CN201878190U - Account filling-out-based single point login platform - Google Patents
Account filling-out-based single point login platform Download PDFInfo
- Publication number
- CN201878190U CN201878190U CN201020534767XU CN201020534767U CN201878190U CN 201878190 U CN201878190 U CN 201878190U CN 201020534767X U CN201020534767X U CN 201020534767XU CN 201020534767 U CN201020534767 U CN 201020534767U CN 201878190 U CN201878190 U CN 201878190U
- Authority
- CN
- China
- Prior art keywords
- account
- unit
- server
- user
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The utility model discloses an account filling-out-based single point login platform, which comprises an account filling-out unit, an identity authentication server and an account management server, wherein the account filling-out unit is installed in a client server; the identity authentication server comprises a user management unit for managing master account information and an identity authentication unit for user identity authentication, wherein the identity authentication unit is in communication connection with the user management unit and used for acquiring the master account information; the identity authentication unit is in communication connection with the account filling-out unit; and the account management server comprises an account management unit for managing a slave account and a master and slave configuration unit for associated mapping of a master account and a slave account, wherein the master and slave configuration unit is in communication connection with the account management unit and the user management unit. The single point login platform realizes that a user automatically logs in a target resource system according to the master and slave account associated authorization of the account management server, the master account authentication result of the identity authentication server on the user and the corresponding account authentication information of the account filling-out unit through automatic filling out.
Description
Technical field
The present invention relates to a kind ofly carry out the resource single-sign-on platform that number of the account generation fills out, provide based on number of the account generation is filled out the resource sign-on access method that realizes that single-sign-on is experienced automatically under the master/slave number of the account management mode based on client software.
Background technology
Common 4A platform (authentication, mandate, audit and number of the account management) is on the basis of unified plan 4A related service; corresponding agency/plug-in unit need be installed on shielded service end (or resource system) and client, realize service end with and the 4A managing response of going up resource system is handled and realization user bill preservation etc. on client.
In fact, when the existing resource of integration realizes the single-sign-on function, the developer of some resource systems does not exist already, or resource system has been spent the free development and maintenance phase, even or even the upgrading development cost of resource system are provided, but the developer considers also may disagree with according to user's demand once more for other and comes customized development.Therefore, some existing resource systems do not need need consider the single-sign-on integration technology of source code level transformation when single-sign-on is integrated.
The utility model content
The purpose of this utility model is in order to solve the problem that above-mentioned exploitation once more needs the source code level to transform, to provide a kind of service end or resource system not to need installation agent, and can realize the user once authenticate after current everywhere single-sign-on platform.
The technical solution adopted in the utility model is: a kind of single-sign-on platform of filling out based on number of the account generation comprises:
Number of the account is used for being installed in client-server for filling out the unit;
Authentication server comprises the authentication unit that is used to manage the service management unit of primary account number information and is used to carry out authenticating user identification, and described authentication unit is connected with the service management unit communication, is used to obtain primary account number information; Described authentication unit is connected for filling out unit communications with number of the account; And,
The number of the account management server comprises the account management unit and the principal and subordinate's dispensing unit that is used to carry out primary account number and shine upon from account relating that are used to manage from number of the account, and communication is connected described principal and subordinate's dispensing unit with service management unit with account management unit.
Preferably, described authentication server also comprises the Condition Monitoring Unit that is used for the monitor user ' state, and communication is connected described Condition Monitoring Unit with service management unit with the number of the account agent unit.
Preferably, described authentication server and number of the account management server are deployed on the same server or are deployed in respectively on the server.
The beneficial effects of the utility model are: according to principal and subordinate's account relating mandate of number of the account management server, and authentication server is to user's primary account number authentication result, number of the account is filled out corresponding account number authentication information (from number of the account with from password) for filling out the unit by automatic generation, realizes that the user logins the target resource system automatically; And these target resource systems do not need the transformation of source code level when single-sign-on is integrated.
Description of drawings
Fig. 1 is the schematic network structure of having disposed single-sign-on platform of the present utility model;
Fig. 2 shows the user management handling process of authentication server;
Fig. 3 shows the number of the account management processing flow process of number of the account management server;
Fig. 4 shows the handling process of authentification of user aggressive mode;
Fig. 5 shows the handling process of authentification of user Passive Mode;
Fig. 6 shows number of the account for filling out the flow process that the unit adopts aggressive mode to handle;
Fig. 7 shows number of the account for filling out the flow process that the unit adopts Passive Mode to handle;
Fig. 8 shows Condition Monitoring Unit and carries out the flow process that the user heavily differentiates processing.
Embodiment
As shown in Figure 2, with respect to the general networking structure, increased the single-sign-on platform of filling out based on number of the account generation 30 described in the utility model through improved network configuration, this single-sign-on platform 30 comprises the deployment that authentication server 34, number of the account management server 33 and number of the account generation are filled out unit 35.In typical deployed, authentication server 34 and number of the account management server 33 all are deployed as independent server, and this number of the account generation fills out on the client-server that unit 35 is deployed in client 20, as client-server 21,22.Single-sign-on platform 30 support is simplified to install and is implemented, and be about to authentication server 34 and number of the account management server 33 and all be deployed on the station server, but number of the account generation fills out on the client-server that unit 35 must be deployed in client 20.
The access control that single-sign-on platform 30 comes leading subscriber based on principal and subordinate's number of the account management mode.The user by the locked resource of preserving in the client-server access resources server before, at first must carry out primary account number authentication by authentication server 34, the user initiatively imports primary account number and master password; The user can directly use standard client instrument on the client-server 21,22 (as the WEB browser, perhaps other standard client software etc.) access resources server then; Perhaps the user uses client- server 21,22 to click the corresponding configuration item in the list of authorized resources that authentication server 34 provides and visits Resource Server with the standard client instrument that starts on the client-server.Being deployed in number of the account generation on the client-server fills out unit 35 and recognizes when needing generation fill out number of the account, from the service management unit of authentication server 34, discern the user by the primary account number sign, it is primary account number, and from the account management unit of number of the account management server 33, obtain the corresponding number of the account and the password of user's desire login Resource Server, promptly from number of the account with from password, number of the account realizes user's automatic login for filling out unit 35 automatically for filling out from number of the account with from password then.
As shown in Figure 2, keeper's service management unit of logining authentication server 34 is finished and is created user's (primary account number), deletion user, inquiring user and revise user management work such as user.
As shown in Figure 3, the number of the account management processing flow process of number of the account management server 33 is as follows:
1) rm-cell of keeper's login account management server carries out resource management action, comprises increasing, delete, change, looking into of resource;
2) account management unit of keeper's login account management server is carried out from the number of the account bookkeeping on concrete resource, comprises that number of the account is collected, number of the account is added, number of the account is deleted and account number cipher is reset;
3) keeper selectes concrete resource from number of the account, and obtains user's primary account number by principal and subordinate's dispensing unit of number of the account management server from the service management unit of authentication server, carries out the mandate of principal and subordinate's account relating then.
As shown in Figure 4, authentification of user aggressive mode handling process is as follows:
1) user based on the direct accesses identity certificate server of https WEB service, and sets up the escape way of 34 of client browser and authentication servers at client-server based on SSL;
2) after the user submitted user's primary account number authentication information to by client browser, the information of authentication unit in the inquiring user administrative unit of authentication server 34 was returned the tabulation of authentification of user result and resource authorization;
3) so far, user's primary account number authentication success can be visited and is authorized to the accessed resources server;
4) simultaneously, the real-time monitor user ' client of the Condition Monitoring Unit of authentication server 34, the user initiatively withdraws from, does not have for a long time operation or timely logging off users during improper rolling off the production line when detecting.
As shown in Figure 5, authentification of user Passive Mode handling process is as follows:
1) user uses standard client instrument (as WEB browser or other standard client software etc.) access resources server in client;
2) concrete Resource Server prompting user carries out the primary account number authentication, or the authentication unit that is redirected to authentication server 34 carries out authentication;
3) flow process afterwards is identical with above-mentioned " authentification of user aggressive mode handling process ".
As shown in Figure 6, number of the account is as follows for filling out the flow process that adopts aggressive mode to handle in the unit:
1) in the number of the account generation that is deployed on the client-server, filled out the behavior of unit active monitoring resource access, triggers following processing when the user access resources server;
2) whether number of the account is in line states for filling out the Condition Monitoring Unit inquiring user of unit to authentication server;
3) number of the account generation fill out the unit from the account management unit of number of the account management server, obtain the user be authorized to access resources from number of the account with from password;
4) number of the account is finished the single-sign-on resource system for filling out the unit automatically for filling out from number of the account with from password with assisted user.
As shown in Figure 7, number of the account is as follows for filling out the flow process that adopts Passive Mode to handle in the unit:
1) user initiatively carries out the primary account number authentication to the authentication unit of authentication server by client-server;
2) after the primary account number authentication was passed through, authentication server is inquiring user granted access resource information from the rm-cell of number of the account management server, and represents to the user;
3) user clicks concrete resource and comes sign-on access;
4) at this moment, authentication server is inquired about corresponding from number of the account with from password from the account management unit of number of the account management server;
5) authentication server notice number of the account is carried out number of the account for filling out for filling out the unit;
6) in number of the account generation, filled out unit starting standard client software, and finish number of the account generation and fill out, with assisted user single-sign-on access resources.
As shown in Figure 8, Condition Monitoring Unit is carried out the user and is differentiated that heavily the flow process of processing is as follows:
1) number of the account detects user's keyboard and mouse action in real time for filling out the unit;
2) when the user has activity in the stipulated time, number of the account regularly is in active state to the Condition Monitoring Unit report of user of authentication server for filling out the unit;
3) when the user does not have operation at the appointed time, number of the account is in stupefied state, Condition Monitoring Unit maintenance customer's presence for filling out the also instant report of user in unit; The user initiatively withdraws from, does not have for a long time operation or during improper rolling off the production line, Condition Monitoring Unit is in time notified the service management unit logging off users when detecting.
Being the utility model preferred embodiment only in sum, is not to be used for limiting practical range of the present utility model.Be that all equivalences of doing according to the content of the utility model claim change and modification, all should belong to technology category of the present utility model.
Claims (3)
1. a single-sign-on platform of filling out based on number of the account generation is characterized in that: comprise
Number of the account is used for being installed in client-server for filling out the unit;
Authentication server comprises the authentication unit that is used to manage the service management unit of primary account number information and is used to carry out authenticating user identification, and described authentication unit is connected with the service management unit communication, is used to obtain primary account number information; Described authentication unit is connected for filling out unit communications with number of the account; And,
The number of the account management server comprises the account management unit and the principal and subordinate's dispensing unit that is used to carry out primary account number and shine upon from account relating that are used to manage from number of the account, and communication is connected described principal and subordinate's dispensing unit with service management unit with account management unit.
2. single-sign-on platform according to claim 1 is characterized in that: described authentication server also comprises the Condition Monitoring Unit that is used for the monitor user ' state, and communication is connected described Condition Monitoring Unit with service management unit with the number of the account agent unit.
3. single-sign-on platform according to claim 1 and 2 is characterized in that, described authentication server and number of the account management server are deployed on the same server or are deployed in respectively on the server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201020534767XU CN201878190U (en) | 2010-09-19 | 2010-09-19 | Account filling-out-based single point login platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201020534767XU CN201878190U (en) | 2010-09-19 | 2010-09-19 | Account filling-out-based single point login platform |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN201878190U true CN201878190U (en) | 2011-06-22 |
Family
ID=44166098
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201020534767XU Expired - Lifetime CN201878190U (en) | 2010-09-19 | 2010-09-19 | Account filling-out-based single point login platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN201878190U (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103973681A (en) * | 2014-04-29 | 2014-08-06 | 上海上讯信息技术股份有限公司 | Secondary-layer password on-behalf filling method and module for operation and maintenance management auditing system |
| CN104517217A (en) * | 2014-11-24 | 2015-04-15 | 形山科技(深圳)有限公司 | Data processing method and terminal |
| CN105099984A (en) * | 2014-04-16 | 2015-11-25 | 百度在线网络技术(北京)有限公司 | Method and device for account intercommunication among APPs (applications) |
| CN105871878A (en) * | 2016-05-06 | 2016-08-17 | 张红军 | Login method and system |
| CN105933305A (en) * | 2016-04-18 | 2016-09-07 | 国网山东省电力公司信息通信公司 | Master-slave password management method for information system |
| CN106909826A (en) * | 2017-02-23 | 2017-06-30 | 北京天融信网络安全技术有限公司 | Password is for action and system |
| CN106936772A (en) * | 2015-12-29 | 2017-07-07 | ***通信集团湖南有限公司 | A kind of access method, the apparatus and system of cloud platform resource |
| CN106936759A (en) * | 2015-12-29 | 2017-07-07 | 航天信息股份有限公司 | A kind of single-point logging method, server and client |
| CN108259458A (en) * | 2017-09-30 | 2018-07-06 | 中国平安人寿保险股份有限公司 | Application software account relating method, apparatus and storage medium |
| CN110602074A (en) * | 2019-08-15 | 2019-12-20 | 中国人民银行数字货币研究所 | Service identity using method, device and system based on master-slave association |
| CN112866249A (en) * | 2021-01-18 | 2021-05-28 | 深信服科技股份有限公司 | Application login management method and device and storage medium |
-
2010
- 2010-09-19 CN CN201020534767XU patent/CN201878190U/en not_active Expired - Lifetime
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105099984A (en) * | 2014-04-16 | 2015-11-25 | 百度在线网络技术(北京)有限公司 | Method and device for account intercommunication among APPs (applications) |
| CN105099984B (en) * | 2014-04-16 | 2019-07-02 | 百度在线网络技术(北京)有限公司 | The method and apparatus of account intercommunication between a kind of APP |
| CN103973681A (en) * | 2014-04-29 | 2014-08-06 | 上海上讯信息技术股份有限公司 | Secondary-layer password on-behalf filling method and module for operation and maintenance management auditing system |
| CN103973681B (en) * | 2014-04-29 | 2018-12-28 | 上海上讯信息技术股份有限公司 | Two layers of password generation for operation management auditing system fills out method and system |
| CN104517217A (en) * | 2014-11-24 | 2015-04-15 | 形山科技(深圳)有限公司 | Data processing method and terminal |
| CN106936772A (en) * | 2015-12-29 | 2017-07-07 | ***通信集团湖南有限公司 | A kind of access method, the apparatus and system of cloud platform resource |
| CN106936759A (en) * | 2015-12-29 | 2017-07-07 | 航天信息股份有限公司 | A kind of single-point logging method, server and client |
| CN105933305A (en) * | 2016-04-18 | 2016-09-07 | 国网山东省电力公司信息通信公司 | Master-slave password management method for information system |
| CN105933305B (en) * | 2016-04-18 | 2019-01-04 | 国网山东省电力公司信息通信公司 | A kind of principal and subordinate's cipher management method of information system |
| CN105871878A (en) * | 2016-05-06 | 2016-08-17 | 张红军 | Login method and system |
| CN106909826B (en) * | 2017-02-23 | 2019-12-27 | 北京天融信网络安全技术有限公司 | Password substitution device and system |
| CN106909826A (en) * | 2017-02-23 | 2017-06-30 | 北京天融信网络安全技术有限公司 | Password is for action and system |
| CN108259458A (en) * | 2017-09-30 | 2018-07-06 | 中国平安人寿保险股份有限公司 | Application software account relating method, apparatus and storage medium |
| CN108259458B (en) * | 2017-09-30 | 2021-12-28 | 中国平安人寿保险股份有限公司 | Application software account correlation method and device and storage medium |
| CN110602074A (en) * | 2019-08-15 | 2019-12-20 | 中国人民银行数字货币研究所 | Service identity using method, device and system based on master-slave association |
| CN110602074B (en) * | 2019-08-15 | 2021-10-22 | 中国人民银行数字货币研究所 | Service identity using method, device and system based on master-slave association |
| CN112866249A (en) * | 2021-01-18 | 2021-05-28 | 深信服科技股份有限公司 | Application login management method and device and storage medium |
| CN112866249B (en) * | 2021-01-18 | 2023-11-07 | 深信服科技股份有限公司 | Application login management method, device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN201878190U (en) | Account filling-out-based single point login platform | |
| CN103795690B (en) | A kind of method, proxy server and the system of cloud access control | |
| CN103888265B (en) | A kind of application login system and method based on mobile terminal | |
| JP5522307B2 (en) | System and method for remote maintenance of client systems in electronic networks using software testing with virtual machines | |
| CN102771102B (en) | The network of distribute digital content and management method | |
| CN105991734B (en) | A kind of cloud platform management method and system | |
| CN110069941A (en) | A kind of interface access authentication method, apparatus and computer-readable medium | |
| CN108173850A (en) | A kind of identity authorization system and identity identifying method based on block chain intelligence contract | |
| CN109639723A (en) | A kind of micro services access method and server based on ERP system | |
| CN105262717A (en) | Network service security management method and device | |
| CN102045337A (en) | Apparatus and methods for managing network resources | |
| CN104636678B (en) | The method and system of management and control is carried out under a kind of cloud computing environment to terminal device | |
| CN104754582A (en) | Client and method for maintaining BYOD (Bring Your Own Device) safety | |
| CN110516454A (en) | Exchange method, system, device and the computer readable storage medium of more equipment | |
| CN105141580B (en) | A kind of resource access control method based on the domain AD | |
| CN105812480A (en) | Remote management device and remote management method for intelligent bulk grain carrier vehicle | |
| CN109150800A (en) | Login access method, system and storage medium | |
| CN109063423A (en) | application software authorization method and system | |
| CN101895442A (en) | Network quality active monitoring method and system in credible Internet | |
| CN101548263B (en) | Method and system for modeling options for opaque management data for a user and/or an owner | |
| CN103402195A (en) | Application processing method of enterprise-level mobile terminal and enterprise-level mobile application platform | |
| CN109587142A (en) | A kind of the data safety AM access module and equipment of service-oriented stream | |
| CN107483477B (en) | Account management method and account management system | |
| CN107105045B (en) | Convenient filling method and system for wired security terminal firmware | |
| CN103327490B (en) | Outlet the Internet WIFI accesses system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 101500 No. 66 West Tong Road, C District, Miyun Economic Development Zone, Beijing Patentee after: Mizhiyuan (Beijing) Call Industry Base Co., Ltd. Patentee after: Tianjin Rui digital security system Limited by Share Ltd Address before: 101500 No. 66 West Tong Road, C District, Miyun Economic Development Zone, Beijing Patentee before: Mizhiyuan (Beijing) Call Industry Base Co., Ltd. Patentee before: Guorui Digital Safety System Co., Ltd., Tianjin |
|
| CX01 | Expiry of patent term |
Granted publication date: 20110622 |
|
| CX01 | Expiry of patent term |