CN117857153A - SSO authentication method and system integrating single sign-on of multiple sets of domain users - Google Patents
SSO authentication method and system integrating single sign-on of multiple sets of domain users Download PDFInfo
- Publication number
- CN117857153A CN117857153A CN202311783150.XA CN202311783150A CN117857153A CN 117857153 A CN117857153 A CN 117857153A CN 202311783150 A CN202311783150 A CN 202311783150A CN 117857153 A CN117857153 A CN 117857153A
- Authority
- CN
- China
- Prior art keywords
- sso
- user
- authentication
- module
- single sign
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 17
- 238000012795 verification Methods 0.000 claims abstract description 19
- 230000007246 mechanism Effects 0.000 claims abstract description 13
- 230000010354 integration Effects 0.000 claims abstract description 10
- 230000009191 jumping Effects 0.000 claims abstract description 4
- 230000005540 biological transmission Effects 0.000 claims description 4
- 238000013507 mapping Methods 0.000 claims description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses an SSO authentication method and system integrating single sign-on of multiple sets of domain users. The method comprises the following steps: s1, a user logs in a system and performs verification; s2, calling SSO authentication by the system through a Filter mechanism; s3, displaying whether the verification is successful or not by the system, and jumping to a corresponding interface. The system comprises a user login module, an authentication module, an SSO service integration module, a front-end display module and a database. The invention solves the authentication problem in the multi-SSO environment, ensures the safety of the system, improves the user experience and the system expansibility, and has high practical value and application prospect.
Description
Technical Field
The invention relates to the technical field of software operation and maintenance, in particular to an SSO authentication method and system integrating single sign-on of multiple sets of domain users.
Background
SSO (Single Sign On), single sign on. SSO is a system that is heavy in multiple applications, and a user only needs to log in once to access all mutually trusted applications. It includes a mechanism that can map this primary login to a login for the same user in other applications. It is one of the solutions for business integration of enterprises that are currently popular. One popular definition of SSO is that the same user accessing protected resources in different applications of the same server only needs to log in once, i.e. after passing the security verification in one application, when accessing the protected resources in other applications, does not need to log in again for verification.
With the complexity and diversification of modern enterprise information systems, enterprises often use a plurality of different Single Sign On (SSO) services to ensure the security and independence of the respective systems. Because different systems or applications may employ different SSO authentication mechanisms, this presents the end user with the hassle of logging in multiple times, thereby reducing the user's work efficiency and use experience. Therefore, how to implement a centralized, efficient and safe authentication manner becomes a problem to be solved at present.
Disclosure of Invention
In order to solve the problems, the invention provides an SSO authentication system integrating single sign-on of multiple sets of domain users, which comprises a user login module, an authentication module, an SSO service integration module, a front-end display module and a database; the user login module is used for providing a unified login inlet; the authentication module is used for automatically mapping the URI to the SSO through a Filter mechanism; the SSO service integration module is used for integrating various SSO authentication services; the front-end display module is used for displaying user login information and corresponding website information; the database is used for storing authentication information of the user and configuration data of the SSO service.
Further, the plurality of SSO authentication services includes: oauth2.0, SAML, openID Connect.
Further, the authentication information of the user includes: account name, account password, cell phone number, mailbox number.
Further, the system also comprises a safety management module; the security management module is used for setting a unified security policy for the system; the security policy includes: HTTPS encrypts transmissions, token expiration policies.
An SSO authentication method integrating single sign-on of multiple sets of domain users comprises the following steps: s1, a user logs in a system and performs verification; s2, calling SSO authentication by the system through a Filter mechanism; s3, displaying whether the verification is successful or not by the system, and jumping to a corresponding interface.
Further, the step S2 specifically includes: the SSO service generates a token and redirects the front-end application while passing the token as a parameter.
Further, the step S3 includes the following substeps: after the verification is successful, the system authorizes the user to access the permission and jumps to the corresponding webpage interface; when the verification fails, the system prompts that the verification fails and jumps to an error page.
Further, the method also comprises the following pre-steps: s01, configuring SpringBoot Filter; s02, integrating various SSO authentication services in a unified module, and generating a unified API interface.
The invention provides an SSO authentication method and system integrating single sign-on of multiple sets of domain users, which have the following beneficial effects:
(1) The invention solves the authentication problem in the multi-SSO environment, ensures the safety of the system, improves the user experience and the system expansibility, and has high practical value and application prospect. The user does not need to memorize a plurality of login entries or log in for a plurality of times, and can access a plurality of applications or systems only through one unified entry, so that the use experience of the user is greatly improved.
(2) The invention adopts a forwarding mechanism based on URI, and enterprises can freely configure which URI requests need to be forwarded to which SSO services for authentication according to own service requirements, thereby realizing high customization and flexibility; through centrally managed filters, enterprises can centrally process authentication logic, and potential security risks can be more easily discovered and repaired.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to the structures shown in these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method provided by the present invention;
fig. 2 is a schematic diagram of a system structure provided by the present invention.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The following detailed description of embodiments of the invention, taken in conjunction with the accompanying drawings, illustrates only some, but not all embodiments, and for the sake of clarity, illustration and description not related to the invention is omitted in the drawings and description.
The technical scheme of the present invention is selected from the following detailed description in order to more clearly understand the technical features, objects and advantageous effects of the present invention. It will be apparent that the described embodiments are some, but not all, embodiments of the invention and should not be construed as limiting the scope of the invention which can be practiced. All other embodiments, which can be made by a person of ordinary skill in the art based on the embodiments of the present invention without making any inventive effort, are within the scope of the present invention.
As shown in fig. 2, the invention provides an SSO authentication system integrating single sign-on of multiple sets of domain users, which comprises a user login module, an authentication module, an SSO service integration module, a front-end display module and a database; the user login module is used for providing a unified login inlet; the authentication module is used for automatically mapping the URI to the SSO through a Filter mechanism; the SSO service integration module is used for integrating various SSO authentication services; the front-end display module is used for displaying user login information and corresponding website information; the database is used for storing authentication information of the user and configuration data of the SSO service.
Among the various SSO authentication services are: oauth2.0, SAML, openID Connect.
The authentication information of the user includes: account name, account password, cell phone number, mailbox number.
The system also comprises a safety management module; the security management module is used for setting a unified security policy for the system; the security policy includes: HTTPS encrypts transmissions, token expiration policies.
As shown in fig. 1, an SSO authentication method for integrating single sign-on of multiple sets of domain users includes the following steps: s1, a user logs in a system and performs verification; s2, calling SSO authentication by the system through a Filter mechanism; s3, displaying whether the verification is successful or not by the system, and jumping to a corresponding interface.
The method also comprises the following pre-steps: s01, configuring SpringBoot Filter; s02, integrating various SSO authentication services in a unified module, and generating a unified API interface.
The step S2 specifically comprises the following steps: the SSO service generates a token and redirects the front-end application while passing the token as a parameter.
The step S3 comprises the following substeps: after the verification is successful, the system authorizes the user to access the permission and jumps to the corresponding webpage interface; when the verification fails, the system prompts that the verification fails and jumps to an error page.
Examples:
an SSO authentication system integrating single sign-on of multiple sets of domain users, the system architecture design comprises: front end user interface: providing a unified login inlet for a user; authentication forwarding Filter: the automatic mapping from URI to SSO service is realized by utilizing a Filter mechanism of SprinBoot; SSO service integration module: integrating multiple SSO authentication services, such as OAuth2.0, SAML, openID Connect, etc.; unified authentication database: authentication information of the user and configuration data of the SSO service are stored.
The filter mechanism of SpringBoot: and intercepting the incoming request by utilizing a Filter function built in the Spring Boot. Through this Filter we can identify and parse the URI that needs to be authenticated and forward it to the corresponding SSO service according to predefined rules.
SSO protocol integration: integrates multiple SSO authentication protocols, such as oauth2.0, SAML, etc., and provides a unified API interface so that filters can seamlessly interact with various SSO services.
Security policy: and the HTTPS encryption transmission is adopted, so that the privacy and safety of the user data are ensured. Meanwhile, a Token expiration policy is set to prevent the session which is not operated for a long time from being maliciously utilized.
The implementation steps of the system scheme comprise:
configuration SpringBoot Filter: in the SpringBoot project, java classes can be defined directly and marked as Filter using @ Component annotation.
Integrating SSO services: various SSO services are integrated in a unified module and a unified API interface is provided for Filter calls.
Load balancing: for a large number of authentication requests, a Spring Cloud load balancing policy may be used to spread the requests over multiple SSO service instances for processing.
The invention solves the authentication problem in the multi-SSO environment, ensures the safety of the system, improves the user experience and the system expansibility, and has high practical value and application prospect. The user does not need to memorize a plurality of login entries or log in for a plurality of times, and can access a plurality of applications or systems only through one unified entry, so that the use experience of the user is greatly improved.
The invention adopts a forwarding mechanism based on URI, and enterprises can freely configure which URI requests need to be forwarded to which SSO services for authentication according to own service requirements, thereby realizing high customization and flexibility; through centrally managed filters, enterprises can centrally process authentication logic, and potential security risks can be more easily discovered and repaired.
The foregoing is merely a preferred embodiment of the invention, and it is to be understood that the invention is not limited to the form disclosed herein but is not to be construed as excluding other embodiments, but is capable of numerous other combinations, modifications and environments and is capable of modifications within the scope of the inventive concept, either as taught or as a matter of routine skill or knowledge in the relevant art. And that modifications and variations which do not depart from the spirit and scope of the invention are intended to be within the scope of the appended claims.
Claims (8)
1. The SSO authentication system integrating single sign-on of the multiple sets of domain users is characterized by comprising a user sign-on module, an authentication module, an SSO service integration module, a front-end display module and a database;
the user login module is used for providing a unified login inlet;
the authentication module is used for automatically mapping the URI to the SSO through a Filter mechanism;
the SSO service integration module is used for integrating various SSO authentication services;
the front-end display module is used for displaying user login information and corresponding website information;
the database is used for storing authentication information of the user and configuration data of the SSO service.
2. The SSO authentication system for integrated multi-domain user single sign-on of claim 1, wherein the plurality of SSO authentication services comprises: oauth2.0, SAML, openID Connect.
3. The SSO authentication system for single sign-on for an integrated multi-domain user of claim 1, wherein the authentication information for the user comprises: account name, account password, cell phone number, mailbox number.
4. The SSO authentication system for single sign-on for integrated multi-domain users of claim 1, further comprising a security management module; the security management module is used for setting a unified security policy for the system; the security policy includes: HTTPS encrypts transmissions, token expiration policies.
5. An SSO authentication method for single sign-on of an integrated multi-domain user, based on the SSO authentication system for single sign-on of an integrated multi-domain user according to any one of claims 1 to 4, comprising the steps of: s1, a user logs in a system and performs verification; s2, calling SSO authentication by the system through a Filter mechanism; s3, displaying whether the verification is successful or not by the system, and jumping to a corresponding interface.
6. The SSO authentication method for single sign-on of integrated multi-domain users according to claim 5, wherein the step S2 specifically includes: the SSO service generates a token and redirects the front-end application while passing the token as a parameter.
7. The SSO authentication method for integrated multi-domain user single sign-on of claim 5, wherein the step S3 comprises the sub-steps of: after the verification is successful, the system authorizes the user to access the permission and jumps to the corresponding webpage interface; when the verification fails, the system prompts that the verification fails and jumps to an error page.
8. The SSO authentication method for single sign-on for an integrated multi-domain user of claim 5 further comprising a pre-step of: s01, configuring SpringBoot Filter; s02, integrating various SSO authentication services in a unified module, and generating a unified API interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311783150.XA CN117857153A (en) | 2023-12-22 | 2023-12-22 | SSO authentication method and system integrating single sign-on of multiple sets of domain users |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311783150.XA CN117857153A (en) | 2023-12-22 | 2023-12-22 | SSO authentication method and system integrating single sign-on of multiple sets of domain users |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117857153A true CN117857153A (en) | 2024-04-09 |
Family
ID=90529803
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311783150.XA Pending CN117857153A (en) | 2023-12-22 | 2023-12-22 | SSO authentication method and system integrating single sign-on of multiple sets of domain users |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117857153A (en) |
-
2023
- 2023-12-22 CN CN202311783150.XA patent/CN117857153A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110603802B (en) | Cross-region trust of multi-tenant identity cloud service | |
| CN107852417B (en) | Multi-tenant identity and data security management cloud service | |
| CN109565505B (en) | Tenant self-service troubleshooting for multi-tenant identity and data security management cloud services | |
| CN110622484B (en) | Local write of multi-tenant identity cloud service | |
| CN109639687B (en) | Systems, methods, and media for providing cloud-based identity and access management | |
| US11651357B2 (en) | Multifactor authentication without a user footprint | |
| US11012444B2 (en) | Declarative third party identity provider integration for a multi-tenant identity cloud service | |
| CN109565511B (en) | Tenant and service management for multi-tenant identity and data security management cloud services | |
| CN112913208B (en) | Multi-tenant identity cloud service with in-house deployed authentication integration and bridge high availability | |
| US20190238598A1 (en) | Dynamic client registration for an identity cloud service | |
| WO2017196774A1 (en) | Multi-tenant identity and data security management cloud service | |
| WO2021050169A1 (en) | Multi-tenant identity cloud service with on-premise authentication integration | |
| US11611548B2 (en) | Bulk multifactor authentication enrollment | |
| CN117857153A (en) | SSO authentication method and system integrating single sign-on of multiple sets of domain users |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |