Method and system for simultaneously supporting single sign-on and third party sign-on
Technical Field
The invention relates to the technical field of computers, in particular to a method and a system for simultaneously supporting single sign-on and third party sign-on.
Background
The description of the background of the invention pertaining to the present invention is intended only for the purpose of illustration and for the purpose of facilitating an understanding of the summary of the invention, and should not be taken as an admission or admission that the applicant is aware of or is aware of the prior art at the date of filing this application as first filed.
Early companies, one company had only one server, and servers began to grow slowly as the business became complex. Each Server needs to register and log in, and needs to log out one by one when logging out. The user experience is very poor. We want another login experience: the service under one enterprise only needs one registration, only needs one registration when logging in, and only needs one exit when logging out. Single Sign On (Single Sign On), abbreviated as SSO, is one of the solutions for enterprise business integration that is popular at present. SSO is defined as the fact that in multiple applications, a user only needs to log in once to access all mutually trusted applications. The third party login means that the user logs in the system by means of account information of a third party company.
With the development of networks, users want to be able to flexibly select whether to use a single sign-on mode or a third-party sign-on mode to log in a system according to their own needs when using the system, however, the existing sign-on mode cannot be flexibly configured according to the requirements of users.
Disclosure of Invention
In view of the above problems, the present invention provides a method and system for supporting single sign-on and third party sign-on simultaneously, which can flexibly configure the single sign-on or the third party sign-on according to the selection of the user.
The invention provides a method for simultaneously supporting single sign-on and third party sign-on, which is characterized by comprising the following steps:
a client sends a login request containing login types, wherein the login types comprise single sign-on and third party login;
and the server receives the login request, analyzes the login type from the login request, calls an authorization authentication service corresponding to the login type to authenticate the user, and returns a login result.
Further, before sending the login request containing the login type, the method further comprises the following steps:
the client configures the login type according to the user selection.
Further, the login request is a Uniform Resource Locator (URL), and the login type is a field in the URL.
Further, the authorization authentication service corresponding to the single sign-on specifically executes the following steps:
the server side generates a code, a refresh key, a token and a cookie according to a user name and a password input by a user, redirects the code, the refresh key, the token and the cookie to the client side and carries the code;
the client intercepts the redirection, and acquires an accessToken according to the code sending request;
the server side carries out parameter verification to generate accessToken, associates the accessToken, the user name, the refreshToken and the token, and returns the accessToken and the refreshToken to the client side;
and the client associates the returned accessToken, refreshToken and session, and sends a request to a resource server to acquire user information according to the accessToken.
Further, the authorization authentication service corresponding to the third party login specifically executes the following steps:
the server side logs in according to a user name and a password input by a user, redirects to the client side and carries the code;
the client intercepts the redirection and sends a request to the server to obtain an accessoken according to the code;
the server side carries out parameter verification to generate accessToken, associates the accessToken with a user name and returns the accessToken to the client side;
and the client associates the returned accessoken with the session, and sends a request to a resource server to acquire user information according to the accessoken.
Further, the client is an integrated login system, and the server provides authorization and authentication service, which may be a server.
The invention also provides a system for simultaneously supporting single sign-on and third party sign-on, which is used for executing the method for simultaneously supporting single sign-on and third party sign-on, and comprises a client and a server, wherein the client is an integrated sign-on system, and the server provides authorization and authentication service;
the client sends a login request containing login types, wherein the login types comprise single sign-on and third party login;
and the server receives the login request, analyzes the login type from the login request, calls an authorization authentication service corresponding to the login type to authenticate the user, and returns a login result.
Further, before sending the login request containing the login type, the method further comprises the following steps:
the client configures the login type according to the user selection.
Further, the login request is a Uniform Resource Locator (URL), and the login type is a field in the URL.
Further, the authorization authentication service corresponding to the single sign-on specifically executes the following steps:
the server side generates a code, a refresh key, a token and a cookie according to a user name and a password input by a user, redirects the code, the refresh key, the token and the cookie to the client side and carries the code;
the client intercepts the redirection, and acquires an accessToken according to the code sending request;
the server side carries out parameter verification to generate accessToken, associates the accessToken, the user name, the refreshToken and the token, and returns the accessToken and the refreshToken to the client side;
and the client associates the returned accessToken, refreshToken and session, and sends a request to a resource server to acquire user information according to the accessToken.
Further, the authorization authentication service corresponding to the third party login specifically executes the following steps:
the server logs in according to a user name and a password input by a user and generates a code and a redirection address, and the redirection address points to the client and carries the code;
the client intercepts the redirection address and sends a request to the server to obtain accessoken according to the code;
the server side carries out parameter verification to generate accessToken, associates the accessToken with a user name and returns the accessToken to the client side;
and the client associates the returned accessoken with the session, and sends a request to a resource server to acquire user information according to the accessoken.
The invention has the advantages that the single sign-on or the third party sign-on can be flexibly configured according to the selection of the user, and the diversified requirements of the user are met.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings used in the description of the embodiments will be briefly described as follows:
fig. 1 is a flowchart illustrating a method for supporting single sign-on and third party sign-on simultaneously according to a first embodiment of the present invention.
Fig. 2 shows a flow diagram of a single sign-on corresponding authorization authentication service.
Fig. 3 shows a flow diagram of an authorized authentication service corresponding to third party login.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In the following description, the terms "first" and "second" are used for descriptive purposes only and are not to be construed as implying relative importance.
The following description provides embodiments of the invention, which may be combined with or substituted for various embodiments, and the invention is thus to be construed as embracing all possible combinations of the same and/or different embodiments described. Thus, if one embodiment includes feature A, B, C and another embodiment includes feature B, D, then the invention should also be construed as including embodiments that include one or more of all other possible combinations of A, B, C, D, even though such embodiments may not be explicitly recited in the following text.
Example one
Fig. 1 is a flowchart illustrating a method for supporting single sign-on and third party sign-on simultaneously according to a first embodiment of the present invention.
As shown in fig. 1, a method for supporting single sign-on and third party sign-on simultaneously according to the present invention includes the following steps:
a client sends a login request containing login types, wherein the login types comprise single sign-on and third party login;
the server receives the login request, analyzes the login type from the login request, and calls an authorization authentication service corresponding to the login type to authenticate the user;
and returning a login result.
Further, before sending the login request containing the login type, the method further comprises the following steps:
the client configures the login type according to the user selection.
Further, the login request is a uniform resource locator URL, and the login type is a field in the URL, such as "https:// 192.168.1.1/oauth/authority? client _ id ═ XXX & response _ type ═ code & login _ type ═ XXX ", where login _ type is the login type.
Fig. 2 shows a flow diagram of a single sign-on corresponding authorization authentication service.
As shown in fig. 2, the authorization and authentication service corresponding to the single sign-on specifically performs the following steps:
the server 202 generates a code, a refresh key, a token and a cookie according to a user name and a password input by a user, redirects the code, the refresh key, the token and the cookie to the client 201, and carries the code;
the client 201 intercepts the redirection, and sends a request to the server 202 to obtain accessoken according to the code;
the server 202 performs parameter verification to generate accessToken, associates the accessToken, the user name, the refreshToken and the token, and returns the accessToken and the refreshToken to the client 201;
the client 201 associates the returned accessToken, refreshToken and session, and sends a request to the resource server to acquire user information according to the accessToken.
Fig. 3 shows a flow diagram of an authorized authentication service corresponding to third party login.
As shown in fig. 3, the authorization and authentication service corresponding to the third party login specifically performs the following steps:
the server 202 logs in according to a user name and a password input by a user, redirects the client 201 and carries the code;
the client 201 intercepts the redirection, and sends a request to the server 202 to obtain accessoken according to the code;
the server 202 checks parameters to generate an accessoken, associates the accessoken with a user name, and returns the accessoken to the client 201;
the client 201 associates the returned accessoken with session, and sends a request to a resource server to acquire user information according to the accessoken.
Further, the client 201 is an integrated login system, and the server 202 provides an authorization and authentication service.
The invention also provides a system for simultaneously supporting single sign-on and third party sign-on, which is used for executing the method for simultaneously supporting single sign-on and third party sign-on, and comprises a client 201 and a server 201, wherein the client 201 is an integrated sign-on system, and the server 201 provides authorization authentication service;
the client 201 sends a login request including login types, wherein the login types include single sign-on and third party login;
the server 201 receives the login request, analyzes the login type from the login request, calls an authorization authentication service corresponding to the login type to authenticate the user, and returns a login result.
Further, before sending the login request containing the login type, the method further comprises the following steps:
the client 201 configures the login type according to the user selection.
Further, the login request is a Uniform Resource Locator (URL), and the login type is a field in the URL.
Further, the authorization authentication service corresponding to the single sign-on specifically executes the following steps:
the server 201 generates a code, a refresh key, a token and a cookie according to a user name and a password input by a user, redirects the code, the refresh key, the token and the cookie to the client 201, and carries the code;
the client 201 intercepts the redirection, and acquires an accessoken according to the code sending request;
the server 201 performs parameter verification to generate accessToken, associates the accessToken, the user name, the refreshToken and the token, and returns the accessToken and the refreshToken to the client 201;
the client 201 associates the returned accessToken, refreshToken and session, and sends a request to the resource server to acquire user information according to the accessToken.
Further, the authorization authentication service corresponding to the third party login specifically executes the following steps:
the server 201 logs in according to a user name and a password input by a user, and generates a code and a redirection address, wherein the redirection address points to the client 201 and carries the code;
the client 201 intercepts the redirection address, and sends a request to the server 201 to obtain accessoken according to the code;
the server 201 checks parameters, generates an accessoken, associates the accessoken with a user name, and returns the accessoken to the client 201;
the client 201 associates the returned accessoken with session, and sends a request to a resource server to acquire user information according to the accessoken.
The invention also provides a computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method for authorising a management control request. The computer-readable storage medium may include, but is not limited to, any type of disk including floppy disks, optical disks, DVD, CD-ROMs, microdrive, and magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs, DRAMs, VRAMs, flash memory devices, magnetic or optical cards, nanosystems (including molecular memory ICs), or any type of media or device suitable for storing instructions and/or data.
The invention also provides a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the method for authorising a management control request are implemented when the processor executes the program. In the embodiment of the present invention, the processor is a control center of a computer system, and may be a processor of a physical machine or a processor of a virtual machine.
The foregoing description is only exemplary of the preferred embodiments of the invention and is not intended to limit the invention in any way as to its nature or form. Although the present invention has been described with reference to the preferred embodiments, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention. However, any simple modification, equivalent replacement, improvement and the like of the above embodiments according to the technical spirit of the present invention should be included in the protection scope of the present invention without departing from the spirit and principle of the present invention.