CN111209557A - Cross-domain single sign-on method, device, electronic device and storage medium - Google Patents
Cross-domain single sign-on method, device, electronic device and storage medium Download PDFInfo
- Publication number
- CN111209557A CN111209557A CN201911347640.9A CN201911347640A CN111209557A CN 111209557 A CN111209557 A CN 111209557A CN 201911347640 A CN201911347640 A CN 201911347640A CN 111209557 A CN111209557 A CN 111209557A
- Authority
- CN
- China
- Prior art keywords
- webpage system
- user
- webpage
- user certificate
- login information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/41—User authentication where a single sign-on provides access to a plurality of computers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
Abstract
本发明实施例涉及通信技术领域,公开了一种跨域单点登录方法。本发明在接收用户通过客户端输入的第一网页系统的请求地址时,获取所述第一网页系统的登录信息,将根据所述登录信息产生的用户凭证保存在所述第一网页系统关联的预设文档中;将所述用户凭证传送给第一网页系统关联的第二网页系统,并将所述用户凭证存储在所述第二网页系统关联的预设文档中;在接收用户通过所述客户端输入的第二网页系统的请求地址时,根据所述用户凭证进入所述第二网页系统。本发明还提出一种跨域单点登录装置、电子设备以及一种计算机可读存储介质。本发明可以实现跨域单点登录的灵活性。
Embodiments of the present invention relate to the technical field of communications, and disclose a method for cross-domain single sign-on. The present invention acquires the login information of the first web page system when receiving the request address of the first web page system inputted by the user through the client, and saves the user credentials generated according to the login information in a link associated with the first web page system. in the preset document; transfer the user credentials to the second web page system associated with the first web page system, and store the user credentials in the preset document associated with the second web page system; When the client enters the request address of the second web page system, the client enters the second web page system according to the user credential. The present invention also provides a cross-domain single sign-on device, an electronic device, and a computer-readable storage medium. The present invention can realize the flexibility of cross-domain single sign-on.
Description
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a cross-domain single sign-on method and device based on a micro-service architecture, electronic equipment and a computer readable storage medium.
Background
At present, with the expansion of business and the complexity of business, most enterprises gradually start to construct various front, middle and background systems based on micro services, and by using a single sign on (single sign on) mechanism, a user can access all mutually trusted application systems only by logging on once, so that the single sign on is increasingly important in the status of the enterprises. However, the inventor finds that the following two problems mainly exist in the single sign-on use process: 1. the cross-domain single sign-on needs extra services and extra plug-ins, and has compatibility problems; 2. cross-domain single sign-on backend services are complex.
Disclosure of Invention
Embodiments of the present invention provide a cross-domain single sign-on method, an apparatus, an electronic device, and a computer-readable storage medium, which are used to solve the problems of compatibility and complex backend service due to the fact that the existing cross-domain single sign-on needs additional services and additional plug-ins.
To solve the above technical problem, an embodiment of the present invention provides a cross-domain single sign-on method, where the method includes:
when a request address of a first webpage system input by a user through a client is received, if a preset document associated with the first webpage system stores a user certificate which is not invalid, entering the first webpage system according to the user certificate;
if no user certificate is stored in the preset document associated with the first webpage system or the user certificate is invalid, receiving login information of the first webpage system, after the login information is authenticated, storing the user certificate generated according to the login information in the preset document associated with the first webpage system, and entering the first webpage system according to the user certificate;
and transmitting the user certificate to a second webpage system associated with the first webpage system, storing the user certificate in a preset document associated with the second webpage system, and entering the second webpage system according to the user certificate when receiving a request address of the second webpage system input by a user through the client.
Preferably, the cross-domain single sign-on method further includes a step of authenticating the login information, including: transmitting the login information to a pre-constructed agent layer;
and sending the login information to a pre-constructed micro service system through the pre-constructed proxy layer, and authenticating the login information through a user authentication layer of the micro service system.
Preferably, the preset documents of the first webpage system and the second webpage system are cookies.
Preferably, before the transmitting the user credential to the second web page system associated with the first web page system, the method further comprises:
judging whether the first webpage system and the second webpage system have the same protocol, port number and host;
if the user credentials cannot be sent from the first webpage system to the second webpage system and the abnormal result which cannot be sent is returned to the client side, the user credentials cannot be sent to the second webpage system;
and if the user credentials have the same protocol, port number and host, sending the user credentials from the first webpage system to the second webpage system.
