CN115632805A - Single sign-on method based on unified user management - Google Patents

Single sign-on method based on unified user management Download PDF

Info

Publication number
CN115632805A
CN115632805A CN202211053034.8A CN202211053034A CN115632805A CN 115632805 A CN115632805 A CN 115632805A CN 202211053034 A CN202211053034 A CN 202211053034A CN 115632805 A CN115632805 A CN 115632805A
Authority
CN
China
Prior art keywords
user
uums
application system
token
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211053034.8A
Other languages
Chinese (zh)
Inventor
李森林
郝江波
周明
刘星
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Kotei Informatics Co Ltd
Original Assignee
Wuhan Kotei Informatics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Kotei Informatics Co Ltd filed Critical Wuhan Kotei Informatics Co Ltd
Priority to CN202211053034.8A priority Critical patent/CN115632805A/en
Publication of CN115632805A publication Critical patent/CN115632805A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

本发明涉及一种基于统一化用户管理的单点登录方法,用户访问应用系统前端进行身份验证时,应用系统发送目标url并将用户访问重定向到UUMS提供的登录页面,同时附带着约定的授权码code和状态state;用户在UUMS提供的登录页面选择是否给予应用系统授权,若用户给予授权,在UUMS认证服务器验证通过后,将用户访问重定向到应用系统后端;应用系统后端根据授权码code和状态state调用UUMS提供的token生成接口生成令牌;根据生成的令牌调用UUMS提供的令牌解析接口获取登录用户信息;将令牌、用户信息保存在session中。本方法可以大大提升开发人员的开发效率,显著降低企业研发成本。

Figure 202211053034

The invention relates to a single sign-on method based on unified user management. When a user accesses the front end of the application system for identity verification, the application system sends the target url and redirects the user access to the login page provided by UUMS, accompanied by the agreed authorization Code and status state; the user chooses whether to authorize the application system on the login page provided by UUMS. If the user grants authorization, after the UUMS authentication server passes the verification, the user access is redirected to the backend of the application system; the backend of the application system is based on the authorization The code and state call the token generation interface provided by UUMS to generate a token; call the token analysis interface provided by UUMS according to the generated token to obtain the login user information; save the token and user information in the session. This method can greatly improve the development efficiency of developers and significantly reduce the research and development costs of enterprises.

Figure 202211053034

Description

一种基于统一化用户管理的单点登录方法A single sign-on method based on unified user management

技术领域technical field

本发明涉及信息化技术领域,具体涉及一种基于统一化用户管理的单点登录方法。The invention relates to the field of information technology, in particular to a single sign-on method based on unified user management.

背景技术Background technique

随着信息化建设的不断发展,企业的应用系统越来越多,通常每个应用系统都拥有独立的用户信息、登录管理功能,用户信息的格式、命名和存储方式多样化,登录界面的形式也多样化。当用户需要使用多个应用系统时就会带来用户信息同步,多次输入用户名、密码登录的问题。用户信息同步会增加系统的复杂性,增加管理的成本;多次输入用户名、密码会让用户重复登录。With the continuous development of informatization construction, there are more and more application systems in enterprises. Usually, each application system has independent user information and login management functions. The format, naming and storage methods of user information are diversified. The form of login interface Also diverse. When a user needs to use multiple application systems, it will bring user information synchronization, and enter the user name and password multiple times to log in. User information synchronization will increase the complexity of the system and increase the cost of management; multiple input of user names and passwords will cause users to log in repeatedly.

发明内容Contents of the invention

本发明针对现有技术中存在的技术问题,提供一种基于统一化用户管理的单点登录方法。The invention aims at the technical problems existing in the prior art, and provides a single sign-on method based on unified user management.

本发明解决上述技术问题的技术方案如下:一种基于统一化用户管理的单点登录方法,包括:The technical solution of the present invention to solve the above technical problems is as follows: a single sign-on method based on unified user management, comprising:

用户访问应用系统前端进行身份验证时,应用系统发送目标url并将用户访问重定向到UUMS提供的登录页面,同时附带着约定的授权码code和状态state;When the user accesses the front end of the application system for authentication, the application system sends the target url and redirects the user access to the login page provided by UUMS, along with the agreed authorization code code and state;

用户在UUMS提供的登录页面选择是否给予应用系统授权,若用户给予授权,在UUMS认证服务器验证通过后,将用户访问重定向到应用系统后端;The user chooses whether to authorize the application system on the login page provided by UUMS. If the user grants authorization, after the UUMS authentication server passes the verification, the user access is redirected to the backend of the application system;

应用系统后端根据授权码code和状态state调用UUMS提供的token生成接口生成令牌;根据生成的令牌调用UUMS提供的令牌解析接口获取登录用户信息;将令牌、用户信息保存在session中。The application system backend calls the token generation interface provided by UUMS according to the authorization code code and state state to generate a token; calls the token parsing interface provided by UUMS according to the generated token to obtain login user information; saves the token and user information in the session .

进一步的,该方法还包括,前端访问后端其他接口时,后端根据session判断用户是否登录,若已登录,则可以正常访问,否则拒绝访问。Further, the method also includes that when the front end accesses other interfaces of the back end, the back end judges whether the user is logged in according to the session, and if the user is logged in, the access can be performed normally, otherwise the access is denied.

进一步的,该方法还包括:用户在统一化用户管理系统UUMS中配置用户相关信息;开发人员在应用系统中导入UUMS提供的API jar包,并配置登陆信息。Further, the method also includes: the user configures user-related information in the unified user management system UUMS; the developer imports the API jar package provided by the UUMS into the application system, and configures login information.

进一步的,用户在统一化用户管理系统UUMS中配置用户相关信息,包括:Further, the user configures user-related information in the unified user management system UUMS, including:

新建用户所属组织机构信息,包括组织名;Information about the organization to which the new user belongs, including the organization name;

新建组织下的用户信息,包括所属组织、用户名、密码、默认角色;User information under the newly created organization, including the organization to which it belongs, user name, password, and default role;

新建角色,并将该角色赋给用户;Create a new role and assign the role to the user;

新建应用,配置好新加入的应用系统,包括应用名、应用的访问地址,同时生成应用的唯一识别码、秘钥、认证的公钥;Create a new application, configure the newly added application system, including the application name, application access address, and generate the application's unique identification code, secret key, and public key for authentication;

新建权限,配置某个组织访问应用系统的权限。Create a new permission to configure the permission of an organization to access the application system.

进一步的,配置登陆信息,包括配置以下参数:UUMS Server Url、客户端id、客户端秘钥、应用认证的公钥、组织名。Further, configure login information, including configuring the following parameters: UUMS Server Url, client id, client secret key, public key for application authentication, and organization name.

进一步的,所述的应用系统发送目标url并重定向到UUMS提供的登录页面,包括:用户访问应用系统客户端,应用系统调用UUMS提供的获取重定向URI接口,向UUMS认证服务器发送申请认证的URI;所述的申请认证的URI包括以下参数:客户端id、授权类型、重定向URI、权限范围、客户端的当前状态。Further, the application system sends the target url and redirects to the login page provided by UUMS, including: the user accesses the application system client, the application system calls the interface for obtaining redirection URI provided by UUMS, and sends the URI for applying for authentication to the UUMS authentication server ; The URI for applying for authentication includes the following parameters: client id, authorization type, redirection URI, scope of authority, and current status of the client.

进一步的,在UUMS认证服务器验证通过后,将用户访问重定向到应用服务后端,包括:Further, after the UUMS authentication server passes the verification, the user access is redirected to the application service backend, including:

UUMS认证服务器通过重定向URI回调应用服务,将用户导向应用系统客户端事先指定的"重定向URI",同时附上一个授权码code。The UUMS authentication server calls back the application service through the redirection URI, directs the user to the "redirection URI" specified by the application system client in advance, and attaches an authorization code code at the same time.

进一步的,应用系统后端根据生成的令牌调用UUMS提供的令牌解析接口获取登录用户信息时,向UUMS认证服务器申请令牌的请求,该请求包括以下参数:使用的授权模式、应用系统客户端ID、客户端秘钥、重定向URI、授权码code。Further, when the application system backend invokes the token resolution interface provided by UUMS to obtain login user information according to the generated token, it requests a token request from the UUMS authentication server. The request includes the following parameters: the authorization mode used, the application system client Client ID, client secret key, redirection URI, authorization code code.

本发明的有益效果是:本方法和系统实施后,只需要开发人员按照规定的开发规则接入UUMS提供的API接口;对普通的相关业务人员进行简单的业务培训,业务人员即可在UUMS中对用户信息进行维护和管理,大大提升开发人员的开发效率,显著降低企业研发成本。The beneficial effects of the present invention are: after the implementation of the method and system, developers only need to access the API interface provided by UUMS according to the specified development rules; simple business training is carried out for ordinary related business personnel, and the business personnel can use UUMS Maintain and manage user information, greatly improve the development efficiency of developers, and significantly reduce enterprise R&D costs.

附图说明Description of drawings

图1为本发明实施例提供的一种基于统一化用户管理的单点登录方法流程示意图。FIG. 1 is a schematic flowchart of a single sign-on method based on unified user management provided by an embodiment of the present invention.

具体实施方式Detailed ways

以下结合附图对本发明的原理和特征进行描述,所举实例只用于解释本发明,并非用于限定本发明的范围。The principles and features of the present invention are described below in conjunction with the accompanying drawings, and the examples given are only used to explain the present invention, and are not intended to limit the scope of the present invention.

如图1所示,本发明实施例提供的一种基于统一化用户管理的单点登录方法,该方法包括以下步骤:As shown in Figure 1, a single sign-on method based on unified user management provided by an embodiment of the present invention includes the following steps:

S1,用户在统一化用户管理系统UUMS中配置用户相关信息。包括:S1, the user configures user-related information in the unified user management system UUMS. include:

1)新建用户所属组织机构信息,包括组织名(organizationName)。1) Create information about the organization to which the user belongs, including the organization name (organizationName).

2)新建组织下的用户信息,包括所属组织、用户名、密码、默认角色。(新用户也可在所需使用的应用系统中进行注册,和在UUMS中效果一样)2) User information under the newly created organization, including the organization to which it belongs, user name, password, and default role. (New users can also register in the required application system, which is the same as in UUMS)

3)新建角色,并将该角色赋给用户。3) Create a new role and assign the role to the user.

4)新建应用,配置好新加入的应用系统,包括应用名(applicationName)、应用的访问地址,此时会生成应用的唯一识别码(clientId)、秘钥(clientSecret)、认证的公钥(publicKey)。4) Create a new application and configure the newly added application system, including the application name (applicationName) and the access address of the application. At this time, the unique identification code (clientId), secret key (clientSecret) and authentication public key (publicKey) of the application will be generated. ).

5)新建权限,配置某个组织可以访问应用的权限。5) Create a new permission to configure the permission for an organization to access the application.

6)新建第三方提供商,配置好后可通过第三方进行登录,支持微信、钉钉等第三方提供商。(该步骤为可选操作)6) Create a new third-party provider. After configuration, you can log in through the third party, and support third-party providers such as WeChat and DingTalk. (This step is optional)

开发人员在应用系统中导入UUMS提供的API jar包,并配置登陆信息。,包括配置以下参数:The developer imports the API jar package provided by UUMS into the application system and configures the login information. , including configuring the following parameters:

Figure BDA0003824506140000041
Figure BDA0003824506140000041

S2,用户访问应用系统前端进行身份验证时,应用系统发送目标url并将用户访问重定向到UUMS提供的登录页面,同时附带着约定的授权码code和状态state。S2. When the user accesses the front end of the application system for authentication, the application system sends the target url and redirects the user access to the login page provided by UUMS, along with the agreed authorization code code and state.

用户访问应用系统客户端,应用系统调用UUMS提供的获取重定向URI接口,向UUMS认证服务器发送申请认证的URI;When the user accesses the client of the application system, the application system calls the UUMS interface provided by UUMS to obtain the redirection URI, and sends the URI for applying for authentication to the UUMS authentication server;

所述的申请认证的URI包括的参数如下表所示。The parameters included in the URI for applying for authentication are shown in the table below.

Figure BDA0003824506140000042
Figure BDA0003824506140000042

参考下面一个例子:Consider the following example:

https://localhost:8000/login/oauth/authorize?client_id={clientId}&response_type=code&redirect_uri={redirectUri}&scope=read&state={applicationName}。https://localhost:8000/login/oauth/authorize? client_id={clientId}&response_type=code&redirect_uri={redirectUri}&scope=read&state={applicationName}.

S3,用户在UUMS提供的登录页面选择是否给予应用系统授权,若用户给予授权,在UUMS认证服务器验证通过后,将用户访问重定向到应用系统后端。S3. The user chooses whether to authorize the application system on the login page provided by UUMS. If the user grants authorization, the user access is redirected to the backend of the application system after the UUMS authentication server passes the verification.

在UUMS认证服务器验证通过后,将用户访问重定向到应用系统后端,包括:UUMS认证服务器通过重定向URI回调应用服务,将用户导向应用系统客户端事先指定的"重定向URI",同时附上一个授权码code。After the UUMS authentication server passes the verification, the user access is redirected to the backend of the application system, including: the UUMS authentication server calls back the application service through the redirection URI, and directs the user to the "redirection URI" specified by the application system client in advance, and attaches The previous authorization code code.

应用系统客户端通过重定向URI调应用系统后端的接口,包含的参数如下表所示。The application system client calls the interface of the application system backend through the redirection URI, and the parameters included are shown in the following table.

Figure BDA0003824506140000051
Figure BDA0003824506140000051

参考下面一个例子:Consider the following example:

https://client.example.com/callback?code={code}&state={applicationName}https://client.example.com/callback? code={code}&state={applicationName}

S4,应用系统后端根据授权码code和状态state调用UUMS提供的token生成接口生成令牌;根据生成的令牌调用UUMS提供的令牌解析接口获取登录用户信息;将令牌、用户信息保存在session中。S4. The backend of the application system calls the token generation interface provided by UUMS according to the authorization code code and state state to generate a token; calls the token analysis interface provided by UUMS according to the generated token to obtain login user information; saves the token and user information in session.

应用系统后端根据生成的令牌调用UUMS提供的令牌解析接口获取登录用户信息时,向UUMS认证服务器申请令牌的请求,该请求包括的参数如下表所示。When the application system backend invokes the token resolution interface provided by UUMS to obtain login user information based on the generated token, it requests a token request from the UUMS authentication server. The parameters included in the request are shown in the table below.

Figure BDA0003824506140000052
Figure BDA0003824506140000052

Figure BDA0003824506140000061
Figure BDA0003824506140000061

参考下面一个例子:Consider the following example:

https://localhost:8000/api/login/oauth/access_token?grant_type=authorization_code&client_id={clientId}&client_secret={clientSecret}&redirect_uri=http://localhost:8000/login/oauth/authorizehttps://localhost:8000/api/login/oauth/access_token? grant_type=authorization_code&client_id={clientId}&client_secret={clientSecret}&redirect_uri=http://localhost:8000/login/oauth/authorize

S5,前端访问后端其他接口时,后端根据session判断用户是否登录,若已登录,则可以正常访问,否则拒绝访问。S5. When the front end accesses other interfaces of the back end, the back end judges whether the user is logged in according to the session. If the user is logged in, the user can access normally, otherwise the access is denied.

尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。While preferred embodiments of the invention have been described, additional changes and modifications to these embodiments can be made by those skilled in the art once the basic inventive concept is understood. Therefore, it is intended that the appended claims be construed to cover the preferred embodiment as well as all changes and modifications which fall within the scope of the invention.

显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包括这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. Thus, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and equivalent technologies thereof, the present invention also intends to include these modifications and variations.

Claims (8)

