CN113922982B - Login method, electronic equipment and computer readable storage medium - Google Patents

Login method, electronic equipment and computer readable storage medium Download PDF

Info

Publication number
CN113922982B
CN113922982B CN202111012706.6A CN202111012706A CN113922982B CN 113922982 B CN113922982 B CN 113922982B CN 202111012706 A CN202111012706 A CN 202111012706A CN 113922982 B CN113922982 B CN 113922982B
Authority
CN
China
Prior art keywords
login
user
vpn
server
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111012706.6A
Other languages
Chinese (zh)
Other versions
CN113922982A (en
Inventor
林俊洪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wangsu Science and Technology Co Ltd
Original Assignee
Wangsu Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wangsu Science and Technology Co Ltd filed Critical Wangsu Science and Technology Co Ltd
Priority to CN202111012706.6A priority Critical patent/CN113922982B/en
Priority to PCT/CN2021/121317 priority patent/WO2023029138A1/en
Publication of CN113922982A publication Critical patent/CN113922982A/en
Application granted granted Critical
Publication of CN113922982B publication Critical patent/CN113922982B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application discloses a login method, electronic equipment and a computer readable storage medium, which enable a user to simultaneously login a VPN service and a service server by only inputting an account password of the service server once through interaction among a login management server, the service server and a VPN service end, so that the login process is simplified, the error rate is reduced, and the user experience is improved.

Description

Login method, electronic equipment and computer readable storage medium
Technical Field
The present application relates to the field of network security technologies, and in particular, to a login method, an electronic device, and a computer readable storage medium.
Background
With the rapid development of internet technology, each enterprise establishes an enterprise internal network, and various business systems are deployed by using the enterprise internal network so as to improve office efficiency. Common business systems include mail systems, office automation systems (office automation, OA), and the like.
In general, when a user is working in a company, if the user wants to access a certain service system, the user inputs an account number and a password of the service system for verification, and the service access can be performed after the verification is passed. However, sometimes users go on business, need to work at home. In order to facilitate access security of public network users to access various systems in the enterprise internal network, virtual private networks (Virtual Private Network, VPN) have been developed, and most enterprises choose to purchase VPN services of network service providers to realize access of public network users to intranet services in consideration of factors such as operation cost and service expertise.
In the application scenario, in order to identify the validity of the user, the network service provider verifies the identity of the user, and the service system in the intranet also needs to verify the validity of the identity of the user. Therefore, if the enterprise user accesses each service system in the intranet through the public network, the enterprise user can access smoothly only by inputting login information at least twice, the process is complex, errors are easy to occur, and the user experience is poor.
Disclosure of Invention
The application provides the login method, the electronic equipment and the computer readable storage medium, so that a user can login the VPN service and the service server simultaneously only by inputting the account number and the password of the login service server once, the login process is simplified, the error rate is reduced, and the user experience is improved.
In a first aspect, an embodiment of the present application provides a login method, which is applied to a login management server deployed in a public network, where the method includes: after determining that a user is a legal user of a service server, acquiring an identity of the user through the service server, wherein the login management server and the service server are communicated based on a VPN network; determining whether the user is a legal user of VPN service or not based on the identity of the user so as to generate a login response, wherein the login response is used for indicating whether the user successfully logs in the business server and the VPN service through a browser of the terminal equipment or not; and sending the login response to the terminal equipment.
In an implementation, after determining that the user is a legal user of the service server, obtaining, by the service server, the identity of the user includes: receiving a login page request sent by the user through the browser, wherein the login page request is used for requesting to login the service server and the VPN service; sending a redirection response to the terminal equipment, so that the browser sends the login page request to the service server according to the redirection response, and submits login information based on the login page fed back by the service server so as to ensure that the service server confirms whether the user is legal or not; receiving an adaptation page request carrying login success parameters from the browser; and sending a data stream for displaying the adaptation page to the browser, so that the browser displays the adaptation page, and requesting the identity of the user from the service server according to the login success parameter.
In an implementation, the determining whether the user is a legitimate user of VPN service based on the identity of the user to generate a login response includes: verifying the identity of the user based on the locally stored legal user information, and generating the login response based on a verification result; or sending a trust request to a VPN server of a virtual private network deployed in a public network, wherein the trust request carries an identity of the user, and the VPN server is used for providing the VPN service; and receiving a trust response from the VPN server, and generating the login response according to the trust response.
In an implementation, the sending the login response to the terminal device includes: and when the trust response carries a token for the user, sending a login response carrying the token and used for displaying a login success page to the browser, wherein the token is used for indicating that the user is a legal user served by the VPN.
In a second aspect, an embodiment of the present application provides a login method applied to a VPN server deployed in a public network, where the method includes: receiving a trust request from a login management server deployed in a public network, wherein the trust request carries an identity of a user, and the trust request is sent after the login management server determines that the user is a legal user of a service server; carrying out validity verification on the user based on the identity to obtain a validity verification result, wherein the validity verification result is used for indicating whether the user is a legal user of the VPN service; and sending a trust response carrying the validity verification result to the login management server.
In one implementation, the method further comprises: and when the validity verification result indicates that the user is a legal user of the VPN service, generating a token for the user, and carrying the token in the trust response.
In one implementation, after the sending the trust response carrying the validity verification result to the login management server, the method further includes: receiving an authentication request sent by the terminal equipment through a VPN client application, wherein the authentication request carries the token; verifying whether the token is legal or not to obtain a feedback result, wherein the feedback result is used for indicating whether the user successfully logs in the business server and the VPN service through the VPN client application; and sending the feedback result to an application program VPN client application of the terminal equipment.
In one implementation, the verifying whether the token is legal for feedback results includes: verifying whether the token is generated by the VPN server side or not and whether the state of the token is normal or not; if the token is generated by the VPN server and the state is normal, generating a feedback result for indicating that the token is legal; otherwise, generating a feedback result for indicating that the token is illegal.
In an implementation, after the sending the feedback result to the VPN client application, the method further includes: and if the feedback result indicates that the VPN client application successfully logs in the service server and the VPN service, establishing a VPN tunnel with the VPN client application so as to receive a service request sent by the user through the VPN client application through the VPN tunnel.
In a third aspect, an embodiment of the present application provides a login method, applied to a service server deployed in an intranet, where the method includes: receiving a login page request sent by a user through a browser on terminal equipment, wherein the login page request is generated and sent by the browser based on a redirection response sent by a login management server; transmitting a data stream for displaying a login page to the terminal equipment; receiving login information submitted by the terminal equipment based on the login page; carrying out validity verification on the user according to the login information; and if the user is a legal user of the service server, sending a redirection response carrying a login success parameter to the terminal equipment, wherein the redirection response is used for indicating a browser of the terminal equipment to send an adaptation page request carrying the login success parameter to the login management server.
In a fourth aspect, an embodiment of the present application provides a login method, applied to a terminal device, where the method includes: acquiring a data stream for displaying a login page through a browser and displaying the login page, wherein the login page is used for logging in a service server and VPN service; transmitting login information to the service server based on the login page; receiving a redirection response carrying login success parameters from the service server; sending an adaptation page request carrying the login success parameter to the login management server through the browser; receiving a data stream for displaying an adaptation page from the login management server and displaying the adaptation page; and receiving a login response from the login management server, wherein the login response is used for indicating whether a user successfully logs in the business server and the VPN service through a browser.
In a fifth aspect, an embodiment of the present application provides an electronic device, including: a processor, a memory and a computer program stored on the memory and executable on the processor, when executing the computer program, causing the electronic device to implement the method as described above in the first aspect or the various possible implementations of the first aspect; or the processor, when executing the computer program, causes the electronic device to carry out the method as described above in the second aspect or the various possible implementations of the second aspect; or the processor, when executing the computer program, causes the electronic device to carry out the method as described above in the third aspect or in the various possible implementations of the third aspect; or the processor, when executing the computer program, causes the electronic device to carry out the method as described above in the fourth aspect or in the various possible implementations of the fourth aspect.
In a sixth aspect, embodiments of the present application provide a computer readable storage medium having stored therein computer instructions which, when executed by a processor, are adapted to carry out the method according to the first aspect or the various possible implementations of the first aspect; or computer instructions which, when executed by a processor, are adapted to carry out the method as described above for the second aspect or the various possible implementations of the second aspect; or computer instructions for implementing a method as described in the above third aspect or various possible implementations of the third aspect when executed by a processor; or which when executed by a processor is adapted to carry out the method as described above in relation to the fourth aspect or the various possible implementations of the fourth aspect.
In a seventh aspect, embodiments of the present application provide a computer program product comprising a computer program which, when executed by a processor, implements a method as described above in the first aspect or in the various possible implementations of the first aspect; or the computer program when executed by a processor implements the method as described above in the second aspect or various possible implementations of the second aspect; or the computer program, when being executed by a processor, implements the method as described above in the third aspect or in various possible implementations of the third aspect; or the computer program, when being executed by a processor, implements the method as described above in the fourth aspect or in the various possible implementations of the fourth aspect.
According to the login method, the electronic equipment and the computer readable storage medium provided by the embodiment of the application, after the login management server determines that the user is a legal user of the service server, the identity of the user is obtained through the service server, and a trust request carrying the identity is sent to a VPN server deployed in a public network. And the VPN server performs validity verification on the user according to the identity identifier and sends a trust response carrying a validity verification result to the login management server. And the login management server sends a login response to the terminal equipment of the user according to the trust response, wherein the login response is used for indicating whether the user successfully logs in the service server and the VPN service through the browser. By adopting the scheme, through interaction among the login management server, the service server and the VPN server, a user can login the VPN service and the service server at the same time only by inputting an account number and a password for logging in the service server once, so that the login process is simplified, the error rate is reduced, and the user experience is improved. Moreover, the login information is independently managed by the service server, and the service server does not need to synchronize the user login information to the VPN server, so that the safety of the data in the client is ensured.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of an implementation environment of a login method according to an embodiment of the present application;
FIG. 2 is a flow chart of a login method provided by an embodiment of the present application;
fig. 3 is a schematic diagram of an interface change process of a terminal device in a login method according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a token authentication process in a login method according to an embodiment of the present application;
FIG. 5 is a schematic process diagram of a login method according to an embodiment of the present application;
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the embodiments of the present application will be described in further detail with reference to the accompanying drawings.
In the prior art, particularly in an application scenario where an enterprise client purchases a VPN service of a network service provider, in order to ensure data security, a VPN system and a service system each independently manage their own account system, so that before a user logs in the VPN service through a VPN client, the VPN system uses a self-contained functional module for user identity authentication to perform identity authentication on the user. After the authentication is passed, the user can use the VPN service. The VPN client application comprises an Android client application, an IOS client application, a window PC client application and the like.
After a user in the public network logs in the VPN system, when the user accesses a service system in the intranet through VPN service, the service system also needs to perform validity verification on the user identity.
In the process of logging in the service system, the login information is input for the authentication of the VPN system for the first time, and the login information is input for the authentication of the service system for the second time. Taking a business system in a company intranet as an example, a user accesses the company intranet in a public network, and firstly, inputting authentication information such as an account number, a password and the like of VPN service to log in a VPN server in the access process. After the VPN service is successfully logged in, the method enters the homepage of some business systems of the company, and the business systems to be accessed are selected on the homepage for login. For example, accessing the OA system, at this time, the user is required to input the authentication information of the OA system by jumping out of the login page.
Obviously, the login mode is complex in process, easy to make mistakes, poor in user experience and inconvenient for users to manage login information.
Based on this, the embodiment of the application provides a login method, electronic equipment and a computer readable storage medium, which receive and process a user login request through a login management server, so that a user can login VPN service and a service server simultaneously by only inputting login information of the service server once, the login process is simplified, the error rate is reduced, and the user experience is improved.
Fig. 1 is a schematic diagram of an implementation environment of a login method according to an embodiment of the present application. Referring to fig. 1, the implementation environment includes: a login management server 11 deployed in a public network, a virtual private network (Virtual Private Network, VPN) server 12 deployed in the public network, a service server 13 deployed in an intranet (e.g. a customer local area network), and a terminal device 14 of a user. The login management server 11 and the VPN server 12 are connected to each other via a network, and the login management server 11 and the service server 13 communicate with each other via a VPN network. The number of the VPN servers 12 is at least one, and the VPN servers 12 and the service server 13 are connected through a network.
In some embodiments, communication is performed between the login management server 11 and the service server 13, between the login management server 11 and the VPN server 12, and between the VPN server 12 and the service server 13 based on a VPN network, so as to ensure security of data transmission. In some implementations, the VPN Network may be built based on Software defined wide area Network (SD-WAN) technology, with VPN server 12 deployed on a point-of-presence (POP) node server in the SD-WAN Network.
Referring to fig. 1, a login management server 11 is a service application deployed in a public network by a network service provider for receiving and processing a user login request. The VPN service 12 is a service application deployed in the public network by a network service provider for providing VPN services. In a practical application scenario, the number of VPN servers 12 may be substantial. Wherein, the VPN service may include forwarding the intranet request of the user to the requested intranet server through the VPN tunnel.
In an application scenario, the service server 13 is for example a server of a single sign On (SINGLE SIGN-On, SSO) system or the like, i.e. the VPN client has implemented a single sign On function for its service based On the SSO service. When the service server 13 is a server of the SSO system, the user inputs the account number and the password of the SSO system once, so that the user can successfully log in the VPN service and the server of the SSO system at the same time, and further can directly access the service system accessed to the SSO system, such as an office automation (Office Automation, OA) system, a mail system, an attendance system, a performance system, and the like, based on the successful login state of the SSO system.
In another application scenario, the service server 13 may be a server of an OA system, a server of a mail system, or the like. Taking an OA system as an example, a user can log in a VPN service and a server of the OA system at the same time by inputting an account number and a password of the OA system once, and then can access the OA system.
In addition, if one VPN client purchases VPN service for a plurality of service systems in the intranet and an SSO system is not introduced yet, then for each service system, the user inputs the account number and the password of the service system once, so that the VPN service and the service server can be logged in simultaneously. After determining that the user is a legal user of the service system, the login management server 11 obtains the identity of the user from the service server 13 when further verifying whether the user is a legal user of the VPN service, and can verify whether the user is a legal user of the VPN service based on the identity of the user. After verifying that it is legal, the login management server 11 provides the VPN server 12 with information of the service server that the user has logged in, so that the VPN server determines whether to provide VPN service for the user request based on the received service server information.
The terminal device 14 is an electronic device such as a mobile phone, a tablet computer, or a personal computer, which is equipped with an android operating system, a microsoft operating system, a saint operating system, a Linux operating system, or an apple iOS operating system. The terminal device 14 has installed thereon a browser and a VPN client application, such as an Android (Android) client application, an IOS client application, or a window PC client application, etc.
Fig. 2 is a flowchart of a login method according to an embodiment of the present application. The present embodiment is described in terms of interaction between a login management server, a VPN server, a service server, and a terminal device. The embodiment comprises the following steps:
201. the login management server determines that the user is a legal user of the service server.
202. The login management server obtains the identity of the user through the service server, and communication is carried out between the login management server and the service server based on the VPN network.
It should be noted that, the login method provided by the embodiment of the present application may be applicable to a scenario in which a user logs in through a VPN client application, and may be specifically shown in fig. 3; the method is also applicable to a scene that a user logs in directly based on a browser, namely, the user can access a login page directly through the browser.
Fig. 3 is a schematic diagram of an interface change process of a terminal device in a login method according to an embodiment of the present application. Referring to fig. 3, after clicking the VPN client application on the desktop of the electronic device, the user opens the VPN client application. The user interface of the VPN client application displays two buttons of joint login and common login, wherein the common login mode is a login mode for inputting information of at least two times, and the joint login mode is the login mode provided by the embodiment of the application.
The user clicks the joint login button, so that the login mode provided by the embodiment of the application is selected. The VPN client application then automatically invokes the browser. The terminal device requests a login page from the login management server through the browser. The login management server redirects the browser to the service server based on, for example, a jump to the browser reply 302, so that the browser obtains the data stream for displaying the login page from the service server and displays the login page.
It can be appreciated that, in the scenario where the user logs in directly through the browser, the access address of the login management server may be directly input into the browser, and after receiving the access request, the login management server redirects the browser to the service server by replying 302 to the user browser, and so on.
It should be noted that, because the service server is deployed in the intranet, and the user browser needs to request the login page from the service server, the service server needs to provide the public network IP, in the implementation provided by the present application, in order to ensure the security of the intranet service server, the service server may be set in advance, so that only the login page request sent to the public network IP is responded, and other requests reject the response. Furthermore, when the login management server sends a redirection request to the browser, the login management server can carry a dynamically generated verification parameter for verification and identification by the service server, and if the verification is passed, the login management server responds to the request, otherwise, the login management server discards the request.
After the browser displays the login page, the user inputs login information on the login page in a voice mode, a touch mode and the like and sends the login information to the service server. The login information comprises a login account number, a password and the like, and can also comprise a verification code, an enterprise identifier and the like. The login account and the password are independently maintained by the service server, and generally, the login account and the password are generated by registering when a user logs in the service server for the first time, and for enterprise users, the login account can be distributed for employees by an enterprise.
The service server can collect and store login information (except verification codes) of legal users and related information such as identity identification and the like in the process of user registration, and the related information of the users can be uniformly managed by enterprises and issued to the service server. The identity mark is information of the enterprise for identifying the identity of the user, such as a mobile phone number, an identity card number, a job number and the like, and the specific form can be set according to the actual situation of the enterprise client, and the invention is not limited at all.
When a user requests to log in to the service server and VPN service through the browser, the login management server redirects the browser to the service server, and the service server provides a login page for the user browser. And then, the user inputs login information such as account passwords and the like on a login page and submits the login information, and the service server verifies whether the user is a legal user or not according to the login information submitted by the user and feeds the login information back to the terminal equipment, and simultaneously redirects the browser to a login management server. And then, the browser reports whether the user is a legal user of the service server to the login management server.
Specifically, in the process that the service server determines whether the user is a legal user of the service server, the stored legal user information is compared with login information submitted when the user logs in, and if the login information submitted by the user exists in the stored information, the user is determined to be the legal user of the service server. In addition, the service server can also verify the verification code submitted by the user so as to further ensure the legality of the operator.
If the user is a legal user of the service server, the service server redirects the browser to the login management server by replying 302 to the browser and the like, and the response message carries a login success parameter. The browser sends an adaptation page request carrying login success parameters to the login management server based on the 302 response message. The login management server obtains the identity of the user from the service server according to the login success parameter, in one implementation, the login success parameter comprises service server information and user login identification, wherein the service server information is used for indicating the address of the service server for verifying the legitimacy of the user, such as intranet IP, the user login identification is a unique identification generated by the service server according to the login record, after receiving the login success parameter, the login management server can analyze the login management server to obtain service server information and the user login identification, and request the identity of the user corresponding to the user login identification from the service server pointed by the service server information based on the VPN network, when the service server receives the request from the login management server, the identity of the user can be determined based on the user login identification and sent to the login management server through the VPN network, based on this, data interaction between the login management server and the service server is transmitted based on the VPN network, data transmission safety can be ensured, information leakage can be prevented, and user information safety of enterprise clients can be ensured.
If the user is not a legal user of the service server, the service server triggers the browser to pop up prompt information to prompt the user that login fails, login cannot be performed in a joint login mode, and the like.
It should be noted that, although in fig. 3 above, two buttons of joint login and normal login are simultaneously displayed on the user interface of the VPN client application. However, the embodiment of the present application is not limited, and in other possible implementations, only the joint login button is displayed on the user interface of the VPN client application, that is, the VPN client application only provides the login method described in the embodiment of the present application. At this time, after the user clicks the VPN client application on the desktop of the electronic device and requests to log in, the VPN client application invokes the browser to request a log-in page from the login management server. The user does not need to select the joint login mode.
203. And determining whether the user is a legal user of VPN service or not based on the identity of the user so as to generate a login response, wherein the login response is used for indicating whether the user successfully logs in the business server and the VPN service through a browser of the terminal equipment or not.
For example, after the login management server determines that the user is a legal user of the service server, the login management server interacts with the service server to obtain the identity of the user. And then, the login management server determines whether the user is a legal user of the VPN service based on the identity of the user, or the login management server sends the identity of the user to a VPN server for providing the VPN service for the user, and the VPN server determines whether the user is the legal user of the VPN service.
204. And the login management server sends the login response to the terminal equipment of the user.
For example, if the user is a legal user of the VPN service, the login response is a data stream for generating a login success page, and the login response is used to instruct the user to successfully login to the service server and the VPN service through a browser. If the user is not a legal user of the VPN service, the login response is a data stream for generating a login failure page, and the login response is used for indicating that the user fails to successfully login to the service server and the VPN service through the browser.
If the login is successful, the user can access the business server through the VPN service.
According to the login method provided by the embodiment of the application, after the login management server determines that the user is a legal user of the service server, the identity of the user is obtained through the service server, and whether the user is a legal user of VPN service is determined based on the identity of the user so as to generate a login response and send the login response to the terminal equipment. The login response is used to indicate whether the user successfully logs in to the traffic server and VPN service through the browser.
By adopting the scheme, through interaction among the login management server, the service server and the VPN server, a user can login the VPN service and the service server at the same time only by inputting login information of the service server once, so that the login process is simplified, the error rate is reduced, and the user experience is improved. Moreover, the login information is independently managed by the service server, and the service server does not need to synchronize the user login information to the VPN server, so that the safety of the data in the client is ensured. The login management server or the VPN server can directly verify the validity of the user based on the user identity, and a user login account is not required to be maintained independently, so that the processing pressure is reduced.
Optionally, in step 203 of fig. 2, the login management server verifies the identity of the user according to legal user information, and generates the login response based on the verification result.
In particular, the legal user information may be provided by an enterprise client purchasing the VPN service to a VPN service provider (i.e. a network service provider) in advance, and the VPN service provider may store the legal user information on its own server, for example, a login management server, a VPN server, or other servers or clusters for managing the legal user information. The legal user information may include related information such as a user identity and an access right, where the access right refers to a right of a user to access the VPN service, and it may be understood that when the legal user information changes, the enterprise client may provide the change information to the VPN service provider to update the saved information.
Based on the above, when legal user information is stored in the login management server, the login management server can verify the user identity obtained from the service server based on the locally stored user legal information, so as to determine whether the user corresponding to the user identity has the authority to access the VPN service.
In another implementation, the login management server may also request verification of whether the user has access to VPN services by sending a user identification to other servers that hold legitimate user information.
In one example, the login management server determines that the user is a legal user of the service server, obtains the identity of the user through the service server, and then sends the identity carried in the trust request to the VPN server. After receiving the trust request, the VPN server compares the identity in the trust request with the local stored legal user information, and if the identity exists in the legal user information, the VPN server determines that the user is a legal user of the VPN service; if the identity mark does not exist in the stored legal user information, the user is determined not to be the legal user of the VPN service.
It should be noted that, in order to ensure the security of data transmission, the trust request sent by the login management server needs to be transmitted based on a VPN network, where the VPN network is disposed between the VPN server and the login management server. Moreover, the login management server can encrypt the user identity mark carried in the trust request based on an encryption mode pre-negotiated with the VPN server, so as to further prevent the user information from leaking. Correspondingly, when receiving the encrypted user identification, the VPN server needs to decrypt the encrypted user identification.
Optionally, in the foregoing embodiment, the login response is used to indicate whether the user successfully logs in the service server and the VPN service through a browser, and because the browser and the VPN client application are two different programs, in order to improve security, in a scenario that the user logs in through the VPN client application, login verification of the VPN client application side needs to be further completed. For this purpose, the login management server or VPN server may generate a token for verification process authentication shown in fig. 4 after determining that the user is a legitimate user for VPN service.
For example, referring to fig. 4, fig. 4 is a schematic diagram illustrating a token authentication process in a login method according to an embodiment of the present application. The embodiment comprises the following steps:
401. the VPN server receives a trust request from the login management server. Wherein the trust request carries the identity of the user.
402. The VPN service terminal performs validity verification on the user based on the identity so as to obtain a validity verification result. The validity verification result is used for indicating whether the user is a legal user of the VPN service.
403. The VPN server generates a token for the user.
Illustratively, after the VPN server discovers that the user is a legitimate user of the VPN service, a token (token) is generated for the user, and the token is used to verify the validity of the VPN client application.
404. The VPN server sends a trust response carrying the token to the login management server.
405. The login management server sends a login response carrying the token to the terminal device.
Illustratively, the login management server carries the token in a login response and sends the login response to the browser of the terminal device.
406. The browser of the terminal device displays a login success page.
407. And the browser of the terminal equipment activates the VPN client application by utilizing the login success page and sends the token to the VPN client application.
In the embodiment of the application, the browser activates the VPN client application in a mode of logging in the running script in the successful page and the like. For example, the terminal device displays the login success page through the browser, and automatically runs the script in the login success page to activate the VPN client after displaying the preset time, where the preset time is, for example, 3 seconds, 4 seconds, and the like.
For another example, the terminal device displays a login success page through the browser, and the user clicks a close button on the login success page to trigger script running, so that the VPN client is activated.
408. And the VPN client application sends an authentication request carrying the token to a VPN service terminal providing the VPN service.
For example, address information of a VPN server providing a VPN service may be preconfigured in a VPN client application, and after the VPN client application is activated by a browser, an authentication request will be automatically sent to the VPN service based on the received token. In another example, the address of the VPN server may be selected and issued to the user by the login management server based on a proximity principle or a load balancing policy.
409. And the VPN server verifies the authentication request to obtain a feedback result.
Illustratively, the VPN server itself verifies the token carried by the authentication request.
For example, the VPN server generates a token and saves the token. When the VPN server receives an authentication request sent by the VPN client application to the VPN server, the VPN server verifies the token carried by the authentication request based on the stored token to obtain a feedback result. And the feedback result is used for indicating whether the user successfully logs in the service server and the VPN service through the VPN client application.
In the embodiment shown in fig. 4, the VPN server verifies the validity of the user, in the embodiment that the login management server directly verifies the validity of the user, the operation of generating the token may also be completed by the login management server, when the login management server generates the token, the token is transmitted to the VPN client application of the user in the same manner as described above, on the one hand, and on the other hand, the token is transmitted to the VPN server, so that the VPN server verifies the VPN client when receiving the token verification request that the VPN client should have, in this embodiment, the validity verification of the user, the generation and transmission of the token are all realized in a unified manner by the login management server, and the VPN server only needs to verify the VPN client application according to the received token, thereby reducing the processing pressure of the VPN server and ensuring the processing resources of the VPN service.
In addition, the authentication request is not likely to carry a token, and at this time, the VPN server directly determines that the VPN client application is illegal, that is, the user fails to successfully log in the service server and the VPN service through the VPN application.
By adopting the scheme, the VPN server side verifies the token carried by the authentication request, so that the legality of the VPN client application can be ensured, and the login process of a user through the VPN client application is completed.
Alternatively, in the above embodiment, after the login management server or the VPN server generates the token, the state of the token may be set based on the validity period or other information and the token may be stored. For example, if the token has expired, the token is set to an invalid state, and if the VPN server receives a notification that the user sent by the VPN client application has expired, the token is set to the invalid state; for another example, if the VPN service purchased by the company where the user is located has expired, the token is set to an inactive state. The token generated and stored by the VPN server will be referred to as the first token hereinafter.
And then, the VPN client application sends an authentication request carrying a token to the VPN server, and the VPN server verifies the token carried by the authentication request according to the previously generated and stored token. The token that is generated and stored before is hereinafter referred to as a first token, and the token carried in the authentication request is referred to as a second token. If the VPN server determines that the second token is the same as the first token from the stored multiple first tokens, the second token is determined to be the token generated by the VPN server, and whether the state of the second token is normal is further judged. If the second token is in a normal state, the VPN server generates a feedback result for indicating that the second token is legal. If the second token is not generated by the VPN server or the state is abnormal, if the second token is invalid, the VPN server generates a feedback result for indicating that the second token is illegal.
By adopting the scheme, the purpose of verifying the validity of the token accurately in real time can be realized by further verifying whether the state of the token is normal.
410. And the VPN server side sends the feedback result to the VPN client side application of the terminal equipment.
The VPN server determines whether to provide VPN service for the VPN client application based on the feedback result. Specifically, if the feedback result indicates that the user successfully logs in to the service server and the VPN service through the VPN client application, step 411 is executed.
411. And the VPN server establishes a VPN tunnel with the VPN client application.
The VPN server normally responds to a VPN tunnel establishment request sent by the VPN client application to establish a VPN tunnel between the VPN client application and the VPN server, wherein the VPN tunnel is used for transmitting a service request sent by a user through the VPN client application and aiming at a service server; or the VPN tunnel is used for transmitting service requests sent by users to other service servers accessed to the service server through VPN client application, and after receiving the service requests from the VPN tunnel, the VPN server can send the service requests to the service server based on the VPN network.
It can be understood that, in the scenario where the service server is an SSO system server, the service request sent by the user for the service server includes the service requests sent by the user for all services accessing the SSO system server.
If the feedback result indicates that the user does not successfully log in the service server and the VPN service through the VPN client application, the VPN server refuses to establish a VPN tunnel with the VPN client application, so that the intranet access request of the user is refused to be received. Meanwhile, the VPN client application of the terminal equipment pops up prompt information to prompt the user that login fails, and the VPN client application refuses to establish a VPN tunnel.
In the above embodiment, after the user successfully logs in the service server and the VPN service through the browser, the VPN client application is invoked, and the validity of the VPN client application is confirmed based on the token, so that it is determined whether the user successfully logs in the service server and the VPN service through the VPN client application, and in the whole operation process, the switching between the VPN client application and the browser is automatically implemented, no manual switching is required for the user, the operation is simple for the user, the experience is good, and the user can log in the VPN service and the service server through the VPN client application only by inputting login information once.
The complete process of implementing login based on a VPN client application will be illustrated in connection with fig. 5.
Fig. 5 is a schematic process diagram of a login method according to an embodiment of the present application. Referring to fig. 5, the present embodiment includes:
501. The terminal equipment identifies clicking operation of the user on the VPN client application, and determines that the user selects the joint login mode.
Illustratively, the user opens a VPN client application on the desktop of the terminal device and clicks on a user interface of the VPN client application to select the federated login mode. See in particular the description of fig. 3, which is not repeated here.
502. The terminal device pops up the browser.
Illustratively, the VPN client application automatically invokes a browser in response to user-selected federated login mode operations, designating that it access a login management server deployed in the public network.
503. The browser sends a login page request to the login management server, the login page request being used to request login of the business server and the VPN service.
504. The browser receives a redirect response from the login management server.
Illustratively, the login management server sends a redirection response to the browser based on a mode of replying to the http 302 jump to the browser, and the like, so as to provide an access address of the service server to the browser to redirect the browser to the service server.
505. And the browser sends the login page request to the service server according to the redirection response. Illustratively, the browser sends a landing page request to the service server based on the received 302 jump, i.e., the redirect response described above.
506. And the browser receives a data stream from the service server for displaying the login page and displays the login page.
Illustratively, the service server feeds back the data stream to the browser after receiving the login page request. And rendering and displaying the login page after the browser receives the data stream.
507. The browser acquires login information input by a user on a login page.
Illustratively, the user inputs login information such as an account number, a password, an enterprise identifier, a verification code and the like on a login page.
508. The browser submits login information to the service server.
509. And the service server performs validity verification on the user according to the login information.
Illustratively, if the user is a legitimate user of the service server, then step 510 is performed; if the user is not a legal user of the service server, the service server triggers the browser to display prompt information so as to prompt the user that login fails.
510. And the service server sends a redirection response carrying the login success parameter to the browser.
Illustratively, if the user is a legitimate user of the service server, the service server sends 302 a jump to the browser, i.e., a redirect response carrying a login success parameter, redirecting the browser to the login management server.
511. And the browser sends an adaptation page request carrying the login success parameter to the login management server.
After receiving the 302 jump in step 510, the browser sends an adaptation page request to the login management server with the login success parameter. The login success parameter comprises a user login identifier generated by the service server according to the user login at this time and is used for uniquely identifying the user login record.
512. And the browser receives a data stream for displaying the adaptation page from the login management server and displays the adaptation page.
Illustratively, the browser displays "in authentication" and the like.
513. The login management server obtains the identity of the user from the service server.
The login management server obtains the identity of the user from the service server according to the login success parameter, wherein the identity comprises a user name and the like.
514. And aiming at legal users of the service server, the login management server and the VPN server perform mutual trust authentication.
The login management server, after acquiring the identity of the user from the service server, considers the user as a legal user of the service server, but cannot determine whether the user is a legal user of the VPN service. Therefore, for the legal user of the service server, the login management server further performs mutual trust authentication with the VPN server to determine whether the user is the legal user of the VPN service.
And the VPN server performs validity verification on the user according to the identity of the user. If the user has VPN rights, i.e. the user is a legitimate user of the VPN service, the VPN server executes step 515 to generate a token. If the user does not have VPN authority, the VPN server side sends prompt information to the login management server, and the login management server sends the prompt information to the terminal equipment to be displayed by the terminal equipment, so that the user is prompted that login fails.
515. The VPN server generates a token for the user and sends a trust response carrying the token to the login management server, wherein the token is used for verifying the validity of the VPN client application of the terminal equipment.
The VPN server generates a token for the user login, and transmits the token to the login management server in a trust response.
The VPN service end generates a token based on the identity of the user, etc., and the token is, for example, a character string generated according to the identity of the user. Furthermore, the VPN server sets an effective duration for each token, and the tokens are effective only in the effective duration, so that the security problem caused by the loss of the tokens is avoided.
516. The login management server sends a login response carrying the token to the browser.
517. The browser activates the VPN client application based on the login success page.
After the browser displays the login success page, the VPN client application is activated through the script in the operation page, wherein the script in the login success page calls the VPN client application through a browser built-in method and brings the token, and therefore the token is transmitted to the VPN client application. The browser built-in method is exemplified as follows: appName:// truthLoginToken = 123456.
518. The VPN client application sends an authentication request carrying a token to a VPN server providing VPN services.
Illustratively, after the VPN client application is activated, a token passed by the browser is received, and the token is automatically carried in the authentication request and sent to the VPN server.
After receiving the authentication request, the VPN server performs validity verification on the token to obtain a feedback result so as to determine whether the VPN client application is legal.
519. The VPN server side sends the feedback result to the VPN client side application to finish login. If the feedback result indicates that the VPN client application successfully logs in the service server and the VPN service, the VPN client application can display login success information and display a service access interface for user operation; if the feedback result indicates login failure, the VPN client application displays login failure information to the user and refuses the request or operation of the user for the service access interface.
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 6, the electronic device 600 is, for example, one of the login management server, VPN authentication end, VPN service end, service server or terminal device described above, and the electronic device 600 includes:
A processor 601 and a memory 602;
the memory 602 stores computer instructions;
The processor 601 executes the computer instructions stored in the memory 602, so that the processor 601 executes a login method implemented by the above login management server, VPN authentication side, VPN service side, service server or terminal device.
The specific implementation process of the processor 601 may refer to the above-mentioned method embodiment, and its implementation principle and technical effects are similar, and this embodiment will not be described herein again.
Optionally, the electronic device 600 further comprises a communication component 603. The processor 601, the memory 602, and the communication section 603 may be connected via a bus 604.
The embodiment of the application also provides a computer readable storage medium, wherein the computer readable storage medium stores computer instructions, and the computer instructions are used for realizing a login method realized by the login management server, the VPN authentication end, the VPN server, the service server or the terminal equipment when being executed by a processor.
The embodiment of the application also provides a computer program product, which comprises a computer program, and the computer program realizes the login method realized by the login management server, the VPN authentication end, the VPN server, the service server or the terminal equipment when being executed by a processor.
Other embodiments of the application will be apparent to those skilled in the art from consideration of the specification and practice of the application disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It is to be understood that the application is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (16)

1. A login method applied to a login management server deployed in a public network, the method comprising:
After determining that a user is a legal user of a service server, acquiring an identity of the user through the service server, wherein the login management server and the service server are communicated based on a VPN network;
Determining whether the user is a legal user of VPN service or not based on the identity of the user so as to generate a login response, wherein the login response is used for indicating whether the user successfully logs in the service server and the VPN service through a browser of terminal equipment or not;
and sending the login response to the terminal equipment.
2. The method according to claim 1, wherein after determining that the user is a legal user of the service server, obtaining, by the service server, the identity of the user includes:
receiving a login page request sent by the user through the browser, wherein the login page request is used for requesting to login the service server and the VPN service;
Sending a redirection response to the terminal equipment, so that the browser sends the login page request to the service server according to the redirection response, and submits login information based on the login page fed back by the service server so as to ensure that the service server confirms whether the user is legal or not;
Receiving an adaptation page request carrying login success parameters from the browser;
And sending a data stream for displaying the adaptation page to the browser, so that the browser displays the adaptation page, and requesting the identity of the user from the service server according to the login success parameter.
3. The method of claim 1, wherein the determining whether the user is a legitimate user of a VPN service based on the identity of the user to generate a login response comprises:
Verifying the identity of the user based on the locally stored legal user information, and generating the login response based on a verification result; or alternatively
Sending a trust request to a VPN server of a virtual private network deployed in a public network, wherein the trust request carries an identity of the user, and the VPN server is used for providing the VPN service; and receiving a trust response from the VPN server, and generating the login response according to the trust response.
4. A method according to claim 3, wherein said sending said login response to said terminal device comprises:
And when the trust response carries a token for the user, sending a login response carrying the token and used for displaying a login success page to the browser, wherein the token is used for indicating that the user is a legal user served by the VPN.
5. A login method, applied to a VPN server deployed in a public network, the method comprising:
receiving a trust request from a login management server deployed in a public network, wherein the trust request carries an identity of a user, and the trust request is sent after the login management server determines that the user is a legal user of a service server;
carrying out validity verification on the user based on the identity to obtain a validity verification result, wherein the validity verification result is used for indicating whether the user is a legal user of the VPN service;
and sending a trust response carrying the validity verification result to the login management server.
6. The method of claim 5, wherein the method further comprises:
and when the validity verification result indicates that the user is a legal user of the VPN service, generating a token for the user, and carrying the token in the trust response.
7. The method of claim 6, wherein after sending a trust response carrying the validity verification result to the login management server, further comprising:
receiving an authentication request sent by a terminal device through a VPN client application, wherein the authentication request carries the token;
Verifying whether the token is legal or not to obtain a feedback result, wherein the feedback result is used for indicating whether the user successfully logs in the business server and the VPN service through the VPN client application;
And sending the feedback result to an application program VPN client application of the terminal equipment.
8. The method of claim 7, wherein verifying whether the token is legitimate to obtain a feedback result comprises:
verifying whether the token is generated by the VPN server side or not and whether the state of the token is normal or not;
If the token is generated by the VPN server and the state is normal, generating a feedback result for indicating that the token is legal;
Otherwise, generating a feedback result for indicating that the token is illegal.
9. The method according to claim 7 or 8, wherein after the sending the feedback result to the VPN client application, further comprising:
And if the feedback result indicates that the VPN client application successfully logs in the service server and the VPN service, establishing a VPN tunnel with the VPN client application so as to receive a service request sent by the user through the VPN client application through the VPN tunnel.
10. A login method applied to a service server deployed in an intranet, the method comprising:
receiving a login page request sent by a user through a browser on terminal equipment, wherein the login page request is generated and sent by the browser based on a redirection response sent by a login management server;
Transmitting a data stream for displaying a login page to the terminal equipment;
Receiving login information submitted by the terminal equipment based on the login page;
carrying out validity verification on the user according to the login information;
And if the user is a legal user of the service server, sending a redirection response carrying a login success parameter to the terminal equipment, wherein the redirection response is used for indicating a browser of the terminal equipment to send an adaptation page request carrying the login success parameter to the login management server.
11. A login method, applied to a terminal device, the method comprising:
Acquiring a data stream for displaying a login page through a browser and displaying the login page, wherein the login page is used for logging in a service server and VPN service;
Transmitting login information to the service server based on the login page;
receiving a redirection response carrying login success parameters from the service server;
sending an adaptation page request carrying the login success parameter to a login management server through the browser;
receiving a data stream for displaying an adaptation page from the login management server and displaying the adaptation page;
and receiving a login response from the login management server, wherein the login response is used for indicating whether a user successfully logs in the business server and the VPN service through a browser.
12. The method of claim 11, wherein the obtaining, by the browser, the data stream for displaying the landing page and displaying the landing page comprises:
Sending a login page request to a login management server through a browser, wherein the login page request is used for requesting a login service server and VPN service;
receiving a redirect response from the login management server;
Sending the login page request to the service server according to the redirection response;
and receiving a data stream for displaying a login page from the service server and displaying the login page.
13. The method according to claim 11 or 12, further comprising, after said receiving a login response from said login management server:
When the login response carries a token, switching to a login success page according to the login response, wherein the login success page carries the token;
activating an application program VPN client application by using the login success page;
transmitting an authentication request carrying the token to a VPN service terminal providing the VPN service by utilizing the VPN client application;
And receiving a feedback result from the VPN server, wherein the feedback result is used for indicating whether the user successfully logs in the service server and the VPN service through the VPN client application.
14. The method of claim 13, wherein after receiving the feedback result from the VPN server, further comprising:
If the feedback result indicates that the user successfully logs in the service server and the VPN service through the VPN client application, requesting to establish a VPN tunnel with the VPN server through the VPN client application;
And sending a service request to the VPN server through the VPN tunnel.
15. An electronic device comprising a processor, a memory and a computer program stored on the memory and executable on the processor, wherein execution of the computer program by the processor causes the electronic device to implement the method of any one of claims 1 to 14.
16. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the method according to any of claims 1 to 14.
CN202111012706.6A 2021-08-31 2021-08-31 Login method, electronic equipment and computer readable storage medium Active CN113922982B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202111012706.6A CN113922982B (en) 2021-08-31 2021-08-31 Login method, electronic equipment and computer readable storage medium
PCT/CN2021/121317 WO2023029138A1 (en) 2021-08-31 2021-09-28 Login method, electronic device and computer-readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111012706.6A CN113922982B (en) 2021-08-31 2021-08-31 Login method, electronic equipment and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN113922982A CN113922982A (en) 2022-01-11
CN113922982B true CN113922982B (en) 2024-06-21

Family

ID=79233639

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111012706.6A Active CN113922982B (en) 2021-08-31 2021-08-31 Login method, electronic equipment and computer readable storage medium

Country Status (2)

Country Link
CN (1) CN113922982B (en)
WO (1) WO2023029138A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115865562A (en) * 2022-11-30 2023-03-28 浪潮通用软件有限公司 Method, device and medium for integrating VPN (virtual private network) by application program under multi-tenant architecture
CN116506237B (en) * 2023-06-30 2023-09-22 深圳市今天国际物流技术股份有限公司 Remote identity verification and transmission method completely off-line
CN116962088B (en) * 2023-09-20 2023-11-28 上海金电网安科技有限公司 Login authentication method, zero trust controller and electronic equipment
CN117811847B (en) * 2024-03-01 2024-05-28 北京长亭科技有限公司 Man-machine verification method and device based on combination of public network and intranet

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106330918A (en) * 2016-08-26 2017-01-11 杭州迪普科技有限公司 Multi-system login method and device

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101651666A (en) * 2008-08-14 2010-02-17 中兴通讯股份有限公司 Method and device for identity authentication and single sign-on based on virtual private network
CN101388774A (en) * 2008-10-24 2009-03-18 焦点科技股份有限公司 Method for automatically authenticate and recognize customer identity between different customers and login
US9432334B2 (en) * 2014-12-01 2016-08-30 Intermedia.Net, Inc. Native application single sign-on
CN104767621B (en) * 2015-04-16 2018-04-10 深圳市高星文网络科技有限公司 A kind of Mobile solution accesses the one-point safety authentication method of business data
US10387980B1 (en) * 2015-06-05 2019-08-20 Acceptto Corporation Method and system for consumer based access control for identity information
CN106850517A (en) * 2015-12-04 2017-06-13 北京京东尚科信息技术有限公司 A kind of method, apparatus and system for solving intranet and extranet repeat logon
US11012441B2 (en) * 2017-06-30 2021-05-18 Open Text Corporation Hybrid authentication systems and methods
US11163424B2 (en) * 2018-06-25 2021-11-02 Citrix Systems, Inc. Unified display for virtual resources
US11516202B2 (en) * 2019-12-26 2022-11-29 Vmware, Inc. Single sign on (SSO) capability for services accessed through messages

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106330918A (en) * 2016-08-26 2017-01-11 杭州迪普科技有限公司 Multi-system login method and device

Also Published As

Publication number Publication date
CN113922982A (en) 2022-01-11
WO2023029138A1 (en) 2023-03-09

Similar Documents

Publication Publication Date Title
CN113922982B (en) Login method, electronic equipment and computer readable storage medium
CN106131079B (en) Authentication method, system and proxy server
US9871791B2 (en) Multi factor user authentication on multiple devices
US9401909B2 (en) System for and method of providing single sign-on (SSO) capability in an application publishing environment
US9485239B2 (en) Implementing single sign-on across a heterogeneous collection of client/server and web-based applications
US8683565B2 (en) Authentication
US6934848B1 (en) Technique for handling subsequent user identification and password requests within a certificate-based host session
US9225712B2 (en) Enhanced security for electronic communications
CN101350717B (en) Method and system for logging on third party server through instant communication software
US6976164B1 (en) Technique for handling subsequent user identification and password requests with identity change within a certificate-based host session
CN101990183B (en) Method, device and system for protecting user information
US8191123B2 (en) Provisioning a network appliance
US8191122B2 (en) Provisioning a network appliance
JP2005538434A (en) Method and system for user-based authentication in a federated environment
WO2016173199A1 (en) Mobile application single sign-on method and device
WO2007126905A2 (en) Customizable sign-on service
CN109873805A (en) Cloud desktop login method, device, equipment and storage medium based on cloud security
CN110730174A (en) Network access control method, device, equipment and medium
CN113746811A (en) Login method, device, equipment and readable storage medium
CN111786969A (en) Single sign-on method, device and system
US8671442B2 (en) Modifying a user account during an authentication process
CA2844888A1 (en) System and method of extending a host website
US20060122936A1 (en) System and method for secure publication of online content
US7853791B1 (en) System and method for certificate based redirection
CN114338078A (en) CS client login method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant