CN104580081A - Integrated SSO (single sign on) system - Google Patents
Integrated SSO (single sign on) system Download PDFInfo
- Publication number
- CN104580081A CN104580081A CN201310482733.9A CN201310482733A CN104580081A CN 104580081 A CN104580081 A CN 104580081A CN 201310482733 A CN201310482733 A CN 201310482733A CN 104580081 A CN104580081 A CN 104580081A
- Authority
- CN
- China
- Prior art keywords
- user
- module
- layer
- application
- integrated form
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention relates to an integrated SSO (single sign on) system. The system comprises a server and a client which are connected with each other, wherein the server comprises a user presentation layer, an application service layer and a data layer, the user presentation layer is in communication connection with the client and used for providing a user access interface based on a browser mode; the application service layer is in communication connection with the user presentation layer and used for providing corresponding business services according to user access requirements; the data layer is in communication connection with the user presentation layer and the application service layer and used for storing relation type databases required by the user access and the business services. Compared with the prior art, the system has the advantages of convenience in operation, low cost, high compatibility and the like.
Description
Technical field
The present invention relates to a kind of technical field of the computer network, especially relate to a kind of integrated form single-node login system.
Background technology
Current informatization fast development, each business sections of enterprises and institutions, each station section, there is oneself operating information system construction in each production division, and each system operation mode, development platform, user right system etc. has very big-difference, but along with further developing of enterprise integration, all departments are horizontal, longitudinally exchange, resource-sharing is more and more frequent, in order to obtain effective information may usually need 10 overlap even more users name password to log in different systems, also to record the entrance of each system, configuration etc. relevant parameter, process is quite loaded down with trivial details, degraded performance, great inconvenience is brought to user, log in while having paid the cost of performance in different system, bring hidden danger also to management and secure context.System manager then will formulate independent security strategy to each application system, and needs to access unwarranted Internet resources for the user in each system authorizes separately to limit them.
For solving the problem; propose single-sign-on (Single Sign On) abroad; be called for short SSO; it is one of popular at present business event turn-key solution; the definition of SSO is in multiple application system; user only needs to log in the application system and locked resource that once just can access all mutual trusts, no longer needs login system again.Such user no longer needs to record many cover user name passwords, does not also need repeatedly log in and access different linking, improves the experience that user uses application system greatly; System manager only needs to safeguard a set of unified account number, convenient and simple, is not easy to occur that administrative vulnerability safety is more secure; The developer again unnecessary development of user module of Application and Development system directly can utilize single-node login system, alleviates workload greatly.
The method that single-sign-on can adopt has a lot; as utilized ripe software frame (CAS; OPENSSO etc.) or oneself build single-sign-on framework (single-sign-on as sohu); these methods all need to modify to single-sign-on goal systems; or in goal systems, put into single-sign-on code, but often can run into the situation amendment of application system being existed to very large difficulty in actual applications.
Summary of the invention
Object of the present invention be exactly provide to overcome defect that above-mentioned prior art exists a kind of easy to operate, cost is low, compatible strong integrated form single-node login system.
Object of the present invention can be achieved through the following technical solutions:
A kind of integrated form single-node login system, comprise the server and client side be connected, described server comprises:
User's presentation layer, is connected with client communication, for providing the user's access interface based on browser mode;
Application service layer, communicates to connect with user's presentation layer, for providing corresponding service service according to user's visiting demand;
Data Layer, communicates to connect with user's presentation layer and application service layer respectively, for preserving the relevant database needed for user's access and business service.
Described user's presentation layer comprises login module, login module receives the username and password of client input, and according to relevant database verified users name and password, if verification is passed through, then visit data layer, send the order of display respective application systematic connection to application service layer, if verification is not passed through, then show miscue.
Described login module verified users name and password and verification are by rear, and generates a certification authority, user passes through this certification authority access application systematic connection.
During described login module visit data layer, whether store the user individual application system corresponding to user name in search relationship type database and link, if so, then show this link, if not, then send configuration order to application service layer.
Described application service layer comprises configuration module, display module and administration module, described configuration module, display module are all connected with login module, configuration module is for receiving configuration order, display module is for receiving the order of display application system link and showing, described administration module is connected with data Layer, safeguards the database in data Layer.
After described configuration module receives configuration order, receive the system relationship instruction of user's input, completing user name associates with application system.
The maintenance of described administration module to database comprises application system name modifications, system home page URL is arranged, system classification is arranged, middle log file URL is arranged and picture collection.
Described server and client adopt B/S pattern.
Compared with prior art, the present invention has the following advantages:
1) simple, easy to use: present system have employed Web interface, object-oriented language and modular programming, make operation more simple and convenient;
2) modularized design is easy to upgrading: the present invention adopts user's presentation layer, application service layer, data Layer Three-tier Architecture Model, and adopts modularized design, and system configuration is clear, the division of labor is clear and definite, is conducive to maintenance and the upgrading in later stage;
3) data sharing is high: the present invention is based on Office Network, adopts B/S pattern, as long as logging in network, just can single-sign-on, and access system;
4) whole system does not adopt the third party control of exploitation in addition: this feature makes whole system in deployment, migration.In addition to client machine also without particular/special requirement;
5) compatible strong: to design based on original server apparatus, not modifying target system or do not put in target application system and log in code and realize logging in, has saved management and has implemented resource.
Embodiment
Below in conjunction with specific embodiment, the present invention is described in detail.The present embodiment is implemented premised on technical solution of the present invention, give detailed execution mode and concrete operating process, but protection scope of the present invention is not limited to following embodiment.
A kind of integrated form single-node login system, comprise the server and client side be connected, server and client adopt B/S pattern, and described server comprises:
User's presentation layer, is connected with client communication, for providing the user's access interface based on browser mode;
Application service layer, communicates to connect with user's presentation layer, for providing corresponding service service according to user's visiting demand;
Data Layer, communicates to connect with user's presentation layer and application service layer respectively, for preserving the relevant database needed for user's access and business service.
User's presentation layer comprises login module, login module receives the username and password of client input, and according to relevant database verified users name and password, if verification is passed through, then visit data layer, send the order of display respective application systematic connection to application service layer, if verification is not passed through, then show miscue.Login module verified users name and password and verification are by rear, and generates a certification authority, user passes through this certification authority access application systematic connection.During login module visit data layer, whether store the user individual application system corresponding to user name in search relationship type database and link, if so, then show this link, if not, then send configuration order to application service layer.
Application service layer comprises configuration module, display module and administration module, described configuration module, display module are all connected with login module, configuration module is for receiving configuration order, display module is for receiving the order of display application system link and showing, described administration module is connected with data Layer, safeguards the database in data Layer.After described configuration module receives configuration order, receive the system relationship instruction of user's input, completing user name associates with application system.Described administration module is open for system manager's authority, comprises application system name modifications, system home page URL setting, the setting of system classification, middle log file URL setting and picture collection to the maintenance of database.
When user first time access application system 1 time, because also do not log in, can be directed in Verification System and log in; According to the log-on message that user provides, Verification System carries out identity effect, if by effect, should return to the authority of user's certification---ticket; Time user visits again other application, this ticket will be brought, as the authority of oneself certification, application system can be delivered to Verification System ticket after receiving request and carry out effect, checks the legitimacy of ticket.If by effect, user just can when need not again log in access application system 2 and application system 3.
Not modifying target system or do not put in target application system and log in code and realize logging in, the URL existing application system being set up to simulation logging request logs in, and solves single-point (integrated) login problem of most of B/S application system; To application system newly developed, take encryption office system information and timestamp, be passed to that goal systems is decrypted, proving time stamp, thus reach the object of single-sign-on.Single-node login system of the present invention can solve the problem that user only needs to log in the application system once just can accessing all mutual trusts.All application systems share an identity authorization system, application system can identify logged user, whether active user is logged for energy automatic decision, thus completes the function of single-sign-on, without the need to recording the user name password of various application system difficulty note, input difficulty.Significantly will improve the convenient degree that user browses between different system.
Claims (9)
1. an integrated form single-node login system, comprises the server and client side be connected, it is characterized in that, described server comprises:
User's presentation layer, is connected with client communication, for providing the user's access interface based on browser mode;
Application service layer, communicates to connect with user's presentation layer, for providing corresponding service service according to user's visiting demand;
Data Layer, communicates to connect with user's presentation layer and application service layer respectively, for preserving the relevant database needed for user's access and business service.
2. a kind of integrated form single-node login system according to claim 1, is characterized in that, described relevant database comprises user role and permissions data, user individual application system link data and configuration data.
3. a kind of integrated form single-node login system according to claim 2, it is characterized in that, described user's presentation layer comprises login module, login module receives the username and password of client input, and according to relevant database verified users name and password, if verification is passed through, then visit data layer, send the order of display respective application systematic connection to application service layer, if verification is not passed through, then show miscue.
4. a kind of integrated form single-node login system according to claim 3, is characterized in that, described login module verified users name and password and verification are by rear, and generates a certification authority, user passes through this certification authority access application systematic connection.
5. a kind of integrated form single-node login system according to claim 3, it is characterized in that, during described login module visit data layer, whether store the user individual application system corresponding to user name in search relationship type database to link, if, then show this link, if not, then send configuration order to application service layer.
6. a kind of integrated form single-node login system according to claim 5, it is characterized in that, described application service layer comprises configuration module, display module and administration module, described configuration module, display module are all connected with login module, configuration module is for receiving configuration order, display module is for receiving the order of display application system link and showing, and described administration module is connected with data Layer, safeguards the database in data Layer.
7. a kind of integrated form single-node login system according to claim 6, is characterized in that, after described configuration module receives configuration order, receive the system relationship instruction of user's input, completing user name associates with application system.
8. a kind of integrated form single-node login system according to claim 6, it is characterized in that, the maintenance of described administration module to database comprises application system name modifications, system home page URL setting, the setting of system classification, middle log file URL setting and picture collection.
9. a kind of integrated form single-node login system according to claim 1, is characterized in that, described server and client adopt B/S pattern.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310482733.9A CN104580081A (en) | 2013-10-15 | 2013-10-15 | Integrated SSO (single sign on) system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310482733.9A CN104580081A (en) | 2013-10-15 | 2013-10-15 | Integrated SSO (single sign on) system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104580081A true CN104580081A (en) | 2015-04-29 |
Family
ID=53095286
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310482733.9A Pending CN104580081A (en) | 2013-10-15 | 2013-10-15 | Integrated SSO (single sign on) system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104580081A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105635153A (en) * | 2015-12-31 | 2016-06-01 | 广州小百合信息技术有限公司 | Access method and system for multi-tenant B/S (Browser/Server) software system |
| CN106790308A (en) * | 2017-03-28 | 2017-05-31 | 北京中电普华信息技术有限公司 | A kind of user authen method, apparatus and system |
| CN106878260A (en) * | 2016-12-14 | 2017-06-20 | 新华三技术有限公司 | Single sign-on realization method and device |
| CN107248971A (en) * | 2016-12-21 | 2017-10-13 | 常熟市盛铭信息技术有限公司 | A kind of design and application method of unified subscriber authentication |
| CN107294916A (en) * | 2016-03-31 | 2017-10-24 | 北京神州泰岳软件股份有限公司 | Single-point logging method, single-sign-on terminal and single-node login system |
| CN108241799A (en) * | 2018-01-31 | 2018-07-03 | 广州市全周至程软件技术有限公司 | cross-system access method, system, device and computer readable storage medium |
| CN111079129A (en) * | 2019-12-11 | 2020-04-28 | 中国电子科技集团公司第三十八研究所 | Smart city integrated management command system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101193027A (en) * | 2006-11-28 | 2008-06-04 | 深圳市永兴元科技有限公司 | A single-point login system and method for integrated isomerous system |
| CN101441734A (en) * | 2007-11-19 | 2009-05-27 | 上海久隆电力科技有限公司 | Unite identification authentication system |
| CN102497356A (en) * | 2011-11-22 | 2012-06-13 | 北京信城通数码科技有限公司 | Public service platform integrated system of internet medicine trading market |
-
2013
- 2013-10-15 CN CN201310482733.9A patent/CN104580081A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101193027A (en) * | 2006-11-28 | 2008-06-04 | 深圳市永兴元科技有限公司 | A single-point login system and method for integrated isomerous system |
| CN101441734A (en) * | 2007-11-19 | 2009-05-27 | 上海久隆电力科技有限公司 | Unite identification authentication system |
| CN102497356A (en) * | 2011-11-22 | 2012-06-13 | 北京信城通数码科技有限公司 | Public service platform integrated system of internet medicine trading market |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105635153A (en) * | 2015-12-31 | 2016-06-01 | 广州小百合信息技术有限公司 | Access method and system for multi-tenant B/S (Browser/Server) software system |
| CN105635153B (en) * | 2015-12-31 | 2019-02-15 | 广州小百合信息技术有限公司 | The access method and system of multi-tenant B/S software systems |
| CN107294916A (en) * | 2016-03-31 | 2017-10-24 | 北京神州泰岳软件股份有限公司 | Single-point logging method, single-sign-on terminal and single-node login system |
| CN107294916B (en) * | 2016-03-31 | 2019-10-08 | 北京神州泰岳软件股份有限公司 | Single-point logging method, single-sign-on terminal and single-node login system |
| CN106878260A (en) * | 2016-12-14 | 2017-06-20 | 新华三技术有限公司 | Single sign-on realization method and device |
| CN106878260B (en) * | 2016-12-14 | 2020-04-03 | 新华三技术有限公司 | Single sign-on realization method and device |
| CN107248971A (en) * | 2016-12-21 | 2017-10-13 | 常熟市盛铭信息技术有限公司 | A kind of design and application method of unified subscriber authentication |
| CN106790308A (en) * | 2017-03-28 | 2017-05-31 | 北京中电普华信息技术有限公司 | A kind of user authen method, apparatus and system |
| CN108241799A (en) * | 2018-01-31 | 2018-07-03 | 广州市全周至程软件技术有限公司 | cross-system access method, system, device and computer readable storage medium |
| CN108241799B (en) * | 2018-01-31 | 2019-02-15 | 广州市全周至程软件技术有限公司 | Cross-system access method, system, device and computer readable storage medium |
| CN111079129A (en) * | 2019-12-11 | 2020-04-28 | 中国电子科技集团公司第三十八研究所 | Smart city integrated management command system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11281457B2 (en) | Deployment of infrastructure in pipelines | |
| US10484385B2 (en) | Accessing an application through application clients and web browsers | |
| CN106411857B (en) | A kind of private clound GIS service access control method based on virtual isolation mech isolation test | |
| JP2022061978A (en) | System and method for providing interface for block chain cloud service | |
| CN104580081A (en) | Integrated SSO (single sign on) system | |
| CN104871172B (en) | Equipment for connection allocates framework | |
| US9047462B2 (en) | Computer account management system and realizing method thereof | |
| CN108243183A (en) | Integrated control method, system and the computer equipment of gate system | |
| CN103475666B (en) | A kind of digital signature authentication method of Internet of Things resource | |
| CN108600203A (en) | Secure Single Sign-on method based on Cookie and its unified certification service system | |
| CN103475726B (en) | A kind of virtual desktop management, server and client side | |
| US20130254882A1 (en) | Multi-domain identity interoperability and compliance verification | |
| CN113114498B (en) | Architecture system of trusted block chain service platform and construction method thereof | |
| CN104718526A (en) | Secure mobile framework | |
| CN103259663A (en) | User unified authentication method in cloud computing environment | |
| CN106161462A (en) | A kind of network security certification method | |
| CN103227799A (en) | Implementing method of unified user management and single sign-on platform based on multiple application systems | |
| CN108959902A (en) | A kind of mutli-system integration platform and method, computer readable storage medium | |
| CN100488199C (en) | Media issuing system and method | |
| CN105354482A (en) | Single sign-on method and device | |
| RU2415466C1 (en) | Method of controlling identification of users of information resources of heterogeneous computer network | |
| CN105100068A (en) | System and method for realizing single sign-on | |
| CN110189440A (en) | A kind of smart lock monitoring equipment and its method based on block chain | |
| CN106921616A (en) | A kind of single-point logging method and device | |
| CN111861383A (en) | On-line home office safety platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150429 |
|
| RJ01 | Rejection of invention patent application after publication |