1.一种基于统一化用户管理的单点登录方法,其特征在于,包括:1. A single sign-on method based on unified user management, characterized in that, comprising: 用户访问应用系统前端进行身份验证时,应用系统发送目标url并将用户访问重定向到UUMS提供的登录页面,同时附带着约定的授权码code和状态state;When the user accesses the front end of the application system for authentication, the application system sends the target url and redirects the user access to the login page provided by UUMS, along with the agreed authorization code code and state; 用户在UUMS提供的登录页面选择是否给予应用系统授权,若用户给予授权,在UUMS认证服务器验证通过后,将用户访问重定向到应用系统后端;The user chooses whether to authorize the application system on the login page provided by UUMS. If the user grants authorization, after the UUMS authentication server passes the verification, the user access is redirected to the backend of the application system; 应用系统后端根据授权码code和状态state调用UUMS提供的token生成接口生成令牌;根据生成的令牌调用UUMS提供的令牌解析接口获取登录用户信息;将令牌、用户信息保存在session中。The application system backend calls the token generation interface provided by UUMS according to the authorization code code and state state to generate a token; calls the token parsing interface provided by UUMS according to the generated token to obtain login user information; saves the token and user information in the session . 2.根据权利要求1所述的方法,其特征在于,还包括,前端访问后端其他接口时,后端根据session判断用户是否登录,若已登录,则可以正常访问,否则拒绝访问。2. The method according to claim 1, further comprising, when the front-end accesses other interfaces of the back-end, the back-end judges whether the user is logged in according to the session, and if logged in, normal access is allowed, otherwise, the access is denied. 3.根据权利要求1所述的方法,其特征在于,还包括:用户在统一化用户管理系统UUMS中配置用户相关信息;开发人员在应用系统中导入UUMS提供的API jar包,并配置登陆信息。3. The method according to claim 1, further comprising: the user configures user-related information in the unified user management system UUMS; the developer imports the API jar package provided by UUMS in the application system, and configures login information . 4.根据权利要求3所述的方法,其特征在于,用户在统一化用户管理系统UUMS中配置用户相关信息,包括:4. The method according to claim 3, wherein the user configures user-related information in the unified user management system UUMS, including: 新建用户所属组织机构信息,包括组织名;Information about the organization to which the newly created user belongs, including the organization name; 新建组织下的用户信息,包括所属组织、用户名、密码、默认角色;User information under the newly created organization, including the organization to which it belongs, user name, password, and default role; 新建角色,并将该角色赋给用户;Create a new role and assign the role to the user; 新建应用,配置好新加入的应用系统,包括应用名、应用的访问地址,同时生成应用的唯一识别码、秘钥、认证的公钥;Create a new application, configure the newly added application system, including the application name, application access address, and generate the application's unique identification code, secret key, and public key for authentication; 新建权限,配置某个组织访问应用系统的权限。Create a new permission to configure the permission of an organization to access the application system. 5.根据权利要求3所述的方法,其特征在于,配置登陆信息,包括配置以下参数:UUMSServer Url、客户端id、客户端秘钥、应用认证的公钥、组织名。5. The method according to claim 3, wherein configuring login information includes configuring the following parameters: UUMSServer Url, client id, client secret key, public key for application authentication, and organization name. 6.根据权利要求1所述的方法,其特征在于,所述的应用系统发送目标url并重定向到UUMS提供的登录页面,包括:用户访问应用系统客户端,应用系统调用UUMS提供的获取重定向URI接口,向UUMS认证服务器发送申请认证的URI;所述的申请认证的URI包括以下参数:客户端id、授权类型、重定向URI、权限范围、客户端的当前状态。6. The method according to claim 1, wherein the application system sends the target url and redirects to the login page provided by UUMS, comprising: the user accesses the application system client, and the application system calls the acquisition redirection provided by UUMS The URI interface sends the URI for applying for authentication to the UUMS authentication server; the URI for applying for authentication includes the following parameters: client id, authorization type, redirection URI, scope of authority, and current status of the client. 7.根据权利要求1所述的方法,其特征在于,在UUMS认证服务器验证通过后,将用户访问重定向到应用服务后端,包括:7. The method according to claim 1, wherein after the UUMS authentication server passes the verification, redirecting the user access to the application service backend, including: UUMS认证服务器通过重定向URI回调应用服务,将用户导向应用系统客户端事先指定的"重定向URI",同时附上一个授权码code。The UUMS authentication server calls back the application service through the redirection URI, directs the user to the "redirection URI" specified by the application system client in advance, and attaches an authorization code code at the same time. 8.根据权利要求1所述的方法,其特征在于,应用系统后端根据生成的令牌调用UUMS提供的令牌解析接口获取登录用户信息时,向UUMS认证服务器申请令牌的请求,该请求包括以下参数:使用的授权模式、应用系统客户端ID、客户端秘钥、重定向URI、授权码code。8. The method according to claim 1, characterized in that, when the application system backend invokes the token analysis interface provided by UUMS to obtain the login user information according to the generated token, it requests a token request from the UUMS authentication server, and the request Including the following parameters: authorization mode used, application system client ID, client secret key, redirection URI, authorization code code.
CN202211053034.8A 2022-08-31 2022-08-31 Single sign-on method based on unified user management Pending CN115632805A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211053034.8A CN115632805A (en) 2022-08-31 2022-08-31 Single sign-on method based on unified user management

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211053034.8A CN115632805A (en) 2022-08-31 2022-08-31 Single sign-on method based on unified user management

Publications (1)

Publication Number Publication Date
CN115632805A true CN115632805A (en) 2023-01-20

Family

ID=84903210

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211053034.8A Pending CN115632805A (en) 2022-08-31 2022-08-31 Single sign-on method based on unified user management

Country Status (1)

Country Link
CN (1) CN115632805A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109286633A (en) * 2018-10-26 2019-01-29 深圳市华云中盛科技有限公司 Single sign-on method, device, computer equipment and storage medium
CN111475795A (en) * 2020-04-12 2020-07-31 广州通达汽车电气股份有限公司 Method and device for unified authentication and authorization facing to multiple applications
CN113259357A (en) * 2021-05-21 2021-08-13 浪潮卓数大数据产业发展有限公司 OAuth 2-based single sign-on method
CN114969707A (en) * 2021-02-20 2022-08-30 京东科技控股股份有限公司 A single sign-on method, device, device and medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109286633A (en) * 2018-10-26 2019-01-29 深圳市华云中盛科技有限公司 Single sign-on method, device, computer equipment and storage medium
CN111475795A (en) * 2020-04-12 2020-07-31 广州通达汽车电气股份有限公司 Method and device for unified authentication and authorization facing to multiple applications
CN114969707A (en) * 2021-02-20 2022-08-30 京东科技控股股份有限公司 A single sign-on method, device, device and medium
CN113259357A (en) * 2021-05-21 2021-08-13 浪潮卓数大数据产业发展有限公司 OAuth 2-based single sign-on method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
AUGUSTFIRE: "理解OAuth2.0", pages 1 - 5, Retrieved from the Internet <URL:https://www.cnblogs.com/august-fire/p/14918758.html> *
张占岭: "keycloak~账号密码认证和授权码认证", pages 1 - 6, Retrieved from the Internet <URL:https://www.cnblogs.com/lori/p/14716876.html> *

Similar Documents

Publication Publication Date Title
CN109981561B (en) User authentication method for migrating single-body architecture system to micro-service architecture
US7860883B2 (en) Method and system for distributed retrieval of data objects within multi-protocol profiles in federated environments
EP3308525B1 (en) Single sign-on for unmanaged mobile devices
KR102006198B1 (en) Using credentials stored in different directories to access a common endpoint
CN102098158B (en) Cross-domain name single sign on and off method and system as well as corresponding equipment
US7860882B2 (en) Method and system for distributed retrieval of data objects using tagged artifacts within federated protocol operations
US20250193186A1 (en) Gtld domain name registries rdap architecture
CA2633311C (en) Method, apparatus and program products for custom authentication of a principal in a federation by an identity provider
KR101063368B1 (en) Manage digital rights management (DRM) enforcement policy for identity providers in a federated environment
US10148522B2 (en) Extension of authorization framework
CN112352411B (en) Registration of the same domain with different cloud service networks
KR20100042592A (en) Digital rights management(drm)-enabled policy management for a service provider in a federated environment
US20210176208A1 (en) Gtld domain name registries rdap architecture
CN112468481A (en) Single-page and multi-page web application identity integrated authentication method based on CAS
US20070289001A1 (en) Method and System for the Storage of Authentication Credentials
CN102420808A (en) Method for realizing single sign-on in telecom online business hall
CN115632805A (en) Single sign-on method based on unified user management
CN116015975A (en) Application management method and device
Lutz et al. Harmonizing service and network provisioning for federative access in a mobile environment
CN117278294A (en) Unified authentication docking method for cloud service
CN118395413A (en) Web-based multi-application single sign-on system and method
Nguyen et al. Federated authentication and authorization for Fedora
CN106790026A (en) A Hadoop-based multi-tenant network disk authentication method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination