verifying module 103 is further configured to verify the first token according to the fifth token.
An embodiment of the present disclosure further provides a computer device, including: one or more processors and storage; the storage device stores one or more programs, and when the one or more programs are executed by the one or more processors, the one or more processors implement the multi-application single sign-on method provided in the foregoing embodiments.
Embodiments of the present disclosure also provide a computer readable medium, on which a computer program is stored, where the computer program when executed implements the multi-application single sign-on method provided in the foregoing embodiments.
It will be understood by those of ordinary skill in the art that all or some of the steps of the methods disclosed above, functional modules/units in the apparatus, may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those skilled in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
Example embodiments have been disclosed herein, and although specific terms are employed, they are used and should be interpreted in a generic and descriptive sense only and not for purposes of limitation. In some instances, features, characteristics and/or elements described in connection with a particular embodiment may be used alone or in combination with features, characteristics and/or elements described in connection with other embodiments, unless expressly stated otherwise, as would be apparent to one skilled in the art. It will, therefore, be understood by those skilled in the art that various changes in form and details may be made therein without departing from the scope of the invention encompassed by the appended claims.

Claims (10)

1. A multi-application single sign-on method, the method comprising:
receiving an application access request sent by a client, and acquiring a first token carried in the application access request; the application access request is an access request for accessing any target application in a plurality of applications in an application group, and each application in the application group has the same first token;
verifying the first token if the client does not access an application within the application group for the first time;
allowing the client to access the target application in response to the first token verification passing.
2. The method of claim 1, wherein after obtaining the first token carried in the application access request, the method further comprises:
and under the condition that the client side is determined to access the application in the group for the first time according to the application access request, redirecting the application access request to an application login interface, wherein the application login interface is the application login interface for logging in each application in the application group, and the application login interfaces of the applications in the application group are the same.
3. The method of claim 2, wherein after receiving an application access request sent by a client, prior to verifying the first token, further comprising: acquiring user information carried in the application access request;
after redirecting the application access request to an application login interface, the method further comprises:
under the condition that the user of the client automatically logs in each application in the application group according to the access request, generating a second token according to the user information;
and caching the second token, and sending the second token to the client so that the client can send the application access request carrying the second token again.
4. The method of claim 2, wherein after receiving the application access request sent by the client and before verifying the first token, further comprising: acquiring user information carried in the application access request;
after redirecting the application access request to an application login interface, the method further comprises:
under the condition that the user of the client side does not automatically log in each application in the application group according to the access request, the login information of the user is obtained from the client side;
responding to the login information passing the verification, and generating a third token according to the user information;
caching the third token and allowing the client to access the target application.
5. The method of claim 4, wherein after obtaining the login information of the user to the client, the method further comprises:
in response to failing to verify the login information, redirecting the application access request to an application login interface.
6. The method of any of claims 1-5, wherein after receiving the application access request sent by the client and before verifying the first token, further comprising: acquiring user information carried in the application access request;
said verifying said first token comprises:
obtaining a fourth token corresponding to the user information from a cache;
in response to obtaining the fourth token, verifying the first token according to the fourth token;
the first token verifies, including: the first token is the same as the fourth token.
7. The method of claim 6, wherein after retrieving the fourth token for the user of the client from the cache, the method further comprises:
in response to that the fourth token is not obtained, obtaining a fifth token, wherein the fifth token is generated according to user information carried in the application access request;
verifying the first token according to the fifth token;
the first token is validated, comprising: the first token is the same as the fifth token.
8. The device for multi-application single sign-on is characterized by comprising a receiving module, a judging module and an authentication module, wherein the receiving module is used for receiving an application access request sent by a client and acquiring a first token carried in the application access request; the application access request is an access request for accessing any target application in a plurality of applications in an application group, and each application in the application group has the same first token;
the judging module is used for judging whether the client accesses the application in the application group for the non-first time;
the verification module is used for verifying the first token under the condition that the client does not access the application in the application group for the first time; allowing the client to access the target application in response to the first token verification passing.
9. A computer device, comprising:
one or more processors;
a storage device having one or more programs stored thereon;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the multi-application single sign-on method of any of claims 1-7.
10. A computer readable medium having stored thereon a computer program, wherein said program when executed implements a multi-application single sign-on method according to any of claims 1-7.
CN202210802923.3A 2022-07-07 2022-07-07 Multi-application single sign-on method, device, computer equipment and medium Pending CN115225354A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210802923.3A CN115225354A (en) 2022-07-07 2022-07-07 Multi-application single sign-on method, device, computer equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210802923.3A CN115225354A (en) 2022-07-07 2022-07-07 Multi-application single sign-on method, device, computer equipment and medium

Publications (1)

Publication Number Publication Date
CN115225354A true CN115225354A (en) 2022-10-21

Family

ID=83610784

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210802923.3A Pending CN115225354A (en) 2022-07-07 2022-07-07 Multi-application single sign-on method, device, computer equipment and medium

Country Status (1)

Country Link
CN (1) CN115225354A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116170174A (en) * 2022-12-08 2023-05-26 北京远舢智能科技有限公司 Login authentication method and device, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120291114A1 (en) * 2011-05-13 2012-11-15 Cch Incorporated Single sign-on between applications
CN108023874A (en) * 2017-11-15 2018-05-11 平安科技(深圳)有限公司 Calibration equipment, method and the computer-readable recording medium of single-sign-on
CN109379369A (en) * 2018-11-09 2019-02-22 中国平安人寿保险股份有限公司 Single-point logging method, device, server and storage medium
CN112583834A (en) * 2020-12-14 2021-03-30 建信金融科技有限责任公司 Method and device for single sign-on through gateway

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120291114A1 (en) * 2011-05-13 2012-11-15 Cch Incorporated Single sign-on between applications
CN108023874A (en) * 2017-11-15 2018-05-11 平安科技(深圳)有限公司 Calibration equipment, method and the computer-readable recording medium of single-sign-on
CN109379369A (en) * 2018-11-09 2019-02-22 中国平安人寿保险股份有限公司 Single-point logging method, device, server and storage medium
CN112583834A (en) * 2020-12-14 2021-03-30 建信金融科技有限责任公司 Method and device for single sign-on through gateway

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116170174A (en) * 2022-12-08 2023-05-26 北京远舢智能科技有限公司 Login authentication method and device, electronic equipment and storage medium
CN116170174B (en) * 2022-12-08 2024-04-12 北京远舢智能科技有限公司 Login authentication method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN112597472B (en) Single sign-on method, device and storage medium
US8621589B2 (en) Cross domain single sign on
CN108475312B (en) Single sign-on method for device security shell
US8418234B2 (en) Authentication of a principal in a federation
EP3694185A1 (en) Method for facilitating federated single sign-on (sso) for internal web applications
CN110278187B (en) Multi-terminal single sign-on method, system, synchronous server and medium
US9584615B2 (en) Redirecting access requests to an authorized server system for a cloud service
CN112468481B (en) Single-page and multi-page web application identity integrated authentication method based on CAS
CN112995219B (en) Single sign-on method, device, equipment and storage medium
US9413751B2 (en) Cooperation system, cooperation method thereof, information processing system, and storage medium
US10681023B2 (en) Self-service portal for provisioning passwordless access
US9916308B2 (en) Information processing system, document managing server, document managing method, and storage medium
US20110225641A1 (en) Token Request Troubleshooting
CN110958237A (en) Authority verification method and device
US10375073B2 (en) Configuration based client for OAuth authorization with arbitrary services and applications
CN110032842B (en) Method and system for simultaneously supporting single sign-on and third party sign-on
CN109495486B (en) Single-page Web application integration CAS method based on JWT
WO2014048749A1 (en) Inter-domain single sign-on
US7895644B1 (en) Method and apparatus for accessing computers in a distributed computing environment
CN113761509B (en) iframe verification login method and device
CN115225354A (en) Multi-application single sign-on method, device, computer equipment and medium
CN111245791B (en) Single sign-on method for realizing management and IT service through reverse proxy
US9225713B2 (en) System, control method, and storage medium
CN116015824A (en) Unified authentication method, equipment and medium for platform
CN113055186B (en) Cross-system service processing method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20221021

RJ01 Rejection of invention patent application after publication