CN114430340A - Cross-domain single sign-on method, device and equipment - Google Patents
Cross-domain single sign-on method, device and equipment Download PDFInfo
- Publication number
- CN114430340A CN114430340A CN202111609576.4A CN202111609576A CN114430340A CN 114430340 A CN114430340 A CN 114430340A CN 202111609576 A CN202111609576 A CN 202111609576A CN 114430340 A CN114430340 A CN 114430340A
- Authority
- CN
- China
- Prior art keywords
- user
- identity authentication
- login
- request
- token
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 55
- 230000015654 memory Effects 0.000 claims description 32
- 238000013507 mapping Methods 0.000 claims description 20
- 238000012795 verification Methods 0.000 claims description 16
- 238000004891 communication Methods 0.000 claims description 12
- 230000007547 defect Effects 0.000 abstract description 10
- 238000010586 diagram Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 3
- 239000000284 extract Substances 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the invention provides a cross-domain single sign-on method, a device and equipment, wherein the method comprises the following steps: receiving a login request of a user; sending an ajax request for inquiring the login state of the user to an authentication system, wherein the ajax request is used for extracting the identity authentication information of the user; if the user login state is logged in, acquiring an identity authentication token fed back by the authentication system based on the identity authentication information; authenticating the user based on the authentication token; and if the identity authentication is passed, allowing the user to log in. According to the invention, the identity authentication information of the user is extracted through the ajax request, and the identity authentication token is correspondingly generated, so that the defect that data of post request is lost after the application system and the authentication system repeatedly jump and the page is redirected can be avoided.
Description
Technical Field
The invention relates to the technical field of network information security, in particular to a cross-domain single sign-on method, a device and equipment.
Background
With the rapid development of the internet technology, various network application systems are developed at the same time, and the same user has different account numbers and passwords in different systems, so that the user names and passwords are abused, and meanwhile, potential safety hazards are brought.
The Single Sign-On (SSO) technology is adopted, so that the problem of logging in different systems of the Internet by the same user is solved. The identity authentication is handed to a uniform authentication server side by the technology, and the authentication server side generates a uniform authentication certificate to realize the authentication and verification of the user identity.
However, the existing single sign-on technology has the following problems in the practical application process: based on the browser redirection single sign-on technology, an application system and an authentication system skip repeatedly, so that user experience is influenced; data of post requests are lost after page redirection, which is not beneficial to information and data communication between application systems.
Disclosure of Invention
Therefore, the technical problem to be solved by the present invention is to overcome the defect in the prior art that data of post request is lost after repeated jump and page redirection of an application system and an authentication system, so as to provide a cross-domain single sign-on method, device and equipment.
According to a first aspect, an embodiment of the present invention provides a cross-domain single sign-on method, which is applied to an application system, and includes the following steps: receiving a login request of a user; sending an ajax request for inquiring the login state of the user to an authentication system, wherein the ajax request is used for extracting the identity authentication information of the user; if the user login state is logged in, acquiring an identity authentication token fed back by the authentication system based on the identity authentication information; authenticating the user based on the authentication token; and if the identity authentication is passed, allowing the user to log in.
Optionally, the cross-domain single sign-on method further includes: if the user login state is not login, user login information input by a user is acquired so that the user can log in the application system; sending a login ajax request to the authentication system, so that the authentication system generates a login credential authentication token of the user based on second identity authentication information of the user contained in the login ajax request, and stores a mapping relation between the second identity authentication information and the login credential authentication token; and confirming that the user logs in successfully, and returning to the step of executing the login request of the received user to the step of sending an ajax request for inquiring the login state of the user to an authentication system so as to inquire the login state of the user.
According to a second aspect, an embodiment of the present invention further provides a cross-domain single sign-on apparatus, including: the login receiving module is used for receiving a login request; the request sending module is used for sending an ajax request for inquiring the login state of the user to an authentication system, wherein the ajax request is used for extracting the identity authentication information of the user; the information verification module is used for acquiring an identity verification token fed back by the authentication system based on the identity authentication information if the user login state is logged in; the authentication module is used for authenticating the identity of the user based on the identity authentication token; and the communication module is used for allowing the user to log in if the identity authentication is passed.
According to a third aspect, an embodiment of the present invention further provides a cross-domain single sign-on method, applied to an authentication system, including the following steps: acquiring an ajax request for inquiring the login state of the user, which is sent by an application system, wherein the ajax request is used for extracting the identity authentication information of the user; and if the user login state is logged in, feeding back an identity authentication token generated based on the identity authentication information to the application system so that the application system performs identity authentication on the user based on the identity authentication token.
Optionally, the cross-domain single sign-on method further includes: if the user login state is not login, acquiring a login ajax request sent by the application system based on the login information of the user; the login ajax request comprises second identity authentication information of the user; and obtaining a second identity authentication token based on the second identity authentication information, and storing the mapping relation between the second identity authentication information and the second identity authentication token.
Optionally, the method includes determining whether the user is in a process of a login state, and the method includes: extracting an identity authentication token based on the identity authentication information of the user, wherein the login state of the user is logged in; and if the identity authentication token is not extracted based on the identity authentication information of the user, the login state of the user is not logged in.
According to a fourth aspect, an embodiment of the present invention further provides a cross-domain single sign-on apparatus, which is applied to an authentication system, and includes: the request receiving module is used for acquiring an ajax request which is sent by an application system and used for inquiring the login state of the user, wherein the ajax request is used for extracting the identity authentication information of the user; and the judging module is used for feeding back an identity authentication token generated based on the identity authentication information to the application system if the user login state is logged in so that the application system performs identity authentication on the user based on the identity authentication token.
According to a fifth aspect, an embodiment of the present invention further provides a cross-domain single sign-on system, including an authentication system and an application system, where the application system is configured to receive a login request from a user, and send, based on the login request, an ajax request for querying a login state of the user to the authentication system; the authentication system is used for extracting the identity authentication information of the user based on the ajax request, acquiring an identity verification token based on the identity authentication information, and feeding back the identity verification token to the application system; the application system is used for performing identity authentication on the user based on the identity authentication token, and if the identity authentication passes, allowing the user to log in.
According to a sixth aspect, an embodiment of the present invention provides a cross-domain single sign-on device, including: a memory and a processor, the memory and the processor being communicatively coupled to each other, the memory having stored therein computer instructions, the processor being configured to execute the computer instructions to perform the method of the first aspect or any one of the alternatives.
According to a seventh aspect, a computer-readable storage medium stores computer instructions for causing a computer to perform the method of the first aspect or any one of the alternative embodiments.
The technical scheme of the invention has the following advantages:
the embodiment of the invention provides a cross-domain single sign-on method which is applied to an application system and comprises the following steps: receiving a login request of a user; sending an ajax request for inquiring the login state of the user to an authentication system, wherein the ajax request is used for extracting the identity authentication information of the user; if the user login state is logged in, acquiring an identity authentication token fed back by the authentication system based on the identity authentication information; and authenticating the user based on the identity authentication token. According to the invention, the identity authentication information of the user is extracted through the ajax request, and the identity authentication token is correspondingly generated, so that the defect that data of post request is lost after the application system and the authentication system repeatedly jump and the page is redirected can be avoided.
The embodiment of the invention also provides a cross-domain single sign-on method which is applied to an authentication system and comprises the following steps: the method comprises the steps of obtaining an ajax request for inquiring a user login state sent by an application system, extracting identity authentication information of the user according to the ajax request, and feeding back an identity authentication token generated based on the identity authentication information to the application system if the user login state is logged in so that the application system can authenticate the user based on the identity authentication token. According to the invention, the identity authentication information of the user is extracted through the ajax request, and the identity authentication token is correspondingly generated, so that the defect that data of post request is lost after the application system and the authentication system repeatedly jump and the page is redirected can be avoided.
