CN114172700A - Unified authentication system and method based on cloud platform and domain control server - Google Patents
Unified authentication system and method based on cloud platform and domain control server Download PDFInfo
- Publication number
- CN114172700A CN114172700A CN202111403059.1A CN202111403059A CN114172700A CN 114172700 A CN114172700 A CN 114172700A CN 202111403059 A CN202111403059 A CN 202111403059A CN 114172700 A CN114172700 A CN 114172700A
- Authority
- CN
- China
- Prior art keywords
- cloud platform
- user
- control server
- domain control
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 14
- 238000012795 verification Methods 0.000 claims abstract description 118
- 238000007726 management method Methods 0.000 description 12
- 238000013475 authorization Methods 0.000 description 4
- 238000010276 construction Methods 0.000 description 4
- 238000003032 molecular docking Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to a unified authentication system and a method based on a cloud platform and a domain control server, wherein the system comprises a cloud platform, the domain control server and a secondary authentication database, the cloud platform comprises a main cloud platform area module and a plurality of auxiliary cloud platform area modules, a unified authentication module is arranged in the main cloud platform area module and is used for acquiring login information and secondary authentication information to be verified input by a user accessing the cloud platform, and sending the login information and the secondary authentication information to be verified to the domain control server for user authentication; the domain control server is used for acquiring login information, secondary verification information to be verified and carrying out user verification; and the domain control server accesses the secondary verification database to acquire the secondary verification user information of the user accessing the cloud platform. Compared with the prior art, the method has the advantages of high authentication accuracy, low cost, good data consistency and the like.
Description
Technical Field
The invention relates to the field of user authentication, in particular to a unified authentication system and method based on a cloud platform and a domain control server.
Background
With the indispensable and wide application of the cloud computing technology in each large enterprise data center, a user authentication system which is perfect on a cloud platform, meets the requirements of the enterprise and meets the customized characteristics of the enterprise is indispensable. After the traditional enterprise private cloud platform is built, authorization association among users, roles and authorities needs to be planned again, all user account information needs to be registered in a self-owned user authentication component of the cloud platform, different roles and authorities need to be granted to each user, when the number of the users is huge, a series of operations of planning, creating and authorizing need to be finished by consuming a large amount of time, the characteristics of the user system of the enterprise need to be met, and the long-term sustainable construction of the user system of the enterprise is met. After the operations are completed, the cloud platform can be put into production smoothly, and when new user requirements exist each time, synchronous creation authorization is needed on the platform. However, before the introduction of the cloud platform, a set of complete user system library is established in the process of continuous development in the conventional data center, and the users and the rights are generally managed by using domain control (Active Directory). In the prior art, uniform authentication cannot be performed after the introduction of the cloud platform. When a plurality of sets of Openstack cloud platforms need to be built in different network areas with different requirements in a real enterprise, each set of Openstack is an independent Region, each Region has a KeyStone component, a user system needs to be newly built, and a plurality of sets of organization structures and authentication systems are repeatedly built, are not efficient, and cannot well guarantee data consistency.
Disclosure of Invention
The invention aims to overcome the defects in the prior art and provide a unified authentication system and method based on a cloud platform and a domain control server.
The purpose of the invention can be realized by the following technical scheme:
a unified authentication system based on a cloud platform and a domain control server comprises the cloud platform, the domain control server and a secondary verification database,
the cloud platform comprises a main cloud platform area module and a plurality of auxiliary cloud platform area modules, wherein a uniform authentication module is arranged in the main cloud platform area module,
the unified authentication module is used for acquiring login information and secondary verification information to be verified input by a user accessing the cloud platform, and sending the login information and the secondary verification information to be verified to the domain control service for user verification;
the domain control server is used for acquiring login information, secondary verification information to be verified and carrying out user verification;
the secondary verification database is used for storing secondary verification user information, and the domain control server accesses the secondary verification database to obtain the secondary verification user information of the user accessing the cloud platform.
Preferably, the unified authentication module comprises a user login component and an authentication management component,
the user login component is used for acquiring login information and secondary verification information input by a user accessing the cloud platform and sending the login information and the secondary verification information to the authentication management component,
and the authentication management component is used for sending the login information and the secondary verification information to the domain control server for user verification.
Preferably, the cloud platform is an Openstack cloud platform, and the main cloud platform Region module and the auxiliary cloud platform Region module are Region components.
Preferably, the cloud platform comprises a secondary cloud platform area module, the primary cloud platform area module is a Region One component, and the secondary cloud platform area module is a Region Tow component.
Preferably, the user login component is a Horizon component of an Openstack cloud platform, and the authentication management component is a KeyStone component of the Openstack cloud platform.
Preferably, the domain control server is built based on an LDAP protocol, the KeyStone component integrates the LDAP protocol, and the KeyStone component accesses the domain control server through the LDAP protocol.
Preferably, the secondary verification database is a user mobile phone number database, and after the login information is acquired and verified by the domain control server, the domain control server accesses the secondary verification database to acquire user mobile phone number data corresponding to the login information, and sends a mobile phone verification code to the user mobile phone number as the secondary verification information.
Preferably, the secondary verification database is a CMDB configuration management database, and the domain control server calls a CMDB interface according to the user name in the login information to obtain the user mobile phone number corresponding to the user name from the secondary verification database.
A unified authentication method based on a cloud platform and a domain control server is based on the unified authentication system based on the cloud platform and the domain control server, and comprises the following steps:
s1: the unified authentication module acquires login information input by a user accessing the cloud platform;
s2: the unified authentication module sends login information to a domain control server for preliminary verification, the domain control server judges whether the user exists in the domain control server according to the user name in the login information, if the user passes the verification, the step S3 is carried out, otherwise, the authentication is judged to fail and the authentication is finished;
s3: the domain control server accesses the secondary verification database to obtain secondary verification user information of a user accessing the cloud platform, and sends secondary verification information to the user according to the secondary verification user information;
s4: the unified authentication module acquires secondary verification information to be verified input by a user and sends the secondary verification information to the domain control server;
s5: and the domain control server judges whether the secondary verification information to be verified is consistent with the secondary verification information or not and judges whether the password in the user information is correct or not, if the secondary verification information to be verified is consistent and the password is correct, the authentication is passed, and if not, the authentication is failed and the authentication is ended.
Preferably, the secondary verification user information is a user mobile phone number.
Compared with the prior art, the invention has the following advantages:
1. according to the cloud platform, the cloud platform area modules share one set of unified authentication module, so that separate authentication of multiple sets of OpenStack is avoided, the uniqueness of a login entrance is ensured, the user authentication efficiency is high, the data consistency is good, repeated construction and repeated operation are avoided, the system cost is effectively reduced, and the system efficiency is improved;
2. according to the invention, the KeyStone is combined with an own Windows Active Directory service system by using an LDAP protocol, a domain control server is directly used for creating users, authorizing and authenticating, and the KeyStone returns a message passing the authentication to each component of the OpenStack, so that the users can also use cloud platform resources, the cloud platform construction time is saved, the existing user directories of enterprises are referred, and repeated construction and multiple sets of operation and maintenance are avoided;
3. the method comprises the steps of verifying data secondarily, butting a CMDB interface, inquiring the mobile phone information of a user, and performing secondary verification by using a mobile phone verification code sending mode, thereby effectively ensuring the login safety of the cloud platform as a rights collecting system.
Drawings
FIG. 1 is a schematic diagram of the system of the present invention;
FIG. 2 is a flow chart of a method of the present invention;
FIG. 3 is a schematic diagram of a system according to an embodiment of the present invention;
FIG. 4 is a flow chart of the system set up in the embodiment of the present invention.
The system comprises a cloud platform 1, a domain control server 2, a secondary verification database 3, a unified authentication module 4, a main cloud platform area module 5 and an auxiliary cloud platform area module 6.
Detailed Description
The invention is described in detail below with reference to the figures and specific embodiments. Note that the following description of the embodiments is merely a substantial example, and the present invention is not intended to be limited to the application or the use thereof, and is not limited to the following embodiments.
Examples
A unified authentication system based on a cloud platform and a domain control server is shown in figure 1, and comprises a cloud platform 1, a domain control server 2 and a secondary verification database 3,
the cloud platform 1 comprises a main cloud platform area module 5 and a plurality of auxiliary cloud platform area modules 6, wherein a unified authentication module 4 is arranged in the main cloud platform area module 5,
the unified authentication module 4 is used for acquiring login information and secondary verification information to be verified input by a user accessing the cloud platform 1, and sending the login information and the secondary verification information to be verified to the domain control service for user verification;
the domain control server 2 is used for acquiring login information, secondary verification information to be verified and performing user verification;
the secondary verification database 3 is used for storing secondary verification user information, and the domain control server 2 accesses the secondary verification database 3 to obtain the secondary verification user information of the user accessing the cloud platform 1.
Specifically, the unified authentication module 4 includes a user login component and an authentication management component,
the user login component is used for acquiring login information and secondary verification information input by a user accessing the cloud platform 1 and sending the login information and the secondary verification information to the authentication management component,
the authentication management component is used for sending the login information and the secondary verification information to the domain control server 2 for user verification.
In this embodiment, the cloud platform 1 is an Openstack cloud platform, and the main cloud platform Region module 5 and the auxiliary cloud platform Region module 6 are Region components of the Openstack cloud platform, in this embodiment, the cloud platform 1 includes the auxiliary cloud platform Region module 6, and the main cloud platform Region module 5 and the auxiliary cloud platform Region module 6 are a Region One component and a Region Tow component respectively. The user login component is a Horizon component of an Openstack cloud platform, and the authentication management component is a KeyStone component of the Openstack cloud platform.
The embodiment technically implements a unified authentication system based on a cloud platform and a domain control server, as shown in fig. 3, specifically:
the Keystone component is one of the components in OpenStack, and API client authentication, service discovery and distributed multi-tenant authorization are provided mainly by calling the Identity API of OpenStack. Since each component of OpenStack is decoupled and sub-services are independent, each component API needs to communicate with the KeyStone first when receiving a user resource request to confirm that the user has the right to operate the resource, so the KeyStone needs to provide authentication services for the user and the component at the same time. The specific realization idea mainly comprises the following steps: respectively defining Two sets of OpenStack as a Region One and a Region Two, modifying a Region table in a respective KeyStone database, adding a Region record, wherein admin, public and internal url of a Keystone component all use endpoint of the Region One, and only changing the Region name into the Region Two; then creating nova, glance, circle and neutron service entry endpoint of the Region Two on a control node of the Region One, when a user requests a resource of the Region Two, firstly passing authentication on KeyStone of the Region One, and then calling the resource Url of the Region Two by pointing in endpoint list of the Region One; finally, the conf files of nova, glance, circle and neutron need to be modified on the control node of the Region Two, and the address and authentication information in the "[ KeyStone _ author ]" module are changed into the KeyStone information of the Region One, and the example is the configuration example of the Region Two circle component by taking the circle component as an example. The multi-Region unified authentication of the OpenStack cloud platform is realized, and the login entry is unique.
Example Region Two circle component configuration
And the KeyStone and Windows Active Directory of Region One are authenticated and docked, firstly, a docking account needs to be created on the domain control server 2, then, through an LDAP protocol, a query is defined and directed to the domain and organization of the specific user domain control server 2 in a configuration file KeyStone.
Conf docking domain control foundation configuration example
The domain control server 2 is built based on an LDAP protocol, the KeyStone component integrates the LDAP protocol, the KeyStone component accesses the domain control server 2 through the LDAP protocol, the domain control server 2 is built based on the LDAP protocol, the KeyStone component integrates the LDAP protocol, and the KeyStone component accesses the domain control server 2 through the LDAP protocol. LDAP (Lightweight Directory Access Protocol): LDAP is an industry standard application protocol that provides access control and maintains directory information for distributed information over IP protocols. In this embodiment, an openldap installation package is selected to implement ldap communication.
The Windows Active Directory domain control service, the domain control server 2, generally means that in the "domain" mode, at least one server is responsible for the verification work of each computer and user connected to the network, and is generally used for the security authentication of users and computers in the enterprise local area network. The Windows domain control server 2 used in this embodiment is based on a set of Windows Active Directory existing in its own environment, an Active Directory (AD) is a dynamic data set, and is used for executing a predetermined rule and tracking the current state and system of the user in the entire network domain in a domain controller of a data center, and is implemented based on an LDAP protocol, so that the domain control server 2 can be accessed for user authentication after the KeyStone component in the OpenStack cloud platform is integrated into the LDAP access protocol.
The OpenStack cloud platform uses Windows Active Directory user domain control server 2 for authentication, and needs to be configured in a KeyStone component. Conf, the domain control server 2 to be accessed needs to be defined in the keystone, as shown in table 2; secondly, the LDAP drive is enabled, and an LDAP drive configuration path is defined. If the directory to be accessed is a different domain, a plurality of domains may be defined, each domain needs to define a different drive file "key, domain _ name _ name.conf", where information such as a domain control address, docking account information, authenticated user directory "user _ tree _ dn", and the number of queries each time is indicated in the file, and specific example configurations are as follows.
key
In the embodiment, the mobile phone verification code is sent to the client for secondary verification, after the login information is obtained and the verification is passed, the domain control server 2 accesses the secondary verification database 3 to obtain the user mobile phone number data corresponding to the login information, and sends the mobile phone verification code to the user mobile phone number as the secondary verification information, the secondary verification database 3 is a CMDB configuration management database, and the domain control server 2 calls a CMDB interface according to the user name in the login information to obtain the user mobile phone number corresponding to the user name from the secondary verification database 3.
Configuration Management Database (CMDB Configuration Management Database): the CMDB is mainly used for a system for recording enterprise user asset information, in the embodiment, a domain user name is mainly inquired through domain control, a CMDB interface is called through the user name to obtain a user mobile phone number, and secondary verification is performed by receiving a mobile phone verification code when a user logs in, so that the login security of an OpenStack cloud platform serving as an authorization collecting system is ensured.
Specifically, corresponding to the system framework, as shown in fig. 4, the step of building a unified authentication system based on a cloud platform and a domain control server in this embodiment specifically includes:
(1) two Region keystone databases are backed up as indicated by the following commands:
region1:
mysqldump-uroot keystone>keystone_1bak.sql
region2
mysqldump-uroot keystone>keystone_2bak.sql
(2) updating the Region ID recorded in the Region table of the keystone database of the Region Two to be the Region Two, adding a record in the Region table of the keystone database of the Region one, and creating the Region Two, as shown in the following commands:
region1:
mysql-uroot-e"insert into keystone.region(id,parent_region_id,extra,url)values('regiontwo',NULL,'{}',NULL);"
region2:
update endpoint set region_id='regiontwo';
(3) creating endpoint of service entry of components such as Region Two Nova, span, circle, Neutron and the like on a control node of Region One, and creating an endpoint example for the Nova component as shown in the following commands:
keystone endpoint-create--service-id$(keystone service-list|awk'/compute/{print$2}')--publicurl http://[regiontwo
(iii) the domain name ip: 5000/v2.0- -internnallurl http:// http:// regiontwo domain name ip: 5000/v2.0- -adminurrl http:// http:// regiontwo domain name
ip]:35357/v2.0--region RegionTwo
(4) Verify that endpoint of the Region Two related components has all been created successfully, using the following command:
keystone endpoint-list|grep RegionTwo
(5) on all control nodes of the Region Two, the [ keystone _ author ] definition in the conf configuration file of the components of Nova, Glance, Cinder, Neutron and the like is modified, the keystone authentication is pointed to the keystone url of the Region One, and the related components are restarted. The following example is the configuration of the Nova component update:
(6) logging in a Region One Horizon login entrance, and allowing a list of two regions to be seen, wherein a cloud host can be created in both the two regions;
(7) establishing a cloud platform docking account on a Windows Active Directory;
(8) installing an openldap packet on a control node of the Region One, and starting the ldap protocol, wherein the following commands are shown:
yum install-y openldap openldap-clients openldap-servers migrationtools
cp/usr/share/openldap-servers/DB_CONFIG.example/var/lib/ldap/DB_CONFIG
chown ldap./var/lib/ldap/DB_CONFIG
systemctl start slapd
systemctl enable slapd
(9) the following configuration is added under the definition of [ identity ] in the Region One control node key.
[identity]
domain_specific_drivers_enabled=True
domain_config_dir=/etc/keystone/domains
(10) Defining the driver of the Windows Active Directory domain control Directory to be queried, and defining the driver files of each domain to be authenticated under the path "/etc/keystone/domains" defined in step S9, as shown in the example in table 3, the user in this project includes two domains, so two driver files are newly created, as follows:
(keystone)[root@drkm01070104u domains]#ls
keystone.dc_domain.conf keystone.rc_domain.conf
step S11: restarting a Region One KeyStone related component, performing login test, inputting login information including a user name and a password during login, clicking to send a verification code, checking that the KeyStone sends the user name and the password to a domain controller for authentication through an ldap protocol in a log, acquiring a mobile phone number by the domain controller through inquiring a CMDB and sending the mobile phone number to a user verification code, and successfully authenticating and logging in after the verification code is refilled by the user.
A unified authentication method based on a cloud platform and a domain control server, based on the above unified authentication system based on a cloud platform and a domain control server, as shown in fig. 2, includes the following steps:
s1: the unified authentication module 4 obtains login information input by a user accessing the cloud platform 1. In the embodiment, a user inputs login information through a Horizon component, the login information comprises a user name and a password, verification code request information is sent out, and the verification code request information is sent to a Keystone component;
s2: the unified authentication module 4 sends the login information to the domain control server 2 for preliminary verification, the domain control server 2 judges whether the user exists in the domain control server 2 according to the user name in the login information, if the user passes the verification, the step S3 is entered, otherwise, the authentication is judged to fail and the authentication is ended.
In this embodiment, the Keystone component sends the user name to the domain control server 2 to confirm whether the user exists, and then the process proceeds to S3.
S3: the domain control server 2 accesses the secondary verification database 3 to obtain secondary verification user information of the user accessing the cloud platform 1, and sends the secondary verification information to the user according to the secondary verification user information.
Specifically, the domain control server 2 queries the mobile phone number information corresponding to the user name from the CMDB database according to the user name, and sends the corresponding verification code to the mobile phone number.
S4: the unified authentication module 4 acquires the secondary verification information to be verified input by the user and sends the secondary verification information to the domain control server 2.
And the user inputs the verification code information again through Horizon and sends the verification code information to the Keystone component. And the Keystone component sends the verification code information and the password to the domain control server 2 for secondary verification.
S5: the domain control server 2 judges whether the secondary verification information to be verified is consistent with the secondary verification information or not, judges whether the password in the user information is correct or not, if the secondary verification information to be verified is consistent and the password is correct, the authentication is passed, login is completed, the user can use resources, and otherwise, the authentication is judged to be failed and the authentication is finished.
The above embodiments are merely examples and do not limit the scope of the present invention. These embodiments may be implemented in other various manners, and various omissions, substitutions, and changes may be made without departing from the technical spirit of the present invention.
Claims (10)
1. A unified authentication system based on a cloud platform and a domain control server is characterized in that the unified authentication system comprises a cloud platform, the domain control server and a secondary verification database,
the cloud platform comprises a main cloud platform area module and a plurality of auxiliary cloud platform area modules, wherein a uniform authentication module is arranged in the main cloud platform area module,
the unified authentication module is used for acquiring login information and secondary verification information to be verified input by a user accessing the cloud platform, and sending the login information and the secondary verification information to be verified to the domain control service for user verification;
the domain control server is used for acquiring login information, secondary verification information to be verified and carrying out user verification;
the secondary verification database is used for storing secondary verification user information, and the domain control server accesses the secondary verification database to obtain the secondary verification user information of the user accessing the cloud platform.
2. The unified authentication system based on the cloud platform combined with the domain control server as claimed in claim 1, wherein said unified authentication module comprises a user login component and an authentication management component,
the user login component is used for acquiring login information and secondary verification information input by a user accessing the cloud platform and sending the login information and the secondary verification information to the authentication management component,
and the authentication management component is used for sending the login information and the secondary verification information to the domain control server for user verification.
3. The unified authentication system based on the cloud platform and the domain control server as claimed in claim 2, wherein the cloud platform is an Openstack cloud platform, and the primary cloud platform area module and the secondary cloud platform area module are Region components.
4. The system according to claim 3, wherein the cloud platform comprises a secondary cloud platform area module, the primary cloud platform area module is a Region One component, and the secondary cloud platform area module is a Region top component.
5. The system of claim 3, wherein the user login component is a Horizon component of an Openstack cloud platform, and the authentication management component is a KeyStone component of the Openstack cloud platform.
6. The unified authentication system based on the cloud platform and the domain control server is characterized in that the domain control server is built based on an LDAP protocol, the KeyStone component integrates the LDAP protocol, and the KeyStone component accesses the domain control server through the LDAP protocol.
7. The system of claim 1, wherein the secondary verification database is a user mobile phone number database, and after the domain control server obtains login information and passes verification, the domain control server accesses the secondary verification database to obtain user mobile phone number data corresponding to the login information, and sends a mobile phone verification code to the user mobile phone number as the secondary verification information.
8. The unified authentication system based on the cloud platform and the domain control server as claimed in claim 7, wherein the secondary verification database is a CMDB configuration management database, and the domain control server calls a CMDB interface according to the user name in the login information to obtain the user mobile phone number corresponding to the user name from the secondary verification database.
9. A unified authentication method based on a cloud platform and a domain control server is based on the unified authentication system based on the cloud platform and the domain control server as claimed in any one of claims 1 to 8, and is characterized by comprising the following steps:
s1: the unified authentication module acquires login information input by a user accessing the cloud platform;
s2: the unified authentication module sends login information to a domain control server for preliminary verification, the domain control server judges whether the user exists in the domain control server according to the user name in the login information, if the user passes the verification, the step S3 is carried out, otherwise, the authentication is judged to fail and the authentication is finished;
s3: the domain control server accesses the secondary verification database to obtain secondary verification user information of a user accessing the cloud platform, and sends secondary verification information to the user according to the secondary verification user information;
s4: the unified authentication module acquires secondary verification information to be verified input by a user and sends the secondary verification information to the domain control server;
s5: and the domain control server judges whether the secondary verification information to be verified is consistent with the secondary verification information or not and judges whether the password in the user information is correct or not, if the secondary verification information to be verified is consistent and the password is correct, the authentication is passed, and if not, the authentication is failed and the authentication is ended.
10. The unified authentication method based on the cloud platform and the domain control server as claimed in claim 9, wherein the secondary verification user information is a user mobile phone number.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111403059.1A CN114172700A (en) | 2021-11-24 | 2021-11-24 | Unified authentication system and method based on cloud platform and domain control server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111403059.1A CN114172700A (en) | 2021-11-24 | 2021-11-24 | Unified authentication system and method based on cloud platform and domain control server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114172700A true CN114172700A (en) | 2022-03-11 |
Family
ID=80480255
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111403059.1A Pending CN114172700A (en) | 2021-11-24 | 2021-11-24 | Unified authentication system and method based on cloud platform and domain control server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114172700A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115118480A (en) * | 2022-06-22 | 2022-09-27 | ***数智科技有限公司 | Skyline system weight-sharing domain-dividing function realization method and device based on Openstack |
| CN116055082A (en) * | 2022-08-17 | 2023-05-02 | 广东德尔智慧工厂科技有限公司 | User management method and system based on OpenStack |
| CN116781761A (en) * | 2023-08-24 | 2023-09-19 | 北京建筑大学 | Application program calling method and device |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105991709A (en) * | 2015-02-11 | 2016-10-05 | ***通信集团河南有限公司 | Cloud desktop account number management method and apparatus thereof |
| CN107453872A (en) * | 2017-06-27 | 2017-12-08 | 北京溢思得瑞智能科技研究院有限公司 | A kind of unified safety authentication method and system based on Mesos container cloud platforms |
| CN108234587A (en) * | 2016-12-22 | 2018-06-29 | 航天信息股份有限公司 | A kind of method shared based on the more region mirror image resources of OpenStack |
| CN109063457A (en) * | 2018-06-22 | 2018-12-21 | 杭州才云科技有限公司 | The cross-platform login unified certification interconnection method of one kind, storage medium, electronic equipment |
| CN109547412A (en) * | 2018-10-23 | 2019-03-29 | 平安科技(深圳)有限公司 | Two-factor authentication method, apparatus, system, electronic equipment and storage medium |
| CN109819061A (en) * | 2018-09-11 | 2019-05-28 | 华为技术有限公司 | A kind of method, apparatus and equipment handling cloud service in cloud system |
| CN112532723A (en) * | 2020-11-27 | 2021-03-19 | 北京浪潮数据技术有限公司 | Account management method, cloud management layer, equipment and medium |
| CN113206866A (en) * | 2021-03-30 | 2021-08-03 | 新华三大数据技术有限公司 | Service providing method, device and storage medium in multi-region scene |
| CN113612865A (en) * | 2021-07-29 | 2021-11-05 | 济南浪潮数据技术有限公司 | Method, device and equipment for managing cloud platform LDAP domain account and readable medium |
-
2021
- 2021-11-24 CN CN202111403059.1A patent/CN114172700A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105991709A (en) * | 2015-02-11 | 2016-10-05 | ***通信集团河南有限公司 | Cloud desktop account number management method and apparatus thereof |
| CN108234587A (en) * | 2016-12-22 | 2018-06-29 | 航天信息股份有限公司 | A kind of method shared based on the more region mirror image resources of OpenStack |
| CN107453872A (en) * | 2017-06-27 | 2017-12-08 | 北京溢思得瑞智能科技研究院有限公司 | A kind of unified safety authentication method and system based on Mesos container cloud platforms |
| CN109063457A (en) * | 2018-06-22 | 2018-12-21 | 杭州才云科技有限公司 | The cross-platform login unified certification interconnection method of one kind, storage medium, electronic equipment |
| CN109819061A (en) * | 2018-09-11 | 2019-05-28 | 华为技术有限公司 | A kind of method, apparatus and equipment handling cloud service in cloud system |
| CN109547412A (en) * | 2018-10-23 | 2019-03-29 | 平安科技(深圳)有限公司 | Two-factor authentication method, apparatus, system, electronic equipment and storage medium |
| CN112532723A (en) * | 2020-11-27 | 2021-03-19 | 北京浪潮数据技术有限公司 | Account management method, cloud management layer, equipment and medium |
| CN113206866A (en) * | 2021-03-30 | 2021-08-03 | 新华三大数据技术有限公司 | Service providing method, device and storage medium in multi-region scene |
| CN113612865A (en) * | 2021-07-29 | 2021-11-05 | 济南浪潮数据技术有限公司 | Method, device and equipment for managing cloud platform LDAP domain account and readable medium |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115118480A (en) * | 2022-06-22 | 2022-09-27 | ***数智科技有限公司 | Skyline system weight-sharing domain-dividing function realization method and device based on Openstack |
| CN115118480B (en) * | 2022-06-22 | 2024-04-26 | ***数智科技有限公司 | Method and device for realizing split-weight split-domain function of Skyline system based on Openstack |
| CN116055082A (en) * | 2022-08-17 | 2023-05-02 | 广东德尔智慧工厂科技有限公司 | User management method and system based on OpenStack |
| CN116055082B (en) * | 2022-08-17 | 2023-11-28 | 广东德尔智慧科技股份有限公司 | User management method and system based on OpenStack |
| CN116781761A (en) * | 2023-08-24 | 2023-09-19 | 北京建筑大学 | Application program calling method and device |
| CN116781761B (en) * | 2023-08-24 | 2023-10-27 | 北京建筑大学 | Application program calling method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114172700A (en) | Unified authentication system and method based on cloud platform and domain control server | |
| CN107277049B (en) | Access method and device of application system | |
| EP2893686B1 (en) | Ldap-based multi-customer in-cloud identity management system | |
| US9524382B2 (en) | System and method for centralizedly controlling server user rights | |
| US8429712B2 (en) | Centralized user authentication system apparatus and method | |
| US7133917B2 (en) | System and method for distribution of software licenses in a networked computing environment | |
| US20110214165A1 (en) | Processor Implemented Systems And Methods For Using Identity Maps And Authentication To Provide Restricted Access To Backend Server Processor or Data | |
| US20100325717A1 (en) | System and Method for Managing Access to a Plurality of Servers in an Organization | |
| EP2715971B1 (en) | Automating cloud service reconnections | |
| EA007778B1 (en) | Application generator | |
| CN103067463A (en) | Centralized management system and centralized management method for user root permission | |
| WO2021068518A1 (en) | Identity authentication method and system, electronic equipment and storage medium | |
| US10122702B2 (en) | Single sign-on for interconnected computer systems | |
| US20120204248A1 (en) | Provisioner for single sign-on and non-single sign-on sites, applications, systems, and sessions | |
| US20130312068A1 (en) | Systems and methods for administrating access in an on-demand computing environment | |
| CN111611561B (en) | Edge-hierarchical-user-oriented unified management and control method for authentication and authorization | |
| US11722481B2 (en) | Multiple identity provider authentication system | |
| WO2020231991A1 (en) | Efficient and automatic database patching using elevated privileges | |
| CN111090881A (en) | Database access method and device | |
| JP6840505B2 (en) | Systems, service providers, system control methods and programs | |
| CN202059439U (en) | Cross-service-platform comprehensive authentication system | |
| CN112866386A (en) | Data storage data construction method based on cloud computing | |
| CN115150191B (en) | Cross-region cloud management platform information interaction method and related components | |
| CN106445892B (en) | Document assembly method and system | |
| US11803569B2 (en) | Computer system and method for accessing user data that is distributed within a multi-zone computing platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |