CN116828051A

CN116828051A - Service integration method and related equipment

Info

Publication number: CN116828051A
Application number: CN202210963797.XA
Authority: CN
Inventors: 翁新瑜
Original assignee: Huawei Cloud Computing Technologies Co Ltd
Current assignee: Huawei Cloud Computing Technologies Co Ltd
Priority date: 2022-03-17
Filing date: 2022-08-11
Publication date: 2023-09-29

Abstract

The embodiment of the application discloses a service integration method and related equipment. The service integration method specifically comprises the following steps: the IDaS server creates an application of the server according to the application sent by the SaaS server, distributes application certificates for the application of the server, and sends the application certificates to the SaaS server, so that the SaaS server creates an interface for accessing the IDaS server on the basis of the application certificates, and the SaaS and the IDaS can be integrated through the interface.

Description

Service integration method and related equipment

The present application claims priority from the chinese patent office, application number 202210264387.6, application name "a data processing method and computer," filed on day 17, 3, 2022, the entire contents of which are incorporated herein by reference.

Technical Field

The embodiment of the application relates to the field of computers, in particular to a service integration method and related equipment.

Background

The software as a service (software as a service, saaS) builds all network infrastructures and software and hardware operation platforms required by informatization for enterprises and is responsible for a series of services such as implementation of all earlier stages, maintenance of later stages and the like.

Often a user uses more than one SaaS application, especially in a scenario where the user is an enterprise. When the enterprise user uses a plurality of SaaS applications, the enterprise user needs to respectively go to a plurality of SaaS to independently maintain enterprise information, organization information, personnel information, and allocation use permission, and the like, and in this case, the user can construct or butt-joint the identity on the cloud, namely, the service (identity as a service, IDaaS) to process. The unified IDaaS provides a set of centralized identity, authority and application management services, and a user can manage multiple SaaS applications through the IDaaS.

However, the current IDaaS and SaaS are two services of separation and splitting, matching of the IDaaS and the SaaS requires a manufacturer to develop in a customized manner in advance, and if the IDaaS does not support a certain SaaS application and does not have a corresponding interface or credential, a user cannot perform unified management through the IDaaS.

Disclosure of Invention

The embodiment of the application provides a service integration method which is used for integrating software as a service (software as a service, saaS) and identity as a service (identity as a service, IDaS). The embodiment of the application also provides a corresponding server, a computer readable storage medium and the like.

The first aspect of the present application provides a service integration method, which includes: the identity as-a-service (IDaS) server acquires an application, wherein the application comprises information of a software as-a-service (SaaS) server;

the IDaS server creates a server application according to the application, and distributes application credentials for the server application, wherein the application credentials are used for creating an interface for accessing the IDaS server at the SaaS server based on the application credentials, and the server application is used for associating the SaaS server with tenants in the IDaS server.

The SaaS server, IDaaS server and SaaS application market in the present application run on a general server or are infrastructure on the cloud. The user may use the SaaS service through a browser, saaS client, etc. The browser or client runs on the user's terminal (e.g., cell phone, tablet, television box, etc.). The SaaS service provider is an enterprise providing the SaaS service, specifically, a staff or a manager under the name of the SaaS enterprise.

In the application, the SaaS service provider can operate in the SaaS application market, before the SaaS service provider sends an application to the IDaS server, the SaaS service provider needs to enter the SaaS application market, namely, the SaaS service provider and the SaaS application market finish the operations such as real-name authentication, contract signing and the like, after the SaaS service provider finishes the operations, the SaaS service provider can create an IDaS integrated application in the SaaS application market, and the IDaS integrated application corresponds to the IDaS server and can be understood as the certificate of the IDaS server. After the tenant is opened by the SaaS server, the SaaS application market can record the integrated information of the IDaaS, and the SaaS server can operate in the SaaS application market to send an application to the IDaaS server.

After the IDaS server generates the application certificate, the application certificate is returned to the SaaS application market, the SaaS server can acquire the application certificate through the SaaS application market, the SaaS server can create an interface for accessing the IDaS server on the SaaS server based on the application certificate, namely, the SaaS server sends the application certificate to the SaaS server, and the SaaS server creates the interface for accessing the IDaS server according to the application certificate, so that the SaaS server can access the IDaS server based on the application certificate and the interface, and the pre-integration of the SaaS server and the IDaS server is realized.

According to the first aspect, the IDaS server creates the server application according to the application sent by the SaaS server, distributes the application certificate for the server application, and sends the application certificate to the SaaS server, so that the SaaS server creates an interface for accessing the IDaS server on the basis of the application certificate, and the integration of the SaaS and the IDaS can be realized through the interface.

In a possible implementation manner of the first aspect, the method further includes: the IDaS server acquires application information of the SaaS application purchased by the user, and the SaaS application is bound with the service provider application; the IDaaS server creates a user application based on the facilitator application and the application information, the user application for associating the SaaS application with the tenant in the IDaaS server. In the possible implementation manner, after the user purchases the SaaS application on the SaaS application market, the IDaS can generate the user application corresponding to the SaaS application based on the service provider application, so that the SaaS application can use the capability of the IDaS server, and the user can access the user application of the IDaS server through the SaaS server, thereby improving the feasibility of the scheme.

In a possible implementation manner of the first aspect, the method further includes: the IDaaS server obtains a login request initiated by a user, wherein the login request comprises an identifier of a user application; the IDaaS server verifies the login request based on a first relation to generate authorization information, wherein the first relation is used for recording the relation between the user application and the server application; the IDaS server sends the authorization information to the user so that the user accesses the SaaS server based on the authorization information; the IDaaS server receives the authorization information and the application credential from the SaaS server; the IDaS server verifies the authorization information based on the application certificate and sends a verification result to the SaaS server.

In the possible implementation manner, after the IDaS server creates the user application based on the service provider application and the application information, verification of the user login request can be completed between the IDaS server and the SaaS server, and the IDaS server creates the user application based on the service provider application and the application information, so that the feasibility of the scheme is improved.

In a possible implementation manner of the first aspect, the method further includes: the IDaaS server acquires a test application; the IDaaS server creates a test application according to the test application and records a second relation between the test application and the server application; the IDaaS server tests the test application based on the test user from the SaaS server.

In the possible implementation manner, after the pre-integration of the SaaS server and the IDaS server is completed, the reliability of the pre-integration is verified by creating the test application, so that the reliability of the integration of the SaaS and the IDaS is improved.

In a possible implementation manner of the first aspect, the method further includes: the IDaS server acquires and records modification information of the service provider application, wherein the modification information is generated after the SaaS server modifies configuration information of the service provider application, and the configuration information comprises a calling path of the service provider application.

In the possible implementation manner, after the pre-integration of the SaaS server and the IDaS server is completed, the SaaS server can modify the configuration information of the server application in the application market of the SaaS, so that the feasibility of the scheme is improved.

In one possible implementation manner of the first aspect, the SaaS server accesses the IDaaS server and the SaaS server through a SaaS application market.

In the possible implementation manner, the SaaS server can access the IDaS server and the SaaS server through the SaaS application market, the SaaS application market is used as an intermediate platform, the SaaS and the IDaS are flexibly bound for use, the SaaS application market integrates the SaaS service and the IDaS service, the complexity of system docking is reduced, and the experience of the SaaS server and the server providing the IDaS service is improved.

In one possible implementation manner of the first aspect, the user accesses the IDaaS server and the SaaS server through a SaaS application market or a SaaS client.

In the possible implementation manner, when the user accesses the IDaS server and the SaaS server through the SaaS application market, the user accesses the IDaS server and the SaaS server through the SaaS application market in combination with the SaaS server, uses the SaaS application market as an intermediate platform, uses flexible binding of the SaaS and the IDaS to integrate the SaaS service and the IDaS service, reduces the complexity of system docking, improves the user experience, removes the arrangement logic of the SaaS application market when the user accesses the IDaS server and the SaaS server through the SaaS client, reduces the cost of service integration, and can sense the docking details of the SaaS and the IDaS.

A second aspect of the present application provides a service integration method, the method comprising: the software as a service (SaaS) server obtains an application credential sent by a SaaS server, the application credential is obtained by distributing an identity as a service (IDaS) server to an application of a server, the application of the server is created by the IDaS server according to an application, the application comprises information of the SaaS server, and the application of the server is used for associating the SaaS server with tenants in the IDaS server; the SaaS server creates an interface for accessing the IDaaS server from the application credentials.

In a possible implementation manner of the second aspect, the method further includes: the method comprises the steps that a SaaS server obtains authorization information sent by a user, the authorization information is generated by verifying a login request based on a first relation by the IDaS server, the first relation is an application relation between user application and server application, a user application is created by the IDaS server based on server application and application information, the application information is information of the SaaS application purchased by the user, the SaaS application is bound with the server application, the login request is initiated by the user and comprises a request of identification of the user application, and the user application is used for associating the SaaS application with tenants in the IDaS server; the SaaS server sends the authorization information and the application certificate to the IDaS server, so that the IDaS server verifies the authorization information based on the application certificate to obtain a verification result; the SaaS server receives the verification result from the IDaaS server.

In one possible implementation manner of the second aspect, the SaaS server accesses the IDaaS server and the SaaS server through a SaaS application market.

In one possible implementation manner of the second aspect, the user accesses the IDaaS server and the SaaS server through a SaaS application market or a SaaS client.

The method according to the second aspect or any possible implementation manner of the first aspect provided by the present application has the same advantages as the method according to the first aspect or any possible implementation manner of the first aspect.

In a third aspect of the present application, a server is provided for performing the method of the first aspect or any possible implementation of the first aspect. In particular, the server comprises modules or units for performing the method of the first aspect or any possible implementation of the first aspect, such as: the device comprises an acquisition unit, a creation unit, a sending unit, a verification unit, a receiving unit and a testing unit.

In a fourth aspect of the present application, there is provided a server for performing the method of the second aspect or any possible implementation of the second aspect. In particular, the server comprises modules or units for performing the method of the second aspect or any possible implementation of the second aspect, such as: an acquisition unit, a creation unit, a transmission unit, and a reception unit.

A fifth aspect of the present application provides a server comprising a processor, a memory, and a computer readable storage medium storing a computer program; the processor is coupled to a computer readable storage medium, the computer executing instructions that run on the processor, when executed by the processor, perform the method as described above for any one of the possible implementations of the first aspect or the first aspect. Optionally, the server may further include an input/output (I/O) interface, and the computer readable storage medium storing the computer program may be a memory.

A sixth aspect of the present application provides a server comprising a processor, a memory, and a computer readable storage medium storing a computer program; the processor is coupled to a computer readable storage medium, the computer executing instructions that run on the processor, when executed by the processor, perform a method as described above for the second aspect or any one of the possible implementations of the second aspect. Optionally, the server may further include an input/output (I/O) interface, and the computer readable storage medium storing the computer program may be a memory.

A seventh aspect of the application provides a computer readable storage medium storing one or more computer executable instructions which, when executed by a processor, perform a method as described above or any one of the possible implementations of the first aspect.

An eighth aspect of the application provides a computer readable storage medium storing one or more computer executable instructions which, when executed by a processor, perform a method as described above in the second aspect or any one of the possible implementations of the second aspect.

A ninth aspect of the application provides a computer program product storing one or more computer-executable instructions which, when executed by a processor, perform a method as described above or any one of the possible implementations of the first aspect.

A tenth aspect of the application provides a computer program product storing one or more computer-executable instructions which, when executed by a processor, perform a method as described above in the second aspect or any one of the possible implementations of the second aspect.

An eleventh aspect of the present application provides a chip system comprising at least one processor and an interface for receiving data and/or signals, the at least one processor being adapted to support a computer device for carrying out the functions referred to in the first aspect or any one of the possible implementations of the first aspect. In one possible design, the chip system may further include memory to hold program instructions and data necessary for the computer device. The chip system can be composed of chips, and can also comprise chips and other discrete devices.

A twelfth aspect of the application provides a chip system comprising at least one processor and an interface for receiving data and/or signals, the at least one processor being adapted to support a computer device for carrying out the functions referred to in the second aspect or any one of the possible implementations of the second aspect. In one possible design, the chip system may further include memory to hold program instructions and data necessary for the computer device. The chip system can be composed of chips, and can also comprise chips and other discrete devices.

The thirteenth aspect of the present application provides a service integration system, which includes an IDaaS server and a SaaS server, where the IDaaS server is configured to obtain an application, where the application includes information of a software as a service SaaS server; creating a server application according to the application, and distributing application credentials for the server application, wherein the server application is used for associating the SaaS server with tenants in the IDaS server; the SaaS server is used for acquiring the application certificate sent by the SaaS server; an interface for accessing the IDaaS server is created from the application credentials. The service integration system may implement a method as described above or any one of the possible implementations of the first aspect and a method as described above or any one of the possible implementations of the second aspect.

A fourteenth aspect of the present application provides a cluster of computing devices, the cluster of computing devices comprising at least one computing device, each computing device comprising a processor and a memory; the processor of the at least one computing device is configured to execute instructions stored in the memory of the at least one computing device to cause the cluster of computing devices to perform a method as described above or any one of the possible implementations of the first aspect.

A fifteenth aspect of the present application provides a cluster of computing devices, the cluster of computing devices comprising at least one computing device, each computing device comprising a processor and a memory; the processor of the at least one computing device is configured to execute instructions stored in the memory of the at least one computing device to cause the cluster of computing devices to perform a method as described above in the second aspect or any one of the possible implementations of the second aspect.

In the embodiment of the application, the IDaS server creates the server application according to the application sent by the SaaS server, distributes the application certificate for the server application, and sends the application certificate to the SaaS server, so that the SaaS server creates an interface for accessing the IDaS server on the basis of the application certificate, and the integration of the SaaS and the IDaS can be realized through the interface.

Drawings

Fig. 1 is a schematic view of an application scenario provided in an embodiment of the present application;

FIGS. 2-10 are schematic views illustrating an embodiment of a service integration method according to an embodiment of the present application;

FIG. 11 is a schematic diagram of a service integration method according to an embodiment of the present application;

FIGS. 12-16 are schematic views illustrating another embodiment of a service integration method according to an embodiment of the present application;

FIG. 17 is a schematic diagram of an embodiment of a server according to an embodiment of the present application;

FIG. 18 is a schematic diagram of another embodiment of a server according to an embodiment of the present application;

FIG. 19 is a schematic diagram of an embodiment of a computing device according to an embodiment of the present application;

FIG. 20 is a schematic diagram of another embodiment of a server according to an embodiment of the present application;

FIG. 21 is a schematic diagram of an embodiment of a service integration system according to the present application;

FIG. 22 is a schematic diagram of an embodiment of a computing device cluster according to an embodiment of the present application;

FIG. 23 is a schematic diagram of another embodiment of a computing device cluster according to an embodiment of the present application.

Detailed Description

Embodiments of the present application will now be described with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the present application. As one of ordinary skill in the art can know, with the development of technology and the appearance of new scenes, the technical scheme provided by the embodiment of the application is also applicable to similar technical problems.

The terms first, second and the like in the description and in the claims and in the above-described figures, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments described herein may be implemented in other sequences than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

The word "exemplary" is used herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.

In addition, numerous specific details are set forth in the following description in order to provide a better illustration of the application. It will be understood by those skilled in the art that the present application may be practiced without some of these specific details. In some instances, well known methods, procedures, components, and circuits have not been described in detail so as not to obscure the present application.

The embodiment of the application provides a service integration method which is used for integrating software as a service (software as a service, saaS) and identity as a service (identity as a service, IDaS). The embodiment of the application also provides a corresponding server, a computer readable storage medium and the like. Each of which is described in detail below.

The following describes an application scenario of an embodiment of the present application:

the SaaS service provider builds all network infrastructure, software and hardware operation platforms required by informatization for enterprises and is responsible for a series of services such as implementation in the early stage, maintenance in the later stage and the like, and the enterprises can use the information system through the Internet without purchasing software and hardware, building a machine room and recruiting technicians. SaaS is a software layout model, and the application of the software layout model is specially designed for network delivery, so that users can conveniently host, deploy and access through the Internet. IDaaS is an identity service that is framed on the cloud by utilizing the cloud infrastructure. The identity authentication platform of the IDaS can be connected with the SaaS service of the external network, and the security access of various cloud resources is realized by single sign-on, multi-factor identity authentication, user authority management, application management and other modes, so that the enterprise can be fully applied to the whole network, the unified management of the identity and authority in the enterprise can be realized, and the unified IDaS capability provides a set of centralized identity, authority and application management services.

As shown in fig. 1, the cloud management platform provides an access interface (such as an interface or an API), the tenant may operate the client to remotely Cheng Jieru access the interface to register a cloud account number and a password in the cloud management platform, log in the cloud management platform, after the cloud management platform successfully authenticates the cloud account number and the password, the tenant may further pay to select and purchase a virtual machine with a specific specification (a processor, a memory, a disk) in the cloud management platform, after the payment purchase is successful, the cloud management platform provides a remote login account number password of the purchased virtual machine, the client may remotely log in the virtual machine, and install and operate an application of the tenant in the virtual machine. Thus, tenants can create, manage, log in, and operate virtual machines in a cloud data center through a cloud management platform. Among other things, virtual machines may also be referred to as cloud servers (elastic compute service, ECS), elastic instances.

For example, an enterprise as a user or tenant needs to use multiple SaaS applications, the server 1 is a SaaS server, the SaaS application 1 is provided in the virtual machine 1, the SaaS application 2 is provided in the virtual machine 2, the user purchases and uses the SaaS application 1 and the SaaS application 2 at the same time, the server 2 is an IDaaS server, the IDaaS service is provided in the virtual machine 3, and the user purchases and uses the IDaaS service. Because both server 1 and server 2 are user-oriented, the user wants to manage all of the SaaS applications, and does not want to reach the capability of each of the SaaS applications to provide an identity security service, the user can uniformly manage SaaS application 1 and SaaS application 2 through the IDaaS service, and at this time, the IDaaS service needs to be respectively docked with SaaS application 1 and SaaS application 2, that is, the SaaS application 1 and the SaaS application 2 need to be developed in advance for the IDaaS service, so that the functions of the SaaS application 1 and the SaaS application 2 are matched with those of the IDaaS.

The service integration method provided by the embodiment of the application is described below with reference to the application scenario:

in an embodiment of the service integration method provided by the embodiment of the present application, the service integration method may be implemented by using the SaaS application market, or the SaaS application market may not be used, and functions of the SaaS application market are carried by an idas server, which is described below respectively:

1. using SaaS application market:

as shown in fig. 2 to 10, the service integration method may be divided into four stages, which specifically include:

stage one (as shown in fig. 2), saaS server pre-integrates IDaaS capability.

In the first stage, the SaaS service provider creates a service provider application in the SaaS application market, acquires information such as application identification, application credentials and the like of the service provider application, maintains configuration information of the service provider application, and integrates the IDaS capability in the SaaS service according to the integration specification of the SaaS application market. The method specifically comprises the following steps:

211. the IDaaS server obtains the application.

The SaaS server, IDaaS server and SaaS application market run on a general purpose server or are infrastructure on the cloud, such as server 1 and server 2 shown in fig. 1. The user may use the SaaS service through a browser, a SaaS client (e.g., a client as shown in fig. 1), etc. The browser or client runs on the user's terminal (e.g., cell phone, tablet, television box, etc.). The SaaS service provider is an enterprise providing the SaaS service, specifically, a staff or a manager under the name of the SaaS enterprise.

The SaaS server may operate in a SaaS application market, where the application includes information of the SaaS server, that is, the application may be sent by the SaaS server to the IDaaS server through the SaaS application market, before the SaaS server sends the application to the IDaaS server through the SaaS application market, the SaaS server needs to enter the SaaS application market, that is, the SaaS server completes operations such as real-name authentication and contract signing with the SaaS application market, and after the completion, the SaaS server may initiate an application to the SaaS application market, create an IDaaS-integrated application in the SaaS application market, where the IDaaS-integrated application corresponds to the IDaaS server, and may be understood as a credential of the IDaaS server.

Optionally, if the SaaS server does not open the tenant of the IDaaS server yet, the SaaS server needs to open, and sends a tenant opening application to the IDaaS server through the SaaS application market, and after the IDaaS server confirms that the SaaS server opens the tenant, the IDaaS server returns confirmation information to the SaaS application market.

After the tenant is opened by the SaaS server, the SaaS application market can record the integrated information of the IDaaS, and the SaaS server can operate in the SaaS application market to send an application to the IDaaS server.

212. The IDaaS server creates a facilitator application according to the application and distributes application credentials for the facilitator application.

After receiving the application sent by the SaaS application market, the IDaaS server creates a server application according to the application, where the server application is used to associate the SaaS server with the tenant in the IDaaS server, and may also be understood as an application identifier of the SaaS server in the IDaaS server, that is, the server application is a binding credential of the SaaS server in the IDaaS server, and after the IDaaS server creates the server application, the IDaaS server also allocates an application credential for the server application, where the application credential needs to be returned by the IDaaS server to the SaaS server for the SaaS server to create an interface for accessing the IDaaS server based on the application credential in the SaaS server.

213. The IDaaS server sends the application credentials to the SaaS application marketplace.

214. The SaaS server creates an interface for accessing the IDaaS server from the application credentials.

Optionally, as shown in fig. 3, after the pre-integration of the SaaS server and the IDaaS server is completed, the SaaS server may modify the configuration information of the server application in the application market of the SaaS and verify the reliability of the pre-integration, and after step 213, the following steps may be further performed:

221. the IDaaS server obtains and records modification information of the service provider application.

The SaaS server modifies the configuration information of the service provider application in the SaaS application market, namely, modifies the calling path of the service provider application, the SaaS application market records the modified configuration information and then generates corresponding modification information, the corresponding modification information is sent to the IDaS server, the IDaS server records the modification information and generates a new application certificate, the new application certificate is returned to the SaaS application market, the SaaS application market is notified of successful modification, and the SaaS server can acquire the new application certificate from the SaaS application market.

222. The IDaaS server obtains the test application.

223. And the IDaaS server creates a test application according to the test application.

224. The IDaaS server tests the test application based on the test user from the SaaS server.

The SaaS server creates a test account in a SaaS application market, the SaaS application market sends a test application to the IDaS server based on the test account, after the IDaS server obtains the test application, the corresponding test application is created based on the previously created server application, the corresponding test application is created according to the test application, the second relation between the test application and the server application is recorded, namely, the IDaS server records that the test application is an application which is created based on the server application and is used for the test server application, the IDaS server also informs the SaaS application market that the test application is successfully created, at the moment, the SaaS server can apply for a test user in the SaaS application market, after receiving the test user application from the SaaS server, the IDaS server creates a corresponding test user, records the relation between the test user and the test application, and returns the test user to the SaaS application market, namely, based on the test user, the test user can enable the SaaS application market to access the IDaS application, namely, whether the test application of the SaaS application market can be verified from the SaaS application market, the test result can be verified, and the test result can be returned to the SaaS application market, and the test result can be verified.

225. The SaaS server synchronizes information with the SaaS application market.

After the test is completed, the SaaS server needs to provide an interface of synchronization information according to the integrated requirement, that is, the SaaS server needs to synchronize information with the SaaS server through the SaaS application market, the synchronization information includes tenant information, application information and authorization information, specifically, the tenant information includes an instance ID (instance ID), a tenant ID (tensant ID), an organization ID (org ID), a domain Name (domain Name) allocated to the user and an Order (Order ID) of the SaaS application market, wherein the instance ID is an instance number allocated to the user by the SaaS server, the tenant ID is a tenant identifier allocated to the user by the SaaS application market, the organization ID is an identifier or a number of an organization department of the user, and the application information includes an instance ID, a tenant ID, an application ID (app ID) and application configuration information (config), and the authorization information includes an instance ID, a tenant ID, an application ID, an organization ID, a user List (user List) and a synchronization time (syncing). After the synchronization of the synchronization information is completed, the user can access the test application of the IDaaS server through the SaaS server based on the test account.

Further, the detailed flow of the first stage may refer to fig. 4, and the embodiment of the present application is not described herein.

Stage two (as shown in fig. 5), the SaaS application is set up on the SaaS application market.

In the second stage, the user purchases the SaaS application of the pre-integrated IDaS in the SaaS application market, the SaaS application market judges whether the user has the tenant instance of the IDaS, if not, the step is skipped, the corresponding user application is added under the tenant, and meanwhile, the identification of the user application is generated based on the service provider application. The method specifically comprises the following steps:

231. the SaaS application market obtains the SaaS application.

232. The SaaS server synchronizes information with the SaaS application market.

After the SaaS server completes the pre-integration of the SaaS server and the IDaaS server, the SaaS application can be set up on the SaaS application market, specifically, the SaaS server submits a SaaS application in the SaaS application market, selects a corresponding server application for the application, namely, selects a server application created by the IDaaS server in a stage, the SaaS application market can save the application, records the relation between the SaaS application and the server application, and checks whether the synchronous interface provided by the SaaS server passes the adjustment, namely, synchronizes tenant information, application information and authorization information with the SaaS server before the SaaS application market checks the SaaS application, and finally, the SaaS application set up on the SaaS application market is completed after the SaaS application market checks the SaaS application.

Further, the detailed flow of the second stage may refer to fig. 6, and the embodiment of the present application is not described herein.

Stage three (as shown in fig. 7), the user purchases the SaaS application in the SaaS application market.

In the third stage, the user performs identity management of the IDaaS, and the user performs identity management of the IDaaS in the SaaS application market, including creation organization, department, authority management and the like. The method specifically comprises the following steps:

241. the SaaS server opens the SaaS instance.

242. The SaaS server associates the organization information selected by the user to the SaaS instance.

After a user purchases the SaaS application provided by the SaaS service provider in the SaaS application market, the SaaS application market calls an interface of the SaaS service provider to the SaaS server, and sends a request to the SaaS server to enable the SaaS server to open the SaaS instance of the SaaS application.

After the SaaS server opens the SaaS instance, the user may create an organization through the SaaS application marketplace, associating the organization information to the SaaS instance. Optionally, if the organization selected by the user does not open tenants at the IDaaS, the user may open tenants at the IDaaS server through the SaaS application marketplace.

242. The IDaS server acquires application information of the SaaS application purchased by the user.

243. The IDaaS server creates a user application based on the facilitator application and the application information.

If the tenant of the IDaaS has been opened by the organization corresponding to the SaaS application, the IDaaS server may acquire application information of the SaaS application from the SaaS application market, because the SaaS application is bound to the server application, the IDaaS server may create a user application based on the server application and the application information, and record a first relationship between the user application and the server application, that is, the user application is a tenant used for associating the SaaS application with the IDaaS server, and may also be understood as that the user application is a binding credential of the SaaS application in the tenant of the IDaaS server, where the first relationship is used for recording a relationship between the user application and the server application, that is, the IDaaS server may record that the user application is the server application created for the SaaS application, and then the IDaaS server may return information of the user application to the SaaS application market.

244. The SaaS server synchronizes information with the SaaS application market.

After the user application is created by the IDaaS server, the SaaS server also needs to synchronize information with the SaaS application market, so that the user can access the user application of the IDaaS server through the SaaS server. Optionally, after synchronizing tenant information and application information, the user may maintain organization information and personnel information, that is, in the SaaS application market, the user adds a sub-department under organization, adds personnel in the sub-department, applies the user to different sub-departments and personnel to set visible ranges, sets different authorizations, and then synchronizes authorization information with the SaaS application market.

Further, the detailed flow of the third stage may refer to fig. 8, and the embodiment of the present application is not described herein.

Stage four (as shown in fig. 9), the user uses SaaS services.

In stage four, the user uses the SaaS application, and the user authorized at IDaaS can use the SaaS service. The method specifically comprises the following steps:

251. the IDaaS server obtains a login request initiated by a user.

252. The IDaaS server verifies the login request based on the first relationship to generate authorization information.

253. The IDaaS server sends the authorization information to the SaaS client to enable the user to access the SaaS server based on the authorization information.

After the user finishes purchasing the SaaS application and needs to use the SaaS application, the user can initiate a login request to a SaaS instance on the SaaS server through a SaaS client corresponding to the SaaS application, the login request comprises an identification of the user application, the SaaS server can return a SaaS login page integrating the IDaS to the SaaS client based on the login request, and after the user clicks the login, the SaaS client can query tenant information of the SaaS server whether the login information is tenant or not.

If the user is a tenant, the SaaS client initiates login to the IDaaS server with the user application identifier generated when the user purchases the SaaS application, the user inputs login information (account password, etc.) on the SaaS client and then sends the login information to the IDaaS server, the IDaaS server verifies the login information based on the first relationship, that is, the IDaaS server verifies the application identifier based on the first relationship and verifies the login information input by the user, and returns login authorization information to the SaaS client after verification.

254. The IDaaS server receives authorization information and application credentials from the SaaS server.

255. The IDaS server verifies the authorization information based on the application certificate and sends a verification result to the SaaS server.

After receiving the authorization information returned by the IDaS server, the SaaS client receives the authorization information and requests the SaaS server for the SaaS service, the SaaS server carries the application certificate and the authorization information to verify the validity of the authorization information to the IDaS server, the IDaS server verifies whether the application certificate has the authority to access the user information under the user application, if so, the authorization information verification is passed, the IDaS server returns a user number to the SaaS server, the SaaS server judges whether the user corresponding to the user number has the authority to access the SaaS service according to the authorization information, if so, the SaaS server generates a session identifier and returns the session identifier to the SaaS client, and at the moment, the user can access other functions of the SaaS service based on the session identifier and use the SaaS service.

Further, the detailed flow of the fourth stage may refer to fig. 10, and the embodiment of the present application is not described herein.

As shown in fig. 11, it can be seen from the summary of the four stages, in the embodiment of the present application, the IDaaS server creates a server application according to an application sent by the SaaS server, allocates an application credential for the server application, and sends the application credential to the SaaS server, so that the SaaS server creates an interface for accessing the IDaaS server at the SaaS server based on the application credential, and integration of the SaaS and the IDaaS can be achieved through the interface. After the SaaS and the IDaS are integrated, key processes such as loading, purchasing, authenticating and the like can be realized, tenants buying the SaaS application can sense function changes, developers buying the SaaS application can sense interface changes, configuration information and the like, the IDaS has key technical support of the SaaS, the association relation between the service provider application and the user application generated based on the service provider application is supported, in terms of a user, the user buys a SaaS application, the system automatically instantiates the SaaS application on the IDaS, associates user tenant information, the user enters a SaaS application market page, and various operations of the IDaS, such as creation organization, department, authority management and the like, can be performed on the service purchased by the user; in the aspect of SaaS application developers, the developers need to be pre-integrated with IDaS (realizing docking), and the system can provide interfaces on two sides so that the developers can smoothly realize communication of all links. In addition, various configuration information of the SaaS application can be templated, when the SaaS application, such as a server, is migrated, the server migration can be realized only by updating certain fields in the template, and the server migration is not influenced on the IDaaS server and the user side, thereby bringing the following beneficial effects including but not limited to:

(1) After a user purchases the SaaS application in the SaaS application market, the integration with the IDaS service can be automatically realized, including the transformation of the SaaS server and the IDaS server, so that the two parties can get through in the processes of purchase, authority management, authentication and the like, the user can enjoy the benefits of the SaaS and the IDaS at the same time, and the user only maintains one piece of user information (including organization, department, personnel, application authorization and the like), so that a plurality of SaaS capabilities can be conveniently used, and the user experience is improved;

(2) The IDaS server distinguishes the existing user application by introducing the service provider application, can identify the scene of the application transaction application, and flexibly supports the interface of the SaaS service provider;

(3) The SaaS application market is used as an intermediate platform, and the SaaS and IDaS are flexibly bound for use, so that the SaaS application market integrates the SaaS service and the IDaS service, the complexity of system docking is reduced, and the experience of a SaaS service provider and a service provider for providing the IDaS service is improved;

(4) The SaaS service provider carries out application modification and upgrading (such as application server relocation, capacity expansion and the like) without influencing the user side, and meanwhile, more users are accessed through the SaaS market.

After the service integration method provided by the embodiment of the application is used, from the aspect of interaction experience, based on the SaaS application market, the fact that the SaaS integrates the IDaS can be perceived through the interaction of the application market, the user can use the capability of integrating the SaaS of the IDaS, and from the aspect of a network side, the interface which is related to the SaaS application market and the SaaS service provider in an integration way can be found through grabbing, or the interface which is related to the integration of the IDaS server and the SaaS service provider in an integration way.

2. No SaaS application market:

the functions of the SaaS application market are converted into being carried by the IDaaS server, both the SaaS server and the user are converted into interacting with the IDaaS server, and the transaction of the SaaS application can be completed off-line or separately in the SaaS application market, and specific implementation details can refer to the aforementioned scenario of using the SaaS application market in the scenario of not using the SaaS application market, which is not repeated herein.

As shown in fig. 12 to 16, the service integration method may be divided into three stages, which specifically include:

stage one (as shown in fig. 12), saaS server pre-integrates IDaaS capability:

311. the IDaaS server obtains the application.

312. The IDaaS server creates a facilitator application according to the application and distributes application credentials for the facilitator application.

The SaaS server completes the opening of the tenant in the IDaS server in advance, the application comprises information of the SaaS server, namely the application can be sent to the IDaS server by the SaaS server through the SaaS application market, at the moment, the SaaS server can directly initiate the application to the IDaS server, so that the IDaS server creates the service application according to the application and distributes application credentials for the service application, and the service application is used for associating the SaaS server with the tenant in the IDaS server and can also be understood as the binding credentials of the SaaS server in the IDaS server. The application credential needs to be returned to the SaaS server by the IDaaS server for the SaaS server to create an interface for accessing the IDaaS server at the SaaS server based on the application credential, which may be understood as a credential or identity of the SaaS server for the business to access the IDaaS server.

313. The IDaaS server sends the application credential to the SaaS server to cause the SaaS server to create an interface at the SaaS server for accessing the IDaaS server based on the application credential.

After the IDaaS server distributes the application credential for the service provider application, the application credential is sent to the SaaS server, for example, after the IDaaS server generates the application credential, the application credential is separately transferred to the SaaS server in an offline or other online manner, and the SaaS server can create an interface for accessing the IDaaS server at the SaaS server based on the application credential, optionally, after the pre-integration of the SaaS server and the IDaaS server is completed, the SaaS server can modify the configuration information of the service provider application and verify the reliability of the pre-integration.

Specifically, the SaaS server modifies configuration information of the server application at the IDaaS server, and the IDaaS server acquires and records modification information of the server application, where the modification information is generated after the SaaS server modifies the configuration information of the server application, the configuration information includes a call path of the server application, and the IDaaS server may also maintain organization information, maintenance personnel information, and the like. The IDaaS server can also acquire a test application sent by the SaaS server, the IDaaS server creates a test application according to the test application, and records a second relation between the test application and the server application, namely, the IDaaS server creates the test application based on the server application by testing the test application based on a test user from the SaaS server, then the SaaS server can maintain application authorization at the IDaaS server, namely, the organization information, personnel information and authorization of the server application of the tenant of the user are completed, and finally, the IDaaS server and the SaaS server synchronize information, wherein the synchronizing information comprises tenant information, application information and authorization information.

Further, the detailed flow of the first stage may refer to fig. 13, and the embodiment of the present application is not described herein.

Stage two (as shown in fig. 14), the user completes application management and configuration of SaaS at the IDaaS server:

321. the IDaS server acquires application information of the SaaS application purchased by the user.

The user has finished opening the tenant in the IDaS server in advance, the function of the IDaS server can be used, the purchase of the SaaS application can be finished off-line or off-line by the user, the verification logic of the SaaS application can be finished by the IDaS server and the SaaS server respectively, and the SaaS application is bound with the service provider application.

322. The IDaaS server creates a user application based on the facilitator application and the application information.

After the IDaaS server obtains the application information of the SaaS application, the support configuration user uses the server application to create the user application corresponding to the SaaS application, or the SaaS application notifies the IDaaS server to complete the creation of the user application, the user application is used for associating the SaaS application with the tenant in the IDaaS server, or the IDaaS application binding credentials in the tenant of the IDaaS server, the first relationship is used for recording the relationship between the user application and the server application, that is, the IDaaS server also records the application relationship between the user application and the server application, that is, records the first relationship, and then the IDaaS server returns the application information to the user.

323. The IDaaS server synchronizes information with the SaaS server.

Optionally, after the IDaaS server creates the user application, the IDaaS server needs to synchronize information with the SaaS server, so that the user may access the user application of the IDaaS server through the SaaS server. Optionally, after synchronizing the tenant information and the application information, the user may maintain the organization information and the personnel information, that is, the user maintains the organization information, the personnel information, the application authorization and other information in the IDaaS server, and then the SaaS server synchronizes the authorization information with the SaaS application market.

Further, the detailed flow of the second stage may refer to fig. 15, and the embodiment of the present application is not described herein.

Stage three (as shown in fig. 16), user use SaaS service:

331. the IDaaS server obtains a login request initiated by a user.

332. The IDaaS server verifies the login request based on the first relationship to generate authorization information.

333. The IDaaS server sends the authorization information to the SaaS client to enable the user to access the SaaS server based on the authorization information.

334. The IDaaS server receives authorization information and application credentials from the SaaS server.

335. The IDaS server verifies the authorization information based on the application certificate and sends a verification result to the SaaS server.

Further, the detailed flow of the third stage may refer to fig. 10, which is not repeated in the embodiment of the present application.

In the scene of not using the SaaS application market, the method has the beneficial effect of integrating the SaaS and the IDaS, removes the arrangement logic of the SaaS application market, reduces the cost of service integration, and enables a user to perceive the docking details of the SaaS and the IDaS.

The service integration method provided by the embodiment of the application is introduced above, and related equipment provided by the embodiment of the application is introduced below by combining with the attached drawings.

As shown in fig. 17, an embodiment of a server 1700 provided by an embodiment of the present application includes:

an acquiring unit 1701, configured to acquire an application, where the application includes information of a software as a service SaaS server; the acquisition unit 1701 may perform step 211 in the above-described method embodiment.

A creating unit 1702 configured to create a server application according to an application, and allocate an application credential to the server application, where the application credential is used for creating an interface for accessing the IDaaS server at the SaaS server based on the application credential, and the server application is used for associating the SaaS server with a tenant in the IDaaS server; the creation unit 1702 may perform step 212 in the method embodiment described above.

And a sending unit 1703, configured to send the application credential to the SaaS server. The transmitting unit 1703 may perform step 213 in the above-described method embodiment.

In the embodiment of the present application, the creating unit 1702 creates the server application according to the application sent by the SaaS server, and distributes the application credential for the server application, and the sending unit 1703 sends the application credential to the SaaS server, so that the SaaS server creates an interface for accessing the IDaaS server at the SaaS server based on the application credential, and integration of the SaaS and the IDaaS can be achieved through the interface.

Optionally, the acquiring unit 1701 is further configured to acquire application information of a SaaS application purchased by the user, where the SaaS application is bound with a service provider application; the creating unit 1702 is further configured to create a user application based on the facilitator application and the application information, where the user application is configured to associate the SaaS application with the tenant in the IDaaS server.

Optionally, the server 1700 further includes a verification unit 1704 and a receiving unit 1705, where the obtaining unit 1701 is further configured to obtain a login request initiated by a user, where the login request includes an identifier of a user application; the verification unit 1704 is configured to verify the login request based on a first relationship to generate authorization information, where the first relationship is used to record a relationship between the user application and the server application; the sending unit 1703 is further configured to send authorization information to the user, so that the user accesses the SaaS server based on the authorization information; the receiving unit 1705 is configured to receive authorization information and an application credential from the SaaS server; the verification unit 1704 is further configured to verify the authorization information based on the application credential, and send the verification result to the SaaS server.

Optionally, the server 1700 further includes a test unit 1706, and the acquiring unit 1701 is further configured to acquire a test application; the creating unit 1702 is further configured to create a test application according to the test application, and record a second relationship between the test application and the server application; the test unit 1706 is configured to test the test application based on a test user from the SaaS facilitator.

Optionally, the acquiring unit 1701 is further configured to acquire and record modification information of the service provider application, where the modification information is generated after the SaaS service provider modifies configuration information of the service provider application, and the configuration information includes a call path of the service provider application.

Alternatively, the SaaS server accesses the IDaaS server and the SaaS server through the SaaS application market.

Alternatively, the user accesses the IDaaS server and the SaaS server through the SaaS application market or the SaaS client.

The server 1700 provided in the embodiment of the present application may be understood by referring to the corresponding content of the foregoing service integration method embodiment, and the detailed description is not repeated here.

The acquiring unit 1701, the creating unit 1702, the transmitting unit 1703, and the like may be implemented by software, or may be implemented by hardware. By way of example, the implementation of the acquisition unit 1701 will be described next taking the acquisition unit 1701 as an example. Similarly, the implementation of the creation unit 1702 and the transmission unit 1703 may refer to the implementation of the acquisition unit 1701.

Unit as an example of a software functional unit, the acquisition unit 1701 may comprise code running on a computing instance. The computing instance may include at least one of a physical host (computing device), a virtual machine, and a container, among others. Further, the above-described computing examples may be one or more. For example, the fetch unit 1701 may include code that runs on multiple hosts/virtual machines/containers. It should be noted that, multiple hosts/virtual machines/containers for running the code may be distributed in the same region (region), or may be distributed in different regions. Further, multiple hosts/virtual machines/containers for running the code may be distributed in the same availability zone (availability zone, AZ) or may be distributed in different AZs, each AZ comprising a data center or multiple geographically close data centers. Wherein typically a region may comprise a plurality of AZs.

Also, multiple hosts/virtual machines/containers for running the code may be distributed in the same virtual private cloud (virtual private cloud, VPC) or in multiple VPCs. In general, one VPC is disposed in one region, and a communication gateway is disposed in each VPC for implementing inter-connection between VPCs in the same region and between VPCs in different regions.

Unit as an example of a hardware functional unit, the acquisition unit 1701 may comprise at least one computing device, such as a server or the like. Alternatively, the acquisition unit 1701 may be a device or the like implemented using an application-specific integrated circuit (ASIC) or a programmable logic device (programmable logic device, PLD). The PLD may be implemented as a complex program logic device (complex programmable logical device, CPLD), a field-programmable gate array (FPGA), a general-purpose array logic (generic array logic, GAL), or any combination thereof.

The multiple computing devices included in the acquisition unit 1701 may be distributed in the same region or may be distributed in different regions. The plurality of computing devices included in the acquisition unit 1701 may be distributed in the same AZ or may be distributed in different AZ. Also, a plurality of computing devices included in the acquisition unit 1701 may be distributed in the same VPC or may be distributed in a plurality of VPCs. Wherein the plurality of computing devices may be any combination of computing devices such as servers, ASIC, PLD, CPLD, FPGA, and GAL.

It should be noted that, in other embodiments, the acquiring unit 1701 may be configured to perform any step in the service integration method, the B module may be configured to perform any step in the service integration method, the C module may be configured to perform any step in the service integration method, the steps that the acquiring unit 1701, the creating unit 1702, and the sending unit 1703 are responsible for implementing may be specified as needed, and the acquiring unit 1701, the creating unit 1702, and the sending unit 1703 implement different steps in the service integration method respectively to implement all functions of the server 1700.

As shown in fig. 18, another embodiment of a server 1800 provided by an embodiment of the present application includes:

an obtaining unit 1801, configured to obtain an application credential sent by a SaaS server, where the application credential is obtained by allocating an identity, that is, a service idas server, to a service provider application, where the service provider application is created by the IDaaS server according to an application, where the application includes information of the SaaS server, and the service provider application is configured to associate the SaaS server with a tenant in the IDaaS server; the acquisition unit 1801 may perform step 213 in the method embodiment described above.

A creating unit 1802, configured to create an interface for accessing the IDaaS server according to the application credential. The creation unit 1802 may perform step 214 in the method embodiments described above.

In the embodiment of the present application, a server application is created according to an application sent by a SaaS server, an application credential is allocated to the server application, and the application credential is sent to the SaaS server, so that the creation unit 1802 creates an interface for accessing an IDaaS server, and integration of the SaaS and the IDaaS can be achieved through the interface.

Optionally, the server 1800 further includes a sending unit 1803 and a receiving unit 1804, where the obtaining unit 1801 is further configured to obtain authorization information sent by a user, where the authorization information is generated by verifying, by the IDaaS server, a login request based on a first relationship, where the first relationship is an application relationship between a user application and a server application, the user application is created by the IDaaS server based on the server application and application information, the application information is information of a SaaS application purchased by the user, the SaaS application is bound with the server application, the login request is initiated by the user, and includes a request for identification of the user application, where the user application is used to associate the SaaS application with a tenant in the IDaaS server; the sending unit 1803 is configured to send the authorization information and the application credential to the IDaaS server, so that the IDaaS server verifies the authorization information based on the application credential, and obtains a verification result; the receiving unit 1804 is configured to receive a verification result from the IDaaS server.

The server 1800 provided in the embodiment of the present application may be understood by referring to the corresponding content of the foregoing service integration method embodiment, and the detailed description is not repeated here.

In this case, the acquisition unit 1801, the creation unit 1802, and the like may be implemented by software, or may be implemented by hardware. By way of example, the implementation of the acquisition unit 1801 will be described next taking the acquisition unit 1801 as an example. Similarly, the implementation of the creation unit 1802 may refer to the implementation of the acquisition unit 1801.

Unit as an example of a software functional unit, the acquisition unit 1801 may comprise code running on a computing instance. The computing instance may include at least one of a physical host (computing device), a virtual machine, and a container, among others. Further, the above-described computing examples may be one or more. For example, the acquisition unit 1801 may include code running on multiple hosts/virtual machines/containers. It should be noted that, multiple hosts/virtual machines/containers for running the code may be distributed in the same region (region), or may be distributed in different regions. Further, multiple hosts/virtual machines/containers for running the code may be distributed in the same availability zone (availability zone, AZ) or may be distributed in different AZs, each AZ comprising a data center or multiple geographically close data centers. Wherein typically a region may comprise a plurality of AZs.

Unit as an example of a hardware functional unit, the acquisition unit 1801 may include at least one computing device, such as a server or the like. Alternatively, the acquisition unit 1801 may be a device or the like implemented using an application-specific integrated circuit (ASIC) or a programmable logic device (programmable logic device, PLD). The PLD may be implemented as a complex program logic device (complex programmable logical device, CPLD), a field-programmable gate array (FPGA), a general-purpose array logic (generic array logic, GAL), or any combination thereof.

The plurality of computing devices included in the acquisition unit 1801 may be distributed in the same region or may be distributed in different regions. The plurality of computing devices included in the acquisition unit 1801 may be distributed in the same AZ or may be distributed in different AZ. Also, the plurality of computing devices included in the acquisition unit 1801 may be distributed in the same VPC or may be distributed in a plurality of VPCs. Wherein the plurality of computing devices may be any combination of computing devices such as servers, ASIC, PLD, CPLD, FPGA, and GAL.

In other embodiments, the acquiring unit 1801 may be configured to perform any step in the service integration method, the creating unit 1802 may be configured to perform any step in the service integration method, the steps that the acquiring unit 1801 and the creating unit 1802 are responsible for implementing may be specified as needed, and the acquiring unit 1801 and the creating unit 1802 implement different steps in the service integration method to implement all functions of the server 1800.

The present application also provides a computing device 1900. As shown in fig. 19, a computing device 1900 includes: bus 1902, processor 1904, memory 1906, and communication interface 1908. Communication between processor 1904, memory 1906, and communication interface 1908 is via bus 1902. Computing device 1900 may be a server or a terminal device. It should be appreciated that the present application is not limited to the number of processors, memories in computing device 1900.

Bus 1902 may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The buses may be divided into address buses, data buses, control buses, etc. For ease of illustration, only one line is shown in fig. 19, but not only one bus or one type of bus. Bus 1904 may include a path for transferring information between various components of computing device 1900 (e.g., memory 1906, processor 1904, communication interface 1908).

The processor 1904 may include any one or more of a central processing unit (central processing unit, CPU), a graphics processor (graphics processing unit, GPU), a Microprocessor (MP), or a digital signal processor (digital signal processor, DSP).

The memory 1906 may include volatile memory (RAM), such as random access memory (random access memory). The processor 1904 may also include non-volatile memory (non-volatile memory), such as read-only memory (ROM), flash memory, mechanical hard disk (HDD) or solid state disk (solid state drive, SSD).

The memory 1906 stores therein executable program codes, and the processor 1904 executes the executable program codes to realize the functions of the aforementioned acquisition unit and creation unit, respectively, thereby realizing the service integration method. That is, the memory 1906 has instructions stored thereon for executing the service integration method.

Alternatively, the memory 1906 stores executable codes, and the processor 1904 executes the executable codes to implement the functions of the aforementioned SaaS server or IDaaS server, respectively, thereby implementing the service integration method. That is, the memory 1906 has instructions stored thereon for executing the service integration method.

Communication interface 1908 enables communication between computing device 1900 and other devices or communication networks using a transceiver module such as, but not limited to, a network interface card, transceiver, or the like.

As shown in fig. 20, a schematic diagram of a possible logic structure of a server 2000 is provided in an embodiment of the present application. The server 2000 includes: a hardware layer 2001 and a Virtual Machine (VM) layer 2002, which may include one or more VMs. The hardware layer 2001 provides hardware resources for the VM, supporting the VM's operation, the function of which and processes related to the present application can be understood with reference to the corresponding description of the method incident book library described above. The hardware layer 2001 includes hardware resources such as a processor, a communication interface, and a memory. The processor may include a CPU.

The present application also provides a service integration system, as shown in fig. 21, comprising:

the IDaAS server is used for acquiring application, wherein the application comprises information of a software as-a-service SaaS server; creating a server application according to the application, and distributing application credentials for the server application, wherein the server application is used for associating the SaaS server with tenants in the IDaS server;

the SaaS server is used for acquiring the application certificate sent by the SaaS server; an interface for accessing the IDaaS server is created from the application credentials.

Both the IDaaS server and the SaaS server may be implemented in software, or may be implemented in hardware. Illustratively, the implementation of the IDaaS server is described next. Similarly, the implementation of the SaaS server may refer to the implementation of the IDaaS server.

Module as an example of a software functional unit, the IDAAS server may comprise code running on a computing instance. Wherein the computing instance may be at least one of a physical host (computing device), a virtual machine, a container, etc. computing device. Further, the computing device may be one or more. For example, the IDAAS server may include code running on multiple hosts/virtual machines/containers. It should be noted that, multiple hosts/virtual machines/containers for running the application may be distributed in the same region, or may be distributed in different regions. Multiple hosts/virtual machines/containers for running the code may be distributed among the same AZ or among different AZs, each AZ including one data center or multiple geographically close data centers. Wherein typically a region may comprise a plurality of AZs.

Also, multiple hosts/virtual machines/containers for running the code may be distributed in the same VPC, or may be distributed among multiple VPCs. Where typically one VPC is placed within one region. The inter-region communication between two VPCs in the same region and between VPCs in different regions needs to set a communication gateway in each VPC, and the interconnection between the VPCs is realized through the communication gateway.

Modules as an example of hardware functional units, an IDAAS server may comprise at least one computing device, such as a server or the like. Alternatively, the IDAAS server may be a device implemented by ASIC or PLD. Wherein, the PLD can be CPLD, FPGA, GAL or any combination thereof.

The IDAAS server may include multiple computing devices that are distributed in the same region or in different regions. The multiple computing devices comprised by the IDAAS server may be distributed in the same AZ or may be distributed in different AZ. Also, the multiple computing devices included in the IDAAS server may be distributed in the same VPC or may be distributed in multiple VPCs. Wherein the plurality of computing devices may be any combination of computing devices such as servers, ASIC, PLD, CPLD, FPGA, and GAL.

The embodiment of the application also provides a computing device cluster. The cluster of computing devices includes at least one computing device. The computing device may be a server, such as a central server, an edge server, or a local server in a local data center. In some embodiments, the computing device may also be a terminal device such as a desktop, notebook, or smart phone.

As shown in fig. 22, the cluster of computing devices includes at least one computing device 1900. The same instructions for performing the service integration method may be stored in the memory 1906 in one or more computing devices 1900 in the computing device cluster.

In some possible implementations, portions of the instructions for performing the service integration method may also be stored separately in the memory 1906 of one or more computing devices 1900 in the cluster of computing devices. In other words, a combination of one or more computing devices 1900 may collectively execute instructions for performing a service integration method.

It should be noted that the memory 1906 in different computing devices 1900 in the computing device cluster may store different instructions for performing part of the functions of the SaaS server or the IDaaS server, respectively. That is, the instructions stored in the memory 1906 in the different computing devices 1900 may implement the functions of one or more modules in the acquisition unit and the creation unit.

In some possible implementations, one or more computing devices in a cluster of computing devices may be connected through a network. Wherein the network may be a wide area network or a local area network, etc. Fig. 23 shows one possible implementation. As shown in fig. 23, two computing devices 100A and 100B are connected by a network. Specifically, the connection to the network is made through a communication interface in each computing device. In this type of possible implementation, instructions to perform the functions of the fetch unit are stored in memory 106 in computing device 100A. Meanwhile, an instruction to execute the function of the creation unit is stored in the memory 106 in the computing device 100B.

It should be appreciated that the functionality of computing device 100A shown in fig. 23 may also be performed by multiple computing devices 100. Likewise, the functionality of computing device 100B may also be performed by multiple computing devices 100.

The embodiment of the application also provides another computing device cluster. The connection between computing devices in the computing device cluster may be similar to the connection of the computing device cluster described with reference to fig. 22 and 23. In contrast, the same instructions for performing the service integration method may be stored in memory in one or more computing devices in the cluster of computing devices.

In some possible implementations, part of the instructions for performing the service integration method may also be stored separately in the memory of one or more computing devices in the cluster of computing devices. In other words, a combination of one or more computing devices may collectively execute instructions for performing a service integration method.

It should be noted that the memories in different computing devices in the computing device cluster may store different instructions for performing part of the functions of the service integration system. That is, the memory-stored instructions in the different computing devices may implement the functionality of one or more of the IDaaS server and the SaaS server.

Embodiments of the present application also provide a computer program product comprising instructions. The computer program product may be software or a program product containing instructions capable of running on a computing device or stored in any useful medium. The computer program product, when run on at least one computing device, causes the at least one computing device to perform a service integration method.

The embodiment of the application also provides a computer readable storage medium. The computer readable storage medium may be any available medium that can be stored by a computing device or a data storage device such as a data center containing one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk), etc. The computer-readable storage medium includes instructions that instruct a computing device to perform a service integration method.

In another embodiment of the present application, there is also provided a chip system including at least one processor for receiving data and/or signals and an interface for supporting implementation of the service integration method described in the above embodiments. In one possible design, the chip system may further include memory to hold program instructions and data necessary for the computer device. The chip system can be composed of chips, and can also comprise chips and other discrete devices.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the embodiments of the present application.

It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.

In the several embodiments provided in the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (RAM, random access memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.

Claims

1. A service integration method, comprising:

the method comprises the steps that an identity serving IDaS server obtains an application, wherein the application comprises information of a software serving SaaS server;

the IDaS server creates a server application according to the application, and distributes an application certificate for the server application, wherein the application certificate is used for creating an interface for accessing the IDaS server at the SaaS server based on the application certificate by the SaaS server, and the server application is used for associating the SaaS server with tenants in the IDaS server.

2. The method according to claim 1, wherein the method further comprises:

the IDaS server acquires application information of a SaaS application purchased by a user, and the SaaS application is bound with the service provider application;

the IDaaS server creates a user application based on the facilitator application and the application information, the user application being for associating the SaaS application with a tenant in the IDaaS server.

3. The method according to claim 2, wherein the method further comprises:

the IDaaS server obtains a login request initiated by a user, wherein the login request comprises an identifier of the user application;

The IDaaS server verifies the login request based on a first relation to generate authorization information, wherein the first relation is used for recording the relation between the user application and the server application;

the IDaS server sends the authorization information to the user so that the user accesses the SaaS server based on the authorization information;

the IDaaS server receives the authorization information and the application credentials from the SaaS server;

and the IDaS server verifies the authorization information based on the application certificate and sends a verification result to the SaaS server.

4. A method according to any one of claims 1-3, characterized in that the method further comprises:

the IDaaS server acquires a test application;

the IDaaS server creates a test application according to the test application and records a second relation between the test application and the server application;

the IDaaS server tests the test application based on a test user from the SaaS server.

5. The method of any of claims 1-4, wherein after the IDaaS server sends the application credential to the SaaS server, the method further comprises:

The IDaS server acquires and records modification information of the service provider application, wherein the modification information is generated after the SaaS service provider modifies configuration information of the service provider application, and the configuration information comprises a calling path of the service provider application.

6. The method of any one of claims 1-5, wherein the SaaS server accesses the IDaaS server and the SaaS server through a SaaS application marketplace.

7. The method according to any of claims 2-6, wherein the user accesses the IDaaS server and the SaaS server through a SaaS application marketplace or a SaaS client.

8. A service integration method, comprising:

the software as a service (SaaS) server obtains an application credential sent by a SaaS server, wherein the application credential is obtained by distributing an identity as a service (IDaS) server to an application of a server, the application of the server is created by the IDaS server according to an application, the application comprises information of the SaaS server, and the application of the server is used for associating the SaaS server with a tenant in the IDaS server;

and the SaaS server creates an interface for accessing the IDaS server according to the application certificate.

9. The method of claim 8, wherein the method further comprises:

the SaaS server acquires authorization information sent by a user, wherein the authorization information is generated by verifying a login request by the IDaS server based on a first relation, the first relation is an application relation between a user application and a server application, the user application is created by the IDaS server based on the server application and application information, the application information is information of the SaaS application purchased by the user, the SaaS application is bound with the server application, the login request is initiated by the user and comprises a request of an identifier of the user application, and the user application is used for associating the SaaS application with a tenant in the IDaS server;

the SaaS server sends the authorization information and the application certificate to the IDaS server so that the IDaS server verifies the authorization information based on the application certificate to obtain a verification result;

and the SaaS server receives the verification result from the IDaS server.

10. The method according to claim 8 or 9, wherein the SaaS server accesses the IDaaS server and the SaaS server through a SaaS application market.

11. The method according to claim 9 or 10, wherein the user accesses the IDaaS server and the SaaS server through a SaaS application marketplace or a SaaS client.

12. A server, comprising:

the system comprises an acquisition unit, a storage unit and a control unit, wherein the acquisition unit is used for acquiring an application, and the application comprises information of a software as a service (SaaS) service provider;

the creating unit is used for creating a server application according to the application and distributing an application certificate for the server application, wherein the application certificate is used for creating an interface for accessing the IDaS server at the SaaS server based on the application certificate by the SaaS server, and the server application is used for associating the SaaS server with tenants in the IDaS server;

and the sending unit is used for sending the application certificate to the SaaS service provider.

13. The server according to claim 12, wherein the server is configured to,

the acquisition unit is further used for acquiring application information of a SaaS application purchased by a user, and the SaaS application is bound with the service provider application;

the creating unit is further configured to create a user application based on the server application and the application information, where the user application is configured to associate the SaaS application with a tenant in the IDaaS server.

14. The server according to claim 13, further comprising an authentication unit and a receiving unit,

the acquisition unit is further used for acquiring a login request initiated by a user, wherein the login request comprises an identifier of the user application;

the verification unit is used for verifying the login request based on the first relation to generate authorization information, and the first relation is used for recording the relation between the user application and the server application;

the sending unit is further used for sending the authorization information to the user so that the user accesses the SaaS server based on the authorization information;

the receiving unit is used for receiving the authorization information and the application certificate from the SaaS server;

the verification unit is further used for verifying the authorization information based on the application certificate and sending a verification result to the SaaS server.

15. The server according to any one of claims 12-14, wherein the server further comprises a test unit,

the acquisition unit is also used for acquiring a test application;

the creating unit is further used for creating a test application according to the test application and recording a second relation between the test application and the server application;

The test unit is used for testing the test application based on a test user from the SaaS service provider.

16. The server according to any one of the claims 12-15, wherein,

the acquiring unit is further configured to acquire and record modification information of the service provider application, where the modification information is generated after the SaaS service provider modifies configuration information of the service provider application, and the configuration information includes a call path of the service provider application.

17. The server according to any one of claims 12-16, wherein the SaaS server accesses the IDaaS server and the SaaS server through a SaaS application marketplace.

18. The server according to any of the claims 13-17, wherein the user accesses the IDaaS server and the SaaS server through a SaaS application marketplace or a SaaS client.

19. A server, comprising:

the system comprises an acquisition unit, a service server and a service server, wherein the acquisition unit is used for acquiring an application credential sent by a SaaS (software as a service) server, the application credential is obtained by distributing an identity, namely a service IDaS server, to a service provider application, the service provider application is created for the IDaS server according to an application, the application comprises information of the SaaS server, and the service provider application is used for associating the SaaS server with tenants in the IDaS server;

And the creating unit is used for creating an interface for accessing the IDaaS server according to the application certificate.

20. The server of claim 19, further comprising a transmitting unit and a receiving unit,

the obtaining unit is further configured to obtain authorization information sent by a user, where the authorization information is generated by verifying a login request by the IDaaS server based on a first relationship, the first relationship is an application relationship between a user application and the server application, the user application is created by the IDaaS server based on the server application and application information, the application information is information of a SaaS application purchased by the user, the SaaS application is bound with the server application, the login request is a request initiated by the user and includes an identifier of the user application, and the user application is used to associate the SaaS application with a tenant in the IDaaS server;

the sending unit is used for sending the authorization information and the application certificate to the IDaAS server so that the IDaAS server verifies the authorization information based on the application certificate to obtain a verification result;

The receiving unit is used for receiving the verification result from the IDaaS server.

21. The server of claim 19 or 20, wherein the SaaS server accesses the IDaaS server and the SaaS server through a SaaS application marketplace.

22. The server according to claim 20 or 21, wherein the user accesses the IDaaS server and the SaaS server via a SaaS application market or a SaaS client.

23. A service integration system, the system comprising:

the IDaS server is used for acquiring application applications, wherein the application applications comprise information of software as a service SaaS server; creating a facilitator application according to the application, and distributing application credentials for the facilitator application, wherein the facilitator application is used for associating the SaaS service provider with the tenant in the IDaS server;

the SaaS server is used for acquiring the application certificate sent by the SaaS server; and creating an interface for accessing the IDaS server according to the application certificate.

24. A cluster of computing devices, comprising at least one computing device, each computing device comprising a processor and a memory;

The processor of the at least one computing device is configured to execute instructions stored in a memory of the at least one computing device to cause the cluster of computing devices to perform the method of any of claims 1-7.

25. A cluster of computing devices, comprising at least one computing device, each computing device comprising a processor and a memory;

the processor of the at least one computing device is configured to execute instructions stored in a memory of the at least one computing device to cause the cluster of computing devices to perform the method of any of claims 8-11.

26. A computer program product containing instructions that, when executed by a cluster of computing devices, cause the cluster of computing devices to perform the method of any of claims 1-7.

27. A computer program product containing instructions that, when executed by a cluster of computing devices, cause the cluster of computing devices to perform the method of any of claims 8-11.

28. A computer readable storage medium comprising computer program instructions which, when executed by a cluster of computing devices, perform the method of any of claims 1-7.

29. A computer readable storage medium comprising computer program instructions which, when executed by a cluster of computing devices, perform the method of any of claims 8-11.