CN115250198B - Information system suitable for group type enterprises and single sign-on integration method - Google Patents

Information system suitable for group type enterprises and single sign-on integration method Download PDF

Info

Publication number
CN115250198B
CN115250198B CN202210781677.8A CN202210781677A CN115250198B CN 115250198 B CN115250198 B CN 115250198B CN 202210781677 A CN202210781677 A CN 202210781677A CN 115250198 B CN115250198 B CN 115250198B
Authority
CN
China
Prior art keywords
module
unit
sub
information
session
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210781677.8A
Other languages
Chinese (zh)
Other versions
CN115250198A (en
Inventor
唐霏霏
李湘江
刘明全
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Bangu Smart Medical Technology Co ltd
Original Assignee
Sichuan Bangu Smart Medical Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Bangu Smart Medical Technology Co ltd filed Critical Sichuan Bangu Smart Medical Technology Co ltd
Priority to CN202210781677.8A priority Critical patent/CN115250198B/en
Publication of CN115250198A publication Critical patent/CN115250198A/en
Application granted granted Critical
Publication of CN115250198B publication Critical patent/CN115250198B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses an information system and a single sign-on integration method suitable for a group type enterprise, wherein the system comprises a single sign-on module, a sign-on sub-module, a display sub-module, a business system module, an enterprise information sub-module, a personnel information sub-module, a user sub-module, a sign-on name unit, an interaction sub-module and an application portal sub-module; step two, service application; step three, taking out the variable; step four, session isolation; step five, interface allocation; step six, a plurality of sessions are opened; compared with the existing information system of the group enterprise, the system and the method have the advantages that the problem that a plurality of accounts are possibly required to be switched and operated during staff operation is solved, the work of an information management department is simplified, the information security management requirement is met, the single sign-on experience of a user is greatly improved, only one browser can be installed, the same service system is simultaneously opened for a plurality of times, and the operation is performed in parallel, so that the working efficiency is greatly improved.

Description

Information system suitable for group type enterprises and single sign-on integration method
Technical Field
The invention relates to the technical field of single sign-on of information systems, in particular to an information system suitable for a group enterprise and a single sign-on integration method.
Background
When staff in a group enterprise performs single sign-on integration, due to the fact that staff in the group often has part-time situations among member units in the group, for example, a certain staff belongs to a head office, a branch office and a branch office at the same time, when the staff logs in a certain service system through a portal, the staff cannot distinguish whether the identity of the staff belongs to the company at the moment, according to the prior solution, three accounts can be built for the user respectively in the head office, the branch office and the branch office, the staff can switch back and forth when the staff is in specific use, the user experience of single sign-on is lost, and due to the natural technical limitation of the B/S application when marking one session, the staff often cannot log in two accounts at the same time in the same service system, after-logged-time accounts can extrude the former logged-in, and the staff wants to operate a plurality of accounts at the same time, and can only install a plurality of browsers and open again.
Disclosure of Invention
The invention aims to provide an information system and a single sign-on integration method suitable for a group enterprise so as to solve the problems in the background technology.
In order to achieve the above purpose, the present invention provides the following technical solutions: the information system suitable for the group enterprises comprises a single sign-on module, wherein one side of the single sign-on module is connected with a central control module, the central control module comprises an interaction submodule and an application portal submodule, and the interaction submodule comprises an authentication unit and a data calling unit.
Preferably, the application portal sub-module comprises an information classification unit, a server interface, a browser session unit, a variable unit and a session isolation unit, wherein the server interface is arranged on one side of the session isolation unit, the browser session unit is connected on one side of the server interface, and the information classification unit is arranged in the browser session unit.
Preferably, the single sign-on module comprises a sign-on sub-module and a display sub-module, and the sign-on sub-module comprises a user name unit and a password input unit.
Preferably, one side of the central control module is connected with a service system module, and the service system module comprises an enterprise information sub-module, a personnel information sub-module and a user sub-module.
Preferably, the enterprise information submodule comprises a PK numbering unit and a unit classifying unit, the personnel information submodule comprises an enterprise unit, a post unit and a business information unit, and the user submodule comprises a login name unit and a password storage unit.
A single sign-on integration method suitable for information systems of group enterprises comprises the steps of firstly, user sign-on; step two, service application; step three, taking out the variable; step four, session isolation; step five, interface allocation; step six, a plurality of sessions are opened;
in the first step, a user inputs a user name and a password of the user, the system automatically takes out the password stored corresponding to the user name for authentication, and if the authentication is passed, the user logs in an application portal sub-module;
In the second step, the user requests the server to open a session window, and the enterprise, the post and the personal information bound by the user are faded out after the service system is selected;
in the third step, if multiple windows are needed, multiple requests are made to the server side API interface, and the authentication framework of the server side will take out the session variable cookies;
In the fourth step, the server uses the login certificate as the path attribute of cookies, and isolates different session requests according to the path attribute;
In the fifth step, when there are multiple certificates, the server allocates a service interface to each variable cookie;
In the sixth step, the server side provides a plurality of browser session windows for the user side according to the number of the service interfaces.
Preferably, in the fourth step, the variable name of the session variable cookie is sso-token, and the value of the login certificate ticket is usually a uuid.
Compared with the prior art, the invention has the beneficial effects that: compared with the existing information system of the group enterprise, the system and the method have the advantages that the problem that a plurality of accounts are possibly required to be switched and operated during staff operation is solved, the work of an information management department is simplified, the information security management requirement is met, the single sign-on experience of a user is greatly improved, only one browser can be installed, the same service system is simultaneously opened for a plurality of times and operated in parallel, and the work efficiency is greatly improved.
Drawings
FIG. 1 is a block diagram of the present invention;
FIG. 2 is a system flow diagram of the present invention;
FIG. 3 is a flow chart of the method of the present invention;
FIG. 4 is a single sign-on portal view of the present invention;
FIG. 5 is an application portal interaction diagram of the present invention;
FIG. 6 is a schematic diagram of a multiple session opening of the present invention;
in the figure: 1. a single sign-on module; 11. logging in a sub-module; 111. a user name unit; 112. a password input unit; 12. a display sub-module; 2. a business system module; 21. an enterprise information sub-module; 211. a PK numbering unit; 212. a unit classifying unit; 22. a personnel information sub-module; 221. the enterprise unit; 222. the post unit; 223. a service information unit; 23. a user sub-module; 231. a login name unit; 232. a password storage unit; 3. a central control module; 31. an interaction sub-module; 311. an authentication unit; 312. a data calling unit; 32. an application portal sub-module; 321. an information classification unit; 322. a server interface; 323. a browser session unit; 324. a variable unit; 325. and a session isolation unit.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1-2, an embodiment of the present invention is provided: an information system suitable for a group enterprise comprises a single sign-on module 1, a business system module 2 and a central control module 3, wherein a server interface 322 is arranged on one side of a session isolation unit 325, a browser session unit 323 is connected on one side of the server interface 322, an information classification unit 321 is arranged in the browser session unit 323, the central control module 3 is connected on one side of the single sign-on module 1, the central control module 3 comprises an interaction sub-module 31 and an application portal sub-module 32, and the interaction sub-module 31 comprises an authentication unit 311 and a data calling unit 312; the application portal sub-module 32 includes an information classification unit 321, a server interface 322, a browser session unit 323, a variable unit 324, and a session isolation unit 325; the single sign-on module 1 comprises a sign-on sub-module 11 and a display sub-module 12, wherein the sign-on sub-module 11 comprises a user name unit 111 and a password input unit 112; one side of the central control module 3 is connected with a business system module 2, and the business system module 2 comprises an enterprise information sub-module 21, a personnel information sub-module 22 and a user sub-module 23; the enterprise information sub-module 21 includes a PK numbering unit 211 and a unit classifying unit 212, the personnel information sub-module 22 includes an affiliated enterprise unit 221, an affiliated post unit 222 and a business information unit 223, and the user sub-module 23 includes a login name unit 231 and a password saving unit 232.
Referring to fig. 3-6, an embodiment of the present invention is provided: a single sign-on integration method suitable for information systems of group enterprises comprises the steps of firstly, user sign-on; step two, service application; step three, taking out the variable; step four, session isolation; step five, interface allocation; step six, a plurality of sessions are opened;
in the first step, the user inputs his own user name and password, the system automatically takes out the password stored corresponding to the user name for authentication, and if the authentication is passed, the user logs in the application portal sub-module 32;
In the second step, the user requests the server to open a session window, and the enterprise, the post and the personal information bound by the user are faded out after the service system is selected;
in the third step, if multiple windows are needed, multiple requests are made to the server side API interface, and the authentication framework of the server side will take out the session variable cookies;
In the fourth step, the server uses the login certificate as the path attribute of the cookies, and isolates different session requests according to the path attribute, wherein the variable name of the session variable cookies is sso-token, and the value of the login certificate is usually a uuid;
In the fifth step, when there are multiple certificates, the server allocates a service interface to each variable cookie;
In the sixth step, the server side provides a plurality of browser session windows for the user side according to the number of the service interfaces.
Based on the above, when the single sign-on integration is performed by using the present invention, firstly, a user uses the login sub-module 11 in the single sign-on module 1 to log in, the user name unit 111 and the password input unit 112 input the user name and the password respectively, the login information enters the interaction sub-module 31 in the central control module 3, and the data retrieving unit 312 retrieves the corresponding user name and the password from the login name unit 231 and the password storage unit 232 in the user sub-module 23, the authentication unit 311 verifies the two, the user can enter the application portal sub-module 32 after passing through the authentication unit, firstly, the data retrieving unit 312 retrieves personal related information from the enterprise information sub-module 21 and the personnel information sub-module 22 in the service system module 2, if multiple open windows are required, a request is sent to the server, the variable unit 324 is identified through the authentication frame, then the session isolation unit 325 distinguishes different session windows, and the different server interfaces 322 are allocated, a plurality of server session units 323 are established, the purpose of multiple open sessions is completed, wherein the display sub-module 12 is used for information display 211, the unit number unit 212 is used as a browser unit 321, the enterprise information unit 221 is used for retrieving unique information of the enterprise unit 221, and the service information of the unique class information of the enterprise unit 222 is used for retrieving various class information of the enterprise information.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.

Claims (1)

1. An information system suitable for a group enterprise, comprising a single sign-on module (1), characterized in that: one side of the single sign-on module (1) is connected with a central control module (3), the central control module (3) comprises an interaction sub-module (31) and an application portal sub-module (32), the interaction sub-module (31) comprises an authentication unit (311) and a data retrieval unit (312), the application portal sub-module (32) comprises an information classification unit (321), a service end interface (322), a browser session unit (323), a variable unit (324) and a session isolation unit (325), one side of the variable unit (324) is connected with the session isolation unit (325), one side of the session isolation unit (325) is provided with the service end interface (322), one side of the service end interface (322) is connected with a browser session unit (323), the inside of the browser session unit (323) is provided with an information classification unit (321), the single sign-on module (1) comprises a login sub-module (11) and a display sub-module (12), the login sub-module (11) comprises a user name unit (111) and a password input unit (112), one side of the central control module (3) is connected with a service system module (2), the service system module (2) comprises the information sub-module (21) and the user sub-module (23), the enterprise information sub-module (21) comprises a PK numbering unit (211) and a unit classifying unit (212), the personnel information sub-module (22) comprises a belonging enterprise unit (221), a belonging post unit (222) and a business information unit (223), and the user sub-module (23) comprises a login name unit (231) and a password storage unit (232);
a single sign-on integration method suitable for information systems of group enterprises comprises the steps of firstly, user sign-on; step two, service application; step three, taking out the variable; step four, session isolation; step five, interface allocation; step six, a plurality of sessions are opened; the method is characterized in that:
in the first step, the user inputs own user name and password, the system automatically takes out the password stored corresponding to the user name for authentication, and if the authentication is passed, the user logs in an application portal sub-module (32);
In the second step, the user requests the server to open a session window, and the enterprise, the post and the personal information bound by the user are faded out after the service system is selected;
in the third step, if multiple windows are needed, multiple requests are made to the server side API interface, and the authentication framework of the server side will take out the session variable cookies;
In the fourth step, the server uses the login certificate as the path attribute of cookies, and isolates different session requests according to the path attribute;
In the fifth step, when there are multiple certificates, the server allocates a service interface to each variable cookie;
In the sixth step, the server provides a plurality of browser session windows for the client according to the number of service interfaces, and in the fourth step, the variable name of the session variable cookies is sso-token, and the value of the login certificate ticket is usually a uuid.
CN202210781677.8A 2022-07-04 2022-07-04 Information system suitable for group type enterprises and single sign-on integration method Active CN115250198B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210781677.8A CN115250198B (en) 2022-07-04 2022-07-04 Information system suitable for group type enterprises and single sign-on integration method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210781677.8A CN115250198B (en) 2022-07-04 2022-07-04 Information system suitable for group type enterprises and single sign-on integration method

Publications (2)

Publication Number Publication Date
CN115250198A CN115250198A (en) 2022-10-28
CN115250198B true CN115250198B (en) 2024-06-14

Family

ID=83699616

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210781677.8A Active CN115250198B (en) 2022-07-04 2022-07-04 Information system suitable for group type enterprises and single sign-on integration method

Country Status (1)

Country Link
CN (1) CN115250198B (en)

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101902327B (en) * 2009-06-01 2012-05-23 ***通信集团公司 Method and device for realizing single-point log-in and system thereof
CN101610502B (en) * 2009-07-23 2011-01-26 江苏鸿信***集成有限公司 Method for mobile information integration based on different business systems of mobile application portal
US9542549B2 (en) * 2011-02-09 2017-01-10 Verizon Patent And Licensing Inc. Toolbar for single sign-on and non-single sign-on sites, applications, systems, and sessions
CN102882835B (en) * 2011-07-13 2015-09-09 中国科学院声学研究所 A kind of method and system realizing single-sign-on
CN107770151A (en) * 2017-09-01 2018-03-06 北京中燕信息技术有限公司 A kind of enterprise's integrated work management system and its method
CN108600203B (en) * 2018-04-11 2021-05-14 四川长虹电器股份有限公司 Cookie-based safe single sign-on method and unified authentication service system thereof
CN110826049B (en) * 2019-11-14 2022-02-11 北京京航计算通讯研究所 Single sign-on implementation system based on intelligent enterprise portal
CN110891060A (en) * 2019-11-26 2020-03-17 昆明能讯科技有限责任公司 Unified authentication system based on multi-service system integration
CN110958237A (en) * 2019-11-26 2020-04-03 苏州思必驰信息科技有限公司 Authority verification method and device
CN110957025A (en) * 2019-12-02 2020-04-03 重庆亚德科技股份有限公司 Medical health information safety management system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"基于SAML和CAS的单点登录***的应用研究";胡嘉航;《万方学位论文》;20131231;第2.3节、第4.1-4.3节、第5.3节,图4.1、图5.3 *
Web环境下单点登录服务的设计与实现;孙涛;余晓佳;;网络安全技术与应用;20070815(08);第69-71页 *
胡嘉航."基于SAML和CAS的单点登录***的应用研究".《万方学位论文》.2013,第2.3节、第4.1-4.3节、第5.3节,图4.1、图5.3. *

Also Published As

Publication number Publication date
CN115250198A (en) 2022-10-28

Similar Documents

Publication Publication Date Title
CN107277049A (en) The access method and device of a kind of application system
US20030009437A1 (en) Method and system for information communication between potential positionees and positionors
US20040199795A1 (en) Methods and systems for accessing a network-based computer system
CN103684874A (en) Method and device for automatically distributing online customer service executives to conduct customer service
CN105227364B (en) A kind of method and device of ERP system resource-sharing
CN104468587B (en) Virtual machine single-point logging method and system under a kind of cloud computing environment
US11914687B2 (en) Controlling access to computer resources
CN101686245B (en) Method and system for isolating hypertext transfer protocol session
CN105141580B (en) A kind of resource access control method based on the domain AD
EP0868691B1 (en) Process for access control to computer-controlled programs usable by several user units at the same time
CN110868322B (en) Network management method, system, device and storage medium for distributed message service
CN112163026A (en) Multi-source heterogeneous interface management and control method for integrating multi-class technical application data
CN113298506B (en) Block chain service cooperation method and platform
US20190066012A1 (en) Enterprise customer website
CN109891822A (en) Electric signing system, electronic signature server and electric endorsement method
CN115250198B (en) Information system suitable for group type enterprises and single sign-on integration method
CN102438022A (en) Method and device, and system for logging in server system
CN109218101B (en) Method and system for creating intelligent cooperative network group
CN116521340A (en) Low-delay parallel data processing system and method based on large-bandwidth network
CN114422182B (en) Unified identity management platform
CN106603567A (en) WEB administrator login management method and device
CN116527344A (en) Unified identity authentication method based on client redirection
CN109858933A (en) A kind of social activity client relation management method, equipment and system
Cisco Security Management
CN116368483A (en) Generating a data warehouse index

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant