CN104301418B - A kind of cross-domain single login system and login method based on SAML - Google Patents
A kind of cross-domain single login system and login method based on SAML Download PDFInfo
- Publication number
- CN104301418B CN104301418B CN201410570561.5A CN201410570561A CN104301418B CN 104301418 B CN104301418 B CN 104301418B CN 201410570561 A CN201410570561 A CN 201410570561A CN 104301418 B CN104301418 B CN 104301418B
- Authority
- CN
- China
- Prior art keywords
- domain
- user
- cross
- module
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of cross-domain single login system and login method based on SAML, including cross-domain access center module, single-sign-on subsystem module and user management subsystem module in domain, yu nei single-sign-on control centre module, wherein cross-domain access center module includes cross-domain user data map synchronization module, multilevel field domain ID generation module, multilevel field access registrar interface module.The cross-domain single login system uses the establishment of cross-domain access center, by the cross-domain certification of unification that certification lifting has been arrived between multilevel field in the domain of multilevel field, pass through the integration of unified certification source, the entrance of multilevel field is integrated together, become highly efficient, the time that user accesses multilevel field is saved, improves authentication efficiency.
Description
Technical field
The invention belongs to the integration management technical field applied to Web, is related to a kind of cross-domain single based on SAML and logs in
System, further relate to the cross-domain single login method of above-mentioned cross-domain single login system.
Background technology
Single sign on mechanism by single-sign-on server end (server) and be integrated in and participate in single-sign-on application end
Client (client) forms.Known single sign on mechanism substantially uses the form of bill, recognizes to store user first
The relevant information after passing through is demonstrate,proved, concrete operations flow is:It is first when user accesses some application first for multi-application system
First it is directed into authentication center and carries out system login, according to user login information, authentication center carries out authentication;If checking
By, authentication center to user's surrender of bills (ticket);The ticket can be carried when so user accesses other application again automatically
According to as the authority of certification, ticket is sent to authentication center's progress first after application receives the access request of user
Effect, check whether ticket is legal;If checking is legal, user need not log in again may have access to other application, be referred to as
For " once logging in, multi-party certification ".
At present, the popular solution of single-sign-on field be Yale universities initiate Verification System, referred to as CAS,
As Center Authentication Service, its principle are identical with above-mentioned single sign on mechanism.The deficiencies in the prior art
It is can only solve the single-sign-on in domain, does not suggest that the integration for multi-domain authentication, in the case of multilevel field, user is present
Belong to the situation that subdomain A belongs to subdomain B again.And user when accessing the application in possessed A, B domain, it is necessary to by different
A, B realm entries conduct interviews.And the judgement of authority is not put into single-sign-on by existing technology, that is, it is exactly that user can
Applied with entering, but user can not be controlled to enter the fine granularity applied.
The content of the invention
It is an object of the invention to provide a kind of cross-domain single login system based on SAML, solve and exist in the prior art
Same user access not same area when need to log in respectively by different realm entries and can not control user enter application it is thin
The technical problem of granularity.
The present invention also provides the cross-domain single login method of above-mentioned cross-domain single login system.
First technical scheme provided by the invention is a kind of cross-domain single login system based on SAML, including cross-domain visit
Ask center module, single-sign-on subsystem module, user management subsystem module in domain and Yu Nei single-sign-ons control centre mould
Block;Cross-domain access center module, for synchronizing user data, the management of domain ID generation, multilevel field access registrar interface;It is single in domain
Point logs in subsystem, for being authenticated when user carries out multilevel field login to user, and if returning to what user can access
Dry multilevel field;When user management subsystem module in domain accesses application for user in domain, application access rights in domain are carried out
Distribution, and the HTTP access requests of user are intercepted, request content is compared with the authority information in user's bill,
Realize the control for access privilege;Yu nei single-sign-on control centre module is the mould for configuring single-sign-on in domain
Block, it is included to multilevel field ID registrations, the configuration of single-sign-on subsystem certification source in domain.
The characteristics of the first technical scheme of the present invention, also resides in,
Cross-domain access center module includes cross-domain user data map synchronization module, multilevel field domain ID generation module, multistage
Domain browsing authentication interface module;Cross-domain user data map synchronization module is that cross-domain access center issues synchronously connecing for user data
Mouthful, for the map information of domain id information and user to be packaged, cross-domain access center is synchronized in the lump;Multilevel field domain ID moulds
Block is the unique mark for generating multilevel field, includes multilevel field ID generation;Multilevel field access registrar interface module is used to carry
Parsed for the unique unified certification source of multilevel field, including comparing, data, for the user of multilevel field to be passed through into user data
The mode of mapping is synchronized in unified certification source.
Another technical scheme provided by the invention is the method for the cross-domain single login of above-mentioned cross-domain single login system,
Comprise the following steps:
Step 1, cross-domain certification registration, detailed step is as follows,
1.1. single-node login system in domain is disposed:Distinguish typing user data using user management subsystem module in domain, that is, use
Name in an account book and password, the user data of typing are needed using the identification card number of user as unique identification information, are so easy to by user
When data syn-chronization is to cross-domain access center, there is provided can foundation user's mapping relations;
1.2. it is single-node login system application domain ID in the domain of distribution, multistage is utilized by single-node login system keeper in domain
Domain domain ID modules application domain single-node login system SSOID, the domain ID that multilevel field domain ID modules are provided by cross-domain access center
Generate interface, by domain ID generation, while be retained in the storage of cross-domain access center and subdomain, be easy to provide data access,
In data synchronization process, the source of user data is represented, the description information of single-sign-on subsystem in domain;
1.3. it is same the user data of single-sign-on subsystem in domain to be subjected to data by single-node login system keeper in domain
Step, in the mapping data synchronization process of user, the map information of domain id information and user is packaged, be synchronized in the lump across
Domain browsing center, each user thus identified in cross-domain access center maps the data source of data, then by cross-domain
The data-interface of user data mapping synchronization module is received, processes user data mapping relations;
1.4. in yu nei single-sign-on control centre module, the certification mode in domain is arranged to cross-domain list by certification in domain
Point logs in;
Step 2, cross-domain authentication service is carried out, realizes that user's cross-domain single logs in, comprises the following steps that:
2.1. user SSO in domain is logged in, and inputs username and password, SSO will call cross-domain access center first in domain
Authentication service, the information submitted to user is verified, after being proved to be successful, all domain browsings for having authorized of the user are arranged
Table returns;
2.2. user selects to need the subdomain accessed, and cross-domain access center module leads user to go subdomain to be verified, when
Subdomain checking user is cross-domain log in successfully after, call subdomain authority management module method obtain user right information, will
Authority information is packaged, and issues the credential information of user's subdomain, and returns to the list of application of user's subdomain;
2.3. user selects to need the list of application accessed, and subdomain SSO proxy user accesses application, stepped on by single-point in domain
After the validity of recording system checking subdomain voucher, application message is returned to.
The invention has the advantages that present invention employs the establishment of cross-domain access center, by certification in the domain of multilevel field
The cross-domain certification of unification between multilevel field has been lifted, by the integration of unified certification source, the entrance of multilevel field has been incorporated into
Together, become highly efficient, save the time that user accesses multilevel field, improve authentication efficiency.In addition, to list in the present invention
Point logs in the optimization of client, and employ filter interception request content is compared with bill, controls user and accesses application
Granularity, overcome original single-sign-on can only control access apply this layer the problem of, realize for user, application
The more careful operation of rights management.
Brief description of the drawings
Fig. 1 is the cross-domain single login system general frame figure of the present invention;
Fig. 2 is the cross-domain single login method of the present invention;
Fig. 3 is the cross-domain authentication service flow of the present invention.
Embodiment
With reference to the accompanying drawings and examples, the embodiment of the present invention is further described.
The cross-domain single login system of the present invention, as shown in figure 1, including single-sign-on in cross-domain access center module, domain
Subsystem module, user management subsystem module in domain and yu nei single-sign-on control centre module.
Cross-domain access center module is for synchronizing user data, domain ID generation, multilevel field access registrar interface management
Module, it includes cross-domain user data map synchronization module, multilevel field domain ID generation module, multilevel field access registrar interface mould
Block, it is described in detail as follows:
(1) cross-domain user data map synchronization module issues the sync cap of user data, interface for cross-domain access center
Content includes synchronized update, modification, deletes user data, is implemented as user and extracts number of users from subdomain by subdomain interface
It is believed that breath, subdomain id information, are packaged in subdomain, are then passed to cross-domain access center by Data synchronization interface.With
In the mapping data synchronization process at family, the map information of domain id information and user can be packaged, be synchronized to cross-domain visit in the lump
Center is asked, each user thus identified in cross-domain access center maps the data source of data.
(2) multilevel field domain ID modules are the unique marks for generating multilevel field, include multilevel field ID generation, for
It each take part in cross-domain multilevel field and distribute domain ID, after the completion of multilevel field deployment, keeper is given birth to using the domain ID of multilevel field
Into function, the domain ID generation interface that is provided by cross-domain access center, by domain ID generation, at the same be retained in cross-domain access center and
In the storage of subdomain.
(3) multilevel field access registrar interface module is to be used to provide multilevel field unique unified certification source, including data ratio
To the parsing of, data, for the user of multilevel field to be synchronized in unified certification source by way of user data mapping, this is realized
A bit, the user in each subdomain of multilevel field has identical unique identification information, in the process of user data synchronization
In, the user profile of identical unique mark is stored under same back end, and each subdomain of user is store under back end
Different username and password information.
Single-sign-on subsystem in domain, for being user when carrying out multilevel field login authentication, it is desirable to provide user is only
One mark, user name, password (wherein username and password can be user name of the user in arbitrarily-shaped domain, password), user is stepping on
After recording successfully, several multilevel fields that user can access can be returned to, the multilevel field that then user selects to need to access is visited
Ask.After user selects the multilevel field that needs access, that is, jump in domain in single-node login system, believed by parsing user identity
Breath, gets the list of application that can be accessed.
When user management subsystem module in domain is for accessing application in domain, there is provided user applies the mould of access rights management
Block, its structure are used to carry out the distribution that user applies access rights in domain.User's single-sign-on subsystem in domain accesses should
Used time, the use of single-sign-on is the client ends that application system configures, the HTTP access requests of user is intercepted, with user
Authority information in bill is compared, and is let pass for the request for meeting authority information, so as to reach and be accessed for user
The control of authority.
Yu nei single-sign-on control centre module is the module for configuring single-sign-on in domain, and it is included to multilevel field ID
Registration, single-sign-on subsystem certification source in domain configuration, its structure are used for when carrying out multistage domain browsing, it is necessary first to pass through
Web Service interface returns to multilevel field ID, and domain ID is stored in cross-domain access center application multilevel field ID after success
In local Ldap databases;Single-sign-on subsystem certification source in domain is changed secondly by the information in modification configuration file
For multilevel field access registrar source.Yu Nei single-sign-ons control centre, carried out for single-sign-on in current domain on framework
Transformation, source selection can be authenticated for multilevel field user, for multilevel field, user both can select the certification source in domain to enter
Privately owned certification in row domain, can also select cross-domain certification source, participate in the cross-domain certification of multilevel field.
Cross-domain login mode
User has two kinds of cross-domain login modes:Domain logs in universe and accessed and client login universe access.
Domain logs in:User logs in the SSO certifications success of any one domain, and domain SSO will show that this domain and other domains are addressable
Application resource access list, there is provided the access that user has been authorized;
Client logs in:User is logged in by client, and the institute of the user-accessible is listed in client application list
There is the application resource access list in domain.User clicks on application resource, and client browser opens domain application system interface offer
User conducts interviews into the system.
Cross-domain certification register flow path
Represent that account ID- intra domain user information MAPs are managed using user's unique mark in podium level, wherein in domain
User profile synchronizes data management by cross-domain access center and intra domain user management system.Each application layer authority is by each
Subdomain is responsible for distributing, as shown in Fig. 2
Step 1, single-node login system in domain is disposed:Distinguish typing user data using user management subsystem module in domain, i.e.,
Username and password, the user data of typing need using the identification card number of user as unique identification information, are so easy to use
When user data is synchronized to cross-domain access center, there is provided can foundation user's mapping relations;
Step 2, it is single-node login system application domain ID in the domain of distribution, is utilized by single-node login system keeper in domain more
Level domain domain ID modules application domain single-node login system SSOID, the domain that multilevel field domain ID modules are provided by cross-domain access center
ID generates interface, by domain ID generation, while is retained in the storage of cross-domain access center and subdomain, is easy to providing data visit
Ask, in data synchronization process, represent the source of user data, the description information of single-sign-on subsystem in domain;
Step 3, the user data of single-sign-on subsystem in domain is subjected to data by single-node login system keeper in domain
It is synchronous, in the mapping data synchronization process of user, the map information of domain id information and user is packaged, is synchronized in the lump
Cross-domain access center, thus identify cross-domain access center each user map data data source, then by across
The data-interface of domain user data mapping synchronization module is received, processes user data mapping relations;
Step 4, in yu nei single-sign-on control centre module, the certification mode in domain is arranged to cross-domain by certification in domain
Single-sign-on;
Cross-domain authentication service flow
Participate in being followed in authentication service for cross-domain authentication service and arrive first the certification that user is carried out in cross-domain authentication service, read
The related cross-domain information of user;If cross-domain services mid-span domain information, which does not make the association in other domains or the reasons such as network is obstructed, not to be had
Cross-domain information, the authentication service in domain read the user authentication carried out in domain and purview certification.Reference picture 3, service procedure
Method and step it is as follows:
(1) user SSO in domain is logged in, and inputs username and password, and SSO will call cross-domain access center first in domain
Authentication service, and all domain browsing lists authorized of the user are returned;
(2) user selects to need the subdomain accessed, and cross-domain access center module leads user to go subdomain to be verified, group
Domain checking user is cross-domain log in successfully after, issue the credential information of subdomain, and return to the list of application of user's subdomain;
(3) user is selected to need the list of application accessed, and subdomain SSO proxy user, which accesses, to be applied, single-sign-on system in domain
After the validity of system checking subdomain voucher, application message is returned to.
The flow that cross-domain certification accesses is as follows:
1. user proposes access domain application to domain SSO;
2. SSO applications log in domain, user name, password are submitted;
3. in the information that cross-domain access center checking user submits;
4. after being proved to be successful, the list for the subdomain that user can access is returned;
5. user selects to need the subdomain accessed, jump to subdomain and carry out verifying cross-domain log in;
6. after being proved to be successful, the method for subdomain authority management module is called to obtain user right information;
7. authority information is packaged, user's subdomain access credentials are issued;
8. return to the addressable list of application of user's subdomain;
Accessed 9. user selects application to initiate application;
10. subdomain verifies the validity of user's voucher;
11. after being proved to be successful, return to user's application message.
Present invention employs the establishment of cross-domain access center, has been arrived being lifted in certification in the domain of multilevel field between multilevel field
The cross-domain certification of unification, by the integration of unified certification source, the entrance of multilevel field is integrated together, becomes highly efficient,
Save the time that user accesses multilevel field, authentication efficiency, overcome it is original need to access by multiple subdomains each possess
The technical problem of application.
Claims (2)
1. a kind of cross-domain single login system based on SAML, it is characterised in that including single-point in cross-domain access center module, domain
Log in subsystem module, user management subsystem module in domain and yu nei single-sign-on control centre module;
Cross-domain access center module, for synchronizing user data, the management of domain ID generation, multilevel field access registrar interface, including
Cross-domain user data map synchronization module, multilevel field domain ID generation module, multilevel field access registrar interface module;
Cross-domain user data map synchronization module is the sync cap that cross-domain access center issues user data, for domain ID to be believed
Cease and be packaged with the map information of user, be synchronized to cross-domain access center in the lump;
Multilevel field domain ID generation module is the unique mark for generating multilevel field, includes multilevel field ID generation;For to every
Individual to take part in cross-domain multilevel field and all distribute domain ID, after the completion of multilevel field deployment, keeper uses the domain ID generation of multilevel field;
Single-sign-on subsystem module, for being authenticated when user carries out multilevel field login to user, and return to use
Several multilevel fields that family can access;
When user management subsystem module in domain accesses application for user in domain, the distribution of application access rights in domain is carried out, and
The HTTP access requests of user are intercepted, request content is compared with the authority information in user's bill, realization pair
In the control of access privilege;
Yu nei single-sign-on control centre module is the module for configuring single-sign-on in domain, and it includes noting multilevel field ID
Volume, the configuration of single-sign-on subsystem module certification source;
Multilevel field access registrar interface module is used to provide multilevel field unique unified certification source, including comparing, data solution
Analysis, for the user of multilevel field to be synchronized in unified certification source by way of user data mapping.
2. a kind of cross-domain single login method based on SAML, it is characterised in that system is logged in using the cross-domain single based on SAML
System, including single-point is stepped in cross-domain access center module, single-sign-on subsystem module, user management subsystem module in domain and domain
Control centre's module is recorded, wherein cross-domain access center module includes cross-domain user data map synchronization module, multilevel field domain ID gives birth to
Into module, multilevel field access registrar interface module;
Cross-domain single login method comprises the following steps:
Step 1, cross-domain certification registration, detailed step is as follows,
1.1. single-node login system in domain is disposed:Distinguish typing user data, i.e. user name using user management subsystem module in domain
And password, the user data of typing are needed using the identification card number of user as unique identification information, so it is easy to by user data
When being synchronized to cross-domain access center, there is provided can foundation user's mapping relations;
1.2. it is single-node login system application domain ID in the domain of distribution, multilevel field domain is utilized by single-node login system keeper in domain
ID generation modules application domain single-node login system SSOID, multilevel field domain ID generation module are provided by cross-domain access center
Domain ID generation interface, by domain ID generation, while it is retained in the storage of cross-domain access center and subdomain, is easy to providing data visit
Ask, in data synchronization process, represent the source of user data, the description information of single-sign-on subsystem module;
1.3. it is same the user data of single-sign-on subsystem module to be subjected to data by single-node login system keeper in domain
Step, in the mapping data synchronization process of user, the map information of domain id information and user is packaged, be synchronized in the lump across
Domain browsing center, each user thus identified in cross-domain access center maps the data source of data, then by cross-domain
The data-interface of user data mapping synchronization module is received, processes user data mapping relations;
1.4. in yu nei single-sign-on control centre module, the certification mode in domain is arranged to cross-domain single by certification in domain and stepped on
Record;
Step 2, cross-domain authentication service is carried out, realizes that user's cross-domain single logs in, comprises the following steps that:
2.1. user SSO in domain is logged in, and inputs username and password, and SSO will call recognizing for cross-domain access center first in domain
Card service, the information submitted to user is verified, after being proved to be successful, all domain browsing lists authorized of the user are returned
Return;
2.2. user selects to need the subdomain accessed, and cross-domain access center module leads user to go subdomain to be verified, works as subdomain
Checking user is cross-domain log in successfully after, call subdomain authority management module method obtain user right information, by authority
Information is packaged, and issues the credential information of user's subdomain, and returns to the list of application of user's subdomain;
2.3. user selects to need the list of application accessed, and subdomain SSO proxy user accesses application, passes through single-sign-on system in domain
After the validity of system checking subdomain voucher, application message is returned to.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410570561.5A CN104301418B (en) | 2014-10-23 | 2014-10-23 | A kind of cross-domain single login system and login method based on SAML |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410570561.5A CN104301418B (en) | 2014-10-23 | 2014-10-23 | A kind of cross-domain single login system and login method based on SAML |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104301418A CN104301418A (en) | 2015-01-21 |
| CN104301418B true CN104301418B (en) | 2017-12-12 |
Family
ID=52320981
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410570561.5A Active CN104301418B (en) | 2014-10-23 | 2014-10-23 | A kind of cross-domain single login system and login method based on SAML |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104301418B (en) |
Families Citing this family (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106161361B (en) * | 2015-04-03 | 2018-10-02 | 北京神州泰岳软件股份有限公司 | A kind of access method and device of cross-domain resource |
| CN105072128B (en) * | 2015-08-27 | 2019-06-14 | 哈尔滨工程大学 | A kind of cross-domain single login method based on SAML |
| CN105610855A (en) * | 2016-01-21 | 2016-05-25 | 北京京东尚科信息技术有限公司 | Method and device for login verification of cross-domain system |
| US10171467B2 (en) | 2016-07-21 | 2019-01-01 | International Business Machines Corporation | Detection of authorization across systems |
| CN108243164B8 (en) * | 2016-12-26 | 2021-10-15 | 航天网安技术(深圳)有限公司 | Cross-domain access control method and system for E-government cloud computing |
| CN106921678A (en) * | 2017-04-27 | 2017-07-04 | 中国舰船研究设计中心 | A kind of unified safety authentication platform of the carrier-borne information system of integrated isomery |
| CN107395609B (en) * | 2017-08-07 | 2020-08-28 | 蔷薇大树科技有限公司 | Data encryption method |
| CN108173680A (en) * | 2017-12-22 | 2018-06-15 | 成都优易数据有限公司 | A kind of multiple domain name account management method and system based on browser label |
| CN109274681B (en) * | 2018-10-25 | 2021-11-16 | 深圳壹账通智能科技有限公司 | Information synchronization method and device, storage medium and server |
| CN109150921B (en) * | 2018-11-05 | 2021-06-29 | 郑州云海信息技术有限公司 | Login method, device, equipment and storage medium of multi-node cluster |
| CN109327309A (en) * | 2018-11-08 | 2019-02-12 | 北京中电华大电子设计有限责任公司 | A kind of domain traversal key management method based on IBC Yu PKI mixed system |
| CN111274569A (en) * | 2019-12-24 | 2020-06-12 | 中国科学院电子学研究所苏州研究院 | Research, development, operation and maintenance integrated system for unified login authentication and login authentication method thereof |
| CN111464535A (en) * | 2020-03-31 | 2020-07-28 | 中国电子科技集团公司第三十研究所 | Cross-domain trust transfer method based on block chain |
| CN111651747B (en) * | 2020-05-11 | 2024-05-24 | 腾讯科技(深圳)有限公司 | Login bill synchronization system and method and related equipment |
| CN111984965A (en) * | 2020-08-31 | 2020-11-24 | 成都安恒信息技术有限公司 | Multi-source user management authentication system and method based on operation and maintenance audit system |
| CN112565189A (en) * | 2020-11-04 | 2021-03-26 | 国网安徽省电力有限公司信息通信分公司 | Access control system based on cloud computing data security |
| CN114422187A (en) * | 2021-12-21 | 2022-04-29 | 航天信息股份有限公司 | Method and system for supporting WEB mutual authentication |
| CN114944948B (en) * | 2022-05-16 | 2024-01-09 | 郑州小鸟信息科技有限公司 | Cross-domain user permission following-based method and system |
| CN115118454B (en) * | 2022-05-25 | 2023-06-30 | 四川中电启明星信息技术有限公司 | Cascade authentication system and authentication method based on mobile application |
| CN115085998A (en) * | 2022-06-09 | 2022-09-20 | 陈敏琴 | Safety access control system based on big data |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101355527A (en) * | 2008-08-15 | 2009-01-28 | 深圳市中兴移动通信有限公司 | Method for implementing single-point LOG striding domain name |
| CN102655494A (en) * | 2011-03-01 | 2012-09-05 | 广州从兴电子开发有限公司 | SAML (Security Assertion Markup Language)-based authentication platform designed in single log-in mode |
| CN102882835A (en) * | 2011-07-13 | 2013-01-16 | 中国科学院声学研究所 | Method and system for implementing single sign on |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8296828B2 (en) * | 2008-12-16 | 2012-10-23 | Microsoft Corporation | Transforming claim based identities to credential based identities |
| CN102546570B (en) * | 2010-12-31 | 2014-12-24 | 国际商业机器公司 | Processing method and system for single sign-on |
-
2014
- 2014-10-23 CN CN201410570561.5A patent/CN104301418B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101355527A (en) * | 2008-08-15 | 2009-01-28 | 深圳市中兴移动通信有限公司 | Method for implementing single-point LOG striding domain name |
| CN102655494A (en) * | 2011-03-01 | 2012-09-05 | 广州从兴电子开发有限公司 | SAML (Security Assertion Markup Language)-based authentication platform designed in single log-in mode |
| CN102882835A (en) * | 2011-07-13 | 2013-01-16 | 中国科学院声学研究所 | Method and system for implementing single sign on |
Non-Patent Citations (2)
| Title |
|---|
| "A Seamless Connection for Authentication Required Web Sites by Shibboleth";Watanabe.etc;《2011 Third International Conference on Intelligent Networking and Collaborative Systems》;20110101;450-452 * |
| "基于SAML的跨域单点登录的设计与实现";焦亚楠等;《计算机技术与发展》;20120516;第22卷(第1期);157-160 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104301418A (en) | 2015-01-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104301418B (en) | A kind of cross-domain single login system and login method based on SAML | |
| US6668322B1 (en) | Access management system and method employing secure credentials | |
| US6944761B2 (en) | Log-on service providing credential level change without loss of session continuity | |
| US8677451B1 (en) | Enabling seamless access to a domain of an enterprise | |
| US6892307B1 (en) | Single sign-on framework with trust-level mapping to authentication requirements | |
| CN102739658B (en) | A kind of offline verification method of single-sign-on | |
| Carretero et al. | Federated identity architecture of the European eID system | |
| US20080072303A1 (en) | Method and system for one time password based authentication and integrated remote access | |
| CN104836803B (en) | Single-point logging method based on session mechanism | |
| WO2003065640A1 (en) | Single sign-on over the internet using public-key cryptography | |
| JP2005519365A (en) | Method and apparatus for handling user identifier in single sign-on service | |
| CN101707594A (en) | Single sign on based grid authentication trust model | |
| CN105577835B (en) | Cross-platform single sign-on system based on cloud computing | |
| Berbecaru et al. | Providing login and Wi-Fi access services with the eIDAS network: A practical approach | |
| CN103986734B (en) | Authentication management method and authentication management system applicable to high-security service system | |
| Pérez-Méndez et al. | Identity federations beyond the web: A survey | |
| CN112334898B (en) | System and method for managing multi-domain access credentials for users capable of accessing multiple domains | |
| CN102420808B (en) | Method for realizing single signon on telecom on-line business hall | |
| CN101567785B (en) | Method, system and entity for authenticating notes in network service | |
| US20060080730A1 (en) | Affiliations within single sign-on systems | |
| CN1783780B (en) | Method and device for realizing domain authorization and network authority authorization | |
| KR20120071193A (en) | Hash tree based id federation system and technique for the user authentication | |
| CN109905365A (en) | It is a kind of can distributed deployment single-sign-on and authorization of service system and method | |
| Rieger et al. | Towards usable and reasonable Identity Management in heterogeneous IT infrastructures | |
| EP2183901A1 (en) | A method and system for managing user identity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |