[go: up one dir, main page]

CN102882835B - A kind of method and system realizing single-sign-on - Google Patents

A kind of method and system realizing single-sign-on Download PDF

Info

Publication number
CN102882835B
CN102882835B CN201110195869.2A CN201110195869A CN102882835B CN 102882835 B CN102882835 B CN 102882835B CN 201110195869 A CN201110195869 A CN 201110195869A CN 102882835 B CN102882835 B CN 102882835B
Authority
CN
China
Prior art keywords
user
application
server
identity
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201110195869.2A
Other languages
Chinese (zh)
Other versions
CN102882835A (en
Inventor
刘磊
徐剑
牛津
杨中臻
王献冠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Xinrand Network Technology Co ltd
Original Assignee
Institute of Acoustics CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Acoustics CAS filed Critical Institute of Acoustics CAS
Priority to CN201110195869.2A priority Critical patent/CN102882835B/en
Publication of CN102882835A publication Critical patent/CN102882835A/en
Application granted granted Critical
Publication of CN102882835B publication Critical patent/CN102882835B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Computer And Data Communications (AREA)

Abstract

本发明提供一种实现单点登录的方法及系统,该方法可实现针对所有应用的单点登录,所述方法包括:单点登录服务器绑定用户在该单点登录服务器和应用中的身份信息的步骤;用户访问应用的受保护资源时,应用请求单点登录服务器认证用户的步骤;单点登录服务器完成用户认证后,如果单点登录服务器已绑定用户在该应用中身份信息,则返回用户在该应用中的身份信息;否则返回用户在单点登录服务器中的身份信息,完成登录的步骤。此外,基于上述方法本发明还提供一种单点登录服务器,该服务器包含:用户管理模块和会话管理模块,其特征在于,所述服务器还包含:信息交互模块、应用管理模块和身份绑定模块。

The present invention provides a method and system for realizing single sign-on, the method can realize single sign-on for all applications, and the method includes: the single sign-on server binds the identity information of the user in the single sign-on server and the application Steps; when the user accesses the protected resources of the application, the application requests the single sign-on server to authenticate the user; after the single sign-on server completes the user authentication, if the single sign-on server has bound the user's identity information in the application, it returns The user's identity information in the application; otherwise, the user's identity information in the single sign-on server is returned to complete the login steps. In addition, based on the above method, the present invention also provides a single sign-on server, the server includes: a user management module and a session management module, characterized in that the server also includes: an information interaction module, an application management module and an identity binding module .

Description

一种实现单点登录的方法及系统A method and system for implementing single sign-on

技术领域 technical field

本发明涉及单点登录技术领域,特别涉及一种实现单点登录的方法及系统。The invention relates to the technical field of single sign-on, in particular to a method and system for realizing single sign-on.

背景技术 Background technique

随着互联网的迅猛发展,各种各样归属于不同提供商的应用也已大量存在,同时新应用也不断涌现。而每个应用一般都要求实现用户管理、身份认证、授权等必不可少的安全措施。为了简化应用开发流程,同时避免用户访问应用时多次输入用户名和密码,单点登录技术应运而生。所谓单点登录是指在多个应用中,用户只需要登录一次就可以访问所有相互信任的应用。With the rapid development of the Internet, a large number of applications belonging to different providers have also existed, and new applications have also emerged continuously. Each application generally requires the implementation of essential security measures such as user management, identity authentication, and authorization. In order to simplify the application development process and avoid multiple input of user names and passwords when users access applications, the single sign-on technology came into being. The so-called single sign-on means that in multiple applications, users only need to log in once to access all mutually trusted applications.

而现有的单点登录技术一般通过配置统一的认证系统和集中统一的用户管理来实现单点登录。这样认证系统和应用必须使用统一的用户账户,但是对一些已经存在的应用来说他们并不愿意废止自己的用户管理。因此现有的单点登录系统对于这种不愿意放弃自己用户管理的应用就不能实现单点登录。图1-a为现有技术的单点登录服务器结构示意图。However, the existing single sign-on technology generally implements single sign-on by configuring a unified authentication system and centralized and unified user management. In this way, the authentication system and application must use a unified user account, but for some existing applications, they are not willing to abolish their own user management. Therefore, the existing single sign-on system cannot implement single sign-on for such applications that are not willing to give up their own user management. Fig. 1-a is a schematic structural diagram of a single sign-on server in the prior art.

针对这个问题中国第CN101420416A号专利公开了一种身份联合及统一登录方法通过将用户在身份管理平台与应用的身份信息进行联合,实现统一登录。在该方法中,应用的用户管理必须有效。但是该统一登录方法是建立在身份联合的基础之上的,用户需要使用在该应用中的身份访问应用。这样就要求所有应用需要有自己的用户管理和身份认证,并且需要建立身份联合,才能实现在多个应用之间的统一登录,并不具备单点登录方法的优点。To solve this problem, Chinese Patent No. CN101420416A discloses an identity federation and unified login method by combining the identity information of the user on the identity management platform and the application to realize unified login. In this method, the application's user management must be active. However, the unified login method is based on identity federation, and the user needs to use the identity in the application to access the application. This requires that all applications need to have their own user management and identity authentication, and identity federation needs to be established to achieve unified login among multiple applications, which does not have the advantages of the single sign-on method.

发明内容 Contents of the invention

本发明目的在于,为克服现有技术的单点登录系统对有用户管理的应用不能实现身份联合的问题以及背景技术所述的发明专利虽然引入了身份联合的思想却并没有实现真正的单点登录(专利中记载的所有的应用都必须有自己的用户管理平台才能实现统一登录,这样会导致所有新开发的应用都必须开发自己的用户管理平台),从而提供一种实现单点登录的方法及系统。The purpose of the present invention is to overcome the problem that the single sign-on system in the prior art cannot realize identity federation for applications with user management, and the invention patent mentioned in the background technology does not realize the real single point although it introduces the idea of identity federation Login (all applications recorded in the patent must have their own user management platform to achieve unified login, which will lead to all newly developed applications must develop their own user management platform), thus providing a way to achieve single sign-on and system.

本发明将单点登录方法融合身份联合的优点,为所有应用(包含有用户管理的应用和无用户管理的用户)提供统一的身份认证服务。The present invention integrates the advantages of identity federation with the single sign-on method, and provides unified identity authentication services for all applications (including applications with user management and users without user management).

为实现上述发明目的,本发明提供一种单点登录服务器,用于为有用户管理的应用和无用户管理的应用统一提供单点登录服务,且所述有用户管理的应用采用单点登录时基于用户身份绑定的策略,该服务器包含:用户管理模块和会话管理模块,其特征在于,所述服务器还包含:信息交互模块、应用管理模块和身份绑定模块;所述应用管理模块,用于保存应用的信息;所述身份绑定模块,用于绑定用户在应用中的身份信息与用户在单点登录服务器的身份信息;所述信息交互模块,分别与所述会话管理模块、应用管理模块、身份绑定模块连接,该信息交互模块用于接收和响应应用的认证请求,与所述发出认证请求的应用采用交互方式建立绑定,向会话管理模块查询用户登录状态,通知会话管理模块认证用户;其中,所述会话管理模块,与所述用户管理模块连接,该模块用于接收和验证用户输入的登录信息,并保持用户的登录状态信息。In order to achieve the purpose of the above invention, the present invention provides a single sign-on server, which is used to uniformly provide single sign-on services for applications with user management and applications without user management, and when the application with user management uses single sign-on Based on the policy of user identity binding, the server includes: a user management module and a session management module, wherein the server also includes: an information interaction module, an application management module and an identity binding module; the application management module uses The identity binding module is used to bind the identity information of the user in the application and the identity information of the user in the single sign-on server; the information interaction module is respectively connected with the session management module and the application The management module and the identity binding module are connected, the information interaction module is used to receive and respond to the authentication request of the application, establish binding with the application that sends the authentication request in an interactive manner, query the user login status from the session management module, and notify the session management The module authenticates the user; wherein, the session management module is connected to the user management module, and the module is used to receive and verify the login information input by the user, and maintain the login status information of the user.

上述技术方案中,所述应用的信息包括应用标识和应用是否有用户管理模块。所述用户管理模块用于保存用户在单点登录服务器的信息。In the above technical solution, the application information includes the application identifier and whether the application has a user management module. The user management module is used to save the information of the user in the single sign-on server.

基于上述装置本发明还提供一种实现单点登录的方法,该方法可实现针对所有应用的单点登录,所述方法包括:单点登录服务器绑定用户在该单点登录服务器和应用中的身份信息;用户访问应用的受保护资源时,应用请求单点登录服务器认证用户;单点登录服务器完成用户认证后,如果单点登录服务器已绑定用户在该应用中身份信息,则返回用户在该应用中的身份信息;否则返回用户在单点登录服务器中的身份信息,完成登录。Based on the above-mentioned device, the present invention also provides a method for realizing single sign-on, which can realize single sign-on for all applications, and the method includes: the single sign-on server binds the user in the single sign-on server and the application Identity information; when the user accesses the protected resources of the application, the application requests the SSO server to authenticate the user; after the SSO server completes the user authentication, if the SSO server has bound the user's identity information in the application, it returns the user's identity information in the application. The identity information in the application; otherwise, return the user's identity information in the single sign-on server to complete the login.

上述技术方案中,所述身份信息包含用户账号、登录名、用户标识、角色或权限级别。In the above technical solution, the identity information includes user account, login name, user ID, role or authority level.

所述应用如果有用户管理,则单点登录服务器提供绑定用户在单点登录服务器中和在该应用中的身份信息的服务,即用户能使用在应用中的身份访问应用。If the application has user management, the SSO server provides a service of binding the identity information of the user in the SSO server and the application, that is, the user can use the identity in the application to access the application.

所述应用如果没有用户管理系统,则用户使用在单点登录服务器中的身份访问该应用。If the application does not have a user management system, the user uses the identity in the single sign-on server to access the application.

采用上述的技术方案后,本发明具有以下优点:After adopting above-mentioned technical scheme, the present invention has the following advantages:

1、单点登录服务器提供身份认证服务和身份绑定服务,从而降低业务提供门槛,提供者可以不必为每个应用开发独立的身份认证系统和用户管理模块,同时更好的融合不同应用,应用如果有自己的用户管理模块,可以继续使用;1. The single sign-on server provides identity authentication services and identity binding services, thereby lowering the threshold for service provision. Providers do not need to develop independent identity authentication systems and user management modules for each application, and at the same time better integrate different applications. If you have your own user management module, you can continue to use it;

2、单点登录服务器完成用户认证后,如果单点登录服务器已绑定用户在该应用中身份信息,则返回用户在该应用中的身份信息,从而使得用户在访问不同应用时,不需要重复登录就可以切换身份。2. After the single sign-on server completes the user authentication, if the single sign-on server has bound the user's identity information in the application, it will return the user's identity information in the application, so that the user does not need to repeat when accessing different applications. Log in to switch identities.

附图说明 Description of drawings

图1-a是现有技术的单点登录服务器结构示意图;Figure 1-a is a schematic structural diagram of a single sign-on server in the prior art;

图1-b是本发明中单点登录服务器结构示意图;Fig. 1-b is a schematic diagram of the structure of the single sign-on server in the present invention;

图2本发明中应用实施例一结构示意图;Fig. 2 is a schematic structural diagram of application embodiment 1 in the present invention;

图3本发明中应用实施例二结构示意图;Fig. 3 is a schematic structural diagram of application example two in the present invention;

图4本发明中身份绑定实施例流程示意图Figure 4 is a schematic flow diagram of an embodiment of identity binding in the present invention

图5本发明方法单点登录实施例的信息交互时序图。FIG. 5 is a sequence diagram of information interaction in the single sign-on embodiment of the method of the present invention.

具体实施方式 Detailed ways

为使本发明的目的、技术方案和优点更加清楚,下面结合附图和具体实施例对本发明的单点登录方法做进一步的详细描述。In order to make the purpose, technical solution and advantages of the present invention clearer, the single sign-on method of the present invention will be further described in detail below in conjunction with the drawings and specific embodiments.

图1-b是本发明中单点登录服务器结构示意图,包括:用户管理模块,该模块用于保存用户在单点登录服务器的身份信息,包括用户名、密码;应用管理模块,该模块用于保存应用的信息,包括应用标识、应用是否有用户管理模块;会话管理模块,与所述用户管理模块连接,该模块用于接收和验证用户输入的登录信息,并保持用户的登录状态信息;身份绑定模块,该模块保存用户在应用的身份信息与用户在单点登录服务器的身份信息的对应关系;信息交互模块,与所述会话管理模块、应用管理模块、身份绑定模块连接,该模块用于接收和响应应用的认证请求,与应用交互建立用户在所述应用的身份信息与用户在单点登录服务器的身份信息的对应关系,向会话管理模块查询用户登录状态,通知会话管理模块认证用户。Fig. 1-b is a schematic diagram of the structure of the single sign-on server in the present invention, including: a user management module, which is used to save the identity information of the user in the single sign-on server, including user name and password; an application management module, which is used for Save the information of the application, including the application identification, whether the application has a user management module; the session management module is connected to the user management module, which is used to receive and verify the login information input by the user, and maintain the user's login status information; identity A binding module, which stores the corresponding relationship between the identity information of the user in the application and the identity information of the user in the single sign-on server; the information interaction module is connected with the session management module, the application management module, and the identity binding module, and the module It is used to receive and respond to the authentication request of the application, interact with the application to establish the corresponding relationship between the identity information of the user in the application and the identity information of the user in the single sign-on server, query the user login status from the session management module, and notify the session management module of authentication user.

图2是本发明中应用实施例一结构示意图,包括:用户管理模块,该模块用于管理用户在应用中的信息,包括用户名、密码;身份查询模块,与所述用户管理模块连接,该模块用于向单点登录服务器发送认证用户请求,并接收响应,同时接收并响应单点登录服务器身份绑定请求。Fig. 2 is a schematic structural diagram of an application embodiment in the present invention, including: a user management module, which is used to manage user information in the application, including user names and passwords; an identity query module, connected to the user management module, the The module is used to send an authentication user request to the SSO server and receive a response, and at the same time receive and respond to the SSO server identity binding request.

图3是本发明中应用实施例二结构示意图,包括:身份查询模块,该模块用于向单点登录服务器发送认证用户请求,并接收响应。Fig. 3 is a schematic structural diagram of the application embodiment 2 of the present invention, including: an identity query module, which is used to send an authentication user request to the single sign-on server and receive a response.

图4是本发明中身份绑定实施例流程示意图,应用请求单点登录服务器认证用户,认证成功后,如果单点登录服务器发现该应用有用户管理且用户未进行身份绑定,则通知用户可以进行身份绑定。具体绑定流程包括:Fig. 4 is a flow diagram of an embodiment of identity binding in the present invention. The application requests the single sign-on server to authenticate the user. After the authentication is successful, if the single sign-on server finds that the application has user management and the user has not performed identity binding, it will notify the user that it can Perform identity binding. The specific binding process includes:

101)单点登录服务器询问用户是否绑定在该应用中的身份,用户选择绑定,转102;用户选择不绑定,转109;101) The single sign-on server asks the user whether to bind the identity in the application, the user chooses to bind, go to 102; the user chooses not to bind, go to 109;

102)单点登录服务器将页面重定向至应用,重定向请求中携带身份绑定请求、绑定请求标识;102) The single sign-on server redirects the page to the application, and the redirection request carries an identity binding request and a binding request identifier;

103)应用接收身份绑定请求后,要求用户输入在应用中的用户名和密码;103) After the application receives the identity binding request, the user is required to enter the user name and password in the application;

104)应用验证用户名和密码成功后,验证成功,转105;验证失败,转106;104) After the user name and password are successfully verified by the application, if the verification is successful, go to 105; if the verification fails, go to 106;

105)应用将页面重定向至单点登录服务器,重定向信息中携带身份绑定成功消息、用户在应用中的用户名、绑定请求标识,转107;105) The application redirects the page to the single sign-on server, and the redirection information carries the identity binding success message, the user's username in the application, and the binding request identifier, and turns to 107;

106)应用将页面重定向至单点登录服务器,重定向信息中携带身份绑定失败消息、绑定请求标识,转108;106) The application redirects the page to the single sign-on server, and the redirection information carries an identity binding failure message and a binding request identifier, and turns to 108;

107)单点登录服务器接收到身份绑定成功消息后,记录用户在单点登录服务器中用户名、应用标识、用户在应用中用户名的对应关系,转109;107) After the single sign-on server receives the identity binding success message, record the corresponding relationship between the user name in the single sign-on server, the application identifier, and the user name in the application, and turn to 109;

108)单点登录服务器接收到身份绑定失败消息后,则取消本次身份绑定,转113;108) After the single sign-on server receives the identity binding failure message, it cancels the current identity binding and turns to 113;

109)身份绑定流程结束。109) The identity binding process ends.

如图5所示,具体介绍本发明作为一种单点登录方法的实施例的各个操作步骤:As shown in Figure 5, each operation step of the embodiment of the present invention as a single sign-on method is specifically introduced:

201)用户访问应用的受保护资源,应用在请求的cookie信息中未发现用户名,转202;发现用户名,转208;201) When the user accesses the protected resources of the application, the application does not find the user name in the requested cookie information, go to 202; if the user name is found, go to 208;

202)应用将页面重定向至单点登录服务器,重定向请求中包含认证用户请求、应用标识;202) The application redirects the page to the single sign-on server, and the redirection request includes the authentication user request and the application identification;

203)单点登录服务器在用户请求的cookie信息中发现用户的访问票据且未过期,即用户已登录,转205;否则转204;203) The single sign-on server finds the user's access ticket in the cookie information requested by the user and has not expired, that is, the user has logged in, and then go to 205; otherwise, go to 204;

204)单点登录服务器要求用户输入用户名和密码进行登录;单点登录服务器验证用户名和密码成功后,生成用户访问票据和票据过期时间,并将用户访问票据存储在用户浏览器的cookie信息中,转205;验证失败,该流程结束;204) The single sign-on server requires the user to enter the user name and password to log in; after the single sign-on server verifies the user name and password successfully, it generates a user access ticket and ticket expiration time, and stores the user access ticket in the cookie information of the user browser, Go to 205; verification fails, the process ends;

205)单点登录服务器根据用户在单点登录服务器的用户名、应用标识在数据库中未查询出用户在该应用中的用户名,转207;如果查询出用户在该应用中的用户名,转206;205) The single sign-on server does not query the user name of the user in the application according to the user name of the user in the single sign-on server and the application identification in the database, and then proceeds to 207; 206;

206)单点登录服务器将页面重定向至应用,重定向信息中携带用户在应用中的用户名,转208;206) The single sign-on server redirects the page to the application, and the redirection information carries the user name of the user in the application, and turns to 208;

207)单点登录服务器将页面重定向至应用,重定向信息中携带用户在单点登录服务器中的用户名,转208;207) The single sign-on server redirects the page to the application, and the redirection information carries the user name of the user in the single sign-on server, and turns to 208;

208)应用获取用户名,与单点登录模块交互验证用户登录是否有效是否过期,验证成功后,应用响应用户请求;验证失败,即登录过期,转202要求用户重新登录。208) The application obtains the user name, and interacts with the single sign-on module to verify whether the user login is valid or expired. After the verification is successful, the application responds to the user request;

以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present invention should be included in the protection of the present invention. within range.

Claims (7)

1. a single logging-on server, for in order to have, the application of the application of user management and no user management is unified provides single-sign-on services, and described in when having the application of user management to adopt single-sign-on based on the strategy of user identity binding, this server comprises: user management module and session management module, it is characterized in that
Described server also comprises: information interaction module, application management module and identity binding module;
Described application management module, for preserving the information of application;
Described identity binding module, for user bound identity information in the application and the user identity information in single logging-on server;
Described information interaction module, respectively with described session management module, application management module, identity binding model calling, this information interaction module is for receiving the authentication request with response application, adopt interactive mode to set up with the application sending described authentication request to bind, to session management module inquiring user logging status, announcement session administration module authenticated user;
Wherein, described session management module, is connected with described user management module, and this module for receiving the log-on message with authentication of users input, and keeps the logging status information of user; Described user management module, for preserving the information of user in single logging-on server;
If application has user management, then single logging-on server provides the service of user bound identity information in single logging-on server and in this application, and namely user can use identity access application in the application;
If application does not have Subscriber Management System, then user's identity be used in single logging-on server accesses this application.
2. single logging-on server according to claim 1, is characterized in that, the information of described application comprises application identities and whether application has user management module.
3. single logging-on server according to claim 1, is characterized in that: described identity information comprises: user account, login name, user ID, role or Permission Levels.
4. realize a method for single-sign-on, the method can realize the single-sign-on for all application, and described method comprises:
If single logging-on server finds that this application has user management and user does not carry out identity information binding, then notify that user carries out identity information binding;
During the locked resource of user's access application, the step of application request single logging-on server authenticated user; Wherein, the step of described single logging-on server authenticated user and login is:
201) locked resource of user's access application, is applied in the cookie information of request and does not find user name, turns 202; Find user name, turn 208;
202) application is by page reorientation to single logging-on server, comprises authenticated user request, application identities in redirect request;
203) find the access tickets of user in the cookie information that single logging-on server is asked user and not out of date, namely user logs in, turns 205; Otherwise turn 204;
204) single logging-on server requires that user inputs username and password and logs in; After single logging-on server authentication of users name and password success, generate user's access tickets and bill expired time, and user's access tickets is stored in the cookie information of user browser, turn 205; Authentication failed, this steps flow chart terminates;
205) single logging-on server does not inquire user's user name in this application according to user in a database in the user name of single logging-on server, application identities, turns 207; If inquire user's user name in this application, turn 206;
206) single logging-on server is by page reorientation to application, carries user's user name in the application in redirection information, turns 208;
207) single logging-on server is by page reorientation to application, carries the user name of user in single logging-on server in redirection information, turns 208;
208) whether whether application obtains user name, log in effectively expired with single-sign-on module validation-cross user, after being proved to be successful, and application response user request; Authentication failed, namely logs in expired, turns 202 and requires that user logs in again.
5. the method realizing single-sign-on according to claim 4, is characterized in that: described identity information comprises user account, login name, user ID, role or Permission Levels.
6. the method realizing single-sign-on according to claim 4, it is characterized in that, if described application has user management, then single logging-on server provides the service of user bound identity information in single logging-on server and in this application, and namely user can use identity access application in the application.
7. the method realizing single-sign-on according to claim 4, is characterized in that: if described application does not have Subscriber Management System, then user's identity be used in single logging-on server accesses this application.
CN201110195869.2A 2011-07-13 2011-07-13 A kind of method and system realizing single-sign-on Active CN102882835B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110195869.2A CN102882835B (en) 2011-07-13 2011-07-13 A kind of method and system realizing single-sign-on

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110195869.2A CN102882835B (en) 2011-07-13 2011-07-13 A kind of method and system realizing single-sign-on

Publications (2)

Publication Number Publication Date
CN102882835A CN102882835A (en) 2013-01-16
CN102882835B true CN102882835B (en) 2015-09-09

Family

ID=47483984

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110195869.2A Active CN102882835B (en) 2011-07-13 2011-07-13 A kind of method and system realizing single-sign-on

Country Status (1)

Country Link
CN (1) CN102882835B (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103401883A (en) * 2013-08-16 2013-11-20 深信服网络科技(深圳)有限公司 Single sign-on method and system
CN104219251B (en) * 2014-09-26 2018-02-23 北京国双科技有限公司 The method and apparatus for obtaining website data
CN104301418B (en) * 2014-10-23 2017-12-12 西安未来国际信息股份有限公司 A kind of cross-domain single login system and login method based on SAML
CN104320394A (en) * 2014-10-24 2015-01-28 华迪计算机集团有限公司 Single sign-on achievement method and system
CN104506499B (en) * 2014-12-11 2018-10-30 歌尔股份有限公司 The method and device of single-sign-on application system
CN104753927B (en) * 2015-03-12 2018-09-04 新华三技术有限公司 A kind of method and apparatus of unified verification
CN106850517A (en) * 2015-12-04 2017-06-13 北京京东尚科信息技术有限公司 A kind of method, apparatus and system for solving intranet and extranet repeat logon
CN105959311A (en) * 2016-07-04 2016-09-21 天闻数媒科技(湖南)有限公司 Single sign-on method and device for application system
CN106911714B (en) * 2017-04-05 2020-06-19 南京南瑞集团公司 Mobile application single sign-on method based on inter-process communication for Android devices
CN107679394A (en) * 2017-06-25 2018-02-09 平安科技(深圳)有限公司 Using log-in control method, service terminal and computer-readable recording medium
CN110505207A (en) * 2019-07-19 2019-11-26 苏州浪潮智能科技有限公司 A kind of single sign-on realization method based on ukey certification
CN111447245A (en) * 2020-05-27 2020-07-24 杭州海康威视数字技术股份有限公司 Authentication method, authentication device, electronic equipment and server
CN114070651B (en) * 2022-01-11 2022-04-12 中国空气动力研究与发展中心计算空气动力研究所 Single sign-on system and method
CN115250198B (en) * 2022-07-04 2024-06-14 四川盘谷智慧医疗科技有限公司 Information system suitable for group type enterprises and single sign-on integration method
CN115543473A (en) * 2022-08-25 2022-12-30 深圳点链科技有限公司 Functional application docking method, device, equipment and medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101193027A (en) * 2006-11-28 2008-06-04 深圳市永兴元科技有限公司 A single-point login system and method for integrated isomerous system
CN101420416A (en) * 2007-10-22 2009-04-29 中国移动通信集团公司 Identity management platform, service server, login system and federation method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101193027A (en) * 2006-11-28 2008-06-04 深圳市永兴元科技有限公司 A single-point login system and method for integrated isomerous system
CN101420416A (en) * 2007-10-22 2009-04-29 中国移动通信集团公司 Identity management platform, service server, login system and federation method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
一种Web应用环境下的联合单点登录模型;张昌利等;《西北工业大学学报》;20060430;第24卷(第2期);全文 *
钟林栖.基于CAS协议的单点登录系统的研究.《中国优秀博硕士学位论文全文数据库(硕士)信息科技辑(月刊)2007年》.2007,(第2期), *

Also Published As

Publication number Publication date
CN102882835A (en) 2013-01-16

Similar Documents

Publication Publication Date Title
CN102882835B (en) A kind of method and system realizing single-sign-on
TWI706263B (en) Trust registration method, server and system
CN102265255B (en) System and method for providing federated authentication services through gradual expiration of credentials
EP2307982B1 (en) Method and service integration platform system for providing internet services
CN107172054B (en) Authority authentication method, device and system based on CAS
CN103179115B (en) The cloud service access control method that a kind of facing cloud television terminal is applied across cloud
US9729539B1 (en) Network access session detection to provide single-sign on (SSO) functionality for a network access control device
CN104022875B (en) A kind of two-way authorization system, client and method
US7716469B2 (en) Method and system for providing a circle of trust on a network
US9584615B2 (en) Redirecting access requests to an authorized server system for a cloud service
CN112468481B (en) Single-page and multi-page web application identity integrated authentication method based on CAS
CN104539615B (en) Cascade connection authentication method based on CAS
US20130007867A1 (en) Network Identity for Software-as-a-Service Authentication
CN112580006A (en) Access right control method and device of multi-cloud system and authentication server
CN113411324B (en) Method and system for realizing login authentication based on CAS and third-party server
CN103780580B (en) Method, server and system for providing capability access strategy
CN103905395B (en) WEB access control method and system based on redirection
HK1080658B (en) System, method and apparatus for federated single sign-on services
CN103188207A (en) Cross-domain single sign-on realization method and system
CN101902327A (en) A method, device and system for realizing single sign-on
CN103856332A (en) Implementation method of one-to-multiple account mapping binding of convenient and rapid multi-screen multi-factor WEB identity authentication
CN110493184A (en) The processing method of login page, device, electronic device in the client
KR20130109322A (en) Apparatus and method to enable a user authentication in a communication system
Bazaz et al. A review on single sign on enabling technologies and protocols
CN105592026A (en) Multi-network-segment multi-system single sign on method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20210803

Address after: Room 1601, 16th floor, East Tower, Ximei building, No. 6, Changchun Road, high tech Industrial Development Zone, Zhengzhou, Henan 450001

Patentee after: Zhengzhou xinrand Network Technology Co.,Ltd.

Address before: 100190, No. 21 West Fourth Ring Road, Beijing, Haidian District

Patentee before: INSTITUTE OF ACOUSTICS, CHINESE ACADEMY OF SCIENCES