Preferably, the transmitting of the user credentials to the second webpage system associated with the first webpage system is performed by a window.
Preferably, the transmitting the user credential to the second webpage system associated with the first webpage system includes:
acquiring a request address of the second webpage system;
inputting a request address of the second webpage system in a window of the first webpage system through a tag label, and embedding the user certificate into the request address of the second webpage system;
and sending the request address containing the user certificate to a window of the second webpage system.
Preferably, the second webpage system comprises one or more request addresses of a different domain than the first webpage system.
In addition, to solve the above problem, the present invention provides a cross-domain single sign-on apparatus, comprising:
the query module is used for entering a first webpage system according to a user certificate if the user certificate which is not invalid is stored in a preset document associated with the first webpage system when receiving a request address of the first webpage system input by a user through a client;
the authentication module is used for receiving login information of the first webpage system when no user certificate is stored in a preset document associated with the first webpage system or the user certificate is invalid, storing the user certificate generated according to the login information in the preset document associated with the first webpage system after the login information is authenticated, and entering the first webpage system according to the user certificate;
and the transmitting module is used for transmitting the user certificate to a second webpage system associated with the first webpage system, storing the user certificate in a preset document associated with the second webpage system, and entering the second webpage system according to the user certificate when receiving a request address of the second webpage system input by a user through the client.
In addition, to solve the above problem, the present invention provides an electronic device, including:
a memory storing at least one instruction; and
and the processor executes the instructions stored in the memory to realize the cross-domain single sign-on method.
In addition, to solve the above problem, the present invention further provides a computer-readable storage medium having at least one instruction stored thereon, where the at least one instruction is executed by a processor in an electronic device to implement the steps of the cross-domain single sign-on method described above.
According to the embodiment of the invention, when a request address of a first webpage system input by a user is received, a user certificate generated according to login information is stored in a preset document associated with the first webpage system, and the user certificate is further transmitted to a second webpage system associated with the first webpage system, so that when the user requests to enter the second webpage system, the user can directly enter the second webpage system according to the user certificate without repeatedly inputting login information, and cross-domain single sign-on is realized. According to the embodiment of the invention, the user certificate is stored in the preset document of the webpage system, and additional server resources and additional plug-ins are not needed, so that the complexity of user certificate access is simplified.
Furthermore, the embodiment of the invention adopts the micro-service system to carry out login information authentication, simplifies the architecture of the server, reduces the development cost and reduces the system maintenance cost.
Drawings
One or more embodiments are illustrated by way of example in the accompanying drawings, which correspond to the figures in which like reference numerals refer to similar elements and which are not to scale unless otherwise specified.
FIG. 1 is a flowchart of a preferred embodiment of a cross-domain single sign-on method of the present invention;
FIG. 2 is a flowchart illustrating a detailed implementation of one of the steps in the preferred embodiment of the cross-domain single sign-on method shown in FIG. 1;
FIG. 3 is a flowchart detailing another step in the preferred embodiment of the cross-domain single sign-on method shown in FIG. 1;
FIG. 4 is a functional block diagram of a cross-domain single sign-on apparatus according to a preferred embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device implementing the cross-domain single sign-on method of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, embodiments of the present invention will be described in detail below with reference to the accompanying drawings. However, it will be appreciated by those of ordinary skill in the art that numerous technical details are set forth in order to provide a better understanding of the present application in various embodiments of the present invention. However, the technical solution claimed in the present application can be implemented without these technical details and various changes and modifications based on the following embodiments.
The first embodiment of the invention relates to a cross-domain single sign-on method, and the core of the embodiment lies in that a user certificate is stored through a cookie file of a webpage system, so that the problem of compatibility caused by the fact that additional services and additional plug-ins are required in the existing cross-domain single sign-on is solved. The implementation details of the cross-domain single sign-on of the present embodiment are specifically described below, and the following description is only provided for the convenience of understanding, and is not necessary for implementing the present embodiment.
Fig. 1 is a flow chart showing a method of implementing the cross-domain single sign-on method according to the preferred embodiment of the present invention. The order of the steps in the flow chart may be changed and some steps may be omitted according to different needs.
The preferred embodiment of the cross-domain single sign-on method shown in fig. 1 is applied to one or more electronic devices, which are devices capable of automatically performing numerical calculation and/or information processing according to preset or stored instructions, and the hardware thereof includes, but is not limited to, a microprocessor, an Application Specific Integrated Circuit (ASIC), a Programmable Gate Array (FPGA), a Digital Signal Processor (DSP), an embedded device, and the like.
The purpose of the preferred embodiment of the cross-domain single sign-on method of the invention is to solve the problem that additional server resources and plug-ins are needed during cross-domain single sign-on, and the method comprises the following steps:
s1, when a request address of a first webpage system input by a user through a client is received, if a preset document associated with the first webpage system stores a user certificate which is not invalid, entering the first webpage system according to the user certificate.
In at least one embodiment of the invention, a user enters a request address of a first webpage system needing to be accessed through a client. The first netpage system may be understood as a service system of the internet, and is selected according to the requirement of the client, for example, the request address of the first netpage system may be:www.a.com。
preferably, in the embodiment of the present invention, the user credential is also called token, and includes a user account name and a password. Wherein, the token is generated at the server, and the generation process comprises: when entering a webpage system through a browser of a client, registering a user name and a password through the webpage system, requesting authentication of the registered user name and password to a server, receiving the request authentication by the server, and if the request authentication is successful, returning a Token to the browser by the server. The browser can bring the Token to prove the legal status of the browser each time the client makes a service request to the server.
Preferably, in the embodiment of the present invention, when a first webpage system to be accessed is input into a browser of a client, a query of a preset document associated with the first webpage system is preferentially performed first. If the user certificate of the user exists in the preset document associated with the first webpage system and the user certificate is not invalid, directly entering the first webpage system according to the user certificate, and performing a corresponding service request after entering the first webpage system, wherein the service request can be a short message service request, a service call service request and the like. In a preferred embodiment of the present invention, the preset document may be a cookie file of the first web page system.
S2, if no user certificate is stored in the preset document associated with the first webpage system or the user certificate is invalid, receiving login information of a user to the first webpage system, after the login information passes authentication, storing the user certificate generated according to the login information in the preset document associated with the first webpage system, and entering the first webpage system according to the user certificate.
Preferably, in the embodiment of the present invention, if the user credential is not stored in the preset document associated with the first netpage system or the user credential is invalid, the login information of the user to the first netpage system is received, and after the login information is authenticated, the user credential generated according to the login information is stored in the preset document associated with the first netpage system. Wherein, the step of authenticating the login information is as shown in fig. 2: s30, transmitting the login information to a pre-constructed agent layer; s31, sending the login information to a pre-constructed micro service system through the pre-constructed proxy layer; and S32, authenticating the login information through a user authentication layer of the micro service system. The generation of the user credentials comprises: and setting a user name and a password according to the behavior characteristics of the user to obtain a user certificate. The encryption is to generate a user signature for the username and password after registration through an encryption algorithm, and then the user credentials may include: a username, password, and user signature. The pre-constructed proxy layer is a nginx proxy layer, the pre-constructed micro-service system is used for distributing the request address of the client to the corresponding server, and the encryption algorithm is an HMAC-SHA256 encryption algorithm.
Based on the embodiment, the pre-constructed micro service system access server ensures the high efficiency of data access and the rapidity of server reply, and the security and the uniqueness of user information are ensured by encrypting the user certificate through an encryption algorithm.
Preferably, the process of saving the user credentials generated according to the login information in the preset document associated with the first netpage system of the present invention includes: a cookie cache mechanism is set at a browser end by utilizing a JavaScript scripting language, and data creation, reading and deletion operations are carried out on the set cookie through document. Storing the user credentials in the preset cookie.
Based on the above embodiment, the cookie is used for locally caching and storing the user credentials, so that high availability and high portability of data are guaranteed.
And S3, transmitting the user certificate to a second webpage system associated with the first webpage system.
In a preferred embodiment of the present invention, the associated second web page system may have a request address of a different domain from the first web page system, for example, the request address of the second web page system is:www.b.com,www.c.comand the like. Before sending the user credentials from the first webpage system to the second webpage system, the invention also needs to judge whether the first webpage system and the second webpage system have the same protocol, port number and host; if the user credentials cannot be sent from the first webpage system to the second webpage system and the abnormal result which cannot be sent is returned to the client side, the user credentials cannot be sent to the second webpage system; and if the user credentials have the same protocol, port number and host, sending the user credentials from the first webpage system to the second webpage system.
At least one embodiment of the invention performs the transfer of the user credentials by the window. Postmessage () method can be used to pass messages between windows and/or frames of netpage systems of different domain names.
In detail, the sending process of the user credential in the embodiment of the present invention is shown in fig. 3: s40, acquiring a request address of the second webpage system; s41, inputting the request address of the second webpage system in the window of the first webpage system through a tag, and embedding the user certificate into the request address of the second webpage system; s42, sending the request address containing the user credential to the window of the second web page system by using a preset sending program, so as to complete sending the user credential.
And S4, when receiving a request address of the second webpage system input by the user through the client, entering the second webpage system according to the user credential.
At least one embodiment of the invention obtains the request address of the second webpage system, calls the user certificate stored in the preset document associated with the second webpage system, and enters the page of the second webpage system according to the user certificate.
The above-described embodiments of the present invention can achieve the following objects:
1. the user certificate is stored in the cookie, so that the complexity of user certificate access is simplified, and additional server resources and plug-ins are not needed;
2. the architecture of the server is simplified based on the micro service system, and the development cost is reduced.
In summary, the embodiments of the present invention can achieve flexibility and high efficiency of cross-domain single sign-on.
Fig. 4 is a functional block diagram of a cross-domain single sign-on apparatus according to a preferred embodiment of the present invention.
The cross-domain single sign-on apparatus 100 of the present invention may be installed in an electronic device. According to the implemented functions, the cross-domain single sign-on apparatus 100 may include an inquiry module 101, an authentication module 102, and a transmission module 103. The module according to the embodiment of the present invention, which may also be referred to as a unit, refers to a series of computer program segments that can be executed by a processor of the electronic device 1 and can perform a fixed function, and is stored in a memory of the electronic device.
In the present embodiment, the functions regarding the respective modules/units are as follows:
the query module 101 is configured to, when receiving a request address of a first webpage system input by a user through a client, enter the first webpage system according to a user credential if a preset document associated with the first webpage system stores the user credential that the user does not fail;
the authentication module 102 is configured to receive login information of the first web page system when no user credential is stored in a preset document associated with the first web page system or the user credential is invalid, store a user credential generated according to the login information in the preset document associated with the first web page system after the login information authentication is passed, and enter the first web page system according to the user credential;
the transmitting module 103 transmits the user credential to a second webpage system associated with the first webpage system, stores the user credential in a preset document associated with the second webpage system, and enters the second webpage system according to the user credential when receiving a request address of the second webpage system input by the user through the client.
Fig. 5 is a schematic structural diagram of an electronic device implementing a cross-domain single sign-on method according to a preferred embodiment of the present invention.
The electronic device 1 may comprise a processor 10, a memory 11 and a bus, and may further comprise a computer program, such as a cross-domain single sign-on program, stored in the memory 11 and executable on the processor 10.
The memory 11 includes at least one type of readable storage medium, which includes flash memory, removable hard disk, multimedia card, card-type memory (e.g., SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device 1, such as a removable hard disk of the electronic device 1. The memory 11 may also be an external storage device of the electronic device 1 in other embodiments, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the electronic device 1. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device 1. The memory 11 may be used not only to store application software installed in the electronic device 1 and various types of data, such as code of a cross-domain single sign-on program, but also to temporarily store data that has been output or is to be output.
The processor 10 may be composed of an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be composed of a plurality of integrated circuits packaged with the same or different functions, including one or more Central Processing Units (CPUs), microprocessors, digital Processing chips, graphics processors, and combinations of various control chips. The processor 10 is a Control Unit (Control Unit) of the electronic device 1, connects various components of the electronic device 1 by using various interfaces and lines, and executes various functions and processes data of the electronic device 1 by running or executing programs or modules (e.g., executing resource scheduling programs, etc.) stored in the memory 11 and calling data stored in the memory 11.
The bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. The bus is arranged to enable connection communication between the memory 11 and at least one processor 10 or the like.
Fig. 5 only shows the electronic device 1 with components 10-11, and it will be understood by a person skilled in the art that the structure shown in fig. 5 does not constitute a limitation of the electronic device 1, and may comprise fewer or more components than shown, or a combination of certain components, or a different arrangement of components.
For example, although not shown, the electronic device 1 may further include a power supply (such as a battery) for supplying power to each component, and preferably, the power supply may be logically connected to the at least one processor 10 through a power management device, so as to implement functions of charge management, discharge management, power consumption management, and the like through the power management device. The power supply may also include any component of one or more dc or ac power sources, recharging devices, power failure detection circuitry, power converters or inverters, power status indicators, and the like. The electronic device 1 may further include various sensors, a bluetooth module, a Wi-Fi module, and the like, which are not described herein again.
Further, the electronic device 1 may further include a network interface, and optionally, the network interface may include a wired interface and/or a wireless interface (such as a WI-FI interface, a bluetooth interface, etc.), which are generally used for establishing a communication connection between the electronic device 1 and other electronic devices.
Optionally, the electronic device 1 may further comprise a user interface, which may be a Display (Display), an input unit (such as a Keyboard), and optionally a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the electronic device 1 and for displaying a visualized user interface, among other things.
It is to be understood that the described embodiments are for purposes of illustration only and that the scope of the appended claims is not limited to such structures.
The cross-domain single sign-on program stored in the memory 11 of the electronic device 1 is a combination of instructions, and when running in the processor 10, can implement:
receiving a request address of a first webpage system input by a user through a browser, inquiring whether the browser has a user certificate of the user, and entering the first webpage system according to the user certificate if the browser stores the user certificate and the user certificate is not invalid;
if the browser does not store the user credentials or the user credentials are invalid, receiving login information of the first webpage system, and after the login information passes authentication, storing the user credentials generated according to the login information in the browser;
transmitting the user certificate to a second webpage system associated with the first webpage system;
receiving a request address of a second webpage system input by a user through the browser, identifying whether a user certificate in the browser is valid, if the user certificate is invalid, re-receiving login information of the first webpage system, and if the user certificate is valid, entering the second webpage system according to the user certificate.
Specifically, the specific implementation method of the processor 10 for the instruction may refer to the description of the relevant steps in the embodiments corresponding to fig. 1 to fig. 3, which is not repeated herein.
Further, the integrated modules/units of the electronic device 1, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. The computer-readable medium may include: any entity or device capable of carrying said computer program code, recording medium, U-disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM).
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method can be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof.
The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the system claims may also be implemented by one unit or means in software or hardware. The terms second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.
Claims (10)
1. A method of cross-domain single sign-on, the method comprising:
when a request address of a first webpage system input by a user through a client is received, if a preset document associated with the first webpage system stores a user certificate which is not invalid, entering the first webpage system according to the user certificate;
if no user certificate is stored in the preset document associated with the first webpage system or the user certificate is invalid, receiving login information of the first webpage system, after the login information is authenticated, storing the user certificate generated according to the login information in the preset document associated with the first webpage system, and entering the first webpage system according to the user certificate;
and transmitting the user certificate to a second webpage system associated with the first webpage system, storing the user certificate in a preset document associated with the second webpage system, and entering the second webpage system according to the user certificate when receiving a request address of the second webpage system input by a user through the client.
2. The method of claim 1, further comprising the step of authenticating the login information, comprising:
transmitting the login information to a pre-constructed agent layer;
and sending the login information to a pre-constructed micro service system through the pre-constructed proxy layer, and authenticating the login information through a user authentication layer of the micro service system.
3. The method of claim 1, wherein the predetermined documents of the first and second netpage systems are cookies.
4. The method of claim 1, wherein prior to transmitting the user credentials to a second netpage system associated with the first netpage system, the method further comprises:
judging whether the first webpage system and the second webpage system have the same protocol, port number and host;
if the user credentials cannot be sent from the first webpage system to the second webpage system and the abnormal result which cannot be sent is returned to the client side, the user credentials cannot be sent to the second webpage system;
and if the user credentials have the same protocol, port number and host, sending the user credentials from the first webpage system to the second webpage system.
5. The method of cross-domain single sign-on of any one of claims 1 to 4, wherein the transmitting the user credentials to the second webpage system associated with the first webpage system is performed by a window.
6. The method of claim 5, wherein the transmitting the user credentials to a second netpage system associated with a first netpage system comprises:
acquiring a request address of the second webpage system;
inputting a request address of the second webpage system in a window of the first webpage system through a tag label, and embedding the user certificate into the request address of the second webpage system;
and sending the request address containing the user certificate to a window of the second webpage system.
7. The method of claim 6, wherein the second netpage system comprises one or more request addresses of a different domain than the first netpage system.
8. A cross-domain single sign-on apparatus, the apparatus comprising:
the query module is used for entering a first webpage system according to a user certificate if the user certificate which is not invalid is stored in a preset document associated with the first webpage system when receiving a request address of the first webpage system input by a user through a client;
the authentication module is used for receiving login information of the first webpage system when no user certificate is stored in a preset document associated with the first webpage system or the user certificate is invalid, storing the user certificate generated according to the login information in the preset document associated with the first webpage system after the login information is authenticated, and entering the first webpage system according to the user certificate;
and the transmitting module is used for transmitting the user certificate to a second webpage system associated with the first webpage system, storing the user certificate in a preset document associated with the second webpage system, and entering the second webpage system according to the user certificate when receiving a request address of the second webpage system input by a user through the client.
9. An electronic device, characterized in that the electronic device comprises:
a memory storing at least one instruction; and
a processor executing instructions stored in the memory to implement the cross-domain single sign-on method of any one of claims 1 to 7.
10. A computer-readable storage medium having stored thereon at least one instruction which is executable by a processor in an electronic device to implement the method of cross-domain single sign-on method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911347640.9A CN111209557A (en) | 2019-12-24 | 2019-12-24 | Cross-domain single sign-on method, device, electronic device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911347640.9A CN111209557A (en) | 2019-12-24 | 2019-12-24 | Cross-domain single sign-on method, device, electronic device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111209557A true CN111209557A (en) | 2020-05-29 |
Family
ID=70788239
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911347640.9A Pending CN111209557A (en) | 2019-12-24 | 2019-12-24 | Cross-domain single sign-on method, device, electronic device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111209557A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111859233A (en) * | 2020-06-01 | 2020-10-30 | 中煤电气有限公司 | Method, system, computer device and readable storage medium for data interaction |
| CN112487400A (en) * | 2020-12-15 | 2021-03-12 | 平安银行股份有限公司 | Single sign-on method and device based on multiple pages, electronic equipment and storage medium |
| CN114024727A (en) * | 2021-10-28 | 2022-02-08 | 广东好太太智能家居有限公司 | Cross-domain single sign-on method, system, authentication server and readable medium |
| CN115001805A (en) * | 2022-05-30 | 2022-09-02 | 中国平安财产保险股份有限公司 | Single sign-on method, device, equipment and storage medium |
| CN115643054A (en) * | 2022-09-30 | 2023-01-24 | 中国农业银行股份有限公司 | Identity information verification method, device, server, medium and product |
| CN119182542A (en) * | 2023-06-21 | 2024-12-24 | 北京国双科技有限公司 | Webpage nesting configuration method and device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104378376A (en) * | 2014-11-18 | 2015-02-25 | 深圳中兴网信科技有限公司 | SOA-based single-point login method, authentication server and browser |
| US20170149766A1 (en) * | 2015-11-24 | 2017-05-25 | Red Hat, Inc. | Cross-domain single login |
| CN106789899A (en) * | 2016-11-22 | 2017-05-31 | 中国银联股份有限公司 | A kind of cross-domain message method and device based on HTML5 |
| CN107347068A (en) * | 2017-07-10 | 2017-11-14 | 恒生电子股份有限公司 | Single-point logging method and system, electronic equipment |
| CN108600203A (en) * | 2018-04-11 | 2018-09-28 | 四川长虹电器股份有限公司 | Secure Single Sign-on method based on Cookie and its unified certification service system |
| CN109413032A (en) * | 2018-09-03 | 2019-03-01 | 中国平安人寿保险股份有限公司 | A kind of single-point logging method, computer readable storage medium and gateway |
| CN110300133A (en) * | 2018-03-22 | 2019-10-01 | 财付通支付科技有限公司 | Cross-domain data transmission method, apparatus, equipment and storage medium |
-
2019
- 2019-12-24 CN CN201911347640.9A patent/CN111209557A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104378376A (en) * | 2014-11-18 | 2015-02-25 | 深圳中兴网信科技有限公司 | SOA-based single-point login method, authentication server and browser |
| US20170149766A1 (en) * | 2015-11-24 | 2017-05-25 | Red Hat, Inc. | Cross-domain single login |
| CN106789899A (en) * | 2016-11-22 | 2017-05-31 | 中国银联股份有限公司 | A kind of cross-domain message method and device based on HTML5 |
| CN107347068A (en) * | 2017-07-10 | 2017-11-14 | 恒生电子股份有限公司 | Single-point logging method and system, electronic equipment |
| CN110300133A (en) * | 2018-03-22 | 2019-10-01 | 财付通支付科技有限公司 | Cross-domain data transmission method, apparatus, equipment and storage medium |
| CN108600203A (en) * | 2018-04-11 | 2018-09-28 | 四川长虹电器股份有限公司 | Secure Single Sign-on method based on Cookie and its unified certification service system |
| CN109413032A (en) * | 2018-09-03 | 2019-03-01 | 中国平安人寿保险股份有限公司 | A kind of single-point logging method, computer readable storage medium and gateway |
Non-Patent Citations (2)
| Title |
|---|
| JUODUOMADE: "前端关于单点登录的知识", 《HTTPS://BLOG.CSDN.NET/JUODUOMADE/ARTICLE/DETAILS/82025715》 * |
| 王敬林等: "基于微服务架构的铁路企业年金信息系统研究与实现", 《铁路计算机应用》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111859233A (en) * | 2020-06-01 | 2020-10-30 | 中煤电气有限公司 | Method, system, computer device and readable storage medium for data interaction |
| CN112487400A (en) * | 2020-12-15 | 2021-03-12 | 平安银行股份有限公司 | Single sign-on method and device based on multiple pages, electronic equipment and storage medium |
| CN114024727A (en) * | 2021-10-28 | 2022-02-08 | 广东好太太智能家居有限公司 | Cross-domain single sign-on method, system, authentication server and readable medium |
| CN114024727B (en) * | 2021-10-28 | 2024-07-23 | 广东好太太智能家居有限公司 | Cross-domain single sign-on method, system, authentication server and readable medium |
| CN115001805A (en) * | 2022-05-30 | 2022-09-02 | 中国平安财产保险股份有限公司 | Single sign-on method, device, equipment and storage medium |
| CN115001805B (en) * | 2022-05-30 | 2024-04-02 | 中国平安财产保险股份有限公司 | Single sign-on method, device, equipment and storage medium |
| CN115643054A (en) * | 2022-09-30 | 2023-01-24 | 中国农业银行股份有限公司 | Identity information verification method, device, server, medium and product |
| CN119182542A (en) * | 2023-06-21 | 2024-12-24 | 北京国双科技有限公司 | Webpage nesting configuration method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111209557A (en) | Cross-domain single sign-on method, device, electronic device and storage medium | |
| CN113691378B (en) | Gateway-based Oauth2 single sign-on method and device, electronic equipment and storage medium | |
| CN110602052A (en) | Micro-service processing method and server | |
| US20180196875A1 (en) | Determining repeat website users via browser uniqueness tracking | |
| CN113422686B (en) | Gateway layer authentication method, system, electronic device and storage medium | |
| CN113055380B (en) | Message processing method and device, electronic equipment and medium | |
| CN112528307B (en) | Service request verification method, device, electronic device and storage medium | |
| CN111224952B (en) | Network resource acquisition method, device and storage medium for directed traffic | |
| CN111241523B (en) | Authentication processing method, apparatus, device and storage medium | |
| TW201520917A (en) | Processing method and device | |
| CN112506779A (en) | Software interface testing method and device, electronic equipment and storage medium | |
| CN112579452A (en) | Software automation test method, device, equipment and storage medium | |
| CN114827354A (en) | Identity authentication information display method and device, electronic equipment and readable storage medium | |
| CN114827161A (en) | Service calling request sending method and device, electronic equipment and readable storage medium | |
| CN112866285B (en) | Gateway interception method and device, electronic equipment and storage medium | |
| WO2022073336A1 (en) | Secure payment method and apparatus, electronic device, and storage medium | |
| CN114666408B (en) | Market condition factor data transparent transmission method, device, equipment and medium based on Internet | |
| CN114036068B (en) | Update detection method, device, equipment and storage medium based on privacy security | |
| CN114978675B (en) | Access authentication method and device, electronic equipment and storage medium | |
| CN114826570A (en) | Certificate acquisition method, device, equipment and storage medium | |
| CN114417195A (en) | Data processing method, device, equipment and medium based on two-dimensional code | |
| CN112487400A (en) | Single sign-on method and device based on multiple pages, electronic equipment and storage medium | |
| CN113221154A (en) | Service password obtaining method and device, electronic equipment and storage medium | |
| CN113127109A (en) | Interface calling method and device, electronic equipment and readable storage medium | |
| CN114826725A (en) | Data interaction method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200529 |
|
| RJ01 | Rejection of invention patent application after publication |