CN110032842B - Method and system for simultaneously supporting single sign-on and third party sign-on - Google Patents
Method and system for simultaneously supporting single sign-on and third party sign-on Download PDFInfo
- Publication number
- CN110032842B CN110032842B CN201910158189.XA CN201910158189A CN110032842B CN 110032842 B CN110032842 B CN 110032842B CN 201910158189 A CN201910158189 A CN 201910158189A CN 110032842 B CN110032842 B CN 110032842B
- Authority
- CN
- China
- Prior art keywords
- login
- client
- accesstoken
- server
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/41—User authentication where a single sign-on provides access to a plurality of computers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to a method and a system for simultaneously supporting single sign-on and third party sign-on, which comprises a client and a server, wherein the client is an integrated sign-on system, and the server provides an authorization authentication service; the client sends a login request containing login types, wherein the login types comprise single sign-on and third party login; and the server receives the login request, analyzes the login type from the login request, calls an authorization authentication service corresponding to the login type to authenticate the user, and returns a login result. The invention has the advantages that the single sign-on or the third party sign-on can be flexibly configured according to the selection of the user, and the diversified requirements of the user are met.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method and a system for simultaneously supporting single sign-on and third party sign-on.
Background
The description of the background of the invention pertaining to the present invention is intended only for the purpose of illustration and for the purpose of facilitating an understanding of the summary of the invention, and should not be taken as an admission or admission that the applicant is aware of or is aware of the prior art at the date of filing this application as first filed.
Early companies, one company had only one server, and servers began to grow slowly as the business became complex. Each Server needs to register and log in, and needs to log out one by one when logging out. The user experience is very poor. We want another login experience: the service under one enterprise only needs one registration, only needs one registration when logging in, and only needs one exit when logging out. Single Sign On (Single Sign On), abbreviated as SSO, is one of the solutions for enterprise business integration that is popular at present. SSO is defined as the fact that in multiple applications, a user only needs to log in once to access all mutually trusted applications. The third party login means that the user logs in the system by means of account information of a third party company.
With the development of networks, users want to be able to flexibly select whether to use a single sign-on mode or a third-party sign-on mode to log in a system according to their own needs when using the system, however, the existing sign-on mode cannot be flexibly configured according to the requirements of users.
Disclosure of Invention
In view of the above problems, the present invention provides a method and system for supporting single sign-on and third party sign-on simultaneously, which can flexibly configure the single sign-on or the third party sign-on according to the selection of the user.
The invention provides a method for simultaneously supporting single sign-on and third party sign-on, which is characterized by comprising the following steps:
a client sends a login request containing login types, wherein the login types comprise single sign-on and third party login;
and the server receives the login request, analyzes the login type from the login request, calls an authorization authentication service corresponding to the login type to authenticate the user, and returns a login result.
Further, before sending the login request containing the login type, the method further comprises the following steps:
the client configures the login type according to the user selection.
Further, the login request is a Uniform Resource Locator (URL), and the login type is a field in the URL.
Further, the authorization authentication service corresponding to the single sign-on specifically executes the following steps:
the server side generates a code, a refresh key, a token and a cookie according to a user name and a password input by a user, redirects the code, the refresh key, the token and the cookie to the client side and carries the code;
the client intercepts the redirection, and acquires an accessToken according to the code sending request;
the server side carries out parameter verification to generate accessToken, associates the accessToken, the user name, the refreshToken and the token, and returns the accessToken and the refreshToken to the client side;
and the client associates the returned accessToken, refreshToken and session, and sends a request to a resource server to acquire user information according to the accessToken.
Further, the authorization authentication service corresponding to the third party login specifically executes the following steps:
the server side logs in according to a user name and a password input by a user, redirects to the client side and carries the code;
the client intercepts the redirection and sends a request to the server to obtain an accessoken according to the code;
the server side carries out parameter verification to generate accessToken, associates the accessToken with a user name and returns the accessToken to the client side;
and the client associates the returned accessoken with the session, and sends a request to a resource server to acquire user information according to the accessoken.
Further, the client is an integrated login system, and the server provides authorization and authentication service, which may be a server.
The invention also provides a system for simultaneously supporting single sign-on and third party sign-on, which is used for executing the method for simultaneously supporting single sign-on and third party sign-on, and comprises a client and a server, wherein the client is an integrated sign-on system, and the server provides authorization and authentication service;
the client sends a login request containing login types, wherein the login types comprise single sign-on and third party login;
and the server receives the login request, analyzes the login type from the login request, calls an authorization authentication service corresponding to the login type to authenticate the user, and returns a login result.
Further, before sending the login request containing the login type, the method further comprises the following steps:
the client configures the login type according to the user selection.
Further, the login request is a Uniform Resource Locator (URL), and the login type is a field in the URL.
Further, the authorization authentication service corresponding to the single sign-on specifically executes the following steps:
the server side generates a code, a refresh key, a token and a cookie according to a user name and a password input by a user, redirects the code, the refresh key, the token and the cookie to the client side and carries the code;
the client intercepts the redirection, and acquires an accessToken according to the code sending request;
the server side carries out parameter verification to generate accessToken, associates the accessToken, the user name, the refreshToken and the token, and returns the accessToken and the refreshToken to the client side;
and the client associates the returned accessToken, refreshToken and session, and sends a request to a resource server to acquire user information according to the accessToken.
Further, the authorization authentication service corresponding to the third party login specifically executes the following steps:
the server logs in according to a user name and a password input by a user and generates a code and a redirection address, and the redirection address points to the client and carries the code;
the client intercepts the redirection address and sends a request to the server to obtain accessoken according to the code;
the server side carries out parameter verification to generate accessToken, associates the accessToken with a user name and returns the accessToken to the client side;
and the client associates the returned accessoken with the session, and sends a request to a resource server to acquire user information according to the accessoken.
The invention has the advantages that the single sign-on or the third party sign-on can be flexibly configured according to the selection of the user, and the diversified requirements of the user are met.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings used in the description of the embodiments will be briefly described as follows:
fig. 1 is a flowchart illustrating a method for supporting single sign-on and third party sign-on simultaneously according to a first embodiment of the present invention.
Fig. 2 shows a flow diagram of a single sign-on corresponding authorization authentication service.
Fig. 3 shows a flow diagram of an authorized authentication service corresponding to third party login.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In the following description, the terms "first" and "second" are used for descriptive purposes only and are not to be construed as implying relative importance.
The following description provides embodiments of the invention, which may be combined with or substituted for various embodiments, and the invention is thus to be construed as embracing all possible combinations of the same and/or different embodiments described. Thus, if one embodiment includes feature A, B, C and another embodiment includes feature B, D, then the invention should also be construed as including embodiments that include one or more of all other possible combinations of A, B, C, D, even though such embodiments may not be explicitly recited in the following text.
Example one
Fig. 1 is a flowchart illustrating a method for supporting single sign-on and third party sign-on simultaneously according to a first embodiment of the present invention.
As shown in fig. 1, a method for supporting single sign-on and third party sign-on simultaneously according to the present invention includes the following steps:
a client sends a login request containing login types, wherein the login types comprise single sign-on and third party login;
the server receives the login request, analyzes the login type from the login request, and calls an authorization authentication service corresponding to the login type to authenticate the user;
and returning a login result.
Further, before sending the login request containing the login type, the method further comprises the following steps:
the client configures the login type according to the user selection.
Further, the login request is a uniform resource locator URL, and the login type is a field in the URL, such as "https:// 192.168.1.1/oauth/authority? client _ id ═ XXX & response _ type ═ code & login _ type ═ XXX ", where login _ type is the login type.
Fig. 2 shows a flow diagram of a single sign-on corresponding authorization authentication service.
As shown in fig. 2, the authorization and authentication service corresponding to the single sign-on specifically performs the following steps:
the server 202 generates a code, a refresh key, a token and a cookie according to a user name and a password input by a user, redirects the code, the refresh key, the token and the cookie to the client 201, and carries the code;
the client 201 intercepts the redirection, and sends a request to the server 202 to obtain accessoken according to the code;
the server 202 performs parameter verification to generate accessToken, associates the accessToken, the user name, the refreshToken and the token, and returns the accessToken and the refreshToken to the client 201;
the client 201 associates the returned accessToken, refreshToken and session, and sends a request to the resource server to acquire user information according to the accessToken.
Fig. 3 shows a flow diagram of an authorized authentication service corresponding to third party login.
As shown in fig. 3, the authorization and authentication service corresponding to the third party login specifically performs the following steps:
the server 202 logs in according to a user name and a password input by a user, redirects the client 201 and carries the code;
the client 201 intercepts the redirection, and sends a request to the server 202 to obtain accessoken according to the code;
the server 202 checks parameters to generate an accessoken, associates the accessoken with a user name, and returns the accessoken to the client 201;
the client 201 associates the returned accessoken with session, and sends a request to a resource server to acquire user information according to the accessoken.
Further, the client 201 is an integrated login system, and the server 202 provides an authorization and authentication service.
The invention also provides a system for simultaneously supporting single sign-on and third party sign-on, which is used for executing the method for simultaneously supporting single sign-on and third party sign-on, and comprises a client 201 and a server 201, wherein the client 201 is an integrated sign-on system, and the server 201 provides authorization authentication service;
the client 201 sends a login request including login types, wherein the login types include single sign-on and third party login;
the server 201 receives the login request, analyzes the login type from the login request, calls an authorization authentication service corresponding to the login type to authenticate the user, and returns a login result.
Further, before sending the login request containing the login type, the method further comprises the following steps:
the client 201 configures the login type according to the user selection.
Further, the login request is a Uniform Resource Locator (URL), and the login type is a field in the URL.
Further, the authorization authentication service corresponding to the single sign-on specifically executes the following steps:
the server 201 generates a code, a refresh key, a token and a cookie according to a user name and a password input by a user, redirects the code, the refresh key, the token and the cookie to the client 201, and carries the code;
the client 201 intercepts the redirection, and acquires an accessoken according to the code sending request;
the server 201 performs parameter verification to generate accessToken, associates the accessToken, the user name, the refreshToken and the token, and returns the accessToken and the refreshToken to the client 201;
the client 201 associates the returned accessToken, refreshToken and session, and sends a request to the resource server to acquire user information according to the accessToken.
Further, the authorization authentication service corresponding to the third party login specifically executes the following steps:
the server 201 logs in according to a user name and a password input by a user, and generates a code and a redirection address, wherein the redirection address points to the client 201 and carries the code;
the client 201 intercepts the redirection address, and sends a request to the server 201 to obtain accessoken according to the code;
the server 201 checks parameters, generates an accessoken, associates the accessoken with a user name, and returns the accessoken to the client 201;
the client 201 associates the returned accessoken with session, and sends a request to a resource server to acquire user information according to the accessoken.
The invention also provides a computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method for authorising a management control request. The computer-readable storage medium may include, but is not limited to, any type of disk including floppy disks, optical disks, DVD, CD-ROMs, microdrive, and magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs, DRAMs, VRAMs, flash memory devices, magnetic or optical cards, nanosystems (including molecular memory ICs), or any type of media or device suitable for storing instructions and/or data.
The invention also provides a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the method for authorising a management control request are implemented when the processor executes the program. In the embodiment of the present invention, the processor is a control center of a computer system, and may be a processor of a physical machine or a processor of a virtual machine.
The foregoing description is only exemplary of the preferred embodiments of the invention and is not intended to limit the invention in any way as to its nature or form. Although the present invention has been described with reference to the preferred embodiments, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention. However, any simple modification, equivalent replacement, improvement and the like of the above embodiments according to the technical spirit of the present invention should be included in the protection scope of the present invention without departing from the spirit and principle of the present invention.
Claims (4)
1. A method for simultaneously supporting single sign-on and third party sign-on is characterized by comprising the following steps:
a client sends a login request containing login types, wherein the login types comprise single sign-on and third party login;
the server receives the login request, analyzes the login type from the login request, and calls an authorization authentication service corresponding to the login type to authenticate the user;
returning a login result;
before sending the login request containing the login type, the method also comprises the following steps:
the client configures the login type according to the selection of the user;
the login request is a Uniform Resource Locator (URL), and the login type is a field in the URL;
the authorization authentication service corresponding to the single sign-on specifically executes the following steps:
the server side generates a code, a refresh key, a token and a cookie according to a user name and a password input by a user, redirects the code, the refresh key, the token and the cookie to the client side and carries the code;
the client intercepts the redirection, and acquires an accessToken according to the code sending request;
the server side carries out parameter verification to generate accessToken, associates the accessToken, the user name, the refreshToken and the token, and returns the accessToken and the refreshToken to the client side;
and the client associates the returned accessToken, refreshToken and session, and sends a request to a resource server to acquire user information according to the accessToken.
2. The method of claim 1, wherein the authorized authentication service corresponding to the third party login specifically performs the following steps:
the server logs in according to a user name and a password input by a user and generates a code and a redirection address, and the redirection address points to the client and carries the code;
the client intercepts the redirection and sends a request to the server to obtain an accessoken according to the code;
the server side carries out parameter verification to generate accessToken, associates the accessToken with a user name and returns the accessToken to the client side;
and the client associates the returned accessoken with the session, and sends a request to a resource server to acquire user information according to the accessoken.
3. A system for simultaneously supporting single sign-on and third party sign-on is characterized by comprising a client and a server, wherein the client is an integrated sign-on system, and the server provides an authorization authentication service;
the client sends a login request containing login types, wherein the login types comprise single sign-on and third party login;
the server receives the login request, analyzes the login type from the login request, calls an authorization authentication service corresponding to the login type to authenticate the user, and returns a login result;
before sending the login request containing the login type, the method also comprises the following steps:
the client configures the login type according to the selection of the user;
the login request is a Uniform Resource Locator (URL), and the login type is a field in the URL;
the authorization authentication service corresponding to the single sign-on specifically executes the following steps:
the server side generates a code, a refresh key, a token and a cookie according to a user name and a password input by a user, redirects the code, the refresh key, the token and the cookie to the client side and carries the code;
the client intercepts the redirection, and acquires an accessToken according to the code sending request;
the server side carries out parameter verification to generate accessToken, associates the accessToken, the user name, the refreshToken and the token, and returns the accessToken and the refreshToken to the client side;
and the client associates the returned accessToken, refreshToken and session, and sends a request to a resource server to acquire user information according to the accessToken.
4. The system of claim 3, wherein the authorized authentication service corresponding to the third party login specifically performs the following steps:
the server logs in according to a user name and a password input by a user and generates a code and a redirection address, and the redirection address points to the client and carries the code;
the client intercepts the redirection address and sends a request to the server to obtain accessoken according to the code;
the server side carries out parameter verification to generate accessToken, associates the accessToken with a user name and returns the accessToken to the client side;
and the client associates the returned accessoken with the session, and sends a request to a resource server to acquire user information according to the accessoken.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910158189.XA CN110032842B (en) | 2019-03-03 | 2019-03-03 | Method and system for simultaneously supporting single sign-on and third party sign-on |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910158189.XA CN110032842B (en) | 2019-03-03 | 2019-03-03 | Method and system for simultaneously supporting single sign-on and third party sign-on |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110032842A CN110032842A (en) | 2019-07-19 |
| CN110032842B true CN110032842B (en) | 2020-11-13 |
Family
ID=67235045
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910158189.XA Active CN110032842B (en) | 2019-03-03 | 2019-03-03 | Method and system for simultaneously supporting single sign-on and third party sign-on |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110032842B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110519240B (en) * | 2019-08-09 | 2021-04-27 | 浙江大搜车软件技术有限公司 | Single sign-on method, device and system |
| CN110611660B (en) * | 2019-08-22 | 2021-08-24 | 浪潮通用软件有限公司 | Enterprise-level multi-domain-name login integration method |
| CN110365716A (en) * | 2019-08-28 | 2019-10-22 | 山东健康医疗大数据有限公司 | A kind of implementation method of single-sign-on mode |
| CN111163083A (en) * | 2019-12-27 | 2020-05-15 | 杭州数梦工场科技有限公司 | Login session control method and device based on application granularity and computer equipment |
| CN112800121A (en) * | 2021-01-29 | 2021-05-14 | 上海易校信息科技有限公司 | Method for actively and periodically acquiring external data by system |
| CN113518091B (en) * | 2021-07-19 | 2023-04-28 | 中移(杭州)信息技术有限公司 | Multi-user authentication method, device, system and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103905395A (en) * | 2012-12-27 | 2014-07-02 | ***通信集团陕西有限公司 | WEB access control method and system based on redirection |
| CN105450582A (en) * | 2014-06-24 | 2016-03-30 | 华为技术有限公司 | Business processing method, terminal, server and system |
| CN108809985A (en) * | 2018-06-13 | 2018-11-13 | 东营汉威石油技术开发有限公司 | A kind of mobile platform system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102638454B (en) * | 2012-03-14 | 2014-05-21 | 武汉理工大学 | Plug-in type SSO (single signon) integration method oriented to HTTP (hypertext transfer protocol) identity authentication protocol |
| US9065818B2 (en) * | 2013-05-02 | 2015-06-23 | Dropbox, Inc. | Toggle between accounts |
| CN106506520B (en) * | 2016-11-24 | 2019-09-20 | 迈普通信技术股份有限公司 | A kind of authentication method and device based on single-sign-on |
| CN107846414A (en) * | 2017-12-04 | 2018-03-27 | 山东浪潮通软信息科技有限公司 | A kind of single-point logging method and system, Centralized Authentication System |
-
2019
- 2019-03-03 CN CN201910158189.XA patent/CN110032842B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103905395A (en) * | 2012-12-27 | 2014-07-02 | ***通信集团陕西有限公司 | WEB access control method and system based on redirection |
| CN105450582A (en) * | 2014-06-24 | 2016-03-30 | 华为技术有限公司 | Business processing method, terminal, server and system |
| CN108809985A (en) * | 2018-06-13 | 2018-11-13 | 东营汉威石油技术开发有限公司 | A kind of mobile platform system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110032842A (en) | 2019-07-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110032842B (en) | Method and system for simultaneously supporting single sign-on and third party sign-on | |
| US10333927B2 (en) | Simulated SSO functionality by means of multiple authentication procedures and out-of-band communications | |
| US20190199707A1 (en) | Using a service-provider password to simulate f-sso functionality | |
| JP6625636B2 (en) | Identity infrastructure as a service | |
| CN112154639B (en) | Multi-factor authentication without user footprint | |
| JP5052523B2 (en) | Authenticating principals in a federation | |
| US9560080B2 (en) | Extending organizational boundaries throughout a cloud architecture | |
| US7860882B2 (en) | Method and system for distributed retrieval of data objects using tagged artifacts within federated protocol operations | |
| US8844013B2 (en) | Providing third party authentication in an on-demand service environment | |
| US7860883B2 (en) | Method and system for distributed retrieval of data objects within multi-protocol profiles in federated environments | |
| CN112995219B (en) | Single sign-on method, device, equipment and storage medium | |
| CN115021991A (en) | Single sign-on for unmanaged mobile devices | |
| US10992656B2 (en) | Distributed profile and key management | |
| US10454921B1 (en) | Protection of authentication credentials of cloud services | |
| US9059987B1 (en) | Methods and systems of using single sign-on for identification for a web server not integrated with an enterprise network | |
| US10757092B2 (en) | Controlling access to personal data | |
| US9819669B1 (en) | Identity migration between organizations | |
| WO2018022193A1 (en) | Login proxy for third-party applications | |
| CN108076077A (en) | A kind of conversation controlling method and device | |
| US9948648B1 (en) | System and method for enforcing access control to publicly-accessible web applications | |
| US11443023B2 (en) | Distributed profile and key management | |
| US11977620B2 (en) | Attestation of application identity for inter-app communications | |
| Edge et al. | Identity and Device Trust | |
| CN114500031A (en) | System, method, electronic device and medium for obtaining BI report form based on single sign-on |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210901 Address after: 310051 building 3, 351 Changhe Road, Changhe street, Binjiang District, Hangzhou City, Zhejiang Province Patentee after: Hangzhou rischen Anke Technology Co.,Ltd. Address before: 100080 B106, 1st floor, block B, No.8 Xueqing Road, Haidian District, Beijing Patentee before: BEIJING LISICHEN ANKE TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| CP03 | Change of name, title or address |
Address after: Room 817-7, Building 1, No. 371, Mingxing Road, Economic and Technological Development Zone, Xiaoshan District, Hangzhou City, Zhejiang Province, 311215 Patentee after: Hangzhou Zhongdian Anke Modern Technology Co.,Ltd. Address before: 310051 building 3, 351 Changhe Road, Changhe street, Binjiang District, Hangzhou City, Zhejiang Province Patentee before: Hangzhou rischen Anke Technology Co.,Ltd. |
|
| CP03 | Change of name, title or address |