CN116980177A

CN116980177A - Authentication method and device of private cloud platform and computer equipment

Info

Publication number: CN116980177A
Application number: CN202310667607.4A
Authority: CN
Inventors: 蔡鹏�
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2023-06-06
Filing date: 2023-06-06
Publication date: 2023-10-31

Abstract

The application relates to a method, a device, a computer device, a storage medium and a computer program product of a private cloud platform. The method comprises the following steps: responding to an authentication request triggered based on a target account number, sending an authentication configuration acquisition request to a private cloud platform server, wherein the authentication configuration acquisition request carries the target account number, and the authentication configuration acquisition request is used for indicating that authentication configuration information of at least two third party authentication modes configured for the target account number in advance is acquired from the private cloud platform server and returning the authentication configuration information to a request terminal; receiving authentication configuration information of a target account returned by a private cloud platform server, and determining a target third party authentication mode from at least two third party authentication modes; and carrying out authentication in the target third party authentication mode based on the configuration information of the target third party authentication mode. The method improves the flexibility of private cloud platform authentication.

Description

Authentication method and device of private cloud platform and computer equipment

Technical Field

The present application relates to the field of cloud computing technologies, and in particular, to an authentication method, an apparatus, a computer device, a storage medium, and a computer program product for a private cloud platform.

Background

With the development of cloud computing technology, private cloud computing has been rapidly developed. A private cloud is a proprietary cloud computing system within which a cloud computing service provider builds for a particular organization.

For private cloud in some enterprises with specific requirements, the private cloud system can be in butt joint with a third party account system in the enterprises, so that the private cloud platform can perform authentication login in a third party authentication mode. However, the conventional private cloud platform generally only provides a third party authentication mode, and relevant configuration of the third party authentication mode is written into the code by the private cloud service provider in the development process of the private cloud development platform. When the third party authentication mode needs to be modified, the code needs to be modified, and the problem of low flexibility exists.

Disclosure of Invention

Based on this, there is a need to provide an authentication method, an apparatus, a computer device, a computer readable storage medium and a computer program product of a private cloud platform capable of improving authentication flexibility.

In a first aspect, the present application provides an authentication method of a private cloud platform, where the method includes:

responding to an authentication request triggered based on a target account, sending an authentication configuration acquisition request to a private cloud platform server, wherein the authentication configuration acquisition request carries the target account, and the authentication configuration acquisition request is used for indicating to acquire authentication configuration information of at least two third party authentication modes configured for the target account in advance from the private cloud platform server and returning the authentication configuration information to a request terminal;

Receiving the authentication configuration information of the target account returned by the private cloud platform server, and determining a target third party authentication mode from the at least two third party authentication modes;

and carrying out authentication in the target third party authentication mode based on the configuration information of the target third party authentication mode.

In a second aspect, the present application further provides an authentication method of the private cloud platform, where the method includes:

acquiring an authentication configuration acquisition request sent by a request terminal, wherein the authentication configuration acquisition request is triggered based on an authentication request of a target account, and the authentication configuration acquisition request carries the target account;

responding to the authentication configuration acquisition request, acquiring authentication configuration information of at least two third party authentication modes configured for the target account in advance, and returning the authentication configuration information to a request terminal; the authentication configuration information is used for indicating the request terminal to determine a target third party authentication mode from the at least two third party authentication modes; and carrying out authentication in the target third party authentication mode based on the configuration information of the target third party authentication mode.

In a third aspect, the present application further provides an authentication device of a private cloud platform, where the device includes:

The request processing module is used for responding to an authentication request triggered based on a target account number, sending an authentication configuration acquisition request to a private cloud platform server, wherein the authentication configuration acquisition request carries the target account number, and the authentication configuration acquisition request is used for indicating to acquire authentication configuration information of at least two third party authentication modes configured for the target account number in advance from the private cloud platform server and returning the authentication configuration information to a request terminal;

the information processing module is used for receiving the authentication configuration information of the target account returned by the private cloud platform server and determining a target third party authentication mode from the at least two third party authentication modes;

and the authentication processing module is used for carrying out authentication in the target third party authentication mode based on the configuration information of the target third party authentication mode.

In a fourth aspect, the present application further provides an authentication device of the private cloud platform, including:

the configuration request module is used for acquiring an authentication configuration acquisition request sent by a request terminal, wherein the authentication configuration acquisition request is triggered based on an authentication request of a target account, and the authentication configuration acquisition request carries the target account;

The configuration processing module is used for responding to the authentication configuration acquisition request, acquiring authentication configuration information of at least two third party authentication modes configured for the target account in advance, and returning the authentication configuration information to a request terminal; the authentication configuration information is used for indicating the request terminal to determine a target third party authentication mode from the at least two third party authentication modes; and carrying out authentication in the target third party authentication mode based on the configuration information of the target third party authentication mode.

In a fifth aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor executing the steps of the methods of the above embodiments when the computer program is executed.

In a sixth aspect, the present application also provides a computer readable storage medium. The computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the methods of the embodiments described above.

In a seventh aspect, the present application also provides a computer program product. The computer program product comprises a computer program which, when executed by a processor, implements the steps of the methods of the embodiments described above.

According to the authentication method, the device, the computer equipment, the storage medium and the computer program product of the private cloud platform, the authentication configuration information of at least two third party authentication modes is configured for the target account number of the private cloud platform in advance, when a user requests to use the third party authentication mode, the authentication configuration information of the at least two third party authentication modes configured for the target account number is obtained through interaction with the private cloud platform, the target third party authentication mode is determined from the at least two third party authentication modes, and the third party authentication is performed in the target third party authentication mode. According to the method, multiple third party authentication modes can be preset for the target account number of the private cloud, at least two third party authentication modes configured for the target account number are obtained through interaction with the private cloud platform when the private cloud platform logs in, the target third party authentication modes are determined, multiple choices are selected when a user logs in the private cloud platform by using the third party authentication modes, and the flexibility of the private cloud platform authentication is improved.

Drawings

FIG. 1 is an application environment diagram of an authentication method of a private cloud platform in one embodiment;

FIG. 2 is a flow diagram of an authentication method of a private cloud platform in one embodiment;

FIG. 3 is a schematic diagram of a configuration page of an authentication scheme in one embodiment;

FIG. 4 is a schematic diagram of a login interface of a private cloud platform in one embodiment;

FIG. 5 is a flow diagram of a configuration process of a third party authentication mode in one embodiment;

fig. 6 is a flowchart of an authentication method of a private cloud platform according to another embodiment;

FIG. 7 is a multi-terminal interaction diagram of an authentication method of a private cloud platform in one embodiment;

FIG. 8 is a block diagram of an authentication device of a private cloud platform in one embodiment;

fig. 9 is a block diagram of an authentication device of a private cloud platform in another embodiment;

fig. 10 is an internal structural view of a computer device in one embodiment.

Detailed Description

The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.

Cloud technology (Cloud technology) is based on the general terms of network technology, information technology, integration technology, management platform technology, application technology and the like applied by Cloud computing business models, and can form a resource pool, so that the Cloud computing business model is flexible and convenient as required. Cloud computing technology will become an important support. Background services of technical networking systems require a large amount of computing, storage resources, such as video websites, picture-like websites, and more portals. Along with the high development and application of the internet industry, each article possibly has an own identification mark in the future, the identification mark needs to be transmitted to a background system for logic processing, data with different levels can be processed separately, and various industry data needs strong system rear shield support and can be realized only through cloud computing.

Cloud computing (clouding) is a computing model that distributes computing tasks across a large pool of computers, enabling various application systems to acquire computing power, storage space, and information services as needed. The network that provides the resources is referred to as the "cloud". Resources in the cloud are infinitely expandable in the sense of users, and can be acquired at any time, used as needed, expanded at any time and paid for use as needed.

As a basic capability provider of cloud computing, a cloud computing resource pool (cloud platform for short, generally referred to as IaaS (Infrastructure as a Service, infrastructure as a service) platform) is established, in which multiple types of virtual resources are deployed for external clients to select for use.

According to the logic function division, a PaaS (Platform as a Service ) layer can be deployed on an IaaS (Infrastructure as a Service ) layer, and a SaaS (Software as a Service, software as a service) layer can be deployed above the PaaS layer, or the SaaS can be directly deployed on the IaaS. PaaS is a platform on which software runs, such as a database, web container, etc. SaaS is a wide variety of business software such as web portals, sms mass senders, etc. Generally, saaS and PaaS are upper layers relative to IaaS.

As a basic capability provider of cloud computing, private cloud services may be built for a specific organization's private cloud computing system within which it is built. The private cloud is a proprietary cloud computing system private cloud service built inside of the cloud service provider for a particular organization. The private cloud has the characteristics of safety, stable SLA, independent controllability and strong customization. The private cloud may mainly provide IaaS (Infrastructure as a Service ), paaS (Platform as a Service, platform as a service), and operational capabilities. For example, as a basic capability provider for cloud computing, an enterprise management platform may be developed for an enterprise based on private cloud services.

The authentication method of the private cloud platform provided by the embodiment of the application can be applied to an application environment shown in fig. 1. Wherein the terminal 102 communicates with the private cloud platform server 104 through a network. The terminal obtains the target third party authentication mode through interaction with the private cloud platform server 104. The application environment includes a plurality of third party authentication servers 106, each for implementing a third party authentication scheme. Based on the authentication type configuration information, the terminal 102, the private cloud platform server 104 and the third party authentication server 106 perform authentication and authentication interactively.

The server of the private cloud platform can be realized by a plurality of server groups, and comprises a request server and a back-end server. The request server is an intermediate processing layer between the terminal and the back-end server, and processes and forwards the network request. And the back-end server realizes the core logic processing of the private cloud.

The data storage system may store data that needs to be processed by the private cloud platform server 104, such as configuration information of each third party authentication mode. The data storage system may be integrated on the private cloud platform server 104 or may be located on the cloud or other servers. The terminal 102 may be, but not limited to, various desktop computers, notebook computers, smart phones, tablet computers, internet of things devices, and portable wearable devices, where the internet of things devices may be smart speakers, smart televisions, smart air conditioners, smart vehicle devices, and the like. The portable wearable device may be a smart watch, smart bracelet, headset, or the like.

In one embodiment, as shown in fig. 2, an authentication method of a private cloud platform is provided, and the method is applied to the terminal in fig. 1 for illustration, and includes the following steps:

step 202, an authentication configuration acquisition request is sent to a private cloud platform server in response to an authentication request triggered based on a target account, wherein the authentication configuration acquisition request carries the target account, and the authentication configuration acquisition request is used for indicating to acquire authentication configuration information of at least two third party authentication modes configured for the target account in advance from the private cloud platform server, and returning the authentication configuration information to a request terminal.

The cloud service provider can provide an operation and maintenance platform, the private cloud application can directly provide private cloud products of the cloud service provider, and the cloud service provider can customize the operation and maintenance platform which is unique and closely related to the service according to the service characteristics of the cloud service provider and provides the private cloud products for clients. The private cloud platform is a proprietary cloud computing system built in the cloud service provider provided for clients. By way of example, an enterprise management platform may be developed based on private cloud services.

The target account number is a login account number of a user on a private cloud platform, the private cloud platform is an enterprise management platform developed based on private cloud services, and the target account number is a user account number of the enterprise user on the enterprise management platform.

Specifically, a user can access the private cloud platform through a browser or an APP, after a login page inputs a target account, an authentication request is triggered based on the target account, and an authentication configuration acquisition request is sent to a cloud platform server by a terminal.

The third party authentication means that authorization is obtained from the third party, and authentication is completed through the authorization of the third party. Common third party authentication means include, but are not limited to, open authorization (Open Authorization, OAuth), central authentication service (Central Authentication Service, CAS), and lightweight directory access protocol (Lightweight Directory Access Protocol, LDAP), among others. Taking the example of common third party authentication methods including open authorization (Open Authorization, OAuth) and central authentication service (Central Authentication Service, CAS), OAuth is a protocol for authorizing a third party application to access a protected resource. It allows users to authorize third party applications to access their resources, such as their profile information on another website, without having to provide their user name and password to the application. CAS (Central Authentication Service) is a Single Sign-On protocol that allows a user to access multiple applications only once without having to re-enter a username and password. Compared with the traditional login authentication mode of a user system, the third party authentication does not need to input a user name and a password, and therefore operation convenience and safety can be improved.

The conventional private cloud platform generally only provides a third party authentication mode, and related configuration of the third party authentication mode is written into the code by a private cloud service provider in the development process of the private cloud development platform. For the user of the private cloud platform, the user-defined configuration of the third party authentication mode cannot be realized, and the flexibility is low. For example, if enterprise a has its own OAuth system, then the private cloud needs to write the OAuth related configuration of enterprise a into the code during encoding, and if enterprise B also has its own OAuth system, then the configuration needs to be modified to be the OAuth configuration of enterprise B before releasing the version to enterprise B.

In this embodiment, in the development process, the cloud service provider integrates a plurality of third party authentication modes into the private cloud platform in advance. One or more of the third party authentication modes can be configured and selected by a user of the private cloud platform to serve as the third party authentication mode used by an application party of the private cloud platform.

Specifically, at least two third party authentication modes can be configured in advance for a user of the private cloud platform from a plurality of third party authentication modes provided by the platform on a configuration page of the authentication modes. As shown in fig. 3, the configuration page of the authentication method in one embodiment selects the authentication method through a drop-down frame of the authentication type, and currently, the supported methods include a main authentication method such as CAS, OAuth, LDAP. Because the private cloud platform integrates a plurality of third party authentication modes in advance, a user only needs to configure the required third party authentication mode on the basis of the configuration page of the authentication mode, the user can flexibly modify the third party authentication mode and corresponding configuration information on the basis of the requirement, and the flexibility of the application of the third party authentication mode in the private cloud platform is improved.

At least two of the multiple third party authentication modes can be selected, and the third party authentication information can be respectively configured for the selected authentication modes. The information required for each third party authentication mode is different. For OAuth, it is necessary to configure a client ID (client), a user password (client secret), authentication authorization information url, an acquisition token URL (token url), acquisition user information url, and field matching at the time of acquisition of user information. For CAS, there is a need to configure the CAS login url, CAS logout url, CAS check identity ticket URL (ticket url), field matching when user information is obtained.

When a user of the private cloud platform logs in the private cloud platform, as shown in fig. 4, an account number can be selected for logging in, or a third party can be used for authenticating and logging in. And if the third party authentication login is selected, after the target account number is input by the user, the terminal sends an authentication configuration acquisition request to the private cloud platform server, wherein the authentication configuration acquisition request carries the target account number.

The private cloud platform server responds to the authentication configuration acquisition request, queries at least two third party authentication modes corresponding to the target account number from the database, obtains authentication configuration information of the at least two authentication modes, and feeds the authentication configuration information back to the request terminal.

Further, the private cloud platform server comprises a request server and a back-end server. And the request terminal responds to the authentication request triggered by the target account number and sends the target account number to a request server of the private cloud platform. The request server calls a back-end server to acquire matched third-party authentication configuration information through a target account query database, the back-end server transmits the third-party authentication configuration information to the request server, and the request server returns the third-party authentication configuration information to the request terminal.

Step 204, receiving the authentication configuration information of the target account returned by the private cloud platform server, and determining a target third party authentication mode from the at least two third party authentication modes.

And after receiving the authentication configuration information returned by the private cloud platform server, the request terminal processes the authentication configuration information and determines a target third party authentication mode from a plurality of pre-configured third party authentication modes.

The target third party authentication mode can be a default third party authentication mode in the authentication configuration information, can be a third party authentication mode which is most suitable for the current application environment, can be a third party authentication mode with the highest priority, and can be a third party authentication mode selected by a user.

And 206, performing authentication in the target third party authentication mode based on the configuration information of the target third party authentication mode.

Specifically, after the target third party authentication mode is determined, configuration information of the target third party authentication mode is obtained from the authentication configuration information according to the identification of the target third party authentication mode, including verifying the URL and the like for authorized login. It can be appreciated that the types of configuration information for different target third party authentication modes are different. The request terminal acquires configuration information of a target third party authentication mode, interacts with a third party authentication server, and performs authentication in the target third party authentication mode.

According to the authentication method of the private cloud platform, the authentication configuration information of at least two third party authentication modes is configured for the target account number of the private cloud platform in advance, when a user requests to use the third party authentication modes, the authentication configuration information of the at least two third party authentication modes configured for the target account number is obtained through interaction with the private cloud platform, the target third party authentication mode is determined from the at least two third party authentication modes, and the third party authentication is performed in the target third party authentication mode. According to the method, multiple third party authentication modes can be preset for the target account number of the private cloud, at least two third party authentication modes configured for the target account number are obtained through interaction with the private cloud platform when the private cloud platform logs in, the target third party authentication modes are determined, multiple choices are selected when a user logs in the private cloud platform by using the third party authentication modes, and the flexibility of the private cloud platform authentication is improved.

In another embodiment, determining the target third party authentication mode from the at least two third party authentication modes includes: acquiring service scene characteristics; sequencing the at least two third party authentication modes according to the service scene characteristics; and taking the third party authentication mode with highest sequencing priority as a target third party authentication mode.

The service scene features may include service features of a private cloud platform and scene environment features. The service features can be embodied according to the service types of the private cloud platform, and different service types have different requirements on the security of the authentication mode, the network environment and the like. The scene environment characteristics may include a network environment and a terminal environment. The network environment may include an intranet environment, an extranet environment, and a network state, among others. The terminal environment comprises the brand of the terminal equipment, the memory size of the terminal equipment, the equipment computing power and the like.

The working principles of different third party authentication modes are different, and the applicable scenes are different. I.e. the service scenario features applicable to different third party authentication modes are different. For example, CAS is a Single Sign On (SSO) solution that provides a centralized authentication and authorization service. The user can access all relevant applications only by logging on the CAS server once, without logging on each application separately. The CAS mode is mainly used for identity verification and authorization of an intranet environment.

OAuth is an authorization framework that allows users to authorize third party applications to access information they store on other services without revealing passwords. OAuth is mainly used for authentication and authorization on the internet, for example, a user may log in to a third party website using a platform (e.g., social platform) account number, without creating a new account number on the third party website. OAuth is therefore suitable for authentication and authorization on the internet.

In this embodiment, at least two third party authentication modes of the target account are ordered based on the service scene characteristics, and the third party authentication mode with the highest ordering priority is used as the target authentication mode. The target third party authentication mode can improve the success rate and the safety of the target account number for third party authentication on the private cloud platform by considering the matching degree of the service scene characteristics and the authentication mode.

The sequencing result of the third party authentication mode of each scene feature can be preset, and can also be calculated in real time based on the service scene features.

In another embodiment, determining the target third party authentication mode from the at least two third party authentication modes includes: based on the priority identifiers of the at least two third party authentication modes, taking the third party authentication mode with the highest priority as a target third party authentication mode; the authentication configuration information comprises priority identifiers of all the third party authentication modes.

The priority of the third party authentication mode can be preconfigured by a user during configuration, or can be calculated by the private cloud platform according to the service scene characteristics. The configuration information of each third party authentication mode stored in the database also comprises a priority identification of the third party authentication mode. The priority identification is used to indicate the priority level of the third party authentication mode. For example, identifier 1 indicates the highest priority, and identifier 2 indicates the priority order.

Wherein, the user can configure a plurality of third party authentication modes and the priority of each authentication mode in the configuration. The priority of each authentication mode can be determined according to the requirements of users, the requirements of platforms or the internal requirements of enterprises. For example, in order to disperse the pressure of the third party authentication mode in the enterprise, people with different authorities can be guided to set priorities of different third party authentication modes. For example, the higher the authority, the higher the security requirement, the authentication can be performed by adopting a third party authentication mode with the highest security, and the part of the crowd is guided to set the highest priority by adopting the third party authentication mode with the highest security.

The cloud platform server can set the priority of the third party authentication mode of the target account according to the service scene characteristics and the authority of the target account, and set the priority identification for each third party authentication mode.

The request terminal obtains the priority identification of each third party authentication mode according to the third party authentication configuration information, and takes the third party authentication mode with the highest priority as the target third party authentication mode. By adopting the method, the optimal target third authentication mode can be determined by the request terminal according to the priority identification by writing the priority into the configuration information without complex calculation of the terminal.

In another embodiment, when authentication of the target third party authentication mode fails, determining a third party authentication mode with the highest priority among the rest of the third party authentication modes as a target third party authentication mode, and performing authentication in the target third party authentication mode based on configuration information of the target third party authentication mode.

When the traditional private cloud platform logs in authentication, if only one third party authentication mode is bound, after the third party authentication mode fails, no other mode is available except for continuously trying the mode. If the verification server in this way is abnormal, there is no way to successfully log in the private cloud platform for a period of time.

In this embodiment, when authentication in the target third party authentication mode fails, the third party authentication mode with the highest priority among the remaining third party authentication modes is determined as the target third party authentication mode. For example, the rest of the plurality of third party authentication modes are ranked according to the service scene characteristics, and the third party authentication mode with the highest ranking priority in the rest of the plurality of third party authentication modes is used as the target third party authentication mode. For another example, based on priority identifiers of a plurality of third party authentication modes, the priority identifier is used as an authentication mode (such as a second authentication mode and a third authentication mode) arranged after the last use mode as a target third party authentication mode.

And for the redetermined target third party authentication mode, carrying out authentication by using the target third party authentication mode based on the configuration information of the target third party authentication mode, so that when the authentication of the last target third party authentication mode fails, the target third party authentication mode can be continuously determined based on the priority of the third party authentication mode, login authentication can be continuously carried out, and the success rate of login is improved.

For example, the first determined target third party authentication mode is open authorization (Open Authorization, OAuth), but login authentication fails based on OAuth, the re-determined target third party authentication mode is central authentication service (Central Authentication Service, CAS), and authentication is continued in CAS mode. It can be understood that when the CAS authentication fails, the target third party authentication mode can be continuously determined according to the priority, and authentication is performed in the target third party authentication mode until the login is successful or after all authentication modes fail to be used, reporting an exception.

In another embodiment, determining the target third party authentication mode from the at least two third party authentication modes includes: and acquiring opening identifiers of the third party authentication modes from the authentication configuration information, and determining a target third party authentication mode by the opened third party authentication modes.

Specifically, when the private cloud platform user is configured, one of the configuration authentication information can be selected from the third party authentication modes supported by the system, or the authentication information can be respectively configured from the third party authentication modes supported by the system, but only one of the configuration authentication information is selected to be opened. If multiple authentication modes are configured, the user can select one of the authentication modes according to the requirements at any time. For example, the third party authentication mode selected to be turned on at the first time is a central authentication service (Central Authentication Service, CAS), while other third party authentication modes may be selected to be turned on at the configuration page when the authentication server is busy or abnormal.

And distinguishing the third party authentication mode selected to be opened through the opening identification. For example, an open field is set in the database, and if the open field is "yes", it indicates that the third party authentication mode is in an open state. If the open field is "no", it indicates that the third party authentication mode is in the closed state.

The authentication configuration information returned by the private cloud platform server comprises configuration information of all configured third party authentication modes, and after receiving the authentication configuration information, the request terminal identifies the third party authentication configuration information in the authentication configuration information which is in an on state according to the on identification, determines the third party authentication configuration information as a target third party authentication mode, and performs authentication in the target third party authentication mode based on the configuration information of the target third party authentication mode.

And determining a target third party authentication mode through the opening identifier, and directly performing third party authentication based on the third party authentication mode which is pre-configured to be in an opening state without complex operation when a user logs in the private cloud platform.

In another embodiment, determining the target third party authentication mode from the at least two third party authentication modes includes: displaying the at least two third party authentication modes according to the authentication configuration information; and responding to a target third party authentication mode selected from the at least two third party authentication modes.

In this embodiment, after the authentication configuration information is obtained, at least two third party authentication modes are displayed in a list form. The user can select one of the third party authentication modes as the target third party authentication mode based on the requirement. The method has the advantage that the user actively selects the target third party authentication mode which is used for triggering, so that the flexibility is improved.

In another embodiment, when authentication of the target third party authentication mode fails, the remaining third party authentication modes are displayed, and authentication is performed in the target third party authentication mode based on configuration information of the target third party authentication mode in response to a target third party authentication mode selected from the remaining third party authentication modes.

In this embodiment, after authentication is frustrated by the target third party authentication mode with the highest priority or selected, the remaining third party authentication modes are displayed, and the user selects one of the remaining third party authentication modes as the target third party authentication mode. The third party authentication modes displayed can comprise all third party authentication modes, and used and failed third party authentication modes are distinguished by different identifications, so that a user can conveniently know the third party authentication modes which cannot be used currently. For example, the used and failed third party authentication mode is displayed in gray scale.

When the user selects a new target third party authentication mode from the rest third party authentication modes, the new target third party authentication mode is used for login authentication until the authentication is successful or the use of all authentication modes fails, and then the exception is reported.

In this embodiment, when authentication in the current target third party authentication mode fails, the user may continue to select the available target third party authentication mode to perform authentication, thereby improving the success rate of login.

In another embodiment, the authentication method of the private cloud platform further includes a configuration process of a third party authentication mode. As shown in fig. 5, the configuration process of the third party authentication mode includes:

Step 502, responding to a third party authentication configuration instruction, displaying a third party authentication mode provided by a private cloud platform, wherein the third party authentication mode provided by the private cloud platform comprises at least two modes.

Specifically, on a configuration page of the authentication mode, multiple third party authentication modes provided by a user display platform of the private cloud platform can be provided in advance, and in one of the third party authentication modes selected by a user, configuration information content required by the third party authentication mode is displayed, so that the user can configure the configuration conveniently.

And step 504, determining a third party authentication mode to be configured from the third party authentication modes provided by the private cloud platform, and displaying a configuration page of the third party authentication mode to be configured.

Configuration page of authentication method in one embodiment as shown in fig. 3, the authentication method is selected through a drop-down box of authentication type, and currently supported methods are the authentication methods of the main stream of central authentication service (Central Authentication Service, CAS), open authorization (Open Authorization, OAuth), and lightweight directory access protocol (Lightweight Directory Access Protocol, LDAP). Because the private cloud platform integrates a plurality of third party authentication modes in advance, a user only needs to configure the required third party authentication mode on the basis of the configuration page of the authentication mode, the user can flexibly modify the third party authentication mode and corresponding configuration information on the basis of the requirement, and the flexibility of the application of the third party authentication mode in the private cloud platform is improved.

And step 506, responding to the target configuration information configured on the configuration page of the third party authentication mode to be configured, and reporting the target configuration information of the third party authentication mode to be configured to the private cloud platform server for storage.

The third party authentication of the traditional private cloud platform has strong dependence on a butted three-party account system, for example, one private cloud system only supports one authentication mode, and the authentication modes required by different private cloud users are different. For example, the private cloud platform logs in with open authorization (Open Authorization, OAuth), but the delivered client a only has a central authentication service (Central Authentication Service, CAS) single sign-on system, the client B only has open authorization (Open Authorization, OAuth) to log in, the client C has both a central authentication service (Central Authentication Service, CAS) and open authorization (Open Authorization, OAuth) to log in, and the conventional method cannot cope with clients with strong customization demands.

By adopting the method of the embodiment, the private cloud platform is configured in the integrated multiple third party authentication modes for the application party of each private cloud platform, and the butted third party authentication modes are selected, for example, the OAuth login is performed, and if the subsequent requirement is to dock other OAuth or CAS account systems, the relevant configuration is directly modified in the configuration without modifying in the code.

The embodiment provides a solution for integrating multiple authentication modes of a cross-account system in a private cloud scene, which can integrate multiple login modes into a private cloud platform at the same time, is not limited to a login system, and realizes configurable cross-account system login. The method can be separated from the constraint of a customer third party account system, and as long as the customer account system meets the specification, the access scheme is completely configured by the customer in a self-defined way, and an unlimited type of third party login can be provided for a plurality of private cloud application parties.

The application also provides an authentication method of the private cloud platform, as shown in fig. 6, comprising the following steps:

step 602, an authentication configuration acquisition request sent by a request terminal is acquired, wherein the authentication configuration acquisition request is triggered based on an authentication request for a target account, and the authentication configuration acquisition request carries the target account.

Step 604, responding to the authentication configuration acquisition request, acquiring authentication configuration information of at least two third party authentication modes configured for the target account in advance, and returning the authentication configuration information to a request terminal; the authentication configuration information is used for indicating the request terminal to determine a target third party authentication mode from the at least two third party authentication modes; and carrying out authentication in the target third party authentication mode based on the configuration information of the target third party authentication mode.

In one embodiment, an authentication method of a private cloud platform, as shown in fig. 7, includes:

and step 1, triggering an authentication request by the request terminal based on the target account number.

And 2, the request terminal responds to the authentication request and sends an authentication configuration acquisition request to the private cloud request server, wherein the authentication configuration acquisition request carries the target account.

And step 3, the request server sends an authentication configuration acquisition request to the private cloud back-end server.

And step 4, the back-end server acquires authentication configuration information of at least two third party authentication modes configured for the target account in advance.

And step 5, the back-end server feeds the authentication configuration information back to the request server.

And 6, the request server receives the authentication configuration information returned by the back-end server, removes sensitive data from the authentication configuration information, and returns the processed authentication configuration information to the request terminal.

And 7, the request terminal receives the authentication configuration information of the target account.

And 8, the request terminal determines a target third party authentication mode based on the authentication configuration information, for example, the target third party authentication mode is obtained by filtering the opened configuration from the configuration list.

And 9, the request terminal interacts with a third party authentication server based on the configuration information of the target third party authentication mode, and performs authentication in the target third party authentication mode.

In this embodiment, oauth or cas is taken as an example, and step 9 is described. As shown in figure 7 of the drawings,

when the target third party authentication mode is open authorization (Open Authorization, OAuth) login, step 9 specifically includes:

1. the request terminal acquires OAuth verification authorization information url (Uniform Resource Locator ) and client ID (client) from the authentication configuration information, and the client ID (client) is spliced to the verification authorization url and then jumps to the OAuth verification server.

And 2, after the request terminal jumps to an open authorization (Open Authorization, OAuth) authorization page, the client clicks to grant authorization, and the OAuth verification server can carry a verification password (code) to jump back to the private cloud system.

And 3, the request terminal intercepts a verification password (code) and sends a request to the private cloud request server.

4, the request server sends a request to the OAuth authentication service to obtain an access token (accessToken) address with the authentication password (code) and the client configured password (secret).

5, the oauth authentication server returns an access token (accessToken) to the requesting server.

And 6, the request server sends a request for the access token (accessToken) to the back-end account service, and the back-end service carries the access token (accessToken) to the OAuth verification server to acquire user information url and sends a request for acquiring user information.

And 7, after the OAuth verification server returns the user information, the back-end service combines the user information field matching in the configuration to create the user and writes the user into the database.

And 8, creating a login state for the newly created user, returning the login state to the front end, and finishing login by Oauth.

When the target third party authentication mode is the central authentication service (Central Authentication Service, CAS) login, step S9 includes:

1. the request terminal acquires url logged in by the CAS and splices a service address to the url to jump.

2. After jumping to the CAS login page, the user inputs a user name password, and after the CAS verifies the user information successfully, an identity bill (ticket) is generated, and the identity bill (ticket) is jumped to a service address (private cloud system).

3. The private cloud system requests the terminal to obtain an identity bill (ticket) and then sends a request to a request server.

4. The request server sends a request to a back-end account service carrying an identity ticket (ticket), and the back-end service sends a request to a configured cas verification ticket url carrying the identity ticket (ticket)

5. And after the ticket is checked successfully by the Cas server, the user information is returned to the back-end server.

6. The back-end server creates the user in combination with the user information field matching in the configuration and writes to the database.

7. And creating a login state for the newly created user, returning to the front end, and finishing login by the Cas.

The authentication method of the private cloud platform can integrate any third party account system into the private cloud system, supports the current mainstream login system (such as oauth, cas, ldap and other enterprise platforms), is not limited to a specific oauth system or cas system, and can switch among various account systems by users. Further, any third party account system may be configured. While the configuration of the various account systems is to support visual configuration.

It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.

Based on the same inventive concept, the embodiment of the application also provides an authentication device of the private cloud platform for realizing the authentication method of the private cloud platform. The implementation scheme of the solution to the problem provided by the device is similar to the implementation scheme described in the above method, so the specific limitation in the embodiments of the authentication device for one or more private cloud platforms provided below may refer to the limitation of the authentication method for the private cloud platform hereinabove, and will not be repeated herein.

In one embodiment, as shown in fig. 8, there is provided an authentication apparatus of a private cloud platform, including:

the request processing module 802 is configured to respond to an authentication request triggered based on a target account, send an authentication configuration acquisition request to a private cloud platform server, where the authentication configuration acquisition request carries the target account, and the authentication configuration acquisition request is configured to instruct that authentication configuration information of at least two third party authentication modes configured in advance for the target account is acquired from the private cloud platform server, and return the authentication configuration information to a request terminal.

The information processing module 804 is configured to receive the authentication configuration information of the target account returned by the private cloud platform server, and determine a target third party authentication mode from the at least two third party authentication modes.

The authentication processing module 806 is configured to perform authentication in the target third party authentication mode based on the configuration information of the target third party authentication mode.

According to the authentication device of the private cloud platform, the authentication configuration information of at least two third party authentication modes is configured for the target account number of the private cloud platform in advance, when a user requests to use the third party authentication modes, the authentication configuration information of the at least two third party authentication modes configured for the target account number is obtained through interaction with the private cloud platform, the target third party authentication mode is determined from the at least two third party authentication modes, and the third party authentication is performed in the target third party authentication mode. According to the method, multiple third party authentication modes can be preset for the target account number of the private cloud, at least two third party authentication modes configured for the target account number are obtained through interaction with the private cloud platform when the private cloud platform logs in, the target third party authentication modes are determined, multiple choices are selected when a user logs in the private cloud platform by using the third party authentication modes, and the flexibility of the private cloud platform authentication is improved.

In another embodiment, the information processing module is configured to obtain a service scene feature; sequencing the at least two third party authentication modes according to the service scene characteristics; and taking the third party authentication mode with highest sequencing priority as a target third party authentication mode.

In another embodiment, the information processing module is configured to use a third party authentication mode with a highest priority as the target third party authentication mode based on the priority identifiers of the at least two third party authentication modes; the authentication configuration information comprises priority identifiers of all the third party authentication modes.

In another embodiment, the information processing module is configured to determine, as the target third party authentication mode, a third party authentication mode with a highest priority among the remaining third party authentication modes when authentication by the target third party authentication mode fails.

In another embodiment, the information processing module is configured to obtain an opening identifier of each third party authentication mode from the authentication configuration information, and determine a target third party authentication mode according to the opened third party authentication mode.

In another embodiment, the information processing module is configured to display the at least two third party authentication modes according to the authentication configuration information; and responding to a target third party authentication mode selected from the at least two third party authentication modes.

In another embodiment, the information processing module is configured to display a remaining third party authentication mode when authentication in the target third party authentication mode fails, and respond to a target third party authentication mode selected from the remaining third party authentication modes.

In another embodiment, the system further comprises a configuration module, configured to respond to a third party authentication configuration instruction, and display a third party authentication mode provided by the private cloud platform, where the third party authentication mode provided by the private cloud platform includes at least two types; determining a third party authentication mode to be configured from third party authentication modes provided by the private cloud platform, and displaying a configuration page of the third party authentication mode to be configured; and responding to target configuration information configured on a configuration page of a third party authentication mode to be configured, and reporting the target configuration information of the third party authentication mode to be configured to the private cloud platform server for storage.

In one embodiment, as shown in fig. 9, there is provided an authentication apparatus of a private cloud platform, including:

a configuration request module 902, configured to obtain an authentication configuration obtaining request sent by a request terminal, where the authentication configuration obtaining request is triggered based on an authentication request for a target account, and the authentication configuration obtaining request carries the target account;

the configuration processing module 904 is configured to respond to the authentication configuration acquisition request, acquire authentication configuration information of at least two third party authentication modes configured for the target account in advance, and return the authentication configuration information to a request terminal; the authentication configuration information is used for indicating the request terminal to determine a target third party authentication mode from the at least two third party authentication modes; and carrying out authentication in the target third party authentication mode based on the configuration information of the target third party authentication mode.

All or part of the modules in the authentication device of the private cloud platform can be realized by software, hardware and a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

In one embodiment, a computer device is provided, which may be a server, and the internal structure of which may be as shown in fig. 10. The computer device includes a processor, a memory, an Input/Output interface (I/O) and a communication interface. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface is connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used for storing configuration data of the third party authentication mode. The input/output interface of the computer device is used to exchange information between the processor and the external device. The communication interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements an authentication method for a private cloud platform.

It will be appreciated by those skilled in the art that the structure shown in FIG. 10 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements may be applied, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.

In one embodiment, a computer device is provided, including a memory and a processor, where the memory stores a computer program, and the processor implements the steps of the authentication method of the private cloud platform of each of the embodiments described above when the computer program is executed.

In one embodiment, a computer readable storage medium is provided, on which a computer program is stored, which when executed by a processor implements the steps of the authentication method of the private cloud platform of the above embodiments.

In one embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the authentication method of the private cloud platform of the embodiments described above.

It should be noted that, the user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or sufficiently authorized by each party, and the collection, use and processing of the related data need to comply with the related laws and regulations and standards of the related country and region.

Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.

The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.

The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.

Claims

1. An authentication method of a private cloud platform, the method comprising:

2. The method according to claim 1, wherein determining a target third party authentication mode from the at least two third party authentication modes comprises any one of the following modes:

first kind:

acquiring service scene characteristics;

sequencing the at least two third party authentication modes according to the service scene characteristics;

taking the third party authentication mode with highest sequencing priority as a target third party authentication mode;

second kind:

based on the priority identifiers of the at least two third party authentication modes, taking the third party authentication mode with the highest priority as a target third party authentication mode; the authentication configuration information comprises priority identifiers of all the third party authentication modes.

3. The method according to claim 2, wherein when authentication in the target third party authentication mode fails, determining a third party authentication mode with the highest priority among the remaining third party authentication modes as a target third party authentication mode, and executing the step of performing authentication in the target third party authentication mode based on the configuration information of the target third party authentication mode.

4. The method of claim 1, wherein determining a target third party authentication mode from the at least two third party authentication modes comprises:

and acquiring opening identifiers of the third party authentication modes from the authentication configuration information, and determining a target third party authentication mode by the opened third party authentication modes.

5. The method of claim 1, wherein determining a target third party authentication mode from the at least two third party authentication modes comprises:

displaying the at least two third party authentication modes according to the authentication configuration information;

and responding to a target third party authentication mode selected from the at least two third party authentication modes.

6. The method according to claim 2 or 5, wherein when authentication in the target third party authentication mode fails, the remaining third party authentication modes are presented, the step of authenticating in the target third party authentication mode based on configuration information of the target third party authentication mode is performed in response to a target third party authentication mode selected from the remaining third party authentication modes.

7. The method according to claim 1, wherein the method further comprises:

Responding to a third party authentication configuration instruction, displaying a third party authentication mode provided by a private cloud platform, wherein the third party authentication mode provided by the private cloud platform comprises at least two types;

determining a third party authentication mode to be configured from third party authentication modes provided by the private cloud platform, and displaying a configuration page of the third party authentication mode to be configured;

and responding to target configuration information configured on a configuration page of a third party authentication mode to be configured, and reporting the target configuration information of the third party authentication mode to be configured to the private cloud platform server for storage.

8. An authentication method of a private cloud platform, the method comprising:

9. An authentication device of a private cloud platform, the device comprising:

10. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 8 when the computer program is executed.