The embodiment of the invention also provides a cross-domain single sign-on system, and the working process of the system comprises the following steps: firstly, an application system receives a login request of a user, and sends an ajax request for inquiring the login state of the user to an authentication system based on the login request; then the authentication system extracts the identity authentication information of the user based on the ajax request, acquires an identity authentication token based on the identity authentication information, and feeds the identity authentication token back to the application system; and the application system is used for carrying out identity authentication on the user based on the identity authentication token, and allowing the user to log in if the identity authentication passes. According to the method and the device, the identity authentication information of the user is extracted through the ajax request, the identity verification token is correspondingly generated, and the mapping relation between the identity authentication information and the identity verification token is stored, so that the defect that data of post requests are lost after the application system and the authentication system are repeatedly jumped and the page is redirected can be avoided, meanwhile, the user can conveniently and quickly access based on the mapping relation when the user subsequently accesses the application system, and the user login speed is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is an interaction flow diagram of a cross-domain single sign-on system according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating an exemplary cross-domain single sign-on method according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating another exemplary cross-domain single sign-on method according to an embodiment of the present invention;
FIG. 4 is a schematic block diagram of a cross-domain single sign-on device according to an embodiment of the present invention;
FIG. 5 is a flowchart illustrating another exemplary cross-domain single sign-on method according to an embodiment of the present invention;
FIG. 6 is a schematic block diagram of another exemplary cross-domain single sign-on device according to an embodiment of the present invention;
fig. 7 is a specific example structure diagram of a cross-domain single sign-on device according to an embodiment of the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings, and it should be understood that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
In addition, the technical features involved in the different embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
The embodiment of the invention enables the application system and the authentication system to finish the authentication of the user information in the interaction process based on the ajax request, so that the user can successfully log in.
The embodiment of the invention provides a cross-domain single sign-on system, which comprises an authentication system 1 and an application system 2, wherein the interaction process between the authentication system 1 and the application system 2 is shown in figure 1.
When the application system 1 receives the login request of the user, step S10 is executed: and sending an ajax request for inquiring the login state of the user to an authentication system 1, wherein the ajax request is used for extracting the identity authentication information of the user.
In an optional embodiment, after sending an ajax request for querying the user login state to the authentication system 1, if the user login state is unregistered, user login information input by a user is acquired, so that the user logs in the application system 1 and sends a login ajax request to the authentication system 2.
The authentication system 1 executes step S11: and acquiring an ajax request for inquiring the login state of the user, which is sent by an application system 2, wherein the ajax request is used for extracting the identity authentication information of the user.
In an optional embodiment, the authentication system 1 generates a login credential authentication Token of the user based on the identity authentication information of the user included in the login ajax request, where the authentication Token is Token corresponding to the identity authentication information of the user generated based on the ajax request, stores a mapping relationship between the second identity authentication information and the login credential authentication Token, confirms that the user logs in successfully, and returns to the step of executing the step of receiving the login request of the user to the step of sending the ajax request for querying the login state of the user to the authentication system 1, so as to query the login state of the user. In practical application, to improve the security of identity authentication, Token may set an expiration date, and store the expiration date, and the user automatically refreshes the expiration time of Token each time.
The application system 2 executes step S12: and if the user login state is logged in, acquiring an identity authentication token fed back by the authentication system 1 based on the identity authentication information.
The authentication system 1 executes step S13: and feeding back an identity authentication token generated based on the identity authentication information to the application system 2.
Specifically, the authentication system 1 generates a corresponding authentication token based on the identity authentication information, and stores a mapping relationship between the identity authentication information and the authentication token. And judging whether the user login state is logged in or not based on the identity authentication information of the user, and if a corresponding identity verification token can be extracted based on the identity authentication information of the user, determining that the user is in the logged-in state. In practical applications, the authentication Token may be Token and Token expiration time, for example.
The application system 2 executes step S14: and authenticating the user based on the identity authentication token.
The application system 2 executes step S15: and if the identity authentication is passed, allowing the user to log in.
In an alternative embodiment, as shown in fig. 2, if the user login status is not logged in, the application system 2 executes step S16: and acquiring user login information input by a user so as to enable the user to log in the application system 2.
Specifically, the ajax-based login page automatically skips to a login interface, and a user name and a password input by the user are acquired, so that the user can log in the application system 2.
The authentication system 1 executes step S17: and acquiring a login ajax request sent by the application system 2 based on the login information of the user.
Specifically, the authentication system 1 obtains a login ajax request sent by the application system 2, the ajax request includes second identity authentication information of the user, obtains a second identity authentication token based on the second identity authentication information, and stores a mapping relationship between the second identity authentication information and the second identity authentication token.
In the cross-domain single sign-on method provided by the embodiment of the invention, the application system 2 receives the login request of the user and sends an ajax request for inquiring the login state of the user to the authentication system 1, the authentication system 2 extracts the identity authentication information of the user based on the ajax request, acquires the corresponding identity authentication token according to the identity authentication information, judges whether the login state of the user is logged on based on the acquisition of the identity authentication token, feeds back the identity authentication token generated based on the identity authentication information to the application system 2, completes the identity authentication of the user, allows the user to log in and stores the mapping relation between the identity authentication information and the identity authentication token, thereby avoiding the defect that data requested by post after the application system 2 and the authentication system 1 repeatedly jump and page redirection is lost, and facilitating the user to access the application system 2 subsequently, the quick access can be realized based on the mapping relation, and the login speed of the user is improved.
The embodiment of the present invention further provides a cross-domain single sign-on method, which is applied to the application system 2, and as shown in fig. 3, the method includes:
step S20: receiving a login request of a user;
step S21: sending an ajax request for inquiring the login state of the user to an authentication system, wherein the ajax request is used for extracting identity authentication information of the user, and the detailed content of the ajax request is described in the above embodiment in relation to the step S10;
step S22: if the user login state is logged in, acquiring an identity authentication token fed back by the authentication system based on the identity authentication information, for details, see the description of step S12 in the above embodiment;
step S23: authenticating the user based on the identity authentication token, for details, see the description of step S14 in the above embodiment;
step S24: if the identity authentication is passed, the user is allowed to log in, for details, see the description of step S15 in the above embodiment.
The invention provides a cross-domain single sign-on method which is applied to an application system 2 and comprises the following steps: receiving a login request of a user; sending an ajax request for inquiring the login state of the user to an authentication system 1, wherein the ajax request is used for extracting the identity authentication information of the user; if the user login state is logged in, acquiring an identity authentication token fed back by the authentication system 1 based on the identity authentication information; and authenticating the user based on the identity authentication token. According to the invention, the identity authentication information of the user is extracted through the ajax request, and the identity authentication token is correspondingly generated, so that the defect that data of post request is lost after the application system 2 and the authentication system 1 repeatedly jump and the page is redirected can be avoided.
In an optional embodiment, the cross-domain single sign-on method further includes the following steps:
(1) if the user login state is not logged in, acquiring user login information input by a user so that the user logs in the application system 2;
(2) sending a login ajax request to the authentication system 1, so that the authentication system 1 generates a login credential authentication token of the user based on second identity authentication information of the user contained in the login ajax request, and stores a mapping relation between the second identity authentication information and the login credential authentication token;
(3) and confirming that the user logs in successfully, and returning the step of executing the login request of the received user to the step of sending an ajax request for inquiring the login state of the user to the authentication system 1 so as to inquire the login state of the user.
In the embodiment of the invention, if the user login state is not logged in, the login information input by the user is obtained again, a login ajax request is sent to the authentication system 1, the login ajax request is used for the authentication system 1 to obtain the second identity authentication information of the user based on the login ajax request to generate a login credential identity authentication token of the user, the mapping relation between the second identity authentication information and the login credential identity authentication token is stored, the user login success is confirmed, the login request of the user is returned to be executed and received, and the step of sending the ajax request for inquiring the user login state to the authentication system 1 again is carried out to inquire the login state of the user. Through the ajax request, the mapping relation between the second identity authentication information and the login credential identity authentication token is reestablished for the user in the non-login state, so that the user can quickly access the application system 2 based on the mapping relation when subsequently accessing the application system, and the login speed of the user is improved.
As shown in fig. 4, an embodiment of the present invention further provides a cross-domain single sign-on apparatus, which is applied to an application system, and includes: a login receiving module 3, a request sending module 4, an information verification module 5, an authentication module 6, a communication module 7 and the like.
A login receiving module 3, configured to receive a login request, for details, see the description of step S20 in the foregoing embodiment;
a request sending module 4, configured to send an ajax request for querying the user login state to an authentication system, where the ajax request is used to extract the identity authentication information of the user, and the details of which are described in the above embodiment in step S21;
an information verification module 5, configured to obtain an identity verification token fed back by the authentication system based on the identity authentication information if the user login state is logged in, for details, see the description of step S22 in the foregoing embodiment;
an authentication module 6, configured to perform identity authentication on the user based on the identity verification token, for details, see the description of step S23 in the foregoing embodiment;
the communication module 7 is configured to allow the user to log in if the identity authentication passes, for details, refer to the description of step S24 in the foregoing embodiment.
The invention provides a cross-domain single sign-on method which is applied to an application system 2 and comprises the following steps: receiving a login request of a user; sending an ajax request for inquiring the login state of the user to an authentication system 1, wherein the ajax request is used for extracting the identity authentication information of the user; if the user login state is logged in, acquiring an identity authentication token fed back by the authentication system 1 based on the identity authentication information; and authenticating the user based on the identity authentication token. According to the invention, the identity authentication information of the user is extracted through the ajax request, and the identity authentication token is correspondingly generated, so that the defect that data of post request is lost after the application system 2 and the authentication system 1 repeatedly jump and the page is redirected can be avoided.
For specific limitations and beneficial effects of the cross-domain single sign-on apparatus, reference may be made to the above limitations on the cross-domain single sign-on method, which is not described herein again. The modules of the cross-domain single sign-on device can be wholly or partially realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent of a processor in the electronic device, or can be stored in a memory in the electronic device in a software form, so that the processor can call and execute operations corresponding to the modules.
As shown in fig. 5, an embodiment of the present invention further provides a cross-domain single sign-on method, which is applied to the authentication system 1, and includes the following steps:
step S30: acquiring an ajax request for querying the user login state, where the ajax request is sent by the application system 2, and the ajax request is used to extract the identity authentication information of the user, and the details of the ajax request are described in the above embodiment with reference to step S11.
Step S31: if the user login state is logged in, feeding back an authentication token generated based on the authentication information to the application system 2, so that the application system 2 performs authentication on the user based on the authentication token, for details, refer to the description of step S12 in the foregoing embodiment.
The embodiment of the invention also provides a cross-domain single sign-on method which is applied to the authentication system 1 and comprises the following steps: the method comprises the steps of obtaining an ajax request for inquiring a user login state sent by an application system 2, extracting identity authentication information of the user according to the ajax request, and feeding back an identity authentication token generated based on the identity authentication information to the application system 2 if the user login state is logged in so that the application system 2 performs identity authentication on the user based on the identity authentication token. According to the method and the device, the identity authentication information of the user is extracted through the ajax request, and the identity authentication token is correspondingly generated, so that the defect that data of post requests are lost after the application system 2 and the authentication system 1 repeatedly jump and page redirection can be avoided.
In an optional embodiment, the cross-domain single sign-on method further includes the following steps:
(1) if the user login state is not login, acquiring a login ajax request sent by the application system 2 based on the login information of the user;
(2) the login ajax request comprises second identity authentication information of the user;
(3) and obtaining a second identity authentication token based on the second identity authentication information, and storing the mapping relation between the second identity authentication information and the second identity authentication token.
In the embodiment of the invention, if the user login state is not login, the authentication system 1 is obtained again to send a login ajax request, the login ajax request is used for the authentication system 1 to obtain the second identity authentication information of the user based on the login ajax request to generate the login credential authentication token of the user, and the mapping relation between the second identity authentication information and the login credential authentication token is stored. Through the ajax request, the mapping relation between the second identity authentication information and the login credential identity authentication token is reestablished for the user in the non-login state, so that the user can quickly access the application system 2 based on the mapping relation when subsequently accessing the application system, and the login speed of the user is improved.
In an optional embodiment, after the ajax request is used to extract the identity authentication information of the user, the method includes the following steps:
(1) judging whether the user login state is logged in or not based on the identity authentication information of the user, and if an identity authentication token is extracted based on the identity authentication information of the user, judging that the user login state is logged in;
(2) and if the identity authentication token is not extracted based on the identity authentication information of the user, the login state of the user is not logged in.
In the embodiment of the present invention, whether the user is in a login state is determined according to whether the identity authentication information can extract the corresponding identity authentication token, if the identity authentication token is extracted based on the identity authentication information of the user, the login state of the user is logged in, and if the identity authentication token is not extracted based on the identity authentication information of the user, the login state of the user is not logged in. In practical application, the authentication Token may be Token, and when the user successfully logs in using the account password, a Token and Token expiration time are correspondingly generated and returned to the application system, and when logging in again, the user can log in based on the mapping relationship of the Token without inputting the account password again, and the Token and Token expiration time are not generated if logging in is not performed. Whether the user logs in can be judged more accurately through the generation of the identity authentication token, and the user can log in quickly according to the corresponding relation between the identity authentication token and the identity authentication information.
As shown in fig. 6, an embodiment of the present invention further provides a cross-domain single sign-on apparatus, which is applied to an authentication system, and includes: a request receiving module 8 and a judging module 9, wherein,
a request receiving module 8, configured to obtain an ajax request for querying the user login state, where the ajax request is sent by an application system, and the ajax request is used to extract the identity authentication information of the user, for details, see the description of step S30 in the foregoing embodiment;
the determining module 9 is configured to, if the user is logged in, feed back an authentication token generated based on the authentication information to the application system, so that the application system performs authentication on the user based on the authentication token, for details, see the description of step S31 in the foregoing embodiment.
The embodiment of the invention also provides a cross-domain single sign-on method which is applied to the authentication system 1 and comprises the following steps: the method comprises the steps of obtaining an ajax request which is sent by an application system 2 and used for inquiring the login state of a user, extracting identity authentication information of the user according to the ajax request, and feeding back an identity authentication token generated based on the identity authentication information to the application system 2 if the login state of the user is logged in so that the application system 2 can carry out identity authentication on the user based on the identity authentication token. According to the invention, the identity authentication information of the user is extracted through the ajax request, and the identity authentication token is correspondingly generated, so that the defect that data of post request is lost after the application system 2 and the authentication system 1 repeatedly jump and the page is redirected can be avoided.
For specific limitations and beneficial effects of the cross-domain single sign-on apparatus, reference may be made to the above limitations on the cross-domain single sign-on method, which is not described herein again. The modules of the cross-domain single sign-on device can be wholly or partially realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent of a processor in the electronic device, or can be stored in a memory in the electronic device in a software form, so that the processor can call and execute operations corresponding to the modules.
An embodiment of the present invention further provides a cross-domain single sign-on device, as shown in fig. 7, fig. 7 is a schematic structural diagram of a cross-domain single sign-on device according to an optional embodiment of the present invention, where the cross-domain single sign-on device may include at least one processor 41, at least one communication interface 42, at least one communication bus 43, and at least one memory 44, where the communication interface 42 may include a Display (Display) and a Keyboard (Keyboard), and the optional communication interface 42 may further include a standard wired interface and a standard wireless interface. The Memory 44 may be a high-speed RAM Memory (volatile Random Access Memory) or a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The memory 44 may alternatively be at least one memory device located remotely from the aforementioned processor 41. Wherein the processor 41 may be combined with the apparatus described in fig. 4 and fig. 6, the memory 44 stores an application program, and the processor 41 calls the program code stored in the memory 44 for executing the steps of the cross-domain single sign-on method of any of the above-mentioned method embodiments.
The communication bus 43 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus 43 may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 7, but this is not intended to represent only one bus or type of bus.
The memory 44 may include a volatile memory (RAM), such as a random-access memory (RAM); the memory may also include a non-volatile memory (english: non-volatile memory), such as a flash memory (english: flash memory), a hard disk (english: hard disk drive, abbreviated: HDD) or a solid-state drive (english: SSD); the memory 44 may also comprise a combination of the above-mentioned kinds of memories.
The processor 41 may be a Central Processing Unit (CPU), a Network Processor (NP), or a combination of CPU and NP.
The processor 41 may further include a hardware chip. The hardware chip may be an application-specific integrated circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a field-programmable gate array (FPGA), a General Array Logic (GAL), or any combination thereof.
Optionally, the memory 44 is also used to store program instructions. Processor 41 may invoke program instructions to implement a cross-domain single sign-on method as shown in the fig. 3 embodiment of the present invention.
An embodiment of the present invention further provides a non-transitory computer storage medium, where the computer storage medium stores computer-executable instructions, and the computer-executable instructions may execute the cross-domain single sign-on method in any of the above method embodiments. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD), a Solid State Drive (SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.
It should be understood that the above examples are only for clarity of illustration and are not intended to limit the embodiments. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. And obvious variations or modifications derived therefrom are intended to be within the scope of the invention.
Claims (10)
1. A cross-domain single sign-on method is applied to an application system and is characterized by comprising the following steps:
receiving a login request of a user;
sending an ajax request for inquiring the login state of the user to an authentication system, wherein the ajax request is used for extracting the identity authentication information of the user;
if the user login state is logged in, acquiring an identity authentication token fed back by the authentication system based on the identity authentication information;
authenticating the user based on the authentication token;
and if the identity authentication is passed, allowing the user to log in.
2. The cross-domain single sign-on method of claim 1, further comprising:
if the user login state is not login, user login information input by a user is acquired so that the user can log in the application system;
sending a login ajax request to the authentication system, so that the authentication system generates a login credential authentication token of the user based on second identity authentication information of the user contained in the login ajax request, and storing a mapping relation between the second identity authentication information and the login credential authentication token;
and confirming that the user logs in successfully, and returning to the step of executing the login request of the received user to the step of sending an ajax request for inquiring the login state of the user to an authentication system so as to inquire the login state of the user.
3. A cross-domain single sign-on device is applied to an application system and is characterized by comprising:
the login receiving module is used for receiving a login request;
the request sending module is used for sending an ajax request for inquiring the login state of the user to an authentication system, wherein the ajax request is used for extracting the identity authentication information of the user;
the information verification module is used for acquiring an identity verification token fed back by the authentication system based on the identity authentication information if the user login state is logged in;
the authentication module is used for authenticating the identity of the user based on the identity authentication token;
and the communication module is used for allowing the user to log in if the identity authentication is passed.
4. A cross-domain single sign-on method is applied to an authentication system and is characterized by comprising the following steps:
acquiring an ajax request for inquiring the login state of the user, which is sent by an application system, wherein the ajax request is used for extracting the identity authentication information of the user;
and if the user login state is logged in, feeding back an identity authentication token generated based on the identity authentication information to the application system so that the application system performs identity authentication on the user based on the identity authentication token.
5. The cross-domain single sign-on method of claim 4, further comprising:
if the user login state is not login, acquiring a login ajax request sent by the application system based on the login information of the user;
the login ajax request comprises second identity authentication information of the user;
and obtaining a second identity authentication token based on the second identity authentication information, and storing the mapping relation between the second identity authentication information and the second identity authentication token.
6. The cross-domain single sign-on method according to any one of claims 1 to 5, wherein the process of determining whether the user is in a login state comprises:
extracting an identity authentication token based on the identity authentication information of the user, wherein the login state of the user is logged in;
and if the identity authentication token is not extracted based on the identity authentication information of the user, the login state of the user is not logged in.
7. A cross-domain single sign-on device is applied to an authentication system and is characterized by comprising:
the request receiving module is used for acquiring an ajax request which is sent by an application system and used for inquiring the login state of the user, wherein the ajax request is used for extracting the identity authentication information of the user;
and the judging module is used for feeding back an identity authentication token generated based on the identity authentication information to the application system if the user login state is logged in so that the application system performs identity authentication on the user based on the identity authentication token.
8. A cross-domain single sign-on system is characterized in that the system comprises an authentication system and an application system,
the application system is used for receiving a login request of a user and sending an ajax request for inquiring the login state of the user to the authentication system based on the login request;
the authentication system is used for extracting the identity authentication information of the user based on the ajax request, acquiring an identity verification token based on the identity authentication information, and feeding back the identity verification token to the application system;
and the application system is used for carrying out identity authentication on the user based on the identity authentication token, and allowing the user to log in if the identity authentication passes.
9. A cross-domain single sign-on device, comprising:
a communication unit, a memory and a processor, the memory and the processor being communicatively connected to each other, the memory having stored therein computer instructions, the processor performing the steps of the method according to any one of claims 1 to 7 by executing the computer instructions.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores computer instructions for causing the computer to perform the steps of the method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111609576.4A CN114430340A (en) | 2021-12-24 | 2021-12-24 | Cross-domain single sign-on method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111609576.4A CN114430340A (en) | 2021-12-24 | 2021-12-24 | Cross-domain single sign-on method, device and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114430340A true CN114430340A (en) | 2022-05-03 |
Family
ID=81310908
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111609576.4A Pending CN114430340A (en) | 2021-12-24 | 2021-12-24 | Cross-domain single sign-on method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114430340A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024093964A1 (en) * | 2022-11-03 | 2024-05-10 | 天翼数字生活科技有限公司 | Mobile terminal single sign-on authentication method and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103188248A (en) * | 2011-12-31 | 2013-07-03 | 卓望数码技术(深圳)有限公司 | Identity authentication system and method based on single sign-on |
| CN109688114A (en) * | 2018-12-10 | 2019-04-26 | 迈普通信技术股份有限公司 | Single-point logging method, certificate server and application server |
| CN111147453A (en) * | 2019-12-11 | 2020-05-12 | 东软集团股份有限公司 | System login method and integrated login system |
| CN112118238A (en) * | 2020-09-04 | 2020-12-22 | 腾讯音乐娱乐科技(深圳)有限公司 | Method, device, system, equipment and storage medium for authentication login |
| CN112995131A (en) * | 2021-02-01 | 2021-06-18 | 北京拉勾网络技术有限公司 | Page login method, system and computing device |
| CN113821784A (en) * | 2021-10-13 | 2021-12-21 | 鼎道智联(北京)科技有限公司 | Multi-system single sign-on method and device and computer readable storage medium |
-
2021
- 2021-12-24 CN CN202111609576.4A patent/CN114430340A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103188248A (en) * | 2011-12-31 | 2013-07-03 | 卓望数码技术(深圳)有限公司 | Identity authentication system and method based on single sign-on |
| CN109688114A (en) * | 2018-12-10 | 2019-04-26 | 迈普通信技术股份有限公司 | Single-point logging method, certificate server and application server |
| CN111147453A (en) * | 2019-12-11 | 2020-05-12 | 东软集团股份有限公司 | System login method and integrated login system |
| CN112118238A (en) * | 2020-09-04 | 2020-12-22 | 腾讯音乐娱乐科技(深圳)有限公司 | Method, device, system, equipment and storage medium for authentication login |
| CN112995131A (en) * | 2021-02-01 | 2021-06-18 | 北京拉勾网络技术有限公司 | Page login method, system and computing device |
| CN113821784A (en) * | 2021-10-13 | 2021-12-21 | 鼎道智联(北京)科技有限公司 | Multi-system single sign-on method and device and computer readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 常艳: "Ajax 跨域访问问题的分析与解决", 《电子技术与软件工程》, pages 38 - 39 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024093964A1 (en) * | 2022-11-03 | 2024-05-10 | 天翼数字生活科技有限公司 | Mobile terminal single sign-on authentication method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110381031B (en) | Single sign-on method, device, equipment and computer readable storage medium | |
| CN109995755B (en) | Login state control method and device based on applet framework | |
| EP2878115B1 (en) | Online user account login method and server system implementing the method | |
| US9769155B2 (en) | Login method and apparatus, and open platform system | |
| WO2018036314A1 (en) | Single-sign-on authentication method and apparatus, and storage medium | |
| US8869258B2 (en) | Facilitating token request troubleshooting | |
| CN110784450A (en) | Single sign-on method and device based on browser | |
| CN111064708B (en) | Authorization authentication method and device and electronic equipment | |
| CN108259457B (en) | WEB authentication method and device | |
| CN106161475B (en) | Method and device for realizing user authentication | |
| WO2014153959A1 (en) | Method, related apparatus and system for preventing cross-site request forgery | |
| CN106375348A (en) | Portal authentication method and Portal authentication device | |
| CN112491776A (en) | Security authentication method and related equipment | |
| CN112434054A (en) | Audit log updating method and device | |
| CN115022047B (en) | Account login method and device based on multi-cloud gateway, computer equipment and medium | |
| CN110727935A (en) | Single sign-on method, system, computer device and storage medium | |
| RU2638779C1 (en) | Method and server for executing authorization of application on electronic device | |
| CN115695012A (en) | Login request processing method and device, electronic equipment and storage medium | |
| CN114430340A (en) | Cross-domain single sign-on method, device and equipment | |
| US20220200998A1 (en) | Management of user authentication between enterprise-level authentication protocol and cloud-native authentication protocol | |
| CN113872990A (en) | VPN network certificate authentication method and device based on SSL protocol and computer equipment | |
| CN109150862B (en) | Method and server for realizing token roaming | |
| CN112597118B (en) | Shared file adding method and device | |
| WO2023170653A1 (en) | System and method for providing multi factor authorization to rdp services through a zero trust cloud environment | |
| CN107172082B (en) | File sharing method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220503 |
|
| RJ01 | Rejection of invention patent application after publication |