WO2023174006A1 - Service integration method and related device - Google Patents

Service integration method and related device Download PDF

Info

Publication number
WO2023174006A1
WO2023174006A1 PCT/CN2023/077165 CN2023077165W WO2023174006A1 WO 2023174006 A1 WO2023174006 A1 WO 2023174006A1 CN 2023077165 W CN2023077165 W CN 2023077165W WO 2023174006 A1 WO2023174006 A1 WO 2023174006A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
saas
server
idaas
service provider
Prior art date
Application number
PCT/CN2023/077165
Other languages
French (fr)
Chinese (zh)
Inventor
翁新瑜
Original Assignee
华为云计算技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN202210963797.XA external-priority patent/CN116828051A/en
Application filed by 华为云计算技术有限公司 filed Critical 华为云计算技术有限公司
Publication of WO2023174006A1 publication Critical patent/WO2023174006A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/567Integrating service provisioning from a plurality of service providers

Definitions

  • Embodiments of the present application relate to the field of computers, and in particular, to a service integration method and related equipment.
  • SaaS Software as a service
  • a user uses more than one SaaS application, especially when the user is an enterprise.
  • the enterprise user uses multiple SaaS applications, he or she needs to go to multiple SaaS to independently maintain enterprise information, organizational information, personnel information, and assign usage permissions.
  • the user can build it by himself or connect it to the cloud.
  • Identity as a service (IDaaS) for processing.
  • Unified IDaaS provides a set of centralized identity, permissions, and application management services. Users can uniformly manage multiple SaaS applications through IDaaS.
  • IDaaS and SaaS are two separate and separated services.
  • the matching of IDaaS and SaaS requires pre-customized development by the manufacturer. If IDaaS does not support a certain SaaS application and does not have corresponding interfaces or credentials, users cannot unify through IDaaS. manage.
  • Embodiments of this application provide a service integration method for realizing the integration of software as a service (SaaS) and identity as a service (IDaaS). Embodiments of this application also provide corresponding servers and computer-readable storage media.
  • the first aspect of this application provides a service integration method, which method includes: an identity-as-a-service IDaaS server obtains an application application, and the application application includes information about the software-as-a-service SaaS service provider;
  • the IDaaS server creates a service provider application based on the application application and allocates application credentials to the service provider application.
  • the application credentials are used by the SaaS service provider to create an interface on the SaaS server based on the application credentials for accessing the IDaaS server.
  • the service provider application is used to connect the SaaS service provider to the SaaS server. Associated with the tenant in the IDaaS server.
  • the SaaS server, IDaaS server and SaaS application market in this application run on general servers or cloud infrastructure. Users can use SaaS services through browsers, SaaS clients, etc. The browser or client runs on the user's terminal (such as mobile phone, tablet computer, TV box, etc.).
  • a SaaS service provider is an enterprise that provides SaaS services, specifically the staff or managers under the name of the SaaS enterprise.
  • the SaaS service provider can operate in the SaaS application market.
  • the SaaS service provider Before the SaaS service provider sends an application application to the IDaaS server, the SaaS service provider needs to enter the SaaS application market, that is, the SaaS service provider and the SaaS application The market completes operations such as real-name authentication and contract signing.
  • the SaaS service provider can create an application integrated with IDaaS in the SaaS application market.
  • the application integrated with IDaaS corresponds to the IDaaS server and can be understood as the IDaaS server's credentials.
  • the SaaS application market After the SaaS service provider opens a tenant on the IDaaS server, the SaaS application market can record the information of the integrated IDaaS.
  • the SaaS service provider can operate in the SaaS application market to send application applications to the IDaaS server.
  • the IDaaS server After the IDaaS server generates the application credentials, it returns the application credentials to the SaaS application market.
  • the SaaS service provider can obtain the application credentials through the SaaS application market.
  • the SaaS service provider can create an interface on the SaaS server based on the application credentials for accessing the IDaaS server. , that is, the SaaS service provider sends the application credentials to the SaaS server, and the SaaS server creates an interface for accessing the IDaaS server based on the application credentials, so that the SaaS server can access the IDaaS server based on the application credentials and interface, realizing the SaaS server and IDaaS server pre-integration.
  • the IDaaS server creates a service provider application based on the application application sent by the SaaS service provider, allocates application credentials to the service provider application, and sends the application credentials to the SaaS service provider, so that the SaaS service provider creates a service provider application on the SaaS server based on the application credentials.
  • the method also includes: the IDaaS server obtains the application information of the SaaS application purchased by the user, and the SaaS application is bound to the service provider application; the IDaaS server creates the user based on the service provider application and application information Application, user application is used to associate SaaS applications with tenants in the IDaaS server.
  • IDaaS can generate a user application corresponding to the SaaS application based on the service provider application, so that the SaaS application can use the capabilities of the IDaaS server, and the user can The SaaS server accesses the user application of the IDaaS server, which improves the achievability of the solution.
  • the method further includes: the IDaaS server obtains a login request initiated by the user, where the login request includes the identity of the user application; the IDaaS server verifies the login request based on the first relationship to generate authorization Information, the first relationship is used to record the relationship between user applications and service provider applications; the IDaaS server sends authorization information to the user so that the user can access the SaaS server based on the authorization information; the IDaaS server receives authorization information and application credentials from the SaaS server; IDaaS The server verifies the authorization information based on the application credentials and sends the verification results to the SaaS server.
  • the verification of the user login request can be completed between the IDaaS server and the SaaS server.
  • the IDaaS server creates the user application based on the service provider application and application information. Improved the achievability of the solution.
  • the method also includes: the IDaaS server obtains the test application; the IDaaS server creates a test application based on the test application, and records the second relationship between the test application and the service provider application; the IDaaS server based on Test users of the SaaS service provider test the test application.
  • a test application is created to verify the reliability of the pre-integration, thereby improving the reliability of the integration of SaaS and IDaaS.
  • the method further includes: the IDaaS server obtains and records modification information of the service provider application, and the modification information is generated by the SaaS service provider after modifying the configuration information of the service provider application.
  • the configuration information Including the calling path of the service provider application.
  • the SaaS service provider can modify the configuration information of the service provider's application in the SaaS application market, which improves the realizability of the solution.
  • the SaaS service provider accesses the IDaaS server and the SaaS server through the SaaS application market.
  • SaaS service providers can access IDaaS servers and SaaS servers through the SaaS application market, and use the SaaS application market as an intermediate platform to use flexible binding of SaaS and IDaaS.
  • the SaaS application market integrates SaaS services and IDaaS services. , reducing the complexity of system docking and improving the experience of SaaS service providers and service providers that provide IDaaS services.
  • the user accesses the IDaaS server and the SaaS server through a SaaS application market or a SaaS client.
  • the SaaS service provider accesses the IDaaS server and SaaS server through the SaaS application market, and uses the SaaS application market as an intermediate platform to use the flexibility of SaaS and IDaaS.
  • the SaaS application market integrates SaaS services and IDaaS services, reducing the complexity of system docking and improving user experience.
  • the orchestration logic of the SaaS application market is removed, reducing the cost
  • users can also perceive the details of the connection between SaaS and IDaaS.
  • the second aspect of this application provides a service integration method.
  • the method includes: the Software as a Service SaaS server obtains the application credentials sent by the SaaS service provider.
  • the application credentials are allocated by the Identity as a Service IDaaS server for the service provider application.
  • the service provider application is The IDaaS server is created based on the application application.
  • the application application includes the information of the SaaS service provider.
  • the service provider application is used to associate the SaaS service provider with the tenant in the IDaaS server.
  • the SaaS server creates an interface for accessing the IDaaS server based on the application credentials.
  • the method further includes: the SaaS server obtains authorization information sent by the user, the authorization information is generated by the IDaaS server verifying the login request based on the first relationship, and the first relationship is the user application The application relationship with the service provider application.
  • the user application is created by the IDaaS server based on the service provider application and application information.
  • the application information is the information of the SaaS application purchased by the user.
  • the SaaS application is bound to the service provider application.
  • the login request is initiated by the user.
  • the SaaS service provider accesses the IDaaS server and the SaaS server through the SaaS application market.
  • the user accesses the IDaaS server and the SaaS server through the SaaS application market or the SaaS client.
  • the method in the second aspect or any possible implementation of the first aspect provided in this application has the same beneficial effects as the method in the above-mentioned first aspect or any possible implementation of the first aspect.
  • a third aspect of this application provides a server for executing the method in the above first aspect or any possible implementation of the first aspect.
  • the server includes any optional server for performing the above first aspect or the first aspect.
  • Modules or units of methods in functional implementations such as: obtaining unit, creating unit, sending unit, verification unit, receiving unit and testing unit.
  • a fourth aspect of this application provides a server for executing the method in the above second aspect or any possible implementation of the second aspect.
  • the server includes modules or units for executing the method in the above-mentioned second aspect or any possible implementation of the second aspect, such as: an acquisition unit, a creation unit, a sending unit and a receiving unit.
  • a fifth aspect of this application provides a server, which includes a processor, a memory, and a computer-readable storage medium storing a computer program; the processor is coupled to the computer-readable storage medium, and the computer running on the processor executes instructions.
  • the server may also include an input/output (I/O) interface, and the computer-readable storage medium storing the computer program may be a memory.
  • a sixth aspect of this application provides a server, which includes a processor, a memory, and a computer-readable storage medium storing a computer program; the processor is coupled to the computer-readable storage medium, and the computer running on the processor executes instructions.
  • the server may also include an input/output (I/O) interface, and the computer-readable storage medium storing the computer program may be a memory.
  • a seventh aspect of the present application provides a computer-readable storage medium that stores one or more computer-executable instructions.
  • the processor executes the above-mentioned first aspect or any one of the possible methods of the first aspect. Ways to implement it.
  • An eighth aspect of the present application provides a computer-readable storage medium that stores one or more computer-executable instructions.
  • the processor executes the above second aspect or any one of the possible methods of the second aspect. Ways to implement it.
  • a ninth aspect of the present application provides a computer program product that stores one or more computer-executable instructions.
  • the processor executes the above-mentioned first aspect or any possible implementation of the first aspect. Methods.
  • a tenth aspect of the present application provides a computer program product that stores one or more computer execution instructions.
  • the processor executes the above second aspect or any of the possible implementations of the second aspect. Methods.
  • the chip system includes at least one processor and an interface.
  • the interface is used to receive data and/or signals.
  • the at least one processor is used to support a computer device to implement the above first aspect or the third aspect.
  • the chip system may also include a memory, which is used to store necessary program instructions and data for the computer device.
  • the chip system may be composed of chips, or may include chips and other discrete devices.
  • a twelfth aspect of the present application provides a chip system.
  • the chip system includes at least one processor and an interface.
  • the interface is used to receive data and/or signals.
  • the at least one processor is used to support computer equipment to implement the above second aspect or the third aspect.
  • the chip system may also include a memory, which is used to store necessary program instructions and data for the computer device.
  • the chip system may be composed of chips, or may include chips and other discrete devices.
  • the thirteenth aspect of this application provides a service integration system.
  • the system includes an IDaaS server and a SaaS server.
  • the IDaaS server is used to obtain an application application.
  • the application application includes information about the software as a service SaaS service provider; a service is created according to the application application.
  • the service provider application is used to associate the SaaS service provider with the tenant in the IDaaS server; the SaaS server is used to obtain the application credentials sent by the SaaS service provider; it is created based on the application credentials for access The interface of the IDaaS server.
  • the service integration system can implement the above-mentioned first aspect or any possible implementation method of the first aspect, and the above-mentioned second aspect or any possible implementation method of the second aspect.
  • a fourteenth aspect of the present application provides a computing device cluster, the computing device cluster includes at least one computing device, each computing device includes a processor and a memory; the processor of the at least one computing device is used to perform the at least one calculation Instructions stored in the memory of the device, so that the computing device cluster executes the method of the above-mentioned first aspect or any possible implementation of the first aspect.
  • a fifteenth aspect of the present application provides a computing device cluster.
  • the computing device cluster includes at least one computing device, each computing device includes a processor and a memory; the processor of the at least one computing device is used to perform the at least one calculation. Instructions stored in the memory of the device, so that the computing device cluster executes the method of the above second aspect or any possible implementation of the second aspect.
  • the IDaaS server creates a service provider application based on the application application sent by the SaaS service provider, allocates application credentials to the service provider application, and sends the application credentials to the SaaS service provider, so that the SaaS service provider can use the application credentials on the SaaS server based on the application credentials.
  • Figure 1 is a schematic diagram of an application scenario provided by an embodiment of this application.
  • FIGS. 2 to 10 are schematic diagrams of an embodiment of the service integration method provided by the embodiment of the present application.
  • Figure 11 is an architectural schematic diagram of the service integration method provided by the embodiment of the present application.
  • Figures 12-16 are schematic diagrams of another embodiment of the service integration method provided by the embodiment of the present application.
  • Figure 17 is a schematic diagram of a server provided by an embodiment of this application.
  • Figure 18 is a schematic diagram of another embodiment of the server provided by the embodiment of the present application.
  • Figure 19 is a schematic diagram of a computing device provided by an embodiment of the present application.
  • Figure 20 is a schematic diagram of another embodiment of the server provided by the embodiment of the present application.
  • Figure 21 is a schematic diagram of an embodiment of the service integration system provided by the embodiment of the present application.
  • Figure 22 is a schematic diagram of a computing device cluster provided by an embodiment of the present application.
  • Figure 23 is a schematic diagram of another embodiment of a computing device cluster provided by an embodiment of the present application.
  • exemplary means "serving as an example, example, or illustrative.” Any embodiment described herein as “exemplary” is not necessarily to be construed as superior or superior to other embodiments.
  • Embodiments of this application provide a service integration method for realizing the integration of software as a service (SaaS) and identity as a service (IDaaS). Embodiments of this application also provide corresponding servers and computer-readable storage media. Each is introduced in detail below.
  • SaaS service providers build all the network infrastructure, software, and hardware operation platforms required for informatization for enterprises, and are responsible for a series of services such as early implementation and later maintenance. Enterprises do not need to purchase software and hardware, build computer rooms, or recruit technical personnel.
  • the information system can be used via the Internet.
  • SaaS is a software layout model whose applications are designed for network delivery and are convenient for users to host, deploy and access through the Internet.
  • IDaaS is an identity service built on the cloud by utilizing cloud infrastructure.
  • the identity authentication platform of IDaaS can connect to SaaS services on the external network.
  • Single sign-on, multi-factor authentication, user rights management, application management and other methods are usually used to achieve secure access to multiple cloud resources. It can not only open up the entire network application for enterprises At the same time, it can also achieve unified management of identities and permissions within the enterprise.
  • the unified IDaaS capability provides a set of centralized identity, permissions, and application management services.
  • the cloud management platform provides access interfaces (such as interfaces or APIs). Tenants can operate the client to remotely access the access interface to register a cloud account and password on the cloud management platform, and log in to the cloud management platform.
  • the cloud management platform controls the cloud
  • the tenant can further select and purchase a virtual machine with specific specifications (processor, memory, disk) on the cloud management platform.
  • the cloud management platform provides remote login for the purchased virtual machine.
  • the client can log in to the virtual machine remotely and install and run tenant applications in the virtual machine. Therefore, tenants can create, manage, log in and operate virtual machines in the cloud data center through the cloud management platform.
  • virtual machines can also be called cloud servers (elastic compute service, ECS) and elastic instances.
  • Server 1 is a SaaS server.
  • SaaS application 1 is provided in virtual machine 1 and SaaS application 2 is provided in virtual machine 2.
  • the user purchases and uses SaaS at the same time.
  • Application 1 and SaaS application 2 server 2 is an IDaaS server, IDaaS service is provided in virtual machine 3, and the user purchased and used the IDaaS service.
  • server 1 and Server 2 are both user-oriented, and users want to manage all SaaS applications, but do not want to go to each SaaS application to provide identity security services, users can uniformly manage SaaS Application 1 and SaaS through the IDaaS service.
  • the SaaS application market may be used to implement the service integration method, or the SaaS application market may not be used, and the functions of the SaaS application market are carried by the IDaaS server.
  • the IDaaS server may be used to implement the service integration method, or the SaaS application market may not be used, and the functions of the SaaS application market are carried by the IDaaS server.
  • the service integration method can be divided into four stages, including:
  • the SaaS service provider pre-integrates IDaaS capabilities.
  • the SaaS service provider creates the service provider application in the SaaS application market, obtains the application identification and application credentials of the service provider application, maintains the configuration information of the service provider application, and according to the integration specifications of the SaaS application market, in the SaaS The ability to integrate IDaaS into the service.
  • This stage specifically includes the following steps:
  • the IDaaS server obtains the application application.
  • SaaS servers, IDaaS servers and SaaS application markets run on general servers or cloud infrastructure, such as Server 1 and Server 2 shown in Figure 1. Users can use SaaS services through browsers, SaaS clients (such as the client shown in Figure 1), etc. The browser or client runs on the user's terminal (such as mobile phone, tablet computer, TV box, etc.).
  • a SaaS service provider is an enterprise that provides SaaS services, specifically the staff or managers under the name of the SaaS enterprise.
  • the SaaS service providers can operate in the SaaS application market.
  • the application application includes the information of the SaaS service provider. That is, the application application can be sent by the SaaS service provider to the IDaaS server through the SaaS application market.
  • the SaaS service provider sends it to the IDaaS server through the SaaS application market.
  • the SaaS service provider needs to register in the SaaS application market. That is, the SaaS service provider and the SaaS application market complete real-name authentication and contract signing.
  • the SaaS service provider can initiate an application application to the SaaS application market and create an integration in the SaaS application market.
  • the application integrated with IDaaS corresponds to the IDaaS server and can be understood as the IDaaS server's credentials.
  • the SaaS service provider if it has not yet opened a tenant for the IDaaS server, it needs to activate it.
  • the SaaS service provider sends a tenant activation application to the IDaaS server through the SaaS application market. After the IDaaS server confirms that the SaaS service provider has opened a tenant, it sends a tenant activation request to the SaaS server.
  • the application market returns confirmation information.
  • the SaaS application market can record the information of the integrated IDaaS.
  • the SaaS service provider can operate in the SaaS application market to send application applications to the IDaaS server.
  • the IDaaS server creates a service provider application based on the application application, and allocates application credentials to the service provider application.
  • the IDaaS server After the IDaaS server receives the application application sent by the SaaS application market, it will create a service provider application based on the application application.
  • This service provider application is used to associate the SaaS service provider with the tenants in the IDaaS server. It can also be understood as the SaaS service provider in IDaaS.
  • the application identification in the server that is, the service provider application is the binding credential of the SaaS service provider in the IDaaS server.
  • the IDaaS server After the IDaaS server creates the service provider application, it will also allocate application credentials to the service provider application. The application credentials need to be obtained by the IDaaS server.
  • the application credentials can be understood as the credentials or identity used by the SaaS service provider to access the IDaaS server.
  • the IDaaS server sends the application credentials to the SaaS application market.
  • the SaaS server creates an interface for accessing the IDaaS server based on the application credentials.
  • the IDaaS server After the IDaaS server generates the application credentials, it returns the application credentials to the SaaS application market.
  • the SaaS service provider can obtain the application credentials through the SaaS application market.
  • the SaaS service provider can create an interface on the SaaS server based on the application credentials for accessing the IDaaS server. , that is, the SaaS service provider sends the application credentials to the SaaS server, and the SaaS server creates an interface for accessing the IDaaS server based on the application credentials, so that the SaaS server can access the IDaaS server based on the application credentials and interface, realizing the SaaS server and IDaaS server pre-integration.
  • the SaaS service provider can modify the configuration information of the service provider application in the SaaS application market and verify the reliability of the pre-integration.
  • the IDaaS server obtains and records the modification information of the service provider's application.
  • the SaaS service provider modifies the configuration information of the service provider's application in the SaaS application market, that is, modifies the calling path of the service provider's application.
  • the SaaS application market records the modified configuration information, it generates the corresponding modification information and sends it to the IDaaS server, which records it.
  • the modification information generates a new application credential and returns it to the SaaS application market, notifying the SaaS application market that the modification is successful, and the SaaS service provider can obtain the new application credential from the SaaS application market.
  • the IDaaS server obtains the test application.
  • the IDaaS server creates a test application according to the test application.
  • the IDaaS server tests the test application based on test users from the SaaS service provider.
  • the SaaS service provider creates a test account in the SaaS application market.
  • the SaaS application market sends a test application to the IDaaS server based on the test account.
  • the IDaaS server After the IDaaS server obtains the test application, it will create a corresponding test application based on the previously created service provider application. Test the application and record the second relationship between the test application and the service provider application. That is, the IDaaS server will record that the test application is an application created based on the service provider application for testing the service provider application.
  • the IDaaS server will also notify the SaaS application market of the creation of the test application. Success. At this time, the SaaS service provider can apply for a test user in the SaaS application market.
  • the IDaaS server After receiving the test user application from the SaaS service provider, the IDaaS server creates the corresponding test user, records the relationship between the test user and the test application, and transfers the test user to Returning to the SaaS application market, the SaaS service provider authorizes the test user to use the test application in the SaaS application market, that is, based on the test user, the SaaS application market accesses the test application of the IDaaS server.
  • the IDaaS server verifies whether the test account can access the test application and reports to the SaaS application market.
  • the SaaS application market returns verification results, that is, test results.
  • the SaaS service provider can confirm the test results from the SaaS application market to verify the reliability of the pre-integration.
  • the SaaS server synchronizes information with the SaaS application market.
  • the SaaS service provider needs to provide an interface for synchronizing information according to the integration requirements. That is, the SaaS service provider needs to synchronize information with the SaaS server through the SaaS application market.
  • the synchronized information includes tenant information, application information and authorization information.
  • the tenant The information includes instance ID, tenant ID, organization ID, domain name assigned to the user, and order ID from the SaaS application market, where the instance ID is the SaaS service.
  • the tenant ID is the tenant ID assigned to the user by the SaaS application market.
  • the organization ID is the ID or number of the user's organizational department.
  • the application information includes instance ID, tenant ID, application ID (app ID) and Application configuration information (config), authorization information includes instance ID, tenant ID, application Use ID, organization ID, user list and synchronization time (syctime).
  • Phase 2 (shown in Figure 5) is to launch the SaaS application in the SaaS application market.
  • phase two the user purchases a SaaS application that is pre-integrated with IDaaS in the SaaS application market.
  • the SaaS application market determines whether the user has a tenant instance of IDaaS. If it has not been created, if so, it skips this step and installs it under the tenant. Add the corresponding user application and identify that the user application is generated based on the service provider application. This stage specifically includes the following steps:
  • the SaaS server synchronizes information with the SaaS application market.
  • the SaaS service provider After the SaaS service provider completes the pre-integration of the SaaS server and the IDaaS server, it can launch the SaaS application in the SaaS application market. Specifically, the SaaS service provider submits a SaaS application application in the SaaS application market and selects the corresponding service provider application for the application application. That is, if you select the service provider application created on the IDaaS server in Phase 1, the SaaS application market will save the application application and record the relationship between the SaaS application and the server application. Before the SaaS application market reviews the SaaS application and puts it on the shelf, it will verify the synchronization provided by the SaaS service provider.
  • the interface has been debugged, that is, the tenant information, application information and authorization information are synchronized with the SaaS server.
  • the SaaS application market passes the review of the SaaS application, the SaaS application is completed on the SaaS application market.
  • stage three users purchase SaaS applications in the SaaS application market.
  • phase three users perform IDaaS identity management, and users perform IDaaS identity management in the SaaS application market, including creating organizations, departments, permission management, etc.
  • This stage specifically includes the following steps:
  • the SaaS server opens a SaaS instance.
  • the SaaS server associates the organizational information selected by the user to the SaaS instance.
  • the SaaS application market calls the SaaS service provider's interface to the SaaS server and sends a request to the SaaS server, causing the SaaS server to open a SaaS instance of the SaaS application.
  • users can create an organization through the SaaS application market and associate the organization information with the SaaS instance.
  • the organization selected by the user has not opened a tenant on IDaaS
  • the user can open a tenant on the IDaaS server through the SaaS application market.
  • the IDaaS server obtains the application information of the SaaS application purchased by the user.
  • the IDaaS server creates a user application based on the service provider application and application information.
  • the IDaaS server can obtain the application information of the SaaS application from the SaaS application market. Since the SaaS application is bound to the service provider application, the IDaaS server can be created based on the service provider application and application information.
  • User application and record the first relationship between the user application and the service provider application. That is, the user application is used to associate the SaaS application with the tenant in the IDaaS server. It can also be understood that the user application is the binding of the SaaS application in the IDaaS server tenant. The first relationship is used to record the relationship between the user application and the service provider application.
  • the IDaaS server will record that the user application is a service provider application created for the SaaS application, and then the IDaaS server will record the relationship between the user application and the service provider application. User application information will be returned to the SaaS application market.
  • the SaaS server and the SaaS application market synchronize information.
  • the SaaS server After the IDaaS server creates the user application, the SaaS server also needs to synchronize information with the SaaS application market so that the user can access the user application of the IDaaS server through the SaaS server.
  • the user can maintain the organization information and personnel information. That is, in the SaaS application market, the user adds sub-departments under the organization, adds personnel to the sub-departments, and adds the The user application sets the visibility range and different authorizations for different sub-departments and personnel, and then the SaaS server synchronizes the authorization information with the SaaS application market.
  • Stage four (shown in Figure 9), users use SaaS services.
  • phase four users use SaaS applications, and users authorized by IDaaS can use the SAAS service.
  • This stage specifically includes the following steps:
  • the IDaaS server obtains the login request initiated by the user.
  • the IDaaS server verifies the login request based on the first relationship to generate authorization information.
  • the IDaaS server sends the authorization information to the SaaS client so that the user can access the SaaS server based on the authorization information.
  • the user can initiate a login request to the SaaS instance on the SaaS server through the SaaS client corresponding to the SaaS application.
  • the login request includes the user application identifier, the SaaS server Based on the login request, the SaaS login page integrated with IDaaS will be returned to the SaaS client.
  • the SaaS client After the user clicks to log in, the SaaS client will query the tenant information of the SaaS server to see whether the login information is a tenant.
  • the SaaS client will carry the user application identification generated when the user purchases the SaaS application to initiate a login to the IDaaS server. After the user enters the login information (account password, etc.) on the SaaS client, it will be sent to the IDaaS server.
  • IDaaS The server verifies the login information based on the first relationship, that is, the IDaaS server verifies the application identification based on the first relationship, verifies the login information entered by the user, and returns the login authorization information to the SaaS client after passing the verification.
  • the IDaaS server receives the authorization information and application credentials from the SaaS server.
  • the IDaaS server verifies the authorization information based on the application credentials, and sends the verification result to the SaaS server.
  • the SaaS client After receiving the authorization information returned by the IDaaS server, the SaaS client will carry the authorization information to request SaaS services from the SaaS server.
  • the SaaS server will carry the application credentials and the authorization information to the IDaaS server to verify the validity of the authorization information.
  • the IDaaS server verifies Does the application credential have the authority to access user information under the user application? If so, the authorization information is verified and the IDaaS server returns the user number to the SaaS server.
  • the SaaS server determines whether the user corresponding to the user number has the right to access SaaS based on the authorization information.
  • the permissions of the service If it has permissions, the SaaS server generates a session ID and returns the session ID to the SaaS client. At this time, the user logs in successfully and the user can access other functions of the SaaS service based on the session ID and use the SaaS service.
  • the IDaaS server is based on the SaaS service.
  • Create a service provider application based on the application application sent by the service provider, allocate application credentials to the service provider application, and send the application credentials to the SaaS service provider so that the SaaS service provider can create an interface on the SaaS server based on the application credentials for accessing the IDaaS server.
  • This interface can realize the integration of SaaS and IDaaS.
  • key processes such as listing, purchase, and certification can be realized.
  • Tenants who purchase SaaS applications can perceive functional changes, and developers of SaaS applications can perceive interface changes, configuration information, etc.
  • IDaaS has the key technical support of SaaS. Supports the association between service provider applications and user applications generated based on service provider applications. From the user's perspective, the user purchases a SaaS application, the system automatically instantiates the SaaS application on IDaaS, associates the user's tenant information, and the user enters SaaS On the application market page, you can perform various IDaaS operations on the services you purchased, such as creating organizations, departments, permission management, etc.; from the perspective of SaaS application developers, developers need to pre-integrate (achieve docking) with IDaaS, and the system will Provide interfaces for both sides to allow them to communicate smoothly in all aspects. Moreover, various configuration information of SaaS applications can be templated. When a SaaS application migrates a server, it only needs to update certain fields in the template to realize server migration, without affecting the IDaaS server or user side, thus bringing about Beneficial effects include but are not limited to the following:
  • the IDaaS server distinguishes existing user applications by introducing service provider applications, can identify application transaction application scenarios, and flexibly supports SaaS service provider docking;
  • the SaaS application market integrates SaaS services and IDaaS services, reducing the complexity of system docking and improving SaaS service providers and services that provide IDaaS services. business experience;
  • SaaS service providers carry out application transformation and upgrades (such as application server relocation, capacity expansion, etc.) without affecting the user side, and at the same time access more users through the SaaS market.
  • SaaS application market Some functions of the SaaS application market are converted to be hosted by the IDaaS server, and both SaaS service providers and users are converted to interact with the IDaaS server.
  • SaaS application transactions can be completed offline, or completed separately in the SaaS application market, without using SaaS
  • some specific implementation details may refer to the aforementioned scenario of using the SaaS application market, and the embodiments of this application will not be repeated here.
  • the service integration method can be divided into three stages, including:
  • the IDaaS server obtains the application application.
  • the IDaaS server creates a service provider application based on the application application, and allocates application credentials to the service provider application.
  • the SaaS service provider has completed the tenant activation on the IDaaS server in advance, and the application application includes the SaaS service provider’s information.
  • Information that is, the application application can be sent by the SaaS service provider to the IDaaS server through the SaaS application market.
  • the SaaS service provider can directly initiate an application application to the IDaaS server, so that the IDaaS server can create the service provider application based on the application application and apply it to the service provider.
  • the service provider application is used to associate the SaaS service provider with the tenant in the IDaaS server. It can also be understood as the binding credentials of the SaaS service provider in the IDaaS server.
  • the application credential needs to be returned to the SaaS service provider by the IDaaS server, which is used by the SaaS service provider to create an interface on the SaaS server for accessing the IDaaS server based on the application credential.
  • the application credential can be understood as the credential or identity used by the SaaS service provider to access the IDaaS server. logo.
  • the IDaaS server sends the application credentials to the SaaS service provider, so that the SaaS service provider creates an interface on the SaaS server for accessing the IDaaS server based on the application credentials.
  • the IDaaS server After the IDaaS server allocates application credentials to the service provider's application, it will send the application credentials to the SaaS service provider. For example, after the IDaaS server generates the application credentials, it will separately pass the application credentials to the SaaS service provider through offline or other online methods.
  • the SaaS service provider Based on the application credentials, an interface for accessing the IDaaS server can be created on the SaaS server.
  • the SaaS service provider can modify the configuration information of the service provider application and perform pre-integration The reliability is verified.
  • the SaaS service provider modifies the configuration information of the service provider application on the IDaaS server, and the IDaaS server obtains and records the modification information of the service provider application, where the modification information is generated by the SaaS service provider after modifying the configuration information of the service provider application.
  • the configuration information Including the calling path of the service provider's application, the IDaaS server can also maintain organizational information, maintenance personnel information, etc.
  • the IDaaS server can also obtain the test application sent by the SaaS service provider.
  • the IDaaS server creates a test application based on the test application and records the second relationship between the test application and the service provider application. That is, the IDaaS server performs testing on the test application based on test users from the SaaS service provider.
  • the test creates a test application based on the service provider application.
  • the SaaS service provider can maintain the application authorization on the IDaaS server, that is, complete the authorization of its own tenant's organizational information, personnel information and service provider application.
  • the IDaaS server and the SaaS server synchronize information. Synchronize information Including tenant information, application information and authorization information.
  • Phase 2 (shown in Figure 14), the user completes SaaS application management and configuration on the IDaaS server:
  • the IDaaS server obtains the application information of the SaaS application purchased by the user.
  • the user has completed the tenant activation on the IDaaS server in advance and can use the functions of the IDaaS server.
  • the purchase of SaaS applications can be completed by the user offline or offline.
  • the verification logic of the SaaS application can be completed by the IDaaS server and the SaaS server respectively.
  • SaaS applications are bound to service provider applications.
  • the IDaaS server creates a user application based on the service provider application and application information.
  • the IDaaS server After the IDaaS server obtains the application information of the SaaS application, it supports configuring the user to use the service provider application to create a user application corresponding to the SaaS application.
  • the SaaS application can also notify the IDaaS server to complete the creation of the user application.
  • the user application is used to combine the SaaS application with the SaaS application.
  • the tenant association in the IDaaS server can also be understood as the binding credentials of the SaaS application in the IDaaS server tenant.
  • the first relationship is used to record the relationship between the user application and the service provider application, that is, the IDaaS server will also record the user application and the service provider application.
  • the application relationship is to record the above first relationship, and then the IDaaS server will return the application information to the user.
  • the IDaaS server and the SaaS server synchronize information.
  • the IDaaS server after the IDaaS server creates the user application, the IDaaS server also needs to synchronize information with the SaaS server so that the user can access the user application of the IDaaS server through the SaaS server.
  • the user after synchronizing tenant information and application information, the user can maintain organizational information and personnel information, that is, the user maintains organizational information, personnel information, application authorization and other information in the IDaaS server, and then the SaaS server Synchronize authorization information with SaaS application market.
  • the IDaaS server obtains the login request initiated by the user.
  • the IDaaS server verifies the login request based on the first relationship to generate authorization information.
  • the IDaaS server sends the authorization information to the SaaS client so that the user can access the SaaS server based on the authorization information.
  • the user can initiate a login request to the SaaS instance on the SaaS server through the SaaS client corresponding to the SaaS application.
  • the login request includes the user application identifier, the SaaS server Based on the login request, the SaaS login page integrated with IDaaS will be returned to the SaaS client.
  • the SaaS client After the user clicks to log in, the SaaS client will query the tenant information of the SaaS server to see whether the login information is a tenant.
  • the SaaS client will carry the user application identification generated when the user purchases the SaaS application to initiate a login to the IDaaS server. After the user enters the login information (account password, etc.) on the SaaS client, it will be sent to the IDaaS server.
  • IDaaS The server verifies the login information based on the first relationship, that is, the IDaaS server verifies the application identification based on the first relationship, verifies the login information entered by the user, and returns the login authorization information to the SaaS client after passing the verification.
  • the IDaaS server receives the authorization information and application credentials from the SaaS server.
  • the IDaaS server verifies the authorization information based on the application credentials, and sends the verification result to the SaaS server.
  • the SaaS client After receiving the authorization information returned by the IDaaS server, the SaaS client will carry the authorization information to request SaaS services from the SaaS server.
  • the SaaS server will carry the application credentials and the authorization information to the IDaaS server to verify the validity of the authorization information.
  • the IDaaS server verifies Does the application credential have the authority to access user information under the user application? If so, the authorization information is verified and the IDaaS server returns the user number to the SaaS server.
  • the SaaS server determines whether the user corresponding to the user number has the right to access SaaS based on the authorization information.
  • the permissions of the service If it has permissions, the SaaS server generates a session ID and returns the session ID to the SaaS client. At this time, the user logs in successfully and the user can access other functions of the SaaS service based on the session ID and use the SaaS service.
  • the orchestration logic of the SaaS application market is also removed, reducing the cost of service integration. Users can also perceive the details of the connection between SaaS and IDaaS. .
  • an embodiment of the server 1700 provided by the embodiment of this application includes:
  • the acquisition unit 1701 is used to acquire an application application, which includes information about the software as a service SaaS provider; the acquisition unit 1701 can perform step 211 in the above method embodiment.
  • the creation unit 1702 is used to create a service provider application according to the application application, and allocate application credentials to the service provider application.
  • the application credentials are used by the SaaS service provider to create an interface on the SaaS server for accessing the IDaaS server based on the application credentials.
  • the service provider application is used for Associate the SaaS service provider with the tenant in the IDaaS server; the creation unit 1702 can perform step 212 in the above method embodiment.
  • the sending unit 1703 is used to send the application credentials to the SaaS service provider.
  • the sending unit 1703 may perform step 213 in the above method embodiment.
  • the creation unit 1702 creates a service provider application according to the application application sent by the SaaS service provider, and allocates application credentials to the service provider application.
  • the sending unit 1703 sends the application credentials to the SaaS service provider, so that the SaaS service provider can
  • the credentials create an interface on the SaaS server for accessing the IDaaS server, through which the integration of SaaS and IDaaS can be achieved.
  • the acquisition unit 1701 is also used to obtain the application information of the SaaS application purchased by the user, and the SaaS application is bound to the service provider application; the creation unit 1702 is also used to create a user application based on the service provider application and application information, and the user application is used to Associate the SaaS application with the tenant in the IDaaS server.
  • the server 1700 also includes a verification unit 1704 and a receiving unit 1705.
  • the obtaining unit 1701 is also used to obtain a login request initiated by the user.
  • the login request includes the identification of the user application;
  • the verification unit 1704 is used to verify the login request based on the first relationship. Verification is performed to generate authorization information.
  • the first relationship is used to record the relationship between the user application and the service provider application;
  • the sending unit 1703 is also used to send the authorization information to the user so that the user can access the SaaS server based on the authorization information;
  • the receiving unit 1705 uses For receiving authorization information and application credentials from the SaaS server;
  • the verification unit 1704 is also used for verifying the authorization information based on the application credentials, and sending the verification result to the SaaS server.
  • the server 1700 also includes a testing unit 1706.
  • the obtaining unit 1701 is also used to obtain a test application;
  • the creation unit 1702 is also used to create a test application according to the test application and record the second relationship between the test application and the service provider application;
  • test Unit 1706 is used to test the test application based on test users from the SaaS service provider.
  • the acquisition unit 1701 is also used to obtain and record the modification information of the service provider application.
  • the modification information is generated by the SaaS service provider after modifying the configuration information of the service provider application.
  • the configuration information includes the calling path of the service provider application.
  • the SaaS service provider accesses the IDaaS server and SaaS server through the SaaS application market.
  • users access the IDaaS server and SaaS server through the SaaS application market or SaaS client.
  • the server 1700 provided in the embodiment of this application can be understood by referring to the corresponding content of the foregoing service integration method embodiment, and the details will not be repeated here.
  • the obtaining unit 1701, the creating unit 1702, the sending unit 1703, etc. can all be implemented by software, or can be implemented by hardware.
  • the following takes the acquisition unit 1701 as an example to introduce the implementation of the acquisition unit 1701.
  • the implementation of the creation unit 1702 and the sending unit 1703 may refer to the implementation of the acquisition unit 1701.
  • the acquisition unit 1701 may include code running on a computing instance.
  • the computing instance may include at least one of a physical host (computing device), a virtual machine, and a container.
  • the above computing instance may be one or more.
  • the acquisition unit 1701 may include running on multiple hosts/virtual machines /code on the container.
  • multiple hosts/virtual machines/containers used to run the code can be distributed in the same region (region) or in different regions.
  • multiple hosts/virtual machines/containers used to run the code can be distributed in the same availability zone (AZ) or in different AZs.
  • Each AZ includes one data center or multiple AZs. geographically close data centers. Among them, usually a region can include multiple AZs.
  • the multiple hosts/VMs/containers used to run the code can be distributed in the same virtual private cloud (VPC), or across multiple VPCs.
  • VPC virtual private cloud
  • Cross-region communication between two VPCs in the same region and between VPCs in different regions requires a communication gateway in each VPC, and the interconnection between VPCs is realized through the communication gateway. .
  • the acquisition unit 1701 may include at least one computing device, such as a server.
  • the acquisition unit 1701 may also be a device implemented using an application-specific integrated circuit (ASIC) or a programmable logic device (PLD).
  • ASIC application-specific integrated circuit
  • PLD programmable logic device
  • the above-mentioned PLD can be a complex programmable logical device (CPLD), a field-programmable gate array (field-programmable gate array, FPGA), a general array logic (generic array logic, GAL), or any combination thereof.
  • CPLD complex programmable logical device
  • FPGA field-programmable gate array
  • GAL general array logic
  • Multiple computing devices included in the acquisition unit 1701 may be distributed in the same region or in different regions. Multiple computing devices included in the acquisition unit 1701 may be distributed in the same AZ or in different AZs. Similarly, multiple computing devices included in the acquisition unit 1701 may be distributed in the same VPC or in multiple VPCs.
  • the plurality of computing devices may be any combination of computing devices such as servers, ASICs, PLDs, CPLDs, FPGAs, and GALs.
  • the acquisition unit 1701 can be used to execute any steps in the service integration method
  • the B module can be used to execute any steps in the service integration method
  • the C module can be used to execute any steps in the service integration method. Any steps of the acquisition unit 1701, the creation unit 1702, and the sending unit 1703 can be specified as needed.
  • the acquisition unit 1701, the creation unit 1702, and the sending unit 1703 respectively implement different steps in the service integration method to implement the server. Full functionality of the 1700.
  • FIG. 18 another embodiment of the server 1800 provided by the embodiment of this application includes:
  • the acquisition unit 1801 is used to obtain the application credentials sent by the SaaS service provider.
  • the application credentials are allocated by the identity-as-a-service IDaaS server for the service provider application.
  • the service provider application is created by the IDaaS server according to the application application.
  • the application application includes the SaaS service provider's application credentials.
  • Information, the service provider application is used to associate the SaaS service provider with the tenant in the IDaaS server; the acquisition unit 1801 can perform step 213 in the above method embodiment.
  • the creation unit 1802 is configured to create an interface for accessing the IDaaS server according to the application credentials.
  • the creation unit 1802 may perform step 214 in the above method embodiment.
  • the service provider application is created according to the application application sent by the SaaS service provider, and application credentials are assigned to the service provider application, and the application credentials are sent to the SaaS service provider so that the creation unit 1802 creates an interface for accessing the IDaaS server. , through this interface, the integration of SaaS and IDaaS can be achieved.
  • the server 1800 also includes a sending unit 1803 and a receiving unit 1804.
  • the obtaining unit 1801 is also used to obtain authorization information sent by the user.
  • the authorization information is used by the IDaaS server to verify the login request based on the first relationship.
  • Generated, the first relationship is the application relationship between the user application and the service provider application.
  • the user application is created by the IDaaS server based on the service provider application and application information.
  • the application information is the information of the SaaS application purchased by the user.
  • the SaaS application is bound to the service provider application. It is determined that the login request is a request initiated by the user and includes the identification of the user application.
  • the user application is used to associate the SaaS application with the tenant in the IDaaS server; the sending unit 1803 is used to send authorization information and application credentials to the IDaaS server so that The IDaaS server verifies the authorization information based on the application credentials and obtains the verification result; the receiving unit 1804 is used to receive the verification result from the IDaaS server.
  • the SaaS service provider accesses the IDaaS server and SaaS server through the SaaS application market.
  • users access the IDaaS server and SaaS server through the SaaS application market or SaaS client.
  • the server 1800 provided in the embodiment of this application can be understood by referring to the corresponding content of the foregoing service integration method embodiment, and will not be repeated here.
  • the acquisition unit 1801, the creation unit 1802, etc. can be implemented by software, or can be implemented by hardware.
  • the following takes the acquisition unit 1801 as an example to introduce the implementation of the acquisition unit 1801.
  • the implementation of the creation unit 1802 may refer to the implementation of the acquisition unit 1801.
  • the acquisition unit 1801 may include code running on a computing instance.
  • the computing instance may include at least one of a physical host (computing device), a virtual machine, and a container.
  • the above computing instance may be one or more.
  • the acquisition unit 1801 may include code running on multiple hosts/virtual machines/containers. It should be noted that multiple hosts/virtual machines/containers used to run the code can be distributed in the same region (region) or in different regions. Furthermore, multiple hosts/virtual machines/containers used to run the code can be distributed in the same availability zone (AZ) or in different AZs. Each AZ includes one data center or multiple AZs. geographically close data centers. Among them, usually a region can include multiple AZs.
  • the multiple hosts/VMs/containers used to run the code can be distributed in the same virtual private cloud (VPC), or across multiple VPCs.
  • VPC virtual private cloud
  • Cross-region communication between two VPCs in the same region and between VPCs in different regions requires a communication gateway in each VPC, and the interconnection between VPCs is realized through the communication gateway. .
  • the acquisition unit 1801 may include at least one computing device, such as a server.
  • the acquisition unit 1801 may also be a device implemented using an application-specific integrated circuit (ASIC) or a programmable logic device (PLD).
  • ASIC application-specific integrated circuit
  • PLD programmable logic device
  • the above-mentioned PLD can be a complex programmable logical device (CPLD), a field-programmable gate array (field-programmable gate array, FPGA), a general array logic (generic array logic, GAL), or any combination thereof.
  • CPLD complex programmable logical device
  • FPGA field-programmable gate array
  • GAL general array logic
  • Multiple computing devices included in the acquisition unit 1801 may be distributed in the same region or in different regions. Multiple computing devices included in the acquisition unit 1801 may be distributed in the same AZ or in different AZs. Similarly, multiple computing devices included in the acquisition unit 1801 may be distributed in the same VPC or in multiple VPCs.
  • the plurality of computing devices may be any combination of computing devices such as servers, ASICs, PLDs, CPLDs, FPGAs, and GALs.
  • the acquisition unit 1801 can be used to execute any of the service integration methods.
  • the creation unit 1802 can be used to execute any step in the service integration method.
  • the steps responsible for implementation by the acquisition unit 1801 and the creation unit 1802 can be specified as needed.
  • the acquisition unit 1801 and the creation unit 1802 implement different steps in the service integration method respectively. To realize all functions of server 1800.
  • computing device 1900 includes: bus 1902, processor 1904, memory 1906, and communication interface 1908.
  • the processor 1904, the memory 1906 and the communication interface 1908 communicate through a bus 1902.
  • Computing device 1900 may be a server or terminal device. It should be understood that this application does not limit the number of processors and memories in the computing device 1900.
  • the bus 1902 may be a peripheral component interconnect (PCI) bus or an extended industry standard architecture (EISA) bus, etc.
  • PCI peripheral component interconnect
  • EISA extended industry standard architecture
  • the bus can be divided into address bus, data bus, control bus, etc. For ease of presentation, only one line is used in Figure 19, but it does not mean that there is only one bus or one type of bus.
  • Bus 1904 may include a path that carries information between various components of computing device 1900 (eg, memory 1906, processor 1904, communications interface 1908).
  • the processor 1904 may include a central processing unit (CPU), a graphics processing unit (GPU), a microprocessor (MP) or a digital signal processor (DSP). any one or more of them.
  • CPU central processing unit
  • GPU graphics processing unit
  • MP microprocessor
  • DSP digital signal processor
  • Memory 1906 may include volatile memory, such as random access memory (RAM).
  • the processor 1904 may also include non-volatile memory (non-volatile memory), such as read-only memory (ROM), flash memory, mechanical hard disk drive (hard disk drive, HDD) or solid state drive (solid state drive). drive, SSD).
  • ROM read-only memory
  • HDD hard disk drive
  • SSD solid state drive
  • the memory 1906 stores executable program code, and the processor 1904 executes the executable program code to realize the functions of the aforementioned acquisition unit and creation unit respectively, thereby realizing the service integration method. That is, the memory 1906 stores instructions for executing the service integration method.
  • executable code is stored in the memory 1906, and the processor 1904 executes the executable code to respectively implement the functions of the aforementioned SaaS server or IDaaS server, thereby implementing the service integration method. That is, the memory 1906 stores instructions for executing the service integration method.
  • the communication interface 1903 uses transceiver modules such as, but not limited to, network interface cards and transceivers to implement communication between the computing device 1900 and other devices or communication networks.
  • the server 2000 includes: a hardware layer 2001 and a virtual machine (virtual machine, VM) layer 2002.
  • the VM layer may include one or more VMs.
  • the hardware layer 2001 provides hardware resources for the VM and supports the operation of the VM. The functions of the VM and the processes related to this application can be understood by referring to the corresponding description of the above method accident library.
  • the hardware layer 2001 includes hardware resources such as processors, communication interfaces, and memories.
  • the processor may include a CPU.
  • This application also provides a service integration system, as shown in Figure 21, including:
  • the IDaaS server is used to obtain an application application.
  • the application application includes information about the software as a service SaaS service provider; creates a service provider application based on the application application and allocates application credentials to the service provider application.
  • the service provider application is used to combine the SaaS service provider and the IDaaS server. Tenant association in;
  • SaaS server used to obtain the application credentials sent by the SaaS service provider; create based on the application credentials to access IDaaS Server interface.
  • Both IDaaS servers and SaaS servers can be implemented through software, or they can be implemented through hardware.
  • the implementation of the IDaaS server is introduced next.
  • the implementation of SaaS server can refer to the implementation of IDaaS server.
  • the IDAAS server can include code that runs on computing instances.
  • the computing instance may be at least one of a physical host (computing device), a virtual machine, a container, and other computing devices. Further, the above computing device may be one or more.
  • an IDAAS server can include code running on multiple hosts/VMs/containers. It should be noted that multiple hosts/virtual machines/containers used to run the application can be distributed in the same region or in different regions. Multiple hosts/VMs/containers used to run the code can be distributed in the same AZ or in different AZs, with each AZ including one data center or multiple geographically close data centers. Among them, usually a region can include multiple AZs.
  • the multiple hosts/VMs/containers used to run the code can be distributed in the same VPC or across multiple VPCs.
  • a VPC is set up in a region.
  • Cross-region communication between two VPCs in the same region or between VPCs in different regions requires a communication gateway in each VPC, and the interconnection between VPCs is realized through the communication gateway.
  • a module is an example of a hardware functional unit.
  • the IDAAS server may include at least one computing device, such as a server.
  • the IDAAS server may also be a device implemented using ASIC or PLD.
  • the above-mentioned PLD can be implemented by CPLD, FPGA, GAL or any combination thereof.
  • Multiple computing devices included in the IDAAS server can be distributed in the same region or in different regions. Multiple computing devices included in the IDAAS server can be distributed in the same AZ or in different AZs. Similarly, multiple computing devices included in the IDAAS server can be distributed in the same VPC or in multiple VPCs.
  • the plurality of computing devices may be any combination of computing devices such as servers, ASICs, PLDs, CPLDs, FPGAs, and GALs.
  • An embodiment of the present application also provides a computing device cluster.
  • the computing device cluster includes at least one computing device.
  • the computing device may be a server, such as a central server, an edge server, or a local server in a local data center.
  • the computing device may also be a terminal device such as a desktop computer, a laptop computer, or a smartphone.
  • the computing device cluster includes at least one computing device 1900.
  • the same instructions for performing the service integration method may be stored in the memory 1906 of one or more computing devices 1900 in the computing device cluster.
  • the memory 1906 of one or more computing devices 1900 in the computing device cluster may also store part of the instructions for executing the service integration method respectively.
  • a combination of one or more computing devices 1900 may collectively execute instructions for performing the service integration method.
  • the memory 1906 in different computing devices 1900 in the computing device cluster can store different instructions, respectively used to execute part of the functions of the SaaS server or IDaaS server. That is, instructions stored in the memory 1906 in different computing devices 1900 may implement the functions of one or more modules in the acquisition unit and the creation unit.
  • one or more computing devices in a cluster of computing devices may be connected through a network.
  • the network may be a wide area network or a local area network, etc.
  • Figure 23 shows a possible implementation. As shown in Figure 23 As shown, two computing devices 100A and 100B are connected through a network. Specifically, the connection to the network is made through a communication interface in each computing device.
  • the memory 106 in the computing device 100A stores instructions for performing the functions of the acquisition unit. At the same time, instructions for performing the functions of the creation unit are stored in the memory 106 in the computing device 100B.
  • computing device 100A shown in FIG. 23 may also be performed by multiple computing devices 100.
  • the functions of computing device 100B may also be performed by multiple computing devices 100 .
  • the embodiment of the present application also provides another computing device cluster.
  • the connection relationship between the computing devices in the computing device cluster can be similar to the connection method of the computing device cluster described in FIG. 22 and FIG. 23 .
  • the difference is that the same instructions for executing the service integration method may be stored in the memory of one or more computing devices in the computing device cluster.
  • the memory of one or more computing devices in the computing device cluster may also store part of the instructions for executing the service integration method respectively.
  • a combination of one or more computing devices may collectively execute instructions for performing the service integration method.
  • the memories in different computing devices in the computing device cluster can store different instructions for executing some functions of the service integration system. That is, instructions stored in memories in different computing devices may implement the functions of one or more devices in the IDaaS server and the SaaS server.
  • An embodiment of the present application also provides a computer program product containing instructions.
  • the computer program product may be a software or program product containing instructions capable of running on a computing device or stored in any available medium.
  • the computer program product is run on at least one computing device, at least one computing device is caused to execute the service integration method.
  • An embodiment of the present application also provides a computer-readable storage medium.
  • the computer-readable storage medium may be any available medium that a computing device can store or a data storage device such as a data center that contains one or more available media.
  • the available media may be magnetic media (eg, floppy disk, hard disk, tape), optical media (eg, DVD), or semiconductor media (eg, solid state drive), etc.
  • the computer-readable storage medium includes instructions that instruct a computing device to perform a service integration method.
  • a chip system in another embodiment, is also provided.
  • the chip system includes at least one processor and an interface, the interface is used to receive data and/or signals, and at least one processor is used to support the implementation of the above embodiments. Describes the service integration method.
  • the chip system may also include a memory, which is used to store necessary program instructions and data for the computer device.
  • the chip system may be composed of chips, or may include chips and other discrete devices.
  • the disclosed systems, devices and methods can be achieved through other means.
  • the device embodiments described above are only illustrative.
  • the division of the units is only a logical function division. In actual implementation, there may be other division methods.
  • multiple units or components may be combined or can be integrated into another system, or some features can be ignored, or not implemented.
  • the coupling or direct coupling or communication connection between each other shown or discussed may be through some interfaces, and the indirect coupling or communication connection of the devices or units may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or they may be distributed to multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.
  • each functional unit in each embodiment of the present application can be integrated into one processing unit, each unit can exist physically alone, or two or more units can be integrated into one unit.
  • the above integrated units can be implemented in the form of hardware or software functional units.
  • the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a computer-readable storage medium.
  • the technical solution of the present application is essentially or contributes to the existing technology, or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in various embodiments of this application.
  • the aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, read-only memory), random access memory (RAM, random access memory), magnetic disk or optical disk and other media that can store program code. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Disclosed in embodiments of the present application are a service integration method and a related device. The service integration method specifically comprises: an IDaaS server creates a service provider application according to an application application sent by an SaaS service provider, allocates an application credential to the service provider application, and sends the application credential to the SaaS service provider, so that the SaaS service provider creates, on the basis of the application credential, an interface for accessing the IDaaS server on an SaaS server. Integration of SaaS and IDaaS can be realized by means of the interface.

Description

一种服务集成方法及相关设备A service integration method and related equipment
本申请要求于2022年3月17日提交中国专利局、申请号为202210264387.6、申请名称为“一种数据处理方法和计算机”的中国专利申请,以及于2022年8月11日提交中国专利局、申请号为202210963797.X、申请名称为“一种服务集成方法及相关设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application is required to be submitted to the China Patent Office on March 17, 2022, with the application number 202210264387.6 and the application name "A data processing method and computer", and to be submitted to the China Patent Office on August 11, 2022. The priority of the Chinese patent application with application number 202210963797.
技术领域Technical field
本申请实施例涉及计算机领域,尤其涉及一种服务集成方法及相关设备。Embodiments of the present application relate to the field of computers, and in particular, to a service integration method and related equipment.
背景技术Background technique
软件即服务(software as a service,SaaS)为企业搭建信息化所需要的所有网络基础设施及软件、硬件运作平台,并负责所有前期的实施、后期的维护等一系列服务。Software as a service (SaaS) builds all network infrastructure and software and hardware operation platforms required for enterprise informatization, and is responsible for a series of services such as all early implementation and later maintenance.
通常一个用户不仅仅使用一个SaaS应用,特别是这个用户是企业的场景。那该企业用户在使用多个SaaS应用的时候,就需要分别去多个SaaS去独立维护企业信息、组织信息、人员信息和分配使用权限等,针对这种情况,用户可以自行构建或者对接云上的身份即服务(identity as a service,IDaaS)来进行处理。统一的IDaaS提供了一套集中式身份、权限、应用管理服务,用户可以通过IDaaS统一管理多个SaaS应用。Usually a user uses more than one SaaS application, especially when the user is an enterprise. When the enterprise user uses multiple SaaS applications, he or she needs to go to multiple SaaS to independently maintain enterprise information, organizational information, personnel information, and assign usage permissions. In this case, the user can build it by himself or connect it to the cloud. Identity as a service (IDaaS) for processing. Unified IDaaS provides a set of centralized identity, permissions, and application management services. Users can uniformly manage multiple SaaS applications through IDaaS.
但当前的IDaaS和SaaS是分离、割裂的两种服务,IDaaS和SaaS的匹配需要厂商预先定制化开发,如果IDaaS不支持某种SaaS应用,没有相应的接口或凭证,则用户无法通过IDaaS进行统一管理。However, the current IDaaS and SaaS are two separate and separated services. The matching of IDaaS and SaaS requires pre-customized development by the manufacturer. If IDaaS does not support a certain SaaS application and does not have corresponding interfaces or credentials, users cannot unify through IDaaS. manage.
发明内容Contents of the invention
本申请实施例提供一种服务集成方法,用于实现软件即服务(software as a service,SaaS)和身份即服务(identity as a service,IDaaS)的集成。本申请实施例还提供了相应的服务器及计算机可读存储介质等。Embodiments of this application provide a service integration method for realizing the integration of software as a service (SaaS) and identity as a service (IDaaS). Embodiments of this application also provide corresponding servers and computer-readable storage media.
本申请第一方面提供一种服务集成方法,该方法包括:身份即服务IDaaS服务器获取应用申请,应用申请包括软件即服务SaaS服务商的信息;The first aspect of this application provides a service integration method, which method includes: an identity-as-a-service IDaaS server obtains an application application, and the application application includes information about the software-as-a-service SaaS service provider;
IDaaS服务器根据应用申请创建服务商应用,并为服务商应用分配应用凭证,应用凭证用于SaaS服务商基于应用凭证在SaaS服务器创建用于访问IDaaS服务器的接口,服务商应用用于将SaaS服务商和IDaaS服务器中的租户关联。The IDaaS server creates a service provider application based on the application application and allocates application credentials to the service provider application. The application credentials are used by the SaaS service provider to create an interface on the SaaS server based on the application credentials for accessing the IDaaS server. The service provider application is used to connect the SaaS service provider to the SaaS server. Associated with the tenant in the IDaaS server.
本申请中的SaaS服务器、IDaaS服务器和SaaS应用市场运行在通用服务器上或者是云上的基础设施。用户可以通过浏览器、SaaS客户端等,使用SaaS服务。浏览器或客户端运行在用户的终端上(例如手机、平板电脑、电视盒子等)。SaaS服务商为提供SaaS服务的企业,具体为该SaaS企业名下的工作人员或管理人员。The SaaS server, IDaaS server and SaaS application market in this application run on general servers or cloud infrastructure. Users can use SaaS services through browsers, SaaS clients, etc. The browser or client runs on the user's terminal (such as mobile phone, tablet computer, TV box, etc.). A SaaS service provider is an enterprise that provides SaaS services, specifically the staff or managers under the name of the SaaS enterprise.
本申请中,SaaS服务商可以在SaaS应用市场进行操作,在SaaS服务商向IDaaS服务器发送应用申请之前,SaaS服务商需要入住SaaS应用市场,即SaaS服务商与SaaS应用 市场完成实名认证和合同签署等操作,完成后SaaS服务商可以在SaaS应用市场创建集成了IDaaS的应用,该集成了IDaaS的应用与IDaaS服务器对应,可以理解为IDaaS服务器的凭证。SaaS服务商在IDaaS服务器开通租户后,SaaS应用市场就可以记录其所集成的IDaaS的信息,SaaS服务商可以在SaaS应用市场中进行操作,以向IDaaS服务器发送应用申请。In this application, the SaaS service provider can operate in the SaaS application market. Before the SaaS service provider sends an application application to the IDaaS server, the SaaS service provider needs to enter the SaaS application market, that is, the SaaS service provider and the SaaS application The market completes operations such as real-name authentication and contract signing. After completion, the SaaS service provider can create an application integrated with IDaaS in the SaaS application market. The application integrated with IDaaS corresponds to the IDaaS server and can be understood as the IDaaS server's credentials. After the SaaS service provider opens a tenant on the IDaaS server, the SaaS application market can record the information of the integrated IDaaS. The SaaS service provider can operate in the SaaS application market to send application applications to the IDaaS server.
IDaaS服务器生成应用凭证后,将该应用凭证返回给SaaS应用市场,SaaS服务商可以通过SaaS应用市场获取到该应用凭证,SaaS服务商可以该基于应用凭证在SaaS服务器创建用于访问IDaaS服务器的接口,即SaaS服务商将应用凭证发送给SaaS服务器,SaaS服务器根据该应用凭证创建用于访问IDaaS服务器的接口,从而SaaS服务器可以基于该应用凭证和接口去访问IDaaS服务器,实现了SaaS服务器与IDaaS服务器的预集成。After the IDaaS server generates the application credentials, it returns the application credentials to the SaaS application market. The SaaS service provider can obtain the application credentials through the SaaS application market. The SaaS service provider can create an interface on the SaaS server based on the application credentials for accessing the IDaaS server. , that is, the SaaS service provider sends the application credentials to the SaaS server, and the SaaS server creates an interface for accessing the IDaaS server based on the application credentials, so that the SaaS server can access the IDaaS server based on the application credentials and interface, realizing the SaaS server and IDaaS server pre-integration.
该第一方面,IDaaS服务器根据SaaS服务商发送的应用申请创建服务商应用,并为服务商应用分配应用凭证,将应用凭证发送给SaaS服务商,以使SaaS服务商基于应用凭证在SaaS服务器创建用于访问IDaaS服务器的接口,通过该接口可以实现SaaS和IDaaS的集成。In the first aspect, the IDaaS server creates a service provider application based on the application application sent by the SaaS service provider, allocates application credentials to the service provider application, and sends the application credentials to the SaaS service provider, so that the SaaS service provider creates a service provider application on the SaaS server based on the application credentials. The interface used to access the IDaaS server, through which the integration of SaaS and IDaaS can be achieved.
在第一方面的一种可能的实现方式中,该方法还包括:IDaaS服务器获取用户购买的SaaS应用的应用信息,SaaS应用与服务商应用绑定;IDaaS服务器基于服务商应用和应用信息创建用户应用,用户应用用于将SaaS应用与IDaaS服务器中的租户关联。该种可能的实现方式中,用户购买了在SaaS应用市场上架的SaaS应用后,IDaaS可以基于服务商应用生成与该SaaS应用对应的用户应用,使得SaaS应用可以使用IDaaS服务器的能力,用户可以通过SaaS服务器访问IDaaS服务器的用户应用,提升了方案的可实现性。In a possible implementation of the first aspect, the method also includes: the IDaaS server obtains the application information of the SaaS application purchased by the user, and the SaaS application is bound to the service provider application; the IDaaS server creates the user based on the service provider application and application information Application, user application is used to associate SaaS applications with tenants in the IDaaS server. In this possible implementation, after a user purchases a SaaS application listed on the SaaS application market, IDaaS can generate a user application corresponding to the SaaS application based on the service provider application, so that the SaaS application can use the capabilities of the IDaaS server, and the user can The SaaS server accesses the user application of the IDaaS server, which improves the achievability of the solution.
在第一方面的一种可能的实现方式中,该方法还包括:IDaaS服务器获取用户发起的登录请求,登录请求包括用户应用的标识;IDaaS服务器基于第一关系对登录请求进行验证,以生成授权信息,第一关系用于记录用户应用与服务商应用的关系;IDaaS服务器将授权信息发送给用户,以使用户基于授权信息访问SaaS服务器;IDaaS服务器接收来自SaaS服务器的授权信息和应用凭证;IDaaS服务器基于应用凭证对授权信息进行验证,并将验证结果发送给SaaS服务器。In a possible implementation of the first aspect, the method further includes: the IDaaS server obtains a login request initiated by the user, where the login request includes the identity of the user application; the IDaaS server verifies the login request based on the first relationship to generate authorization Information, the first relationship is used to record the relationship between user applications and service provider applications; the IDaaS server sends authorization information to the user so that the user can access the SaaS server based on the authorization information; the IDaaS server receives authorization information and application credentials from the SaaS server; IDaaS The server verifies the authorization information based on the application credentials and sends the verification results to the SaaS server.
该种可能的实现方式中,IDaaS服务器基于服务商应用和应用信息创建用户应用后,IDaaS服务器和SaaS服务器之间可以完成用户登录请求的验证,IDaaS服务器基于服务商应用和应用信息创建用户应用,提升了方案的可实现性。In this possible implementation, after the IDaaS server creates a user application based on the service provider application and application information, the verification of the user login request can be completed between the IDaaS server and the SaaS server. The IDaaS server creates the user application based on the service provider application and application information. Improved the achievability of the solution.
在第一方面的一种可能的实现方式中,该方法还包括:IDaaS服务器获取测试申请;IDaaS服务器根据测试申请创建测试应用,并记录测试应用与服务商应用的第二关系;IDaaS服务器基于来自SaaS服务商的测试用户对测试应用进行测试。In a possible implementation of the first aspect, the method also includes: the IDaaS server obtains the test application; the IDaaS server creates a test application based on the test application, and records the second relationship between the test application and the service provider application; the IDaaS server based on Test users of the SaaS service provider test the test application.
该种可能的实现方式中,在完成SaaS服务器与IDaaS服务器的预集成后,通过创建测试应用,对预集成的可靠性进行验证,提升了SaaS与IDaaS集成的可靠性。In this possible implementation method, after completing the pre-integration of the SaaS server and the IDaaS server, a test application is created to verify the reliability of the pre-integration, thereby improving the reliability of the integration of SaaS and IDaaS.
在第一方面的一种可能的实现方式中,该方法还包括:IDaaS服务器获取并记录服务商应用的修改信息,修改信息为SaaS服务商对服务商应用的配置信息修改后生成的,配置信息包括服务商应用的调用路径。 In a possible implementation of the first aspect, the method further includes: the IDaaS server obtains and records modification information of the service provider application, and the modification information is generated by the SaaS service provider after modifying the configuration information of the service provider application. The configuration information Including the calling path of the service provider application.
该种可能的实现方式中,在完成SaaS服务器与IDaaS服务器的预集成后,SaaS服务商可以在SaaS的应用市场修改服务商应用的配置信息,提升了方案的可实现性。In this possible implementation method, after completing the pre-integration of the SaaS server and the IDaaS server, the SaaS service provider can modify the configuration information of the service provider's application in the SaaS application market, which improves the realizability of the solution.
在第一方面的一种可能的实现方式中,SaaS服务商通过SaaS应用市场访问IDaaS服务器和SaaS服务器。In a possible implementation of the first aspect, the SaaS service provider accesses the IDaaS server and the SaaS server through the SaaS application market.
该种可能的实现方式中,SaaS服务商可以通过SaaS应用市场访问IDaaS服务器和SaaS服务器,通过SaaS应用市场作为中间平台,使用SaaS和IDaaS的灵活绑定使用,SaaS应用市场整合SaaS服务和IDaaS服务,降低了***对接的复杂度,提升了SaaS服务商和提供IDaaS服务的服务商的体验。In this possible implementation method, SaaS service providers can access IDaaS servers and SaaS servers through the SaaS application market, and use the SaaS application market as an intermediate platform to use flexible binding of SaaS and IDaaS. The SaaS application market integrates SaaS services and IDaaS services. , reducing the complexity of system docking and improving the experience of SaaS service providers and service providers that provide IDaaS services.
在第一方面的一种可能的实现方式中,用户通过SaaS应用市场或SaaS客户端访问IDaaS服务器和SaaS服务器。In a possible implementation of the first aspect, the user accesses the IDaaS server and the SaaS server through a SaaS application market or a SaaS client.
该种可能的实现方式中,用户通过SaaS应用市场访问IDaaS服务器和SaaS服务器时,结合SaaS服务商通过SaaS应用市场访问IDaaS服务器和SaaS服务器,通过SaaS应用市场作为中间平台,使用SaaS和IDaaS的灵活绑定使用,SaaS应用市场整合SaaS服务和IDaaS服务,降低了***对接的复杂度,提升了用户体验,用户通过SaaS客户端访问IDaaS服务器和SaaS服务器时,去掉了SaaS应用市场的编排逻辑,降低了服务集成的成本,用户也可以感知到SaaS和IDaaS的对接细节。In this possible implementation method, when the user accesses the IDaaS server and SaaS server through the SaaS application market, the SaaS service provider accesses the IDaaS server and SaaS server through the SaaS application market, and uses the SaaS application market as an intermediate platform to use the flexibility of SaaS and IDaaS. For binding use, the SaaS application market integrates SaaS services and IDaaS services, reducing the complexity of system docking and improving user experience. When users access the IDaaS server and SaaS server through the SaaS client, the orchestration logic of the SaaS application market is removed, reducing the cost In addition to the cost of service integration, users can also perceive the details of the connection between SaaS and IDaaS.
本申请第二方面提供一种服务集成方法,该方法包括:软件即服务SaaS服务器获取SaaS服务商发送的应用凭证,应用凭证为身份即服务IDaaS服务器为服务商应用分配得到的,服务商应用为IDaaS服务器根据应用申请创建的,应用申请包括SaaS服务商的信息,服务商应用用于将SaaS服务商和IDaaS服务器中的租户关联;SaaS服务器根据应用凭证创建用于访问IDaaS服务器的接口。The second aspect of this application provides a service integration method. The method includes: the Software as a Service SaaS server obtains the application credentials sent by the SaaS service provider. The application credentials are allocated by the Identity as a Service IDaaS server for the service provider application. The service provider application is The IDaaS server is created based on the application application. The application application includes the information of the SaaS service provider. The service provider application is used to associate the SaaS service provider with the tenant in the IDaaS server. The SaaS server creates an interface for accessing the IDaaS server based on the application credentials.
在第二方面的一种可能的实现方式中,该方法还包括:SaaS服务器获取用户发送的授权信息,授权信息为IDaaS服务器基于第一关系对登录请求进行验证生成的,第一关系为用户应用和服务商应用的应用关系,用户应用为IDaaS服务器基于服务商应用和应用信息创建的,应用信息为用户购买的SaaS应用的信息,SaaS应用与服务商应用绑定,登录请求为用户发起的,包括用户应用的标识的请求,用户应用用于将SaaS应用与IDaaS服务器中的租户关联;SaaS服务器将授权信息和应用凭证发送给IDaaS服务器,以使IDaaS服务器基于应用凭证对授权信息进行验证,得到验证结果;SaaS服务器接收来自IDaaS服务器的验证结果。In a possible implementation of the second aspect, the method further includes: the SaaS server obtains authorization information sent by the user, the authorization information is generated by the IDaaS server verifying the login request based on the first relationship, and the first relationship is the user application The application relationship with the service provider application. The user application is created by the IDaaS server based on the service provider application and application information. The application information is the information of the SaaS application purchased by the user. The SaaS application is bound to the service provider application. The login request is initiated by the user. A request including the identification of the user application, which is used to associate the SaaS application with the tenant in the IDaaS server; the SaaS server sends the authorization information and application credentials to the IDaaS server, so that the IDaaS server verifies the authorization information based on the application credentials, and obtains Verification results; the SaaS server receives the verification results from the IDaaS server.
在第二方面的一种可能的实现方式中,SaaS服务商通过SaaS应用市场访问IDaaS服务器和SaaS服务器。In a possible implementation of the second aspect, the SaaS service provider accesses the IDaaS server and the SaaS server through the SaaS application market.
在第二方面的一种可能的实现方式中,用户通过SaaS应用市场或SaaS客户端访问IDaaS服务器和SaaS服务器。In a possible implementation of the second aspect, the user accesses the IDaaS server and the SaaS server through the SaaS application market or the SaaS client.
本申请提供的第二方面或第一方面的任意可能的实现方式中的方法中,具体和上述第一方面或第一方面的任意可能的实现方式中的方法相同的有益效果。The method in the second aspect or any possible implementation of the first aspect provided in this application has the same beneficial effects as the method in the above-mentioned first aspect or any possible implementation of the first aspect.
本申请第三方面,提供了一种服务器,用于执行上述第一方面或第一方面的任意可能的实现方式中的方法。具体地,该服务器包括用于执行上述第一方面或第一方面的任意可 能的实现方式中的方法的模块或单元,如:获取单元、创建单元、发送单元、验证单元、接收单元和测试单元。A third aspect of this application provides a server for executing the method in the above first aspect or any possible implementation of the first aspect. Specifically, the server includes any optional server for performing the above first aspect or the first aspect. Modules or units of methods in functional implementations, such as: obtaining unit, creating unit, sending unit, verification unit, receiving unit and testing unit.
本申请第四方面,提供了一种服务器,用于执行上述第二方面或第二方面的任意可能的实现方式中的方法。具体地,该服务器包括用于执行上述第二方面或第二方面的任意可能的实现方式中的方法的模块或单元,如:获取单元、创建单元、发送单元和接收单元。A fourth aspect of this application provides a server for executing the method in the above second aspect or any possible implementation of the second aspect. Specifically, the server includes modules or units for executing the method in the above-mentioned second aspect or any possible implementation of the second aspect, such as: an acquisition unit, a creation unit, a sending unit and a receiving unit.
本申请第五方面提供一种服务器,该服务器包括处理器、内存和存储有计算机程序的计算机可读存储介质;处理器与计算机可读存储介质耦合,处理器上运行的计算机执行指令,当计算机执行指令被处理器执行时,处理器执行如上述第一方面或第一方面任意一种可能的实现方式的方法。可选地,该服务器还可以包括输入/输出(input/output,I/O)接口,该存储有计算机程序的计算机可读存储介质可以是存储器。A fifth aspect of this application provides a server, which includes a processor, a memory, and a computer-readable storage medium storing a computer program; the processor is coupled to the computer-readable storage medium, and the computer running on the processor executes instructions. When the computer When the execution instruction is executed by the processor, the processor executes the method of the above-mentioned first aspect or any possible implementation of the first aspect. Optionally, the server may also include an input/output (I/O) interface, and the computer-readable storage medium storing the computer program may be a memory.
本申请第六方面提供一种服务器,该服务器包括处理器、内存和存储有计算机程序的计算机可读存储介质;处理器与计算机可读存储介质耦合,处理器上运行的计算机执行指令,当计算机执行指令被处理器执行时,处理器执行如上述第二方面或第二方面任意一种可能的实现方式的方法。可选地,该服务器还可以包括输入/输出(input/output,I/O)接口,该存储有计算机程序的计算机可读存储介质可以是存储器。A sixth aspect of this application provides a server, which includes a processor, a memory, and a computer-readable storage medium storing a computer program; the processor is coupled to the computer-readable storage medium, and the computer running on the processor executes instructions. When the computer When the execution instruction is executed by the processor, the processor executes the method of the above second aspect or any possible implementation of the second aspect. Optionally, the server may also include an input/output (I/O) interface, and the computer-readable storage medium storing the computer program may be a memory.
本申请第七方面提供一种存储一个或多个计算机执行指令的计算机可读存储介质,当计算机执行指令被处理器执行时,处理器执行如上述第一方面或第一方面任意一种可能的实现方式的方法。A seventh aspect of the present application provides a computer-readable storage medium that stores one or more computer-executable instructions. When the computer-executable instructions are executed by a processor, the processor executes the above-mentioned first aspect or any one of the possible methods of the first aspect. Ways to implement it.
本申请第八方面提供一种存储一个或多个计算机执行指令的计算机可读存储介质,当计算机执行指令被处理器执行时,处理器执行如上述第二方面或第二方面任意一种可能的实现方式的方法。An eighth aspect of the present application provides a computer-readable storage medium that stores one or more computer-executable instructions. When the computer-executable instructions are executed by a processor, the processor executes the above second aspect or any one of the possible methods of the second aspect. Ways to implement it.
本申请第九方面提供一种存储一个或多个计算机执行指令的计算机程序产品,当计算机执行指令被处理器执行时,处理器执行如上述第一方面或第一方面任意一种可能的实现方式的方法。A ninth aspect of the present application provides a computer program product that stores one or more computer-executable instructions. When the computer-executable instructions are executed by a processor, the processor executes the above-mentioned first aspect or any possible implementation of the first aspect. Methods.
本申请第十方面提供一种存储一个或多个计算机执行指令的计算机程序产品,当计算机执行指令被处理器执行时,处理器执行如上述第二方面或第二方面任意一种可能的实现方式的方法。A tenth aspect of the present application provides a computer program product that stores one or more computer execution instructions. When the computer execution instructions are executed by a processor, the processor executes the above second aspect or any of the possible implementations of the second aspect. Methods.
本申请第十一方面提供了一种芯片***,该芯片***包括至少一个处理器和接口,该接口用于接收数据和/或信号,至少一个处理器用于支持计算机设备实现上述第一方面或第一方面任意一种可能的实现方式中所涉及的功能。在一种可能的设计中,芯片***还可以包括存储器,存储器,用于保存计算机设备必要的程序指令和数据。该芯片***,可以由芯片构成,也可以包含芯片和其他分立器件。An eleventh aspect of the present application provides a chip system. The chip system includes at least one processor and an interface. The interface is used to receive data and/or signals. The at least one processor is used to support a computer device to implement the above first aspect or the third aspect. On the one hand, the functions involved in any possible implementation. In a possible design, the chip system may also include a memory, which is used to store necessary program instructions and data for the computer device. The chip system may be composed of chips, or may include chips and other discrete devices.
本申请第十二方面提供了一种芯片***,该芯片***包括至少一个处理器和接口,该接口用于接收数据和/或信号,至少一个处理器用于支持计算机设备实现上述第二方面或第二方面任意一种可能的实现方式中所涉及的功能。在一种可能的设计中,芯片***还可以包括存储器,存储器,用于保存计算机设备必要的程序指令和数据。该芯片***,可以由芯片构成,也可以包含芯片和其他分立器件。 A twelfth aspect of the present application provides a chip system. The chip system includes at least one processor and an interface. The interface is used to receive data and/or signals. The at least one processor is used to support computer equipment to implement the above second aspect or the third aspect. The functions involved in any possible implementation method on the two aspects. In a possible design, the chip system may also include a memory, which is used to store necessary program instructions and data for the computer device. The chip system may be composed of chips, or may include chips and other discrete devices.
本申请第十三方面提供了一种服务集成***,该***包括IDaaS服务器和SaaS服务器,其中IDaaS服务器,用于获取应用申请,应用申请包括软件即服务SaaS服务商的信息;根据应用申请创建服务商应用,并为服务商应用分配应用凭证,服务商应用用于将SaaS服务商和IDaaS服务器中的租户关联;SaaS服务器,用于获取SaaS服务商发送的应用凭证;根据应用凭证创建用于访问IDaaS服务器的接口。该服务集成***可以实现如上述第一方面或第一方面任意一种可能的实现方式的方法,以及如上述第二方面或第二方面任意一种可能的实现方式的方法。The thirteenth aspect of this application provides a service integration system. The system includes an IDaaS server and a SaaS server. The IDaaS server is used to obtain an application application. The application application includes information about the software as a service SaaS service provider; a service is created according to the application application. The service provider application is used to associate the SaaS service provider with the tenant in the IDaaS server; the SaaS server is used to obtain the application credentials sent by the SaaS service provider; it is created based on the application credentials for access The interface of the IDaaS server. The service integration system can implement the above-mentioned first aspect or any possible implementation method of the first aspect, and the above-mentioned second aspect or any possible implementation method of the second aspect.
本申请第十四方面提供了一种计算设备集群,该计算设备集群包括至少一个计算设备,每个计算设备包括处理器和存储器;所述至少一个计算设备的处理器用于执行所述至少一个计算设备的存储器中存储的指令,以使得所述计算设备集群执行如上述第一方面或第一方面任意一种可能的实现方式的方法。A fourteenth aspect of the present application provides a computing device cluster, the computing device cluster includes at least one computing device, each computing device includes a processor and a memory; the processor of the at least one computing device is used to perform the at least one calculation Instructions stored in the memory of the device, so that the computing device cluster executes the method of the above-mentioned first aspect or any possible implementation of the first aspect.
本申请第十五方面提供了一种计算设备集群,该计算设备集群包括至少一个计算设备,每个计算设备包括处理器和存储器;所述至少一个计算设备的处理器用于执行所述至少一个计算设备的存储器中存储的指令,以使得所述计算设备集群执行如上述第二方面或第二方面任意一种可能的实现方式的方法。A fifteenth aspect of the present application provides a computing device cluster. The computing device cluster includes at least one computing device, each computing device includes a processor and a memory; the processor of the at least one computing device is used to perform the at least one calculation. Instructions stored in the memory of the device, so that the computing device cluster executes the method of the above second aspect or any possible implementation of the second aspect.
本申请实施例中,IDaaS服务器根据SaaS服务商发送的应用申请创建服务商应用,并为服务商应用分配应用凭证,将应用凭证发送给SaaS服务商,以使SaaS服务商基于应用凭证在SaaS服务器创建用于访问IDaaS服务器的接口,通过该接口可以实现SaaS和IDaaS的集成。In the embodiment of this application, the IDaaS server creates a service provider application based on the application application sent by the SaaS service provider, allocates application credentials to the service provider application, and sends the application credentials to the SaaS service provider, so that the SaaS service provider can use the application credentials on the SaaS server based on the application credentials. Create an interface for accessing the IDaaS server, through which the integration of SaaS and IDaaS can be achieved.
附图说明Description of the drawings
图1为本申请实施例提供的应用场景示意图;Figure 1 is a schematic diagram of an application scenario provided by an embodiment of this application;
图2-图10为本申请实施例提供的服务集成方法的一个实施例示意图;Figures 2 to 10 are schematic diagrams of an embodiment of the service integration method provided by the embodiment of the present application;
图11为本申请实施例提供的服务集成方法的架构示意图;Figure 11 is an architectural schematic diagram of the service integration method provided by the embodiment of the present application;
图12-图16为本申请实施例提供的服务集成方法另一实施例示意图;Figures 12-16 are schematic diagrams of another embodiment of the service integration method provided by the embodiment of the present application;
图17为本申请实施例提供的服务器的一个实施例示意图;Figure 17 is a schematic diagram of a server provided by an embodiment of this application;
图18为本申请实施例提供的服务器的另一实施例示意图;Figure 18 is a schematic diagram of another embodiment of the server provided by the embodiment of the present application;
图19为本申请实施例提供的计算设备的一实施例示意图;Figure 19 is a schematic diagram of a computing device provided by an embodiment of the present application;
图20为本申请实施例提供的服务器的另一实施例示意图;Figure 20 is a schematic diagram of another embodiment of the server provided by the embodiment of the present application;
图21为本申请实施例提供的服务集成***的一实施例示意图;Figure 21 is a schematic diagram of an embodiment of the service integration system provided by the embodiment of the present application;
图22为本申请实施例提供的计算设备集群的一实施例示意图;Figure 22 is a schematic diagram of a computing device cluster provided by an embodiment of the present application;
图23为本申请实施例提供的计算设备集群的另一实施例示意图。Figure 23 is a schematic diagram of another embodiment of a computing device cluster provided by an embodiment of the present application.
具体实施方式Detailed ways
下面结合附图,对本申请的实施例进行描述,显然,所描述的实施例仅仅是本申请一部分的实施例,而不是全部的实施例。本领域普通技术人员可知,随着技术发展和新场景的出现,本申请实施例提供的技术方案对于类似的技术问题,同样适用。 The embodiments of the present application will be described below with reference to the accompanying drawings. Obviously, the described embodiments are only part of the embodiments of the present application, rather than all the embodiments. Persons of ordinary skill in the art will know that with the development of technology and the emergence of new scenarios, the technical solutions provided in the embodiments of this application are also applicable to similar technical problems.
本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的实施例能够以除了在这里图示或描述的内容以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、***、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。The terms "first", "second", etc. in the description and claims of this application and the above-mentioned drawings are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It is to be understood that the data so used are interchangeable under appropriate circumstances so that the embodiments described herein can be practiced in sequences other than those illustrated or described herein. In addition, the terms "including" and "having" and any variations thereof are intended to cover non-exclusive inclusions, e.g., a process, method, system, product, or apparatus that encompasses a series of steps or units and need not be limited to those explicitly listed. Those steps or elements may instead include other steps or elements not expressly listed or inherent to the process, method, product or apparatus.
在这里专用的词“示例性”意为“用作例子、实施例或说明性”。这里作为“示例性”所说明的任何实施例不必解释为优于或好于其它实施例。The word "exemplary" as used herein means "serving as an example, example, or illustrative." Any embodiment described herein as "exemplary" is not necessarily to be construed as superior or superior to other embodiments.
另外,为了更好的说明本申请,在下文的具体实施方式中给出了众多的具体细节。本领域技术人员应当理解,没有某些具体细节,本申请同样可以实施。在一些实例中,对于本领域技术人员熟知的方法、手段、元件和电路未作详细描述,以便于凸显本申请的主旨。In addition, in order to better explain the present application, numerous specific details are given in the following detailed description. It will be understood by those skilled in the art that the present application may be practiced without certain specific details. In some instances, methods, means, components and circuits that are well known to those skilled in the art are not described in detail in order to highlight the subject matter of the present application.
本申请实施例提供一种服务集成方法,用于实现软件即服务(software as a service,SaaS)和身份即服务(identity as a service,IDaaS)的集成。本申请实施例还提供了相应的服务器及计算机可读存储介质等。以下分别进行详细介绍。Embodiments of this application provide a service integration method for realizing the integration of software as a service (SaaS) and identity as a service (IDaaS). Embodiments of this application also provide corresponding servers and computer-readable storage media. Each is introduced in detail below.
下面对本申请实施例的应用场景进行说明:The application scenarios of the embodiments of this application are described below:
SaaS服务商为企业搭建信息化所需要的所有网络基础设施及软件、硬件运作平台,并负责所有前期的实施、后期的维护等一系列服务,企业无需购买软硬件、建设机房、招聘技术人员,即可通过互联网使用信息***。SaaS是一种软件布局模型,其应用专为网络交付而设计,便于用户通过互联网托管、部署及接入。IDaaS是一种通过利用云基础设施,构架在云上的身份服务。通过IDaaS的身份认证平台可以连接外网的SaaS服务,通常使用单点登录、多因素身份认证、用户权限管理、应用管理等方式实现多种云资源的安全访问,不仅可以为企业打通全网应用,同时也可以实现企业内部身份及权限的统一管理,统一的IDaaS能力提供了一套集中式身份、权限、应用管理服务。SaaS service providers build all the network infrastructure, software, and hardware operation platforms required for informatization for enterprises, and are responsible for a series of services such as early implementation and later maintenance. Enterprises do not need to purchase software and hardware, build computer rooms, or recruit technical personnel. The information system can be used via the Internet. SaaS is a software layout model whose applications are designed for network delivery and are convenient for users to host, deploy and access through the Internet. IDaaS is an identity service built on the cloud by utilizing cloud infrastructure. The identity authentication platform of IDaaS can connect to SaaS services on the external network. Single sign-on, multi-factor authentication, user rights management, application management and other methods are usually used to achieve secure access to multiple cloud resources. It can not only open up the entire network application for enterprises At the same time, it can also achieve unified management of identities and permissions within the enterprise. The unified IDaaS capability provides a set of centralized identity, permissions, and application management services.
如图1所示,云管理平台提供访问接口(如界面或API),租户可操作客户端远程接入访问接口在云管理平台注册云账号和密码,并登录云管理平台,云管理平台对云账号和密码鉴权成功后,租户可进一步在云管理平台付费选择并购买特定规格(处理器、内存、磁盘)的虚拟机,付费购买成功后,云管理平台提供所购买的虚拟机的远程登录账号密码,客户端可远程登录该虚拟机,在该虚拟机中安装并运行租户的应用。因此,租户可通过云管理平台在云数据中心中创建、管理、登录和操作虚拟机。其中,虚拟机也可称为云服务器(elastic compute service,ECS)、弹性实例。As shown in Figure 1, the cloud management platform provides access interfaces (such as interfaces or APIs). Tenants can operate the client to remotely access the access interface to register a cloud account and password on the cloud management platform, and log in to the cloud management platform. The cloud management platform controls the cloud After the account and password authentication is successful, the tenant can further select and purchase a virtual machine with specific specifications (processor, memory, disk) on the cloud management platform. After the successful purchase, the cloud management platform provides remote login for the purchased virtual machine. With the account and password, the client can log in to the virtual machine remotely and install and run tenant applications in the virtual machine. Therefore, tenants can create, manage, log in and operate virtual machines in the cloud data center through the cloud management platform. Among them, virtual machines can also be called cloud servers (elastic compute service, ECS) and elastic instances.
示例性的,企业作为用户或租户,需要使用多个SaaS应用,服务器1为SaaS服务器,在虚拟机1中提供SaaS应用1,在虚拟机2中提供SaaS应用2,用户同时购买并使用了SaaS应用1和SaaS应用2,服务器2为IDaaS服务器,在虚拟机3中提供IDaaS服务,用户购买并使用了IDaaS服务。因服务器1和服务器2都是面向用户的,用户想要管理全部的SaaS应用,而又不希望到各个SaaS应用去提供身份安全服务的能力,则用户可以通过IDaaS服务统一管理SaaS应用1和SaaS应用2,此时需要使IDaaS服务分别与SaaS应用 1以及SaaS应用2对接,即SaaS应用1以及SaaS应用2需要针对IDaaS服务预先定制化开发,使得SaaS应用1以及SaaS应用2与IDaaS的功能是匹配的。For example, as a user or tenant, an enterprise needs to use multiple SaaS applications. Server 1 is a SaaS server. SaaS application 1 is provided in virtual machine 1 and SaaS application 2 is provided in virtual machine 2. The user purchases and uses SaaS at the same time. Application 1 and SaaS application 2, server 2 is an IDaaS server, IDaaS service is provided in virtual machine 3, and the user purchased and used the IDaaS service. Because Server 1 and Server 2 are both user-oriented, and users want to manage all SaaS applications, but do not want to go to each SaaS application to provide identity security services, users can uniformly manage SaaS Application 1 and SaaS through the IDaaS service. Application 2, at this time you need to make the IDaaS service separate from the SaaS application 1 and SaaS application 2 are connected, that is, SaaS application 1 and SaaS application 2 need to be customized and developed in advance for the IDaaS service, so that the functions of SaaS application 1 and SaaS application 2 match IDaaS.
下面结合上述应用场景对本申请实施例提供的服务集成方法进行说明:The service integration method provided by the embodiment of this application will be described below in combination with the above application scenarios:
本申请实施例提供的服务集成方法的一实施例中,可以使用SaaS应用市场来实现服务集成方法,也可以不使用SaaS应用市场,将SaaS应用市场的功能由IDaaS服务器承载,下面分别进行说明:In an embodiment of the service integration method provided by the embodiment of this application, the SaaS application market may be used to implement the service integration method, or the SaaS application market may not be used, and the functions of the SaaS application market are carried by the IDaaS server. Each is explained below:
一、使用SaaS应用市场:1. Use the SaaS application market:
如图2-图10所示,该服务集成方法可以分为四个阶段,具体包括:As shown in Figure 2 to Figure 10, the service integration method can be divided into four stages, including:
阶段一(如图2所示)、SaaS服务商预集成IDaaS能力。In the first stage (shown in Figure 2), the SaaS service provider pre-integrates IDaaS capabilities.
在阶段一中,SaaS服务商在SaaS应用市场创建服务商应用,获取服务商应用的应用标识和应用凭证等信息,同时维护服务商应用的配置信息,并根据SaaS应用市场的集成规范,在SaaS服务中集成IDaaS的能力。该阶段具体包括如下步骤:In phase one, the SaaS service provider creates the service provider application in the SaaS application market, obtains the application identification and application credentials of the service provider application, maintains the configuration information of the service provider application, and according to the integration specifications of the SaaS application market, in the SaaS The ability to integrate IDaaS into the service. This stage specifically includes the following steps:
211、IDaaS服务器获取应用申请。211. The IDaaS server obtains the application application.
SaaS服务器、IDaaS服务器和SaaS应用市场运行在通用服务器上或者是云上的基础设施,例如图1所示的服务器1和服务器2。用户可以通过浏览器、SaaS客户端(例如如图1所示的客户端)等,使用SaaS服务。浏览器或客户端运行在用户的终端上(例如手机、平板电脑、电视盒子等)。SaaS服务商为提供SaaS服务的企业,具体为该SaaS企业名下的工作人员或管理人员。SaaS servers, IDaaS servers and SaaS application markets run on general servers or cloud infrastructure, such as Server 1 and Server 2 shown in Figure 1. Users can use SaaS services through browsers, SaaS clients (such as the client shown in Figure 1), etc. The browser or client runs on the user's terminal (such as mobile phone, tablet computer, TV box, etc.). A SaaS service provider is an enterprise that provides SaaS services, specifically the staff or managers under the name of the SaaS enterprise.
SaaS服务商可以在SaaS应用市场进行操作,应用申请包括SaaS服务商的信息,即应用申请可以是SaaS服务商通过SaaS应用市场向IDaaS服务器发送的,在SaaS服务商通过SaaS应用市场向IDaaS服务器发送应用申请之前,SaaS服务商需要入住SaaS应用市场,即SaaS服务商与SaaS应用市场完成实名认证和合同签署等操作,完成后SaaS服务商可以向SaaS应用市场发起应用申请,在SaaS应用市场创建集成了IDaaS的应用,该集成了IDaaS的应用与IDaaS服务器对应,可以理解为IDaaS服务器的凭证。SaaS service providers can operate in the SaaS application market. The application application includes the information of the SaaS service provider. That is, the application application can be sent by the SaaS service provider to the IDaaS server through the SaaS application market. The SaaS service provider sends it to the IDaaS server through the SaaS application market. Before applying for an application, the SaaS service provider needs to register in the SaaS application market. That is, the SaaS service provider and the SaaS application market complete real-name authentication and contract signing. After completion, the SaaS service provider can initiate an application application to the SaaS application market and create an integration in the SaaS application market. The application integrated with IDaaS corresponds to the IDaaS server and can be understood as the IDaaS server's credentials.
可选的,若SaaS服务商还没有开通IDaaS服务器的租户,则需要开通,该SaaS服务商通过SaaS应用市场向IDaaS服务器发送租户开通申请,IDaaS服务器确认该SaaS服务商开通了租户后,向SaaS应用市场返回确认信息。Optionally, if the SaaS service provider has not yet opened a tenant for the IDaaS server, it needs to activate it. The SaaS service provider sends a tenant activation application to the IDaaS server through the SaaS application market. After the IDaaS server confirms that the SaaS service provider has opened a tenant, it sends a tenant activation request to the SaaS server. The application market returns confirmation information.
SaaS服务商在IDaaS服务器开通租户后,SaaS应用市场就可以记录其所集成的IDaaS的信息,SaaS服务商可以在SaaS应用市场中进行操作,以向IDaaS服务器发送应用申请。After the SaaS service provider opens a tenant on the IDaaS server, the SaaS application market can record the information of the integrated IDaaS. The SaaS service provider can operate in the SaaS application market to send application applications to the IDaaS server.
212、IDaaS服务器根据应用申请创建服务商应用,并为服务商应用分配应用凭证。212. The IDaaS server creates a service provider application based on the application application, and allocates application credentials to the service provider application.
IDaaS服务器收到SaaS应用市场发送的应用申请后,会根据该应用申请创建服务商应用,该服务商应用用于将SaaS服务商和IDaaS服务器中的租户关联,也可以理解为SaaS服务商在IDaaS服务器中的应用标识,即服务商应用为SaaS服务商在IDaaS服务器中的绑定凭证,IDaaS服务器创建好服务商应用后,还会为该服务商应用分配应用凭证,该应用凭证需要由IDaaS服务器返回给SaaS服务商,用于SaaS服务商基于该应用凭证在SaaS服务器创建用于访问IDaaS服务器的接口,应用凭证可以理解为SaaS服务商用来访问IDaaS服务器的凭证或身份标识。 After the IDaaS server receives the application application sent by the SaaS application market, it will create a service provider application based on the application application. This service provider application is used to associate the SaaS service provider with the tenants in the IDaaS server. It can also be understood as the SaaS service provider in IDaaS. The application identification in the server, that is, the service provider application is the binding credential of the SaaS service provider in the IDaaS server. After the IDaaS server creates the service provider application, it will also allocate application credentials to the service provider application. The application credentials need to be obtained by the IDaaS server. Returned to the SaaS service provider for the SaaS service provider to create an interface on the SaaS server for accessing the IDaaS server based on the application credentials. The application credentials can be understood as the credentials or identity used by the SaaS service provider to access the IDaaS server.
213、IDaaS服务器将应用凭证发送给SaaS应用市场。213. The IDaaS server sends the application credentials to the SaaS application market.
214、SaaS服务器根据应用凭证创建用于访问IDaaS服务器的接口。214. The SaaS server creates an interface for accessing the IDaaS server based on the application credentials.
IDaaS服务器生成应用凭证后,将该应用凭证返回给SaaS应用市场,SaaS服务商可以通过SaaS应用市场获取到该应用凭证,SaaS服务商可以该基于应用凭证在SaaS服务器创建用于访问IDaaS服务器的接口,即SaaS服务商将应用凭证发送给SaaS服务器,SaaS服务器根据该应用凭证创建用于访问IDaaS服务器的接口,从而SaaS服务器可以基于该应用凭证和接口去访问IDaaS服务器,实现了SaaS服务器与IDaaS服务器的预集成。After the IDaaS server generates the application credentials, it returns the application credentials to the SaaS application market. The SaaS service provider can obtain the application credentials through the SaaS application market. The SaaS service provider can create an interface on the SaaS server based on the application credentials for accessing the IDaaS server. , that is, the SaaS service provider sends the application credentials to the SaaS server, and the SaaS server creates an interface for accessing the IDaaS server based on the application credentials, so that the SaaS server can access the IDaaS server based on the application credentials and interface, realizing the SaaS server and IDaaS server pre-integration.
可选的,如图3所示,在完成SaaS服务器与IDaaS服务器的预集成后,SaaS服务商可以在SaaS的应用市场修改服务商应用的配置信息,并对预集成的可靠性进行验证,在步骤213之后,还可以执行以下步骤:Optionally, as shown in Figure 3, after completing the pre-integration of the SaaS server and the IDaaS server, the SaaS service provider can modify the configuration information of the service provider application in the SaaS application market and verify the reliability of the pre-integration. After step 213, you can also perform the following steps:
221、IDaaS服务器获取并记录服务商应用的修改信息。221. The IDaaS server obtains and records the modification information of the service provider's application.
SaaS服务商在SaaS的应用市场修改服务商应用的配置信息,即修改服务商应用的调用路径,SaaS应用市场记录修改后的配置信息后,生成对应的修改信息,发送给IDaaS服务器,IDaaS服务器记录该修改信息,并生成新的应用凭证,返回给SaaS应用市场,通知SaaS应用市场修改成功,SaaS服务商可以从SaaS应用市场获取到新的应用凭证。The SaaS service provider modifies the configuration information of the service provider's application in the SaaS application market, that is, modifies the calling path of the service provider's application. After the SaaS application market records the modified configuration information, it generates the corresponding modification information and sends it to the IDaaS server, which records it. The modification information generates a new application credential and returns it to the SaaS application market, notifying the SaaS application market that the modification is successful, and the SaaS service provider can obtain the new application credential from the SaaS application market.
222、IDaaS服务器获取测试申请。222. The IDaaS server obtains the test application.
223、IDaaS服务器根据测试申请创建测试应用。223. The IDaaS server creates a test application according to the test application.
224、IDaaS服务器基于来自SaaS服务商的测试用户对测试应用进行测试。224. The IDaaS server tests the test application based on test users from the SaaS service provider.
SaaS服务商在SaaS应用市场创建测试账号,SaaS应用市场基于该测试账号向IDaaS服务器发送测试申请,IDaaS服务器获取到该测试申请后,会基于之前创建的服务商应用,根据该测试申请创建对应的测试应用,并记录测试应用与服务商应用的第二关系,即IDaaS服务器会记录测试应用是基于服务商应用创建的用于测试服务商应用的应用,IDaaS服务器也会通知SaaS应用市场测试应用创建成功,此时SaaS服务商可以在SaaS应用市场中申请测试用户,IDaaS服务器收到来自SaaS服务商的测试用户申请后,创建对应的测试用户,并记录测试用户和测试应用的关系,将测试用户返回给SaaS应用市场,SaaS服务商在SaaS应用市场中授权测试用户使用测试应用,即基于该测试用户使SaaS应用市场访问IDaaS服务器的测试应用,IDaaS服务器验证测试账号是否可以访问测试应用,并向SaaS应用市场返回验证结果,即测试结果,SaaS服务商可以从SaaS应用市场中确认测试结果,从而实现对预集成的可靠性进行验证。The SaaS service provider creates a test account in the SaaS application market. The SaaS application market sends a test application to the IDaaS server based on the test account. After the IDaaS server obtains the test application, it will create a corresponding test application based on the previously created service provider application. Test the application and record the second relationship between the test application and the service provider application. That is, the IDaaS server will record that the test application is an application created based on the service provider application for testing the service provider application. The IDaaS server will also notify the SaaS application market of the creation of the test application. Success. At this time, the SaaS service provider can apply for a test user in the SaaS application market. After receiving the test user application from the SaaS service provider, the IDaaS server creates the corresponding test user, records the relationship between the test user and the test application, and transfers the test user to Returning to the SaaS application market, the SaaS service provider authorizes the test user to use the test application in the SaaS application market, that is, based on the test user, the SaaS application market accesses the test application of the IDaaS server. The IDaaS server verifies whether the test account can access the test application and reports to the SaaS application market. The SaaS application market returns verification results, that is, test results. The SaaS service provider can confirm the test results from the SaaS application market to verify the reliability of the pre-integration.
225、SaaS服务器与SaaS应用市场同步信息。225. The SaaS server synchronizes information with the SaaS application market.
在测试完成后,SaaS服务商需要根据集成的要求提供同步信息的接口,即SaaS服务商需要通过SaaS应用市场与SaaS服务器同步信息,同步信息包括租户信息、应用信息和授权信息,具体的,租户信息包括实例ID(instance ID)、租户ID(tenant ID)、组织ID(org ID)、分配给用户的域名(domain Name)和SaaS应用市场的订单(Order ID),其中,实例ID为SaaS服务商给用户购买分配的实例编号,租户ID为SaaS应用市场分配给用户的租户标识,组织ID为用户的组织部门的标识或编号,应用信息包括实例ID、租户ID、应用ID(app ID)和应用配置信息(config),授权信息包括实例ID、租户ID、应 用ID、组织ID、用户列表(user List)和同步时间(syctime)。完成同步信息的同步后,用户就可以基于该测试账号,通过SaaS服务器去访问IDaaS服务器的测试应用。After the test is completed, the SaaS service provider needs to provide an interface for synchronizing information according to the integration requirements. That is, the SaaS service provider needs to synchronize information with the SaaS server through the SaaS application market. The synchronized information includes tenant information, application information and authorization information. Specifically, the tenant The information includes instance ID, tenant ID, organization ID, domain name assigned to the user, and order ID from the SaaS application market, where the instance ID is the SaaS service. The instance number allocated to the user for purchase by the provider. The tenant ID is the tenant ID assigned to the user by the SaaS application market. The organization ID is the ID or number of the user's organizational department. The application information includes instance ID, tenant ID, application ID (app ID) and Application configuration information (config), authorization information includes instance ID, tenant ID, application Use ID, organization ID, user list and synchronization time (syctime). After the synchronization of synchronization information is completed, the user can access the test application of the IDaaS server through the SaaS server based on the test account.
进一步的,该阶段一的具体详细流程可以参考图4,本申请实施例不再赘述。Further, the specific detailed process of this stage one can be referred to Figure 4, which will not be described again in the embodiment of this application.
阶段二(如图5所示)、在SaaS应用市场上架SaaS应用。Phase 2 (shown in Figure 5) is to launch the SaaS application in the SaaS application market.
在阶段二中,用户在SaaS应用市场中购买预集成IDaaS的SaaS应用,SaaS应用市场判断该用户是否有IDaaS的租户实例,如果没有创建,如果有,则跳过该步骤,并在该租户下增加对应的用户应用,同时标识该用户应用是基于服务商应用生成的。该阶段具体包括如下步骤:In phase two, the user purchases a SaaS application that is pre-integrated with IDaaS in the SaaS application market. The SaaS application market determines whether the user has a tenant instance of IDaaS. If it has not been created, if so, it skips this step and installs it under the tenant. Add the corresponding user application and identify that the user application is generated based on the service provider application. This stage specifically includes the following steps:
231、SaaS应用市场获取SaaS应用申请。231. Obtain SaaS application applications from the SaaS application market.
232、SaaS服务器与SaaS应用市场同步信息。232. The SaaS server synchronizes information with the SaaS application market.
SaaS服务商完成SaaS服务器与IDaaS服务器的预集成后,可以在SaaS应用市场上架SaaS应用,具体为SaaS服务商在SaaS应用市场提交SaaS类应用申请,并为该应用申请选择对应的服务商应用,即选择在阶段一IDaaS服务器创建的服务商应用,SaaS应用市场会保存该应用申请,记录SaaS应用与服务器应用的关系,在SaaS应用市场审核SaaS应用上架之前,会校验SaaS服务商提供的同步的接口是否调测通过,即与SaaS服务器同步租户信息、应用信息和授权信息,最后SaaS应用市场对SaaS应用审核通过后,就完成了在SaaS应用市场上架SaaS应用。After the SaaS service provider completes the pre-integration of the SaaS server and the IDaaS server, it can launch the SaaS application in the SaaS application market. Specifically, the SaaS service provider submits a SaaS application application in the SaaS application market and selects the corresponding service provider application for the application application. That is, if you select the service provider application created on the IDaaS server in Phase 1, the SaaS application market will save the application application and record the relationship between the SaaS application and the server application. Before the SaaS application market reviews the SaaS application and puts it on the shelf, it will verify the synchronization provided by the SaaS service provider. Whether the interface has been debugged, that is, the tenant information, application information and authorization information are synchronized with the SaaS server. Finally, after the SaaS application market passes the review of the SaaS application, the SaaS application is completed on the SaaS application market.
进一步的,该阶段二的具体详细流程可以参考图6,本申请实施例不再赘述。Further, the specific detailed process of the second stage can be referred to Figure 6, which will not be described again in the embodiment of this application.
阶段三(如图7所示)、用户在SaaS应用市场购买SaaS应用。In stage three (shown in Figure 7), users purchase SaaS applications in the SaaS application market.
在阶段三中,用户进行IDaaS的身份管理,用户在SaaS应用市场进行IDaaS的身份的管理,包括创建组织、部门、权限管理等。该阶段具体包括如下步骤:In phase three, users perform IDaaS identity management, and users perform IDaaS identity management in the SaaS application market, including creating organizations, departments, permission management, etc. This stage specifically includes the following steps:
241、SaaS服务器开通SaaS实例。241. The SaaS server opens a SaaS instance.
242、SaaS服务器将用户选择的组织信息关联至SaaS实例。242. The SaaS server associates the organizational information selected by the user to the SaaS instance.
用户在SaaS应用市场购买SaaS服务商提供的SaaS应用后,SaaS应用市场调用SaaS服务商对SaaS服务器的接口,向SaaS服务器发出请求,使SaaS服务器开通该SaaS应用的SaaS实例。After a user purchases a SaaS application provided by a SaaS service provider in the SaaS application market, the SaaS application market calls the SaaS service provider's interface to the SaaS server and sends a request to the SaaS server, causing the SaaS server to open a SaaS instance of the SaaS application.
在SaaS服务器开通SaaS实例后,用户可以通过SaaS应用市场创建组织,将该组织信息关联到该SaaS实例。可选的,若用户选择的该组织未在IDaaS开通过租户,则用户可以通过SaaS应用市场在IDaaS服务器开通租户。After a SaaS instance is opened on the SaaS server, users can create an organization through the SaaS application market and associate the organization information with the SaaS instance. Optionally, if the organization selected by the user has not opened a tenant on IDaaS, the user can open a tenant on the IDaaS server through the SaaS application market.
242、IDaaS服务器获取用户购买的SaaS应用的应用信息。242. The IDaaS server obtains the application information of the SaaS application purchased by the user.
243、IDaaS服务器基于服务商应用和应用信息创建用户应用。243. The IDaaS server creates a user application based on the service provider application and application information.
若SaaS应用对应的组织已开通了IDaaS的租户,IDaaS服务器可以从SaaS应用市场获取该SaaS应用的应用信息,因该SaaS应用与服务商应用绑定,IDaaS服务器可以基于服务商应用和应用信息创建用户应用,并记录用户应用与服务商应用的第一关系,即,用户应用为用于将SaaS应用与IDaaS服务器中的租户关联,也可以理解为用户应用为SaaS应用在IDaaS服务器租户中的绑定凭证,第一关系用于记录用户应用与服务商应用的关系,即IDaaS服务器会记录用户应用是针对该SaaS应用创建的服务商应用,然后IDaaS服务器 会将用户应用的信息返回给SaaS应用市场。If the organization corresponding to the SaaS application has opened an IDaaS tenant, the IDaaS server can obtain the application information of the SaaS application from the SaaS application market. Since the SaaS application is bound to the service provider application, the IDaaS server can be created based on the service provider application and application information. User application, and record the first relationship between the user application and the service provider application. That is, the user application is used to associate the SaaS application with the tenant in the IDaaS server. It can also be understood that the user application is the binding of the SaaS application in the IDaaS server tenant. The first relationship is used to record the relationship between the user application and the service provider application. That is, the IDaaS server will record that the user application is a service provider application created for the SaaS application, and then the IDaaS server will record the relationship between the user application and the service provider application. User application information will be returned to the SaaS application market.
244、SaaS服务器与SaaS应用市场同步信息。244. The SaaS server and the SaaS application market synchronize information.
在IDaaS服务器创建完用户应用后,SaaS服务器也需要与SaaS应用市场同步信息,使得用户可以通过SaaS服务器访问IDaaS服务器的用户应用。可选的,在同步完租户信息和应用信息后,用户可以对组织信息和人员信息进行维护,即用户在SaaS应用市场中,在组织下添加子部门,在子部门中添加人员,并将该用户应用给不同的子部门和人员设置可见范围,设置不同的授权,此后SaaS服务器再与SaaS应用市场同步授权信息。After the IDaaS server creates the user application, the SaaS server also needs to synchronize information with the SaaS application market so that the user can access the user application of the IDaaS server through the SaaS server. Optionally, after the tenant information and application information are synchronized, the user can maintain the organization information and personnel information. That is, in the SaaS application market, the user adds sub-departments under the organization, adds personnel to the sub-departments, and adds the The user application sets the visibility range and different authorizations for different sub-departments and personnel, and then the SaaS server synchronizes the authorization information with the SaaS application market.
进一步的,该阶段三的具体详细流程可以参考图8,本申请实施例不再赘述。Further, the specific detailed process of this phase three can be referred to Figure 8, which will not be described again in the embodiment of this application.
阶段四(如图9所示)、用户使用SaaS服务。Stage four (shown in Figure 9), users use SaaS services.
在阶段四中,用户使用SaaS应用,在IDaaS授权过的用户可以使用该SAAS服务。该阶段具体包括如下步骤:In phase four, users use SaaS applications, and users authorized by IDaaS can use the SAAS service. This stage specifically includes the following steps:
251、IDaaS服务器获取用户发起的登录请求。251. The IDaaS server obtains the login request initiated by the user.
252、IDaaS服务器基于第一关系对登录请求进行验证,以生成授权信息。252. The IDaaS server verifies the login request based on the first relationship to generate authorization information.
253、IDaaS服务器将授权信息发送给SaaS客户端,以使用户基于授权信息访问SaaS服务器。253. The IDaaS server sends the authorization information to the SaaS client so that the user can access the SaaS server based on the authorization information.
当用户完成SaaS应用的购买后,需要使用该SaaS应用,则用户可以通过与该SaaS应用对应的SaaS客户端向SaaS服务器上的SaaS实例发起登录请求,该登录请求包括用户应用的标识,SaaS服务器会基于该登录请求返回集成了IDaaS的SaaS登录页给SaaS客户端,用户点击登录后,此时SaaS客户端会向SaaS服务器的租户信息中查询该登录信息是否为租户。After the user completes the purchase of the SaaS application and needs to use the SaaS application, the user can initiate a login request to the SaaS instance on the SaaS server through the SaaS client corresponding to the SaaS application. The login request includes the user application identifier, the SaaS server Based on the login request, the SaaS login page integrated with IDaaS will be returned to the SaaS client. After the user clicks to log in, the SaaS client will query the tenant information of the SaaS server to see whether the login information is a tenant.
若用户为租户,SaaS客户端会携带用户购买SaaS应用时生成的用户应用的标识向IDaaS服务器发起登录,用户在该SaaS客户端上输入登录信息(账号密码等)后,发送给IDaaS服务器,IDaaS服务器基于第一关系对登录信息进行验证,即IDaaS服务器会基于第一关系校验应用标识,并校验用户输入的登录信息,校验通过后向SaaS客户端返回登录的授权信息。If the user is a tenant, the SaaS client will carry the user application identification generated when the user purchases the SaaS application to initiate a login to the IDaaS server. After the user enters the login information (account password, etc.) on the SaaS client, it will be sent to the IDaaS server. IDaaS The server verifies the login information based on the first relationship, that is, the IDaaS server verifies the application identification based on the first relationship, verifies the login information entered by the user, and returns the login authorization information to the SaaS client after passing the verification.
254、IDaaS服务器接收来自SaaS服务器的授权信息和应用凭证。254. The IDaaS server receives the authorization information and application credentials from the SaaS server.
255、IDaaS服务器基于应用凭证对授权信息进行验证,并将验证结果发送给SaaS服务器。255. The IDaaS server verifies the authorization information based on the application credentials, and sends the verification result to the SaaS server.
SaaS客户端接收到IDaaS服务器返回的授权信息后,会携带该授权信息向SaaS服务器请求SaaS的服务,SaaS服务器会携带应用凭证和该授权信息向IDaaS服务器验证该授权信息的有效性,IDaaS服务器验证该应用凭证是否具有访问用户应用下的用户信息的权限,若有,则授权信息验证通过,IDaaS服务器返回用户编号给SaaS服务器,SaaS服务器根据授权信息判断该用户编号对应的用户是否具有访问SaaS的服务的权限,如果具有权限,就SaaS服务器生成会话标识,并将该会话标识返回给SaaS客户端,此时用户登录成功,用户可以基于该会话标识访问SaaS服务的其他功能,使用SaaS服务。After receiving the authorization information returned by the IDaaS server, the SaaS client will carry the authorization information to request SaaS services from the SaaS server. The SaaS server will carry the application credentials and the authorization information to the IDaaS server to verify the validity of the authorization information. The IDaaS server verifies Does the application credential have the authority to access user information under the user application? If so, the authorization information is verified and the IDaaS server returns the user number to the SaaS server. The SaaS server determines whether the user corresponding to the user number has the right to access SaaS based on the authorization information. The permissions of the service. If it has permissions, the SaaS server generates a session ID and returns the session ID to the SaaS client. At this time, the user logs in successfully and the user can access other functions of the SaaS service based on the session ID and use the SaaS service.
进一步的,该阶段四的具体详细流程可以参考图10,本申请实施例不再赘述。Further, the specific detailed process of this stage four can be referred to Figure 10, which will not be described again in the embodiment of this application.
如图11所示,总结上述四个阶段可见,本申请实施例中,IDaaS服务器根据SaaS服 务商发送的应用申请创建服务商应用,并为服务商应用分配应用凭证,将应用凭证发送给SaaS服务商,以使SaaS服务商基于应用凭证在SaaS服务器创建用于访问IDaaS服务器的接口,通过该接口可以实现SaaS和IDaaS的集成。SaaS和IDaaS集成后,上架、购买、认证等关键流程都可以实现,购买SaaS应用的租户可感知功能变化,SaaS应用的开发者可感知接口变化、配置信息等,IDaaS具有SaaS的关键技术支持,支持服务商应用和基于服务商应用生成的用户应用的关联关系,在用户的角度来说,用户买了一个SaaS应用,***自动在IDaaS上实例化该SaaS应用,关联用户租户信息,用户进入SaaS应用市场页面,可以对自己购买的服务进行IDaaS的各项操作,比如创建组织、部门、权限管理等等;在SaaS应用开发者的角度,开发者需要跟IDaaS预集成(实现对接),***会提供两边的接口,让他们顺利实现各环节通信。并且,SaaS应用的各种配置信息可以模板化,当SaaS应用比如迁移了服务器,只需要更新模板中的某些字段就能实现服务器迁移,而对IDaaS服务器和用户侧均没有影响,从而带来了包括但不限于以下几点的有益效果:As shown in Figure 11, summarizing the above four stages, it can be seen that in the embodiment of this application, the IDaaS server is based on the SaaS service. Create a service provider application based on the application application sent by the service provider, allocate application credentials to the service provider application, and send the application credentials to the SaaS service provider so that the SaaS service provider can create an interface on the SaaS server based on the application credentials for accessing the IDaaS server. This interface can realize the integration of SaaS and IDaaS. After SaaS and IDaaS are integrated, key processes such as listing, purchase, and certification can be realized. Tenants who purchase SaaS applications can perceive functional changes, and developers of SaaS applications can perceive interface changes, configuration information, etc. IDaaS has the key technical support of SaaS. Supports the association between service provider applications and user applications generated based on service provider applications. From the user's perspective, the user purchases a SaaS application, the system automatically instantiates the SaaS application on IDaaS, associates the user's tenant information, and the user enters SaaS On the application market page, you can perform various IDaaS operations on the services you purchased, such as creating organizations, departments, permission management, etc.; from the perspective of SaaS application developers, developers need to pre-integrate (achieve docking) with IDaaS, and the system will Provide interfaces for both sides to allow them to communicate smoothly in all aspects. Moreover, various configuration information of SaaS applications can be templated. When a SaaS application migrates a server, it only needs to update certain fields in the template to realize server migration, without affecting the IDaaS server or user side, thus bringing about Beneficial effects include but are not limited to the following:
(1)用户在SaaS应用市场购买SaaS应用后,可以自动实现与IDaaS服务的集成,包括对SaaS服务器和IDaaS服务器的改造,使得双方在购买、权限管理、认证等流程上的打通,使用户能够同时享受SaaS和IDaaS的好处,用户仅维护一份用户信息(包括组织、部门,人员,应用授权)等,可以方便使用多个SaaS能力,提升了用户体验;(1) After users purchase SaaS applications in the SaaS application market, they can automatically integrate with IDaaS services, including the transformation of SaaS servers and IDaaS servers, so that the two parties can open up processes such as purchase, rights management, and authentication, so that users can Enjoy the benefits of SaaS and IDaaS at the same time. Users only maintain one user information (including organization, department, personnel, application authorization), etc., and can easily use multiple SaaS capabilities, improving the user experience;
(2)IDaaS服务器通过引入服务商应用,区分了已有的用户应用,可以识别应用交易应用的场景,灵活的支持SaaS服务商对接;(2) The IDaaS server distinguishes existing user applications by introducing service provider applications, can identify application transaction application scenarios, and flexibly supports SaaS service provider docking;
(3)通过SaaS应用市场作为中间平台,使用SaaS和IDaaS的灵活绑定使用,SaaS应用市场整合SaaS服务和IDaaS服务,降低了***对接的复杂度,提升了SaaS服务商和提供IDaaS服务的服务商的体验;(3) Using the SaaS application market as an intermediate platform and using the flexible binding of SaaS and IDaaS, the SaaS application market integrates SaaS services and IDaaS services, reducing the complexity of system docking and improving SaaS service providers and services that provide IDaaS services. business experience;
(4)SaaS服务商进行应用改造升级(如应用服务器搬迁、扩容等),不对用户侧产生影响,同时通过SaaS市场接入更多的用户。(4) SaaS service providers carry out application transformation and upgrades (such as application server relocation, capacity expansion, etc.) without affecting the user side, and at the same time access more users through the SaaS market.
使用本申请实施例提供的服务集成方法后,从交互体验来看,基于SaaS应用市场,可以通过应用市场的交互,感知到SaaS集成了IDaaS,用户可以使用集成SaaS的IDaaS的能力,从网络侧来看,通过抓包可以找到SaaS应用市场和SaaS服务商有集成相关的接口,或者IDaaS服务器和SaaS服务商有集成相关的接口。After using the service integration method provided by the embodiment of this application, from the perspective of interactive experience, based on the SaaS application market, it can be perceived that SaaS integrates IDaaS through the interaction of the application market, and users can use the capabilities of IDaaS integrated with SaaS from the network side. It seems that through packet capture, you can find that the SaaS application market and the SaaS service provider have integration-related interfaces, or the IDaaS server and the SaaS service provider have integration-related interfaces.
二、不使用SaaS应用市场:2. Not using SaaS application market:
SaaS应用市场的部分功能转换为由IDaaS服务器承载,SaaS服务商和用户都转换为与IDaaS服务器进行交互,而SaaS应用的交易可以由线下完成,或者单独在SaaS应用市场完成,在不使用SaaS应用市场的场景下,具体的一些实现细节可以参考前述的使用SaaS应用市场的场景,本申请实施例在此不再赘述。Some functions of the SaaS application market are converted to be hosted by the IDaaS server, and both SaaS service providers and users are converted to interact with the IDaaS server. SaaS application transactions can be completed offline, or completed separately in the SaaS application market, without using SaaS In the application market scenario, some specific implementation details may refer to the aforementioned scenario of using the SaaS application market, and the embodiments of this application will not be repeated here.
如图12-图16所示,该服务集成方法可以分为三个阶段,具体包括:As shown in Figures 12-16, the service integration method can be divided into three stages, including:
阶段一(如图12所示)、SaaS服务商预集成IDaaS能力:Phase 1 (shown in Figure 12), SaaS service provider pre-integrates IDaaS capabilities:
311、IDaaS服务器获取应用申请。311. The IDaaS server obtains the application application.
312、IDaaS服务器根据应用申请创建服务商应用,并为服务商应用分配应用凭证。312. The IDaaS server creates a service provider application based on the application application, and allocates application credentials to the service provider application.
SaaS服务商预先在IDaaS服务器完成了租户的开通,应用申请包括SaaS服务商的信 息,即应用申请可以是SaaS服务商通过SaaS应用市场向IDaaS服务器发送的,此时SaaS服务商可以直接向IDaaS服务器发起应用申请,使IDaaS服务器根据应用申请创建服务商应用,并为服务商应用分配应用凭证,服务商应用用于将SaaS服务商和IDaaS服务器中的租户关联,也可以理解为SaaS服务商在IDaaS服务器中的绑定凭证。该应用凭证需要由IDaaS服务器返回给SaaS服务商,用于SaaS服务商基于该应用凭证在SaaS服务器创建用于访问IDaaS服务器的接口,应用凭证可以理解为SaaS服务商用来访问IDaaS服务器的凭证或身份标识。The SaaS service provider has completed the tenant activation on the IDaaS server in advance, and the application application includes the SaaS service provider’s information. Information, that is, the application application can be sent by the SaaS service provider to the IDaaS server through the SaaS application market. At this time, the SaaS service provider can directly initiate an application application to the IDaaS server, so that the IDaaS server can create the service provider application based on the application application and apply it to the service provider. To allocate application credentials, the service provider application is used to associate the SaaS service provider with the tenant in the IDaaS server. It can also be understood as the binding credentials of the SaaS service provider in the IDaaS server. The application credential needs to be returned to the SaaS service provider by the IDaaS server, which is used by the SaaS service provider to create an interface on the SaaS server for accessing the IDaaS server based on the application credential. The application credential can be understood as the credential or identity used by the SaaS service provider to access the IDaaS server. logo.
313、IDaaS服务器将应用凭证发送给SaaS服务商,以使SaaS服务商基于应用凭证在SaaS服务器创建用于访问IDaaS服务器的接口。313. The IDaaS server sends the application credentials to the SaaS service provider, so that the SaaS service provider creates an interface on the SaaS server for accessing the IDaaS server based on the application credentials.
IDaaS服务器为服务商应用分配应用凭证后,会将应用凭证发送给SaaS服务商,例如IDaaS服务器生成应用凭证后,单独将应用凭证通过线下或其他线上方式传递给SaaS服务商,SaaS服务商就可以基于该应用凭证在SaaS服务器创建用于访问IDaaS服务器的接口,可选的,在完成SaaS服务器与IDaaS服务器的预集成后,SaaS服务商可以修改服务商应用的配置信息,并对预集成的可靠性进行验证。After the IDaaS server allocates application credentials to the service provider's application, it will send the application credentials to the SaaS service provider. For example, after the IDaaS server generates the application credentials, it will separately pass the application credentials to the SaaS service provider through offline or other online methods. The SaaS service provider Based on the application credentials, an interface for accessing the IDaaS server can be created on the SaaS server. Optionally, after completing the pre-integration of the SaaS server and the IDaaS server, the SaaS service provider can modify the configuration information of the service provider application and perform pre-integration The reliability is verified.
具体的,SaaS服务商在IDaaS服务器修改服务商应用的配置信息,IDaaS服务器获取并记录服务商应用的修改信息,其中修改信息为SaaS服务商对服务商应用的配置信息修改后生成的,配置信息包括服务商应用的调用路径,IDaaS服务器还可以维护组织信息、维护人员信息等。IDaaS服务器也可以获取SaaS服务商发送的测试申请,IDaaS服务器根据测试申请创建测试应用,并记录测试应用与服务商应用的第二关系,即IDaaS服务器基于来自SaaS服务商的测试用户对测试应用进行测试基于该服务商应用创建测试应用,然后SaaS服务商可以在IDaaS服务器维护应用授权,即完成自身租户的组织信息、人员信息和服务商应用的授权,最后IDaaS服务器和SaaS服务器同步信息,同步信息包括租户信息、应用信息和授权信息。Specifically, the SaaS service provider modifies the configuration information of the service provider application on the IDaaS server, and the IDaaS server obtains and records the modification information of the service provider application, where the modification information is generated by the SaaS service provider after modifying the configuration information of the service provider application. The configuration information Including the calling path of the service provider's application, the IDaaS server can also maintain organizational information, maintenance personnel information, etc. The IDaaS server can also obtain the test application sent by the SaaS service provider. The IDaaS server creates a test application based on the test application and records the second relationship between the test application and the service provider application. That is, the IDaaS server performs testing on the test application based on test users from the SaaS service provider. The test creates a test application based on the service provider application. Then the SaaS service provider can maintain the application authorization on the IDaaS server, that is, complete the authorization of its own tenant's organizational information, personnel information and service provider application. Finally, the IDaaS server and the SaaS server synchronize information. Synchronize information Including tenant information, application information and authorization information.
进一步的,该阶段一的具体详细流程可以参考图13,本申请实施例不再赘述。Further, the specific detailed process of this stage one can be referred to Figure 13, which will not be described again in the embodiment of this application.
阶段二(如图14所示)、用户在IDaaS服务器完成SaaS的应用管理和配置:Phase 2 (shown in Figure 14), the user completes SaaS application management and configuration on the IDaaS server:
321、IDaaS服务器获取用户购买的SaaS应用的应用信息。321. The IDaaS server obtains the application information of the SaaS application purchased by the user.
用户预先已在IDaaS服务器完成了租户的开通,可以使用IDaaS服务器的功能,而SaaS应用的购买可以是用户在线下或线下完成的,SaaS应用的校验逻辑可以由IDaaS服务器和SaaS服务器分别完成,SaaS应用与服务商应用绑定。The user has completed the tenant activation on the IDaaS server in advance and can use the functions of the IDaaS server. The purchase of SaaS applications can be completed by the user offline or offline. The verification logic of the SaaS application can be completed by the IDaaS server and the SaaS server respectively. , SaaS applications are bound to service provider applications.
322、IDaaS服务器基于服务商应用和应用信息创建用户应用。322. The IDaaS server creates a user application based on the service provider application and application information.
IDaaS服务器获取到SaaS应用的应用信息后,支持配置用户使用服务商应用创建与SaaS应用对应的用户应用,也可以由SaaS应用通知IDaaS服务器完成用户应用的创建,用户应用为用于将SaaS应用与IDaaS服务器中的租户关联,也可以理解为SaaS应用在IDaaS服务器租户中的绑定凭证,第一关系用于记录用户应用与服务商应用的关系,即IDaaS服务器还会记录用户应用与服务商应用的应用关系,即记录上述第一关系,随后IDaaS服务器会将应用信息返回给用户。After the IDaaS server obtains the application information of the SaaS application, it supports configuring the user to use the service provider application to create a user application corresponding to the SaaS application. The SaaS application can also notify the IDaaS server to complete the creation of the user application. The user application is used to combine the SaaS application with the SaaS application. The tenant association in the IDaaS server can also be understood as the binding credentials of the SaaS application in the IDaaS server tenant. The first relationship is used to record the relationship between the user application and the service provider application, that is, the IDaaS server will also record the user application and the service provider application. The application relationship is to record the above first relationship, and then the IDaaS server will return the application information to the user.
323、IDaaS服务器与SaaS服务器同步信息。 323. The IDaaS server and the SaaS server synchronize information.
可选的,在IDaaS服务器创建完用户应用后,IDaaS服务器也需要与SaaS服务器同步信息,使得用户可以通过SaaS服务器访问IDaaS服务器的用户应用。可选的,在同步完租户信息和应用信息后,用户可以对组织信息和人员信息进行维护,即用户在IDaaS服务器中,进行组织信息、人员信息和应用授权等信息的维护,此后SaaS服务器再与SaaS应用市场同步授权信息。Optionally, after the IDaaS server creates the user application, the IDaaS server also needs to synchronize information with the SaaS server so that the user can access the user application of the IDaaS server through the SaaS server. Optionally, after synchronizing tenant information and application information, the user can maintain organizational information and personnel information, that is, the user maintains organizational information, personnel information, application authorization and other information in the IDaaS server, and then the SaaS server Synchronize authorization information with SaaS application market.
进一步的,该阶段二的具体详细流程可以参考图15,本申请实施例不再赘述。Further, the specific detailed process of the second stage can be referred to Figure 15, which will not be described again in the embodiment of this application.
阶段三(如图16所示)、用户使用SaaS服务:Stage three (shown in Figure 16), users use SaaS services:
331、IDaaS服务器获取用户发起的登录请求。331. The IDaaS server obtains the login request initiated by the user.
332、IDaaS服务器基于第一关系对登录请求进行验证,以生成授权信息。332. The IDaaS server verifies the login request based on the first relationship to generate authorization information.
333、IDaaS服务器将授权信息发送给SaaS客户端,以使用户基于授权信息访问SaaS服务器。333. The IDaaS server sends the authorization information to the SaaS client so that the user can access the SaaS server based on the authorization information.
当用户完成SaaS应用的购买后,需要使用该SaaS应用,则用户可以通过与该SaaS应用对应的SaaS客户端向SaaS服务器上的SaaS实例发起登录请求,该登录请求包括用户应用的标识,SaaS服务器会基于该登录请求返回集成了IDaaS的SaaS登录页给SaaS客户端,用户点击登录后,此时SaaS客户端会向SaaS服务器的租户信息中查询该登录信息是否为租户。After the user completes the purchase of the SaaS application and needs to use the SaaS application, the user can initiate a login request to the SaaS instance on the SaaS server through the SaaS client corresponding to the SaaS application. The login request includes the user application identifier, the SaaS server Based on the login request, the SaaS login page integrated with IDaaS will be returned to the SaaS client. After the user clicks to log in, the SaaS client will query the tenant information of the SaaS server to see whether the login information is a tenant.
若用户为租户,SaaS客户端会携带用户购买SaaS应用时生成的用户应用的标识向IDaaS服务器发起登录,用户在该SaaS客户端上输入登录信息(账号密码等)后,发送给IDaaS服务器,IDaaS服务器基于第一关系对登录信息进行验证,即IDaaS服务器会基于第一关系校验应用标识,并校验用户输入的登录信息,校验通过后向SaaS客户端返回登录的授权信息。If the user is a tenant, the SaaS client will carry the user application identification generated when the user purchases the SaaS application to initiate a login to the IDaaS server. After the user enters the login information (account password, etc.) on the SaaS client, it will be sent to the IDaaS server. IDaaS The server verifies the login information based on the first relationship, that is, the IDaaS server verifies the application identification based on the first relationship, verifies the login information entered by the user, and returns the login authorization information to the SaaS client after passing the verification.
334、IDaaS服务器接收来自SaaS服务器的授权信息和应用凭证。334. The IDaaS server receives the authorization information and application credentials from the SaaS server.
335、IDaaS服务器基于应用凭证对授权信息进行验证,并将验证结果发送给SaaS服务器。335. The IDaaS server verifies the authorization information based on the application credentials, and sends the verification result to the SaaS server.
SaaS客户端接收到IDaaS服务器返回的授权信息后,会携带该授权信息向SaaS服务器请求SaaS的服务,SaaS服务器会携带应用凭证和该授权信息向IDaaS服务器验证该授权信息的有效性,IDaaS服务器验证该应用凭证是否具有访问用户应用下的用户信息的权限,若有,则授权信息验证通过,IDaaS服务器返回用户编号给SaaS服务器,SaaS服务器根据授权信息判断该用户编号对应的用户是否具有访问SaaS的服务的权限,如果具有权限,就SaaS服务器生成会话标识,并将该会话标识返回给SaaS客户端,此时用户登录成功,用户可以基于该会话标识访问SaaS服务的其他功能,使用SaaS服务。After receiving the authorization information returned by the IDaaS server, the SaaS client will carry the authorization information to request SaaS services from the SaaS server. The SaaS server will carry the application credentials and the authorization information to the IDaaS server to verify the validity of the authorization information. The IDaaS server verifies Does the application credential have the authority to access user information under the user application? If so, the authorization information is verified and the IDaaS server returns the user number to the SaaS server. The SaaS server determines whether the user corresponding to the user number has the right to access SaaS based on the authorization information. The permissions of the service. If it has permissions, the SaaS server generates a session ID and returns the session ID to the SaaS client. At this time, the user logs in successfully and the user can access other functions of the SaaS service based on the session ID and use the SaaS service.
进一步的,该阶段三的具体详细流程可以同样参考图10,本申请实施例不再赘述。Further, the specific and detailed process of this phase three can also be referred to Figure 10, which will not be described again in the embodiment of this application.
在不使用SaaS应用市场的场景中,除了具有将SaaS与IDaaS集成后的有益效果,还去掉了SaaS应用市场的编排逻辑,降低了服务集成的成本,用户也可以感知到SaaS和IDaaS的对接细节。In scenarios where the SaaS application market is not used, in addition to the beneficial effects of integrating SaaS and IDaaS, the orchestration logic of the SaaS application market is also removed, reducing the cost of service integration. Users can also perceive the details of the connection between SaaS and IDaaS. .
以上介绍了本申请实施例提供的服务集成方法,下面结合附图介绍本申请实施例提供的相关设备。 The service integration method provided by the embodiment of the present application has been introduced above. The relevant equipment provided by the embodiment of the present application will be introduced below with reference to the accompanying drawings.
如图17所示,本申请实施例提供的服务器1700的一实施例包括:As shown in Figure 17, an embodiment of the server 1700 provided by the embodiment of this application includes:
获取单元1701,用于获取应用申请,应用申请包括软件即服务SaaS服务商的信息;该获取单元1701可以执行上述方法实施例中的步骤211。The acquisition unit 1701 is used to acquire an application application, which includes information about the software as a service SaaS provider; the acquisition unit 1701 can perform step 211 in the above method embodiment.
创建单元1702,用于根据应用申请创建服务商应用,并为服务商应用分配应用凭证,应用凭证用于SaaS服务商基于应用凭证在SaaS服务器创建用于访问IDaaS服务器的接口,服务商应用用于将SaaS服务商和IDaaS服务器中的租户关联;该创建单元1702可以执行上述方法实施例中的步骤212。The creation unit 1702 is used to create a service provider application according to the application application, and allocate application credentials to the service provider application. The application credentials are used by the SaaS service provider to create an interface on the SaaS server for accessing the IDaaS server based on the application credentials. The service provider application is used for Associate the SaaS service provider with the tenant in the IDaaS server; the creation unit 1702 can perform step 212 in the above method embodiment.
发送单元1703,用于将应用凭证发送给SaaS服务商。该发送单元1703可以执行上述方法实施例中的步骤213。The sending unit 1703 is used to send the application credentials to the SaaS service provider. The sending unit 1703 may perform step 213 in the above method embodiment.
本申请实施例中,创建单元1702根据SaaS服务商发送的应用申请创建服务商应用,并为服务商应用分配应用凭证,发送单元1703将应用凭证发送给SaaS服务商,以使SaaS服务商基于应用凭证在SaaS服务器创建用于访问IDaaS服务器的接口,通过该接口可以实现SaaS和IDaaS的集成。In the embodiment of this application, the creation unit 1702 creates a service provider application according to the application application sent by the SaaS service provider, and allocates application credentials to the service provider application. The sending unit 1703 sends the application credentials to the SaaS service provider, so that the SaaS service provider can The credentials create an interface on the SaaS server for accessing the IDaaS server, through which the integration of SaaS and IDaaS can be achieved.
可选的,获取单元1701还用于获取用户购买的SaaS应用的应用信息,SaaS应用与服务商应用绑定;创建单元1702还用于基于服务商应用和应用信息创建用户应用,用户应用用于将SaaS应用与IDaaS服务器中的租户关联。Optionally, the acquisition unit 1701 is also used to obtain the application information of the SaaS application purchased by the user, and the SaaS application is bound to the service provider application; the creation unit 1702 is also used to create a user application based on the service provider application and application information, and the user application is used to Associate the SaaS application with the tenant in the IDaaS server.
可选的,该服务器1700还包括验证单元1704和接收单元1705,获取单元1701还用于获取用户发起的登录请求,登录请求包括用户应用的标识;验证单元1704用于基于第一关系对登录请求进行验证,以生成授权信息,第一关系用于记录用户应用与服务商应用的关系;发送单元1703还用于将授权信息发送给用户,以使用户基于授权信息访问SaaS服务器;接收单元1705用于接收来自SaaS服务器的授权信息和应用凭证;验证单元1704还用于基于应用凭证对授权信息进行验证,并将验证结果发送给SaaS服务器。Optionally, the server 1700 also includes a verification unit 1704 and a receiving unit 1705. The obtaining unit 1701 is also used to obtain a login request initiated by the user. The login request includes the identification of the user application; the verification unit 1704 is used to verify the login request based on the first relationship. Verification is performed to generate authorization information. The first relationship is used to record the relationship between the user application and the service provider application; the sending unit 1703 is also used to send the authorization information to the user so that the user can access the SaaS server based on the authorization information; the receiving unit 1705 uses For receiving authorization information and application credentials from the SaaS server; the verification unit 1704 is also used for verifying the authorization information based on the application credentials, and sending the verification result to the SaaS server.
可选的,该服务器1700还包括测试单元1706,获取单元1701还用于获取测试申请;创建单元1702还用于根据测试申请创建测试应用,并记录测试应用与服务商应用的第二关系;测试单元1706用于基于来自SaaS服务商的测试用户对测试应用进行测试。Optionally, the server 1700 also includes a testing unit 1706. The obtaining unit 1701 is also used to obtain a test application; the creation unit 1702 is also used to create a test application according to the test application and record the second relationship between the test application and the service provider application; test Unit 1706 is used to test the test application based on test users from the SaaS service provider.
可选的,获取单元1701还用于获取并记录服务商应用的修改信息,修改信息为SaaS服务商对服务商应用的配置信息修改后生成的,配置信息包括服务商应用的调用路径。Optionally, the acquisition unit 1701 is also used to obtain and record the modification information of the service provider application. The modification information is generated by the SaaS service provider after modifying the configuration information of the service provider application. The configuration information includes the calling path of the service provider application.
可选的,SaaS服务商通过SaaS应用市场访问IDaaS服务器和SaaS服务器。Optionally, the SaaS service provider accesses the IDaaS server and SaaS server through the SaaS application market.
可选的,用户通过SaaS应用市场或SaaS客户端访问IDaaS服务器和SaaS服务器。Optionally, users access the IDaaS server and SaaS server through the SaaS application market or SaaS client.
本申请实施例提供的服务器1700可以参阅前述服务集成方法实施例部分的相应内容进行理解,此处不再重复赘述。The server 1700 provided in the embodiment of this application can be understood by referring to the corresponding content of the foregoing service integration method embodiment, and the details will not be repeated here.
其中,获取单元1701、创建单元1702和发送单元1703等均可以通过软件实现,或者可以通过硬件实现。示例性的,接下来以获取单元1701为例,介绍获取单元1701的实现方式。类似的,创建单元1702和发送单元1703的实现方式可以参考获取单元1701的实现方式。Among them, the obtaining unit 1701, the creating unit 1702, the sending unit 1703, etc. can all be implemented by software, or can be implemented by hardware. Illustratively, the following takes the acquisition unit 1701 as an example to introduce the implementation of the acquisition unit 1701. Similarly, the implementation of the creation unit 1702 and the sending unit 1703 may refer to the implementation of the acquisition unit 1701.
单元作为软件功能单元的一种举例,获取单元1701可以包括运行在计算实例上的代码。其中,计算实例可以包括物理主机(计算设备)、虚拟机、容器中的至少一种。进一步地,上述计算实例可以是一台或者多台。例如,获取单元1701可以包括运行在多个主机/虚拟机 /容器上的代码。需要说明的是,用于运行该代码的多个主机/虚拟机/容器可以分布在相同的区域(region)中,也可以分布在不同的region中。进一步地,用于运行该代码的多个主机/虚拟机/容器可以分布在相同的可用区(availability zone,AZ)中,也可以分布在不同的AZ中,每个AZ包括一个数据中心或多个地理位置相近的数据中心。其中,通常一个region可以包括多个AZ。Unit As an example of a software functional unit, the acquisition unit 1701 may include code running on a computing instance. The computing instance may include at least one of a physical host (computing device), a virtual machine, and a container. Furthermore, the above computing instance may be one or more. For example, the acquisition unit 1701 may include running on multiple hosts/virtual machines /code on the container. It should be noted that multiple hosts/virtual machines/containers used to run the code can be distributed in the same region (region) or in different regions. Further, multiple hosts/virtual machines/containers used to run the code can be distributed in the same availability zone (AZ) or in different AZs. Each AZ includes one data center or multiple AZs. geographically close data centers. Among them, usually a region can include multiple AZs.
同样,用于运行该代码的多个主机/虚拟机/容器可以分布在同一个虚拟私有云(virtual private cloud,VPC)中,也可以分布在多个VPC中。其中,通常一个VPC设置在一个region内,同一region内两个VPC之间,以及不同region的VPC之间跨区通信需在每个VPC内设置通信网关,经通信网关实现VPC之间的互连。Likewise, the multiple hosts/VMs/containers used to run the code can be distributed in the same virtual private cloud (VPC), or across multiple VPCs. Among them, usually a VPC is set up in a region. Cross-region communication between two VPCs in the same region and between VPCs in different regions requires a communication gateway in each VPC, and the interconnection between VPCs is realized through the communication gateway. .
单元作为硬件功能单元的一种举例,获取单元1701可以包括至少一个计算设备,如服务器等。或者,获取单元1701也可以是利用专用集成电路(application-specific integrated circuit,ASIC)实现、或可编程逻辑器件(programmable logic device,PLD)实现的设备等。其中,上述PLD可以是复杂程序逻辑器件(complex programmable logical device,CPLD)、现场可编程门阵列(field-programmable gate array,FPGA)、通用阵列逻辑(generic array logic,GAL)或其任意组合实现。Unit As an example of a hardware functional unit, the acquisition unit 1701 may include at least one computing device, such as a server. Alternatively, the acquisition unit 1701 may also be a device implemented using an application-specific integrated circuit (ASIC) or a programmable logic device (PLD). Among them, the above-mentioned PLD can be a complex programmable logical device (CPLD), a field-programmable gate array (field-programmable gate array, FPGA), a general array logic (generic array logic, GAL), or any combination thereof.
获取单元1701包括的多个计算设备可以分布在相同的region中,也可以分布在不同的region中。获取单元1701包括的多个计算设备可以分布在相同的AZ中,也可以分布在不同的AZ中。同样,获取单元1701包括的多个计算设备可以分布在同一个VPC中,也可以分布在多个VPC中。其中,所述多个计算设备可以是服务器、ASIC、PLD、CPLD、FPGA和GAL等计算设备的任意组合。Multiple computing devices included in the acquisition unit 1701 may be distributed in the same region or in different regions. Multiple computing devices included in the acquisition unit 1701 may be distributed in the same AZ or in different AZs. Similarly, multiple computing devices included in the acquisition unit 1701 may be distributed in the same VPC or in multiple VPCs. The plurality of computing devices may be any combination of computing devices such as servers, ASICs, PLDs, CPLDs, FPGAs, and GALs.
需要说明的是,在其他实施例中,获取单元1701可以用于执行服务集成方法中的任意步骤,B模块可以用于执行服务集成方法中的任意步骤,C模块可以用于执行服务集成方法中的任意步骤,获取单元1701、创建单元1702、以及发送单元1703负责实现的步骤可根据需要指定,通过获取单元1701、创建单元1702、以及发送单元1703分别实现服务集成方法中不同的步骤来实现服务器1700的全部功能。It should be noted that in other embodiments, the acquisition unit 1701 can be used to execute any steps in the service integration method, the B module can be used to execute any steps in the service integration method, and the C module can be used to execute any steps in the service integration method. Any steps of the acquisition unit 1701, the creation unit 1702, and the sending unit 1703 can be specified as needed. The acquisition unit 1701, the creation unit 1702, and the sending unit 1703 respectively implement different steps in the service integration method to implement the server. Full functionality of the 1700.
如图18所示,本申请实施例提供的服务器1800的另一实施例包括:As shown in Figure 18, another embodiment of the server 1800 provided by the embodiment of this application includes:
获取单元1801,用于获取SaaS服务商发送的应用凭证,应用凭证为身份即服务IDaaS服务器为服务商应用分配得到的,服务商应用为IDaaS服务器根据应用申请创建的,应用申请包括SaaS服务商的信息,服务商应用用于将SaaS服务商和IDaaS服务器中的租户关联;该获取单元1801可以执行上述方法实施例中的步骤213。The acquisition unit 1801 is used to obtain the application credentials sent by the SaaS service provider. The application credentials are allocated by the identity-as-a-service IDaaS server for the service provider application. The service provider application is created by the IDaaS server according to the application application. The application application includes the SaaS service provider's application credentials. Information, the service provider application is used to associate the SaaS service provider with the tenant in the IDaaS server; the acquisition unit 1801 can perform step 213 in the above method embodiment.
创建单元1802,用于根据应用凭证创建用于访问IDaaS服务器的接口。该创建单元1802可以执行上述方法实施例中的步骤214。The creation unit 1802 is configured to create an interface for accessing the IDaaS server according to the application credentials. The creation unit 1802 may perform step 214 in the above method embodiment.
本申请实施例中,根据SaaS服务商发送的应用申请创建服务商应用,并为服务商应用分配应用凭证,将应用凭证发送给SaaS服务商,以使创建单元1802创建用于访问IDaaS服务器的接口,通过该接口可以实现SaaS和IDaaS的集成。In the embodiment of this application, the service provider application is created according to the application application sent by the SaaS service provider, and application credentials are assigned to the service provider application, and the application credentials are sent to the SaaS service provider so that the creation unit 1802 creates an interface for accessing the IDaaS server. , through this interface, the integration of SaaS and IDaaS can be achieved.
可选的,该服务器1800还包括发送单元1803和接收单元1804,获取单元1801还用于获取用户发送的授权信息,授权信息为IDaaS服务器基于第一关系对登录请求进行验证 生成的,第一关系为用户应用和服务商应用的应用关系,用户应用为IDaaS服务器基于服务商应用和应用信息创建的,应用信息为用户购买的SaaS应用的信息,SaaS应用与服务商应用绑定,登录请求为用户发起的,包括用户应用的标识的请求,用户应用用于将SaaS应用与IDaaS服务器中的租户关联;发送单元1803用于将授权信息和应用凭证发送给IDaaS服务器,以使IDaaS服务器基于应用凭证对授权信息进行验证,得到验证结果;接收单元1804用于接收来自IDaaS服务器的验证结果。Optionally, the server 1800 also includes a sending unit 1803 and a receiving unit 1804. The obtaining unit 1801 is also used to obtain authorization information sent by the user. The authorization information is used by the IDaaS server to verify the login request based on the first relationship. Generated, the first relationship is the application relationship between the user application and the service provider application. The user application is created by the IDaaS server based on the service provider application and application information. The application information is the information of the SaaS application purchased by the user. The SaaS application is bound to the service provider application. It is determined that the login request is a request initiated by the user and includes the identification of the user application. The user application is used to associate the SaaS application with the tenant in the IDaaS server; the sending unit 1803 is used to send authorization information and application credentials to the IDaaS server so that The IDaaS server verifies the authorization information based on the application credentials and obtains the verification result; the receiving unit 1804 is used to receive the verification result from the IDaaS server.
可选的,SaaS服务商通过SaaS应用市场访问IDaaS服务器和SaaS服务器。Optionally, the SaaS service provider accesses the IDaaS server and SaaS server through the SaaS application market.
可选的,用户通过SaaS应用市场或SaaS客户端访问IDaaS服务器和SaaS服务器。Optionally, users access the IDaaS server and SaaS server through the SaaS application market or SaaS client.
本申请实施例提供的服务器1800可以参阅前述服务集成方法实施例部分的相应内容进行理解,此处不再重复赘述。The server 1800 provided in the embodiment of this application can be understood by referring to the corresponding content of the foregoing service integration method embodiment, and will not be repeated here.
其中,获取单元1801和创建单元1802等均可以通过软件实现,或者可以通过硬件实现。示例性的,接下来以获取单元1801为例,介绍获取单元1801的实现方式。类似的,创建单元1802的实现方式可以参考获取单元1801的实现方式。Among them, the acquisition unit 1801, the creation unit 1802, etc. can be implemented by software, or can be implemented by hardware. Illustratively, the following takes the acquisition unit 1801 as an example to introduce the implementation of the acquisition unit 1801. Similarly, the implementation of the creation unit 1802 may refer to the implementation of the acquisition unit 1801.
单元作为软件功能单元的一种举例,获取单元1801可以包括运行在计算实例上的代码。其中,计算实例可以包括物理主机(计算设备)、虚拟机、容器中的至少一种。进一步地,上述计算实例可以是一台或者多台。例如,获取单元1801可以包括运行在多个主机/虚拟机/容器上的代码。需要说明的是,用于运行该代码的多个主机/虚拟机/容器可以分布在相同的区域(region)中,也可以分布在不同的region中。进一步地,用于运行该代码的多个主机/虚拟机/容器可以分布在相同的可用区(availability zone,AZ)中,也可以分布在不同的AZ中,每个AZ包括一个数据中心或多个地理位置相近的数据中心。其中,通常一个region可以包括多个AZ。Unit As an example of a software functional unit, the acquisition unit 1801 may include code running on a computing instance. The computing instance may include at least one of a physical host (computing device), a virtual machine, and a container. Furthermore, the above computing instance may be one or more. For example, the acquisition unit 1801 may include code running on multiple hosts/virtual machines/containers. It should be noted that multiple hosts/virtual machines/containers used to run the code can be distributed in the same region (region) or in different regions. Furthermore, multiple hosts/virtual machines/containers used to run the code can be distributed in the same availability zone (AZ) or in different AZs. Each AZ includes one data center or multiple AZs. geographically close data centers. Among them, usually a region can include multiple AZs.
同样,用于运行该代码的多个主机/虚拟机/容器可以分布在同一个虚拟私有云(virtual private cloud,VPC)中,也可以分布在多个VPC中。其中,通常一个VPC设置在一个region内,同一region内两个VPC之间,以及不同region的VPC之间跨区通信需在每个VPC内设置通信网关,经通信网关实现VPC之间的互连。Likewise, the multiple hosts/VMs/containers used to run the code can be distributed in the same virtual private cloud (VPC), or across multiple VPCs. Among them, usually a VPC is set up in a region. Cross-region communication between two VPCs in the same region and between VPCs in different regions requires a communication gateway in each VPC, and the interconnection between VPCs is realized through the communication gateway. .
单元作为硬件功能单元的一种举例,获取单元1801可以包括至少一个计算设备,如服务器等。或者,获取单元1801也可以是利用专用集成电路(application-specific integrated circuit,ASIC)实现、或可编程逻辑器件(programmable logic device,PLD)实现的设备等。其中,上述PLD可以是复杂程序逻辑器件(complex programmable logical device,CPLD)、现场可编程门阵列(field-programmable gate array,FPGA)、通用阵列逻辑(generic array logic,GAL)或其任意组合实现。Unit As an example of a hardware functional unit, the acquisition unit 1801 may include at least one computing device, such as a server. Alternatively, the acquisition unit 1801 may also be a device implemented using an application-specific integrated circuit (ASIC) or a programmable logic device (PLD). Among them, the above-mentioned PLD can be a complex programmable logical device (CPLD), a field-programmable gate array (field-programmable gate array, FPGA), a general array logic (generic array logic, GAL), or any combination thereof.
获取单元1801包括的多个计算设备可以分布在相同的region中,也可以分布在不同的region中。获取单元1801包括的多个计算设备可以分布在相同的AZ中,也可以分布在不同的AZ中。同样,获取单元1801包括的多个计算设备可以分布在同一个VPC中,也可以分布在多个VPC中。其中,所述多个计算设备可以是服务器、ASIC、PLD、CPLD、FPGA和GAL等计算设备的任意组合。Multiple computing devices included in the acquisition unit 1801 may be distributed in the same region or in different regions. Multiple computing devices included in the acquisition unit 1801 may be distributed in the same AZ or in different AZs. Similarly, multiple computing devices included in the acquisition unit 1801 may be distributed in the same VPC or in multiple VPCs. The plurality of computing devices may be any combination of computing devices such as servers, ASICs, PLDs, CPLDs, FPGAs, and GALs.
需要说明的是,在其他实施例中,获取单元1801可以用于执行服务集成方法中的任意 步骤,创建单元1802可以用于执行服务集成方法中的任意步骤,获取单元1801、创建单元1802负责实现的步骤可根据需要指定,通过获取单元1801、创建单元1802分别实现服务集成方法中不同的步骤来实现服务器1800的全部功能。It should be noted that in other embodiments, the acquisition unit 1801 can be used to execute any of the service integration methods. Steps, the creation unit 1802 can be used to execute any step in the service integration method. The steps responsible for implementation by the acquisition unit 1801 and the creation unit 1802 can be specified as needed. The acquisition unit 1801 and the creation unit 1802 implement different steps in the service integration method respectively. To realize all functions of server 1800.
本申请还提供一种计算设备1900。如图19所示,计算设备1900包括:总线1902、处理器1904、存储器1906和通信接口1908。处理器1904、存储器1906和通信接口1908之间通过总线1902通信。计算设备1900可以是服务器或终端设备。应理解,本申请不限定计算设备1900中的处理器、存储器的个数。The present application also provides a computing device 1900. As shown in Figure 19, computing device 1900 includes: bus 1902, processor 1904, memory 1906, and communication interface 1908. The processor 1904, the memory 1906 and the communication interface 1908 communicate through a bus 1902. Computing device 1900 may be a server or terminal device. It should be understood that this application does not limit the number of processors and memories in the computing device 1900.
总线1902可以是外设部件互连标准(peripheral component interconnect,PCI)总线或扩展工业标准结构(extended industry standard architecture,EISA)总线等。总线可以分为地址总线、数据总线、控制总线等。为便于表示,图19中仅用一条线表示,但并不表示仅有一根总线或一种类型的总线。总线1904可包括在计算设备1900各个部件(例如,存储器1906、处理器1904、通信接口1908)之间传送信息的通路。The bus 1902 may be a peripheral component interconnect (PCI) bus or an extended industry standard architecture (EISA) bus, etc. The bus can be divided into address bus, data bus, control bus, etc. For ease of presentation, only one line is used in Figure 19, but it does not mean that there is only one bus or one type of bus. Bus 1904 may include a path that carries information between various components of computing device 1900 (eg, memory 1906, processor 1904, communications interface 1908).
处理器1904可以包括中央处理器(central processing unit,CPU)、图形处理器(graphics processing unit,GPU)、微处理器(micro processor,MP)或者数字信号处理器(digital signal processor,DSP)等处理器中的任意一种或多种。The processor 1904 may include a central processing unit (CPU), a graphics processing unit (GPU), a microprocessor (MP) or a digital signal processor (DSP). any one or more of them.
存储器1906可以包括易失性存储器(volatile memory),例如随机存取存储器(random access memory,RAM)。处理器1904还可以包括非易失性存储器(non-volatile memory),例如只读存储器(read-only memory,ROM),快闪存储器,机械硬盘(hard disk drive,HDD)或固态硬盘(solid state drive,SSD)。Memory 1906 may include volatile memory, such as random access memory (RAM). The processor 1904 may also include non-volatile memory (non-volatile memory), such as read-only memory (ROM), flash memory, mechanical hard disk drive (hard disk drive, HDD) or solid state drive (solid state drive). drive, SSD).
存储器1906中存储有可执行的程序代码,处理器1904执行该可执行的程序代码以分别实现前述获取单元、创建单元的功能,从而实现服务集成方法。也即,存储器1906上存有用于执行服务集成方法的指令。The memory 1906 stores executable program code, and the processor 1904 executes the executable program code to realize the functions of the aforementioned acquisition unit and creation unit respectively, thereby realizing the service integration method. That is, the memory 1906 stores instructions for executing the service integration method.
或者,存储器1906中存储有可执行的代码,处理器1904执行该可执行的代码以分别实现前述SaaS服务器或IDaaS服务器的功能,从而实现服务集成方法。也即,存储器1906上存有用于执行服务集成方法的指令。Alternatively, executable code is stored in the memory 1906, and the processor 1904 executes the executable code to respectively implement the functions of the aforementioned SaaS server or IDaaS server, thereby implementing the service integration method. That is, the memory 1906 stores instructions for executing the service integration method.
通信接口1903使用例如但不限于网络接口卡、收发器一类的收发模块,来实现计算设备1900与其他设备或通信网络之间的通信。The communication interface 1903 uses transceiver modules such as, but not limited to, network interface cards and transceivers to implement communication between the computing device 1900 and other devices or communication networks.
如图20所示,本申请实施例提供的服务器2000的一种可能的逻辑结构示意图。该服务器2000包括:硬件层2001和虚拟机(virtual machine,VM)层2002,该VM层可以包括一个或多个VM。该硬件层2001为VM提供硬件资源,支撑VM运行,该VM的功能和与本申请相关的过程可以参阅上述方法事故书库的相应描述进行理解。该硬件层2001包括处理器、通信接口以及存储器等硬件资源。该处理器可以包括CPU。As shown in Figure 20, a possible logical structure diagram of the server 2000 provided by the embodiment of the present application is shown. The server 2000 includes: a hardware layer 2001 and a virtual machine (virtual machine, VM) layer 2002. The VM layer may include one or more VMs. The hardware layer 2001 provides hardware resources for the VM and supports the operation of the VM. The functions of the VM and the processes related to this application can be understood by referring to the corresponding description of the above method accident library. The hardware layer 2001 includes hardware resources such as processors, communication interfaces, and memories. The processor may include a CPU.
本申请还提供一种服务集成***,如图21所示,包括:This application also provides a service integration system, as shown in Figure 21, including:
IDaaS服务器,用于获取应用申请,应用申请包括软件即服务SaaS服务商的信息;根据应用申请创建服务商应用,并为服务商应用分配应用凭证,服务商应用用于将SaaS服务商和IDaaS服务器中的租户关联;The IDaaS server is used to obtain an application application. The application application includes information about the software as a service SaaS service provider; creates a service provider application based on the application application and allocates application credentials to the service provider application. The service provider application is used to combine the SaaS service provider and the IDaaS server. Tenant association in;
SaaS服务器,用于获取SaaS服务商发送的应用凭证;根据应用凭证创建用于访问IDaaS 服务器的接口。SaaS server, used to obtain the application credentials sent by the SaaS service provider; create based on the application credentials to access IDaaS Server interface.
IDaaS服务器和SaaS服务器均可以通过软件实现,或者可以通过硬件实现。示例性的,接下来介绍IDaaS服务器的实现方式。类似的,SaaS服务器的实现方式可以参考IDaaS服务器的实现方式。Both IDaaS servers and SaaS servers can be implemented through software, or they can be implemented through hardware. As an example, the implementation of the IDaaS server is introduced next. Similarly, the implementation of SaaS server can refer to the implementation of IDaaS server.
模块作为软件功能单元的一种举例,IDAAS服务器可以包括运行在计算实例上的代码。其中,计算实例可以是物理主机(计算设备)、虚拟机、容器等计算设备中的至少一种。进一步地,上述计算设备可以是一台或者多台。例如,IDAAS服务器可以包括运行在多个主机/虚拟机/容器上的代码。需要说明的是,用于运行该应用程序的多个主机/虚拟机/容器可以分布在相同的region中,也可以分布在不同的region中。用于运行该代码的多个主机/虚拟机/容器可以分布在相同的AZ中,也可以分布在不同的AZ中,每个AZ包括一个数据中心或多个地理位置相近的数据中心。其中,通常一个region可以包括多个AZ。Modules are an example of software functional units. The IDAAS server can include code that runs on computing instances. The computing instance may be at least one of a physical host (computing device), a virtual machine, a container, and other computing devices. Further, the above computing device may be one or more. For example, an IDAAS server can include code running on multiple hosts/VMs/containers. It should be noted that multiple hosts/virtual machines/containers used to run the application can be distributed in the same region or in different regions. Multiple hosts/VMs/containers used to run the code can be distributed in the same AZ or in different AZs, with each AZ including one data center or multiple geographically close data centers. Among them, usually a region can include multiple AZs.
同样,用于运行该代码的多个主机/虚拟机/容器可以分布在同一个VPC中,也可以分布在多个VPC中。其中,通常一个VPC设置在一个region内。同一region内两个VPC之间,以及不同region的VPC之间跨区通信需在每个VPC内设置通信网关,经通信网关实现VPC之间的互连。Likewise, the multiple hosts/VMs/containers used to run the code can be distributed in the same VPC or across multiple VPCs. Among them, usually a VPC is set up in a region. Cross-region communication between two VPCs in the same region or between VPCs in different regions requires a communication gateway in each VPC, and the interconnection between VPCs is realized through the communication gateway.
模块作为硬件功能单元的一种举例,IDAAS服务器可以包括至少一个计算设备,如服务器等。或者,IDAAS服务器也可以是利用ASIC实现、或PLD实现的设备等。其中,上述PLD可以是CPLD、FPGA、GAL或其任意组合实现。A module is an example of a hardware functional unit. The IDAAS server may include at least one computing device, such as a server. Alternatively, the IDAAS server may also be a device implemented using ASIC or PLD. Among them, the above-mentioned PLD can be implemented by CPLD, FPGA, GAL or any combination thereof.
IDAAS服务器包括的多个计算设备可以分布在相同的region中,也可以分布在不同的region中。IDAAS服务器包括的多个计算设备可以分布在相同的AZ中,也可以分布在不同的AZ中。同样,IDAAS服务器包括的多个计算设备可以分布在同一个VPC中,也可以分布在多个VPC中。其中,所述多个计算设备可以是服务器、ASIC、PLD、CPLD、FPGA和GAL等计算设备的任意组合。Multiple computing devices included in the IDAAS server can be distributed in the same region or in different regions. Multiple computing devices included in the IDAAS server can be distributed in the same AZ or in different AZs. Similarly, multiple computing devices included in the IDAAS server can be distributed in the same VPC or in multiple VPCs. The plurality of computing devices may be any combination of computing devices such as servers, ASICs, PLDs, CPLDs, FPGAs, and GALs.
本申请实施例还提供了一种计算设备集群。该计算设备集群包括至少一台计算设备。该计算设备可以是服务器,例如是中心服务器、边缘服务器,或者是本地数据中心中的本地服务器。在一些实施例中,计算设备也可以是台式机、笔记本电脑或者智能手机等终端设备。An embodiment of the present application also provides a computing device cluster. The computing device cluster includes at least one computing device. The computing device may be a server, such as a central server, an edge server, or a local server in a local data center. In some embodiments, the computing device may also be a terminal device such as a desktop computer, a laptop computer, or a smartphone.
如图22所示,所述计算设备集群包括至少一个计算设备1900。计算设备集群中的一个或多个计算设备1900中的存储器1906中可以存有相同的用于执行服务集成方法的指令。As shown in Figure 22, the computing device cluster includes at least one computing device 1900. The same instructions for performing the service integration method may be stored in the memory 1906 of one or more computing devices 1900 in the computing device cluster.
在一些可能的实现方式中,该计算设备集群中的一个或多个计算设备1900的存储器1906中也可以分别存有用于执行服务集成方法的部分指令。换言之,一个或多个计算设备1900的组合可以共同执行用于执行服务集成方法的指令。In some possible implementations, the memory 1906 of one or more computing devices 1900 in the computing device cluster may also store part of the instructions for executing the service integration method respectively. In other words, a combination of one or more computing devices 1900 may collectively execute instructions for performing the service integration method.
需要说明的是,计算设备集群中的不同的计算设备1900中的存储器1906可以存储不同的指令,分别用于执行SaaS服务器或IDaaS服务器的部分功能。也即,不同的计算设备1900中的存储器1906存储的指令可以实现获取单元和创建单元中的一个或多个模块的功能。It should be noted that the memory 1906 in different computing devices 1900 in the computing device cluster can store different instructions, respectively used to execute part of the functions of the SaaS server or IDaaS server. That is, instructions stored in the memory 1906 in different computing devices 1900 may implement the functions of one or more modules in the acquisition unit and the creation unit.
在一些可能的实现方式中,计算设备集群中的一个或多个计算设备可以通过网络连接。其中,所述网络可以是广域网或局域网等等。图23示出了一种可能的实现方式。如图23所 示,两个计算设备100A和100B之间通过网络进行连接。具体地,通过各个计算设备中的通信接口与所述网络进行连接。在这一类可能的实现方式中,计算设备100A中的存储器106中存有执行获取单元的功能的指令。同时,计算设备100B中的存储器106中存有执行创建单元的功能的指令。In some possible implementations, one or more computing devices in a cluster of computing devices may be connected through a network. Wherein, the network may be a wide area network or a local area network, etc. Figure 23 shows a possible implementation. As shown in Figure 23 As shown, two computing devices 100A and 100B are connected through a network. Specifically, the connection to the network is made through a communication interface in each computing device. In this type of possible implementation, the memory 106 in the computing device 100A stores instructions for performing the functions of the acquisition unit. At the same time, instructions for performing the functions of the creation unit are stored in the memory 106 in the computing device 100B.
应理解,图23中示出的计算设备100A的功能也可以由多个计算设备100完成。同样,计算设备100B的功能也可以由多个计算设备100完成。It should be understood that the functions of the computing device 100A shown in FIG. 23 may also be performed by multiple computing devices 100. Likewise, the functions of computing device 100B may also be performed by multiple computing devices 100 .
本申请实施例还提供了另一种计算设备集群。该计算设备集群中各计算设备之间的连接关系可以类似的参考图22和图23所述计算设备集群的连接方式。不同的是,该计算设备集群中的一个或多个计算设备中的存储器中可以存有相同的用于执行服务集成方法的指令。The embodiment of the present application also provides another computing device cluster. The connection relationship between the computing devices in the computing device cluster can be similar to the connection method of the computing device cluster described in FIG. 22 and FIG. 23 . The difference is that the same instructions for executing the service integration method may be stored in the memory of one or more computing devices in the computing device cluster.
在一些可能的实现方式中,该计算设备集群中的一个或多个计算设备的存储器中也可以分别存有用于执行服务集成方法的部分指令。换言之,一个或多个计算设备的组合可以共同执行用于执行服务集成方法的指令。In some possible implementations, the memory of one or more computing devices in the computing device cluster may also store part of the instructions for executing the service integration method respectively. In other words, a combination of one or more computing devices may collectively execute instructions for performing the service integration method.
需要说明的是,计算设备集群中的不同的计算设备中的存储器可以存储不同的指令,用于执行服务集成***的部分功能。也即,不同的计算设备中的存储器存储的指令可以实现IDaaS服务器和SaaS服务器中的一个或多个装置的功能。It should be noted that the memories in different computing devices in the computing device cluster can store different instructions for executing some functions of the service integration system. That is, instructions stored in memories in different computing devices may implement the functions of one or more devices in the IDaaS server and the SaaS server.
本申请实施例还提供了一种包含指令的计算机程序产品。所述计算机程序产品可以是包含指令的,能够运行在计算设备上或被储存在任何可用介质中的软件或程序产品。当所述计算机程序产品在至少一个计算设备上运行时,使得至少一个计算设备执行服务集成方法。An embodiment of the present application also provides a computer program product containing instructions. The computer program product may be a software or program product containing instructions capable of running on a computing device or stored in any available medium. When the computer program product is run on at least one computing device, at least one computing device is caused to execute the service integration method.
本申请实施例还提供了一种计算机可读存储介质。所述计算机可读存储介质可以是计算设备能够存储的任何可用介质或者是包含一个或多个可用介质的数据中心等数据存储设备。所述可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘)等。该计算机可读存储介质包括指令,所述指令指示计算设备执行服务集成方法。An embodiment of the present application also provides a computer-readable storage medium. The computer-readable storage medium may be any available medium that a computing device can store or a data storage device such as a data center that contains one or more available media. The available media may be magnetic media (eg, floppy disk, hard disk, tape), optical media (eg, DVD), or semiconductor media (eg, solid state drive), etc. The computer-readable storage medium includes instructions that instruct a computing device to perform a service integration method.
在本申请的另一实施例中,还提供一种芯片***,该芯片***包括至少一个处理器和接口,该接口用于接收数据和/或信号,至少一个处理器用于支持实现上述实施例所描述的服务集成方法。在一种可能的设计中,芯片***还可以包括存储器,存储器,用于保存计算机设备必要的程序指令和数据。该芯片***,可以由芯片构成,也可以包含芯片和其他分立器件。In another embodiment of the present application, a chip system is also provided. The chip system includes at least one processor and an interface, the interface is used to receive data and/or signals, and at least one processor is used to support the implementation of the above embodiments. Describes the service integration method. In a possible design, the chip system may also include a memory, which is used to store necessary program instructions and data for the computer device. The chip system may be composed of chips, or may include chips and other discrete devices.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请实施例的范围。Those of ordinary skill in the art will appreciate that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented with electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Professionals and technicians may use different methods to implement the described functions for each specific application, but such implementations should not be considered beyond the scope of the embodiments of the present application.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的***,装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that for the convenience and simplicity of description, the specific working processes of the systems, devices and units described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be described again here.
在本申请所提供的几个实施例中,应该理解到,所揭露的***,装置和方法,可以通 过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个***,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed systems, devices and methods can be achieved through other means. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or can be integrated into another system, or some features can be ignored, or not implemented. On the other hand, the coupling or direct coupling or communication connection between each other shown or discussed may be through some interfaces, and the indirect coupling or communication connection of the devices or units may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or they may be distributed to multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present application can be integrated into one processing unit, each unit can exist physically alone, or two or more units can be integrated into one unit. The above integrated units can be implemented in the form of hardware or software functional units.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,read-only memory)、随机存取存储器(RAM,random access memory)、磁碟或者光盘等各种可以存储程序代码的介质。 If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application is essentially or contributes to the existing technology, or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in various embodiments of this application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, read-only memory), random access memory (RAM, random access memory), magnetic disk or optical disk and other media that can store program code. .

Claims (29)

  1. 一种服务集成方法,其特征在于,包括:A service integration method, characterized by including:
    身份即服务IDaaS服务器获取应用申请,所述应用申请包括软件即服务SaaS服务商的信息;The Identity as a Service IDaaS server obtains an application application, where the application application includes information about the Software as a Service SaaS service provider;
    所述IDaaS服务器根据所述应用申请创建服务商应用,并为所述服务商应用分配应用凭证,所述应用凭证用于所述SaaS服务商基于所述应用凭证在SaaS服务器创建用于访问所述IDaaS服务器的接口,所述服务商应用用于将所述SaaS服务商和所述IDaaS服务器中的租户关联。The IDaaS server creates a service provider application according to the application application, and allocates application credentials to the service provider application. The application credentials are used by the SaaS service provider to create on the SaaS server based on the application credentials for accessing the An interface of the IDaaS server, the service provider application is used to associate the SaaS service provider with the tenant in the IDaaS server.
  2. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method of claim 1, further comprising:
    所述IDaaS服务器获取用户购买的SaaS应用的应用信息,所述SaaS应用与所述服务商应用绑定;The IDaaS server obtains application information of the SaaS application purchased by the user, and the SaaS application is bound to the service provider application;
    所述IDaaS服务器基于所述服务商应用和所述应用信息创建用户应用,所述用户应用用于将所述SaaS应用与所述IDaaS服务器中的租户关联。The IDaaS server creates a user application based on the service provider application and the application information, and the user application is used to associate the SaaS application with a tenant in the IDaaS server.
  3. 根据权利要求2所述的方法,其特征在于,所述方法还包括:The method of claim 2, further comprising:
    所述IDaaS服务器获取用户发起的登录请求,所述登录请求包括所述用户应用的标识;The IDaaS server obtains a login request initiated by the user, where the login request includes the identification of the user application;
    所述IDaaS服务器基于第一关系对所述登录请求进行验证,以生成授权信息,所述第一关系用于记录所述用户应用与所述服务商应用的关系;The IDaaS server verifies the login request based on a first relationship to generate authorization information, and the first relationship is used to record the relationship between the user application and the service provider application;
    所述IDaaS服务器将所述授权信息发送给所述用户,以使所述用户基于所述授权信息访问所述SaaS服务器;The IDaaS server sends the authorization information to the user, so that the user accesses the SaaS server based on the authorization information;
    所述IDaaS服务器接收来自所述SaaS服务器的所述授权信息和所述应用凭证;The IDaaS server receives the authorization information and the application credentials from the SaaS server;
    所述IDaaS服务器基于所述应用凭证对所述授权信息进行验证,并将验证结果发送给所述SaaS服务器。The IDaaS server verifies the authorization information based on the application credentials, and sends the verification result to the SaaS server.
  4. 根据权利要求1-3中任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1-3, characterized in that the method further includes:
    所述IDaaS服务器获取测试申请;The IDaaS server obtains the test application;
    所述IDaaS服务器根据所述测试申请创建测试应用,并记录所述测试应用与所述服务商应用的第二关系;The IDaaS server creates a test application according to the test application, and records the second relationship between the test application and the service provider application;
    所述IDaaS服务器基于来自所述SaaS服务商的测试用户对所述测试应用进行测试。The IDaaS server tests the test application based on test users from the SaaS service provider.
  5. 根据权利要求1-4中任一项所述的方法,其特征在于,所述IDaaS服务器将所述应用凭证发送给所述SaaS服务商之后,所述方法还包括:The method according to any one of claims 1 to 4, characterized in that after the IDaaS server sends the application credentials to the SaaS service provider, the method further includes:
    所述IDaaS服务器获取并记录所述服务商应用的修改信息,所述修改信息为所述SaaS服务商对所述服务商应用的配置信息修改后生成的,所述配置信息包括所述服务商应用的调用路径。The IDaaS server obtains and records the modification information of the service provider application. The modification information is generated by the SaaS service provider after modifying the configuration information of the service provider application. The configuration information includes the service provider application. the calling path.
  6. 根据权利要求1-5中任一项所述的方法,其特征在于,所述SaaS服务商通过SaaS应用市场访问所述IDaaS服务器和所述SaaS服务器。The method according to any one of claims 1 to 5, characterized in that the SaaS service provider accesses the IDaaS server and the SaaS server through a SaaS application market.
  7. 根据权利要求2-6中任一项所述的方法,其特征在于,所述用户通过SaaS应用市场或SaaS客户端访问所述IDaaS服务器和所述SaaS服务器。The method according to any one of claims 2 to 6, characterized in that the user accesses the IDaaS server and the SaaS server through a SaaS application market or a SaaS client.
  8. 一种服务集成方法,其特征在于,包括: A service integration method, characterized by including:
    软件即服务SaaS服务器获取SaaS服务商发送的应用凭证,所述应用凭证为身份即服务IDaaS服务器为服务商应用分配得到的,所述服务商应用为所述IDaaS服务器根据应用申请创建的,所述应用申请包括所述SaaS服务商的信息,所述服务商应用用于将所述SaaS服务商和所述IDaaS服务器中的租户关联;The Software as a Service SaaS server obtains the application credentials sent by the SaaS service provider. The application credentials are allocated by the Identity as a Service IDaaS server to the service provider application. The service provider application is created by the IDaaS server according to the application application. The application application includes the information of the SaaS service provider, and the service provider application is used to associate the SaaS service provider with the tenant in the IDaaS server;
    所述SaaS服务器根据所述应用凭证创建用于访问所述IDaaS服务器的接口。The SaaS server creates an interface for accessing the IDaaS server based on the application credentials.
  9. 根据权利要求8所述的方法,其特征在于,所述方法还包括:The method of claim 8, further comprising:
    所述SaaS服务器获取用户发送的授权信息,所述授权信息为所述IDaaS服务器基于第一关系对登录请求进行验证生成的,所述第一关系为用户应用和所述服务商应用的应用关系,所述用户应用为所述IDaaS服务器基于所述服务商应用和应用信息创建的,所述应用信息为所述用户购买的SaaS应用的信息,所述SaaS应用与所述服务商应用绑定,所述登录请求为所述用户发起的,包括所述用户应用的标识的请求,所述用户应用用于将所述SaaS应用与所述IDaaS服务器中的租户关联;The SaaS server obtains the authorization information sent by the user. The authorization information is generated by the IDaaS server verifying the login request based on a first relationship. The first relationship is an application relationship between the user application and the service provider application. The user application is created by the IDaaS server based on the service provider application and application information. The application information is the information of the SaaS application purchased by the user. The SaaS application is bound to the service provider application, so The login request is a request initiated by the user and includes the identification of the user application, and the user application is used to associate the SaaS application with the tenant in the IDaaS server;
    所述SaaS服务器将所述授权信息和所述应用凭证发送给所述IDaaS服务器,以使所述IDaaS服务器基于所述应用凭证对所述授权信息进行验证,得到验证结果;The SaaS server sends the authorization information and the application voucher to the IDaaS server, so that the IDaaS server verifies the authorization information based on the application voucher and obtains a verification result;
    所述SaaS服务器接收来自所述IDaaS服务器的验证结果。The SaaS server receives the verification result from the IDaaS server.
  10. 根据权利要求8或9所述的方法,其特征在于,所述SaaS服务商通过SaaS应用市场访问所述IDaaS服务器和所述SaaS服务器。The method according to claim 8 or 9, characterized in that the SaaS service provider accesses the IDaaS server and the SaaS server through a SaaS application market.
  11. 根据权利要求9或10所述的方法,其特征在于,所述用户通过SaaS应用市场或SaaS客户端访问所述IDaaS服务器和所述SaaS服务器。The method according to claim 9 or 10, characterized in that the user accesses the IDaaS server and the SaaS server through a SaaS application market or a SaaS client.
  12. 一种服务器,其特征在于,包括:A server, characterized by including:
    获取单元,用于获取应用申请,所述应用申请包括软件即服务SaaS服务商的信息;An acquisition unit, used to acquire an application application, where the application application includes information about the software as a service SaaS service provider;
    创建单元,用于根据所述应用申请创建服务商应用,并为所述服务商应用分配应用凭证,所述应用凭证用于所述SaaS服务商基于所述应用凭证在SaaS服务器创建用于访问所述IDaaS服务器的接口,所述服务商应用用于将所述SaaS服务商和所述IDaaS服务器中的租户关联;A creation unit, configured to create a service provider application according to the application application, and allocate application credentials to the service provider application. The application credentials are used by the SaaS service provider to create on the SaaS server based on the application credentials for accessing all The interface of the IDaaS server, the service provider application is used to associate the SaaS service provider with the tenant in the IDaaS server;
    发送单元,用于将所述应用凭证发送给所述SaaS服务商。A sending unit, configured to send the application credentials to the SaaS service provider.
  13. 根据权利要求12所述的服务器,其特征在于,The server according to claim 12, characterized in that:
    所述获取单元还用于获取用户购买的SaaS应用的应用信息,所述SaaS应用与所述服务商应用绑定;The acquisition unit is also used to acquire application information of the SaaS application purchased by the user, and the SaaS application is bound to the service provider application;
    创建单元还用于基于所述服务商应用和所述应用信息创建用户应用,所述用户应用用于将所述SaaS应用与所述IDaaS服务器中租户关联。The creation unit is further configured to create a user application based on the service provider application and the application information, and the user application is used to associate the SaaS application with a tenant in the IDaaS server.
  14. 根据权利要求13所述的服务器,其特征在于,所述服务器还包括验证单元和接收单元,The server according to claim 13, characterized in that the server further includes a verification unit and a receiving unit,
    所述获取单元还用于获取用户发起的登录请求,所述登录请求包括所述用户应用的标识;The obtaining unit is also used to obtain a login request initiated by the user, where the login request includes the identification of the user application;
    所述验证单元用于基于所述第一关系对所述登录请求进行验证,以生成授权信息,所述第一关系用于记录所述用户应用与所述服务商应用的关系; The verification unit is configured to verify the login request based on the first relationship to generate authorization information, and the first relationship is used to record the relationship between the user application and the service provider application;
    所述发送单元还用于将所述授权信息发送给所述用户,以使所述用户基于所述授权信息访问所述SaaS服务器;The sending unit is also configured to send the authorization information to the user, so that the user accesses the SaaS server based on the authorization information;
    所述接收单元用于接收来自所述SaaS服务器的所述授权信息和所述应用凭证;The receiving unit is configured to receive the authorization information and the application credentials from the SaaS server;
    所述验证单元还用于基于所述应用凭证对所述授权信息进行验证,并将验证结果发送给所述SaaS服务器。The verification unit is also configured to verify the authorization information based on the application credentials and send the verification result to the SaaS server.
  15. 根据权利要求12-14中任一项所述的服务器,其特征在于,所述服务器还包括测试单元,The server according to any one of claims 12-14, characterized in that the server further includes a test unit,
    所述获取单元还用于获取测试申请;The acquisition unit is also used to acquire test applications;
    所述创建单元还用于根据所述测试申请创建测试应用,并记录所述测试应用与所述服务商应用的第二关系;The creation unit is also configured to create a test application according to the test application, and record the second relationship between the test application and the service provider application;
    所述测试单元用于基于来自所述SaaS服务商的测试用户对所述测试应用进行测试。The test unit is used to test the test application based on test users from the SaaS service provider.
  16. 根据权利要求12-15中任一项所述的服务器,其特征在于,The server according to any one of claims 12-15, characterized in that,
    所述获取单元还用于获取并记录所述服务商应用的修改信息,所述修改信息为所述SaaS服务商对所述服务商应用的配置信息修改后生成的,所述配置信息包括所述服务商应用的调用路径。The acquisition unit is also used to obtain and record the modification information of the service provider application. The modification information is generated by the SaaS service provider after modifying the configuration information of the service provider application. The configuration information includes the The calling path of the service provider application.
  17. 根据权利要求12-16中任一项所述的服务器,其特征在于,所述SaaS服务商通过SaaS应用市场访问所述IDaaS服务器和所述SaaS服务器。The server according to any one of claims 12 to 16, characterized in that the SaaS service provider accesses the IDaaS server and the SaaS server through a SaaS application market.
  18. 根据权利要求13-17中任一项所述的服务器,其特征在于,所述用户通过SaaS应用市场或SaaS客户端访问所述IDaaS服务器和所述SaaS服务器。The server according to any one of claims 13-17, characterized in that the user accesses the IDaaS server and the SaaS server through a SaaS application market or a SaaS client.
  19. 一种服务器,其特征在于,包括:A server, characterized by including:
    获取单元,用于获取SaaS服务商发送的应用凭证,所述应用凭证为身份即服务IDaaS服务器为服务商应用分配得到的,所述服务商应用为所述IDaaS服务器根据应用申请创建的,所述应用申请包括所述SaaS服务商的信息,所述服务商应用用于将所述SaaS服务商和所述IDaaS服务器中的租户关联;The acquisition unit is used to obtain the application credentials sent by the SaaS service provider. The application credentials are allocated by the identity as a service IDaaS server to the service provider application. The service provider application is created by the IDaaS server according to the application application. The application application includes the information of the SaaS service provider, and the service provider application is used to associate the SaaS service provider with the tenant in the IDaaS server;
    创建单元,用于根据所述应用凭证创建用于访问所述IDaaS服务器的接口。A creation unit configured to create an interface for accessing the IDaaS server according to the application credentials.
  20. 根据权利要求19所述的服务器,其特征在于,所述服务器还包括发送单元和接收单元,The server according to claim 19, characterized in that the server further includes a sending unit and a receiving unit,
    所述获取单元还用于获取用户发送的授权信息,所述授权信息为所述IDaaS服务器基于第一关系对登录请求进行验证生成的,所述第一关系为用户应用和所述服务商应用的应用关系,所述用户应用为所述IDaaS服务器基于所述服务商应用和应用信息创建的,所述应用信息为所述用户购买的SaaS应用的信息,所述SaaS应用与所述服务商应用绑定,所述登录请求为所述用户发起的,包括所述用户应用的标识的请求,所述用户应用用于将所述SaaS应用与所述IDaaS服务器中的租户关联;The acquisition unit is also used to obtain authorization information sent by the user. The authorization information is generated by the IDaaS server verifying the login request based on a first relationship. The first relationship is between the user application and the service provider application. Application relationship, the user application is created by the IDaaS server based on the service provider application and application information, the application information is the information of the SaaS application purchased by the user, the SaaS application is bound to the service provider application It is determined that the login request is a request initiated by the user and includes the identification of the user application, and the user application is used to associate the SaaS application with the tenant in the IDaaS server;
    所述发送单元用于将所述授权信息和所述应用凭证发送给所述IDaaS服务器,以使所述IDaaS服务器基于所述应用凭证对所述授权信息进行验证,得到验证结果;The sending unit is configured to send the authorization information and the application voucher to the IDaaS server, so that the IDaaS server verifies the authorization information based on the application voucher and obtains a verification result;
    所述接收单元用于接收来自所述IDaaS服务器的验证结果。The receiving unit is used to receive the verification result from the IDaaS server.
  21. 根据权利要求19或20所述的服务器,其特征在于,所述SaaS服务商通过SaaS应 用市场访问所述IDaaS服务器和所述SaaS服务器。The server according to claim 19 or 20, characterized in that the SaaS service provider uses SaaS application Use the marketplace to access the IDaaS server and the SaaS server.
  22. 根据权利要求20或21所述的服务器,其特征在于,所述用户通过SaaS应用市场或SaaS客户端访问所述IDaaS服务器和所述SaaS服务器。The server according to claim 20 or 21, characterized in that the user accesses the IDaaS server and the SaaS server through a SaaS application market or a SaaS client.
  23. 一种服务集成***,其特征在于,所述***包括:A service integration system, characterized in that the system includes:
    IDaaS服务器,用于获取应用申请,所述应用申请包括软件即服务SaaS服务商的信息;根据所述应用申请创建服务商应用,并为所述服务商应用分配应用凭证,所述服务商应用用于将所述SaaS服务商和所述IDaaS服务器中的租户关联;The IDaaS server is used to obtain an application application, which includes information about the software as a service SaaS service provider; create a service provider application based on the application application, and allocate application credentials to the service provider application. The service provider application uses Associating the SaaS service provider with the tenant in the IDaaS server;
    SaaS服务器,用于获取SaaS服务商发送的应用凭证;根据所述应用凭证创建用于访问所述IDaaS服务器的接口。The SaaS server is used to obtain the application credentials sent by the SaaS service provider; and create an interface for accessing the IDaaS server based on the application credentials.
  24. 一种计算设备集群,其特征在于,包括至少一个计算设备,每个计算设备包括处理器和存储器;A computing device cluster, characterized by including at least one computing device, each computing device including a processor and a memory;
    所述至少一个计算设备的处理器用于执行所述至少一个计算设备的存储器中存储的指令,以使得所述计算设备集群执行如权利要求1-7中任一项所述的方法。The processor of the at least one computing device is configured to execute instructions stored in the memory of the at least one computing device, so that the cluster of computing devices performs the method according to any one of claims 1-7.
  25. 一种计算设备集群,其特征在于,包括至少一个计算设备,每个计算设备包括处理器和存储器;A computing device cluster, characterized by including at least one computing device, each computing device including a processor and a memory;
    所述至少一个计算设备的处理器用于执行所述至少一个计算设备的存储器中存储的指令,以使得所述计算设备集群执行如权利要求8-11中任一项所述的方法。The processor of the at least one computing device is configured to execute instructions stored in the memory of the at least one computing device, so that the cluster of computing devices performs the method according to any one of claims 8-11.
  26. 一种包含指令的计算机程序产品,其特征在于,当所述指令被计算设备集群运行时,使得所述计算设备集群执行如权利要求的1-7中任一项所述的方法。A computer program product containing instructions, characterized in that, when the instructions are executed by a cluster of computing devices, they cause the cluster of computing devices to perform the method according to any one of claims 1-7.
  27. 一种包含指令的计算机程序产品,其特征在于,当所述指令被计算设备集群运行时,使得所述计算设备集群执行如权利要求的8-11中任一项所述的方法。A computer program product containing instructions, characterized in that, when the instructions are executed by a cluster of computing devices, they cause the cluster of computing devices to perform the method according to any one of claims 8-11.
  28. 一种计算机可读存储介质,其特征在于,包括计算机程序指令,当所述计算机程序指令由计算设备集群执行时,所述计算设备集群执行如权利要求1-7中任一项所述的方法。A computer-readable storage medium, characterized in that it includes computer program instructions. When the computer program instructions are executed by a computing device cluster, the computing device cluster performs the method according to any one of claims 1-7. .
  29. 一种计算机可读存储介质,其特征在于,包括计算机程序指令,当所述计算机程序指令由计算设备集群执行时,所述计算设备集群执行如权利要求8-11中任一项所述的方法。 A computer-readable storage medium, characterized in that it includes computer program instructions. When the computer program instructions are executed by a computing device cluster, the computing device cluster performs the method according to any one of claims 8-11 .
PCT/CN2023/077165 2022-03-17 2023-02-20 Service integration method and related device WO2023174006A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN202210264387 2022-03-17
CN202210264387.6 2022-03-17
CN202210963797.XA CN116828051A (en) 2022-03-17 2022-08-11 Service integration method and related equipment
CN202210963797.X 2022-08-11

Publications (1)

Publication Number Publication Date
WO2023174006A1 true WO2023174006A1 (en) 2023-09-21

Family

ID=88022293

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/077165 WO2023174006A1 (en) 2022-03-17 2023-02-20 Service integration method and related device

Country Status (1)

Country Link
WO (1) WO2023174006A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105593869A (en) * 2013-11-06 2016-05-18 株式会社东芝 Authentication system, method, and program
US20180302391A1 (en) * 2017-04-12 2018-10-18 Cisco Technology, Inc. System and method for authenticating clients
CN109314704A (en) * 2016-09-14 2019-02-05 甲骨文国际公司 Function is nullified for multi-tenant identity and the single-sign-on and single-point of data safety management cloud service

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105593869A (en) * 2013-11-06 2016-05-18 株式会社东芝 Authentication system, method, and program
CN109314704A (en) * 2016-09-14 2019-02-05 甲骨文国际公司 Function is nullified for multi-tenant identity and the single-sign-on and single-point of data safety management cloud service
US20180302391A1 (en) * 2017-04-12 2018-10-18 Cisco Technology, Inc. System and method for authenticating clients

Similar Documents

Publication Publication Date Title
US10102027B2 (en) Migrating virtual asset
US10574644B2 (en) Stateful session manager
US9576125B2 (en) Configuring identity federation configuration
US11632397B2 (en) Temporary interface to provide intelligent application access
US10623185B2 (en) Align session security for connected systems
CN110036385B (en) Hybrid mode cloud in-house deployment (ON-pre) secure communication
CN116848528A (en) Techniques for automatically configuring minimum cloud service access rights for container applications
US10547612B2 (en) System to resolve multiple identity crisis in indentity-as-a-service application environment
US11477187B2 (en) API key access authorization
US10104163B1 (en) Secure transfer of virtualized resources between entities
CN110691089B (en) Authentication method applied to cloud service, computer equipment and storage medium
US11522683B2 (en) Multi-phase protection for data-centric objects
WO2023174006A1 (en) Service integration method and related device
US11385946B2 (en) Real-time file system event mapping to cloud events
US10439954B1 (en) Virtual-enterprise cloud computing system
US20210281561A1 (en) Certification for connection of virtual communication endpoints
US11558387B2 (en) Validation of approver identifiers in a cloud computing environment
CN112637111B (en) Virtualized cloud platform system
CN116828051A (en) Service integration method and related equipment
US20210014048A1 (en) Securely retrieving encryption keys for a storage system
WO2023213168A1 (en) Access configuration in hybrid network environments
US11943221B2 (en) Preventing masquerading service attacks
US11943115B2 (en) Locally debugging remote deployment of microservices
US20230308432A1 (en) Authenticating and authorizing api calls with multiple factors
Silvestri Citrix XenDesktop® Cookbook

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23769514

Country of ref document: EP

Kind code of ref document: A1