[go: up one dir, main page]

CN104158818B - A kind of single-point logging method and system - Google Patents

A kind of single-point logging method and system Download PDF

Info

Publication number
CN104158818B
CN104158818B CN201410422428.5A CN201410422428A CN104158818B CN 104158818 B CN104158818 B CN 104158818B CN 201410422428 A CN201410422428 A CN 201410422428A CN 104158818 B CN104158818 B CN 104158818B
Authority
CN
China
Prior art keywords
user
business system
login information
browser
single sign
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410422428.5A
Other languages
Chinese (zh)
Other versions
CN104158818A (en
Inventor
刘晓靖
张鹏
胡尼亚
王志军
靳锐敏
许海翔
王春婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201410422428.5A priority Critical patent/CN104158818B/en
Publication of CN104158818A publication Critical patent/CN104158818A/en
Application granted granted Critical
Publication of CN104158818B publication Critical patent/CN104158818B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)
  • Debugging And Monitoring (AREA)

Abstract

本发明公开了一种单点登录方法及系统,其中,单点登录方法包括:业务系统接收到未在所述业务系统登录的用户的业务访问后,所述业务系统通过所述用户的用户浏览器向单点登录认证中心获取该用户的登录信息,如果获取到,则所述业务系统利用所述登录信息自动完成所述用户的登录处理,通知所述用户浏览器显示登录后的页面。本发明提供的方法和系统对于无认证信息携带访问业务系统的场景,使业务系统具有主动查询用户登录信息的功能,实现了在该场景下的单点登录,更加符合用户的互联网业务使用习惯,完善了单点登录机制。

The invention discloses a single sign-on method and system, wherein the single sign-on method comprises: after the business system receives a business visit from a user who has not logged in the business system, the business system browses through the user's user The server obtains the user's login information from the single sign-on authentication center, and if obtained, the business system uses the login information to automatically complete the user's login process, and notifies the user's browser to display the logged-in page. The method and system provided by the present invention enable the business system to have the function of actively querying user login information for the scenario of accessing the business system without authentication information, and realize single sign-on in this scenario, which is more in line with the user's Internet business usage habits. Improved the single sign-on mechanism.

Description

一种单点登录方法及系统A single sign-on method and system

技术领域technical field

本发明涉及通信领域,具体涉及一种单点登录方法及系统。The invention relates to the communication field, in particular to a single sign-on method and system.

背景技术Background technique

单点登录(Single Sign On,简称为SSO),是指在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统。Single sign-on (Single Sign On, referred to as SSO) means that in multiple application systems, users only need to log in once to access all mutually trusted application systems.

现有的单点登录技术中,对浏览器/服务器(Browser/Server,简称B/S)架构的应用系统,主要通过票据传递方式实现单点登录,类似于旅游景点的“通票”形式,游客一次购票即可进入多个独立的景点。票据传递方式单点登录的流程具体为:In the existing single sign-on technology, for the application system of browser/server (B/S) architecture, the single sign-on is mainly realized through the ticket delivery method, which is similar to the "pass" form of tourist attractions. You can enter multiple independent attractions with one ticket purchase. The process of single sign-on through ticket delivery is as follows:

(1)当用户第一次访问一个B/S应用系统时,被引导到认证系统中进行登录;(1) When the user visits a B/S application system for the first time, he is directed to the authentication system to log in;

(2)根据用户提供的登录信息,认证系统进行身份校验,通过校验的用户得到一个“认证凭据”(如票据信息),该票据信息可以作为用户通过校验的凭据;(2) According to the login information provided by the user, the authentication system performs identity verification, and the user who passes the verification gets an "authentication credential" (such as ticket information), which can be used as a credential for the user to pass the verification;

(3)当用户访问另一个B/S应用系统时,该系统接到请求后,会把用户出示的票据信息发送到认证系统进行校验,认证该票据信息的合法性;如果通过校验,用户不用再次登录就可以访问该B/S应用系统。(3) When the user accesses another B/S application system, after receiving the request, the system will send the ticket information presented by the user to the authentication system for verification to verify the legitimacy of the ticket information; if the verification is passed, Users can access the B/S application system without logging in again.

目前,现有技术主要是对有认证信息携带时访问业务系统的场景进行规范,即通过用户携带的票据信息就可以在多个应用系统中登录。例如,用户已登录业务系统A(业务系统A已获取用户信息),点击业务系统A上嵌入的业务系统B链接,进行访问(业务系统B可通过单点登录机制,获取业务系统A传递过来的用户信息)。而对于无认证信息携带时访问业务系统的场景,比如:At present, the existing technology mainly regulates the scenario of accessing the business system when the authentication information is carried, that is, the ticket information carried by the user can be logged in to multiple application systems. For example, the user has logged in to business system A (business system A has obtained user information), clicks the link of business system B embedded in business system A to access (business system B can obtain the information passed by business system A through the single sign-on mechanism) User Info). For the scenario of accessing the business system without carrying authentication information, such as:

(1)用户未在其他业务系统登录,直接在浏览器输入业务系统A网址,进行访问(业务系统A在用户登录前,无法获知用户信息);(1) The user does not log in to other business systems, and directly enters the URL of business system A in the browser to access (business system A cannot obtain user information before the user logs in);

(2)用户已登录业务系统A,直接在浏览器输入业务系统B网址,进行访问(该场景下,用户并非由业务系统A跳转过来,因此,业务系统B无法获知用户信息);(2) The user has logged in to business system A, and directly enters the URL of business system B in the browser to access (in this scenario, the user is not redirected from business system A, so business system B cannot obtain user information);

(3)用户未在其他业务系统登录,用户访问业务系统A,未在业务系统A登录时,点击业务系统A上嵌入的业务系统B链接,进行访问(由于用户未登录,业务系统A、B均无法获知用户信息)。(3) The user has not logged in to other business systems. When the user visits business system A and does not log in to business system A, he clicks the link of business system B embedded in business system A to access (because the user has not logged in, business systems A and B cannot obtain user information).

现有技术中,对于上述3种场景,业务系统在本地查询到没有用户相关信息时,就根据用户的主动行为,向用户展示相应浏览页面,而不会主动地向认证中心请求获取用户的登录信息,从而无法判断是否可以进行单点登录,事实上,对于第二种情况,是可以进行单点登录的,所以,目前,对于上述“无认证信息携带”的场景下,业界还没有较为成熟的单点登录解决方案。In the existing technology, for the above three scenarios, when the business system finds no user-related information locally, it will display the corresponding browsing page to the user according to the user's active behavior, and will not actively request the authentication center to obtain the user's login information, so it is impossible to judge whether single sign-on is possible. In fact, for the second case, single sign-on is possible. Therefore, at present, for the above-mentioned "no authentication information carrying" scenario, the industry is not yet relatively mature. single sign-on solution.

发明内容Contents of the invention

本发明需要解决的技术问题是提供一种单点登录方法及系统,实现在无认证信息携带访问业务系统的场景下的单点登录。The technical problem to be solved in the present invention is to provide a single sign-on method and system to realize single sign-on in the scenario of accessing a service system without carrying authentication information.

为了解决上述技术问题,本发明提供了一种单点登录方法,包括:In order to solve the above technical problems, the present invention provides a single sign-on method, including:

业务系统接收到未在所述业务系统登录的用户的业务访问后,所述业务系统通过所述用户的用户浏览器向单点登录认证中心获取该用户的登录信息,如果获取到,则所述业务系统利用所述登录信息自动完成所述用户的登录处理,通知所述用户浏览器显示登录后的页面。After the service system receives a service visit from a user who has not logged in the service system, the service system obtains the user's login information from the single sign-on authentication center through the user browser of the user, and if obtained, the The service system uses the login information to automatically complete the login process of the user, and notifies the user's browser to display a page after login.

进一步地,所述业务系统通过所述用户的用户浏览器向单点登录认证中心获取所述用户的登录信息,包括:Further, the business system obtains the user's login information from the single sign-on authentication center through the user's user browser, including:

所述业务系统向所述用户的用户浏览器发送获取所述用户的登录信息的指令,所述指令中携带有所述业务系统的重定向地址;The business system sends an instruction to obtain the user's login information to the user browser of the user, and the instruction carries a redirection address of the business system;

所述用户浏览器向所述单点登录认证中心发送获取所述用户的登录信息的请求,所述请求中携带有所述用户的全局会话ID和所述业务系统的重定向地址;The user browser sends a request to obtain the user's login information to the single sign-on authentication center, and the request carries the user's global session ID and the redirection address of the service system;

所述单点登录认证中心判断是否存在与所述用户的全局会话ID对应的全局会话,如果存在,则根据与所述用户的全局会话ID对应的全局会话的会话信息,将所述用户的登录信息通过所述用户浏览器重定向给所述业务系统,重定向地址为所述业务系统的重定向地址,所述会话信息包括所述用户的登录信息。The single sign-on authentication center judges whether there is a global session corresponding to the global session ID of the user, and if it exists, according to the session information of the global session corresponding to the global session ID of the user, the user's login The information is redirected to the service system through the user browser, the redirection address is the redirection address of the service system, and the session information includes the login information of the user.

进一步地,所述方法还包括:Further, the method also includes:

所述业务系统通过所述用户的用户浏览器向单点登录认证中心获取所述用户的登录信息,包括:The business system obtains the user's login information from the single sign-on authentication center through the user's user browser, including:

所述业务系统向所述用户的用户浏览器发送获取所述用户的登录信息的指令,所述指令中携带有所述业务系统的重定向地址;The business system sends an instruction to obtain the user's login information to the user browser of the user, and the instruction carries a redirection address of the business system;

所述用户浏览器向所述单点登录认证中心发送获取所述用户的登录信息的请求,所述请求中仅携带有所述业务系统的重定向地址;The user browser sends a request to obtain the user's login information to the single sign-on authentication center, and the request only carries the redirection address of the business system;

所述单点登录认证中心当判断所述请求中未携带用户的全局会话ID时,则所述单点登录认证中心将获取用户登录信息失败的结果通过所述用户浏览器重定向给所述业务系统,重定向地址为所述业务系统的重定向地址;When the single sign-on authentication center judges that the request does not carry the user's global session ID, the single sign-on authentication center redirects the result of failing to obtain the user's login information to the service provider via the user browser. system, the redirection address is the redirection address of the business system;

所述方法还包括:如果没有获取到,则所述业务系统根据所述获取用户登录信息失败的结果向所述用户浏览器发出返回到用户当前浏览页面的指令;所述用户浏览器显示当前浏览页面。The method further includes: if not obtained, the business system sends an instruction to the user browser to return to the user's current browsing page according to the result of the failure to obtain the user login information; the user browser displays the currently browsed page page.

进一步地,在所述业务系统通过所述用户浏览器向单点登录认证中心获取所述用户的登录信息之前,所述方法还包括:Further, before the business system obtains the user's login information from the single sign-on authentication center through the user browser, the method further includes:

在所述用户首次登录单点登录系统内的某个业务系统时,所述某个业务系统通过所述用户浏览器请求所述单点登录认证中心存储所述用户在该业务系统登录时的登录信息。When the user logs into a certain business system in the single sign-on system for the first time, the certain business system requests the single sign-on authentication center through the user browser to store the login of the user when the business system logs in information.

进一步地,所述某个业务系统通过所述用户浏览器请求所述单点登录认证中心存储所述用户在该业务系统登录时的登录信息,包括:Further, the certain business system requests the single sign-on authentication center to store the login information of the user when logging in the business system through the user browser, including:

所述某个业务系统在通过所述用户的登录认证时,向所述用户浏览器发送存储所述用户在该业务系统登录时的登录信息的指令,所述指令中携带有所述某个业务系统的重定向地址和业务系统标识;When the certain service system passes the login authentication of the user, it sends an instruction to the user browser to store the login information of the user when the service system logs in, and the instruction carries the information of the certain service System redirection address and business system identification;

所述用户浏览器向所述单点登录认证中心发送存储所述用户在该业务系统登录时的登录信息的请求,所述请求中携带有所述某个业务系统的重定向地址、业务系统标识以及所述用户通过登录认证时的登录信息;The user browser sends a request to the single sign-on authentication center to store the login information of the user when logging in to the business system, and the request carries the redirection address and the business system identifier of the certain business system And the login information when the user passes the login authentication;

所述单点登录认证中心收到所述请求后,生成所述用户在该业务系统登录时的全局会话,并为该用户在单点登录认证中心的本次登录行为配置全局会话ID,在所述全局会话的会话信息中保存所述某个业务系统的业务系统标识和所述用户在该业务系统登录时的登录信息,并将所述全局会话ID返回至所述用户浏览器,并通过所述用户浏览器重定向给所述某个业务系统,重定向地址为所述某个业务系统的重定向地址。After the single sign-on authentication center receives the request, it generates a global session for the user when logging in to the business system, and configures a global session ID for the user's current login behavior in the single sign-on authentication center, and in the Save the business system identifier of the certain business system and the login information of the user when logging in the business system in the session information of the global session, and return the global session ID to the user browser, and pass the The user browser is redirected to the certain business system, and the redirection address is the redirection address of the certain business system.

为了解决上述技术问题,本发明还提供了一种单点登录系统,包括:In order to solve the above technical problems, the present invention also provides a single sign-on system, including:

业务系统,用于在接收到未在所述业务系统登录的用户的业务访问后,向用户浏览器发送获取所述用户的登录信息的指令,通过所述用户的用户浏览器向单点登录认证中心获取所述用户的登录信息,如果获取到,则利用所述登录信息自动完成所述用户的登录处理,并通知所述用户浏览器显示登录后的页面;The business system is configured to, after receiving a business visit from a user who has not logged in the business system, send an instruction to obtain the user's login information to the user browser, and authenticate the single sign-on through the user browser of the user The center obtains the login information of the user, and if obtained, uses the login information to automatically complete the login processing of the user, and notifies the user that the browser displays the logged-in page;

用户浏览器,用于在接收到所述业务系统获取用户的登录信息的指令后,向单点登录认证中心发送获取所述用户的登录信息的请求,并将所述单点登录认证中心返回的所述用户的登录信息传递至所述业务系统,在收到所述业务系统通知后显示登录后的页面;The user browser is configured to send a request to obtain the user's login information to the single sign-on authentication center after receiving the instruction from the business system to obtain the user's login information, and send the request returned by the single sign-on authentication center The user's login information is transmitted to the business system, and the logged-in page is displayed after receiving the notification from the business system;

单点登录认证中心,用于在接收到所述用户浏览器的请求后,在本地查询所述用户的登录信息,若查询到,则将查询到的所述用户的登录信息通过所述用户浏览器返回给所述业务系统。The single sign-on authentication center is used to query the login information of the user locally after receiving the request from the user browser, and if found, browse the query login information of the user through the user The server returns to the business system.

进一步地,所述业务系统获取所述用户的登录信息的指令中携带有所述业务系统的重定向地址;Further, the instruction for the business system to acquire the user's login information carries the redirection address of the business system;

所述用户浏览器获取所述用户的登录信息的请求中携带有所述用户的全局会话ID和所述业务系统的重定向地址;The user browser's request to obtain the user's login information carries the user's global session ID and the redirection address of the service system;

所述单点登录认证中心,用于在接收到所述用户浏览器的请求后,在本地查询所述用户的登录信息,若查询到,将查询到的所述用户的登录信息通过所述用户浏览器返回给所述业务系统,包括:The single sign-on authentication center is configured to query the login information of the user locally after receiving the request from the user browser, and if found, pass the query login information of the user through the user The browser returns to the business system, including:

所述单点登录认证中心,用于判断是否存在与所述用户的全局会话ID对应的全局会话,如果存在,则根据与所述用户的全局会话ID对应的全局会话的会话信息,将所述用户的登录信息通过所述用户浏览器重定向给所述业务系统,重定向地址为所述业务系统的重定向地址,所述会话信息包括所述用户的登录信息。The single sign-on authentication center is used to judge whether there is a global session corresponding to the global session ID of the user, and if it exists, according to the session information of the global session corresponding to the global session ID of the user, the The user's login information is redirected to the service system through the user browser, the redirection address is the redirection address of the service system, and the session information includes the user's login information.

进一步地,所述业务系统获取所述用户的登录信息的指令中携带有所述业务系统的重定向地址;Further, the instruction for the business system to acquire the user's login information carries the redirection address of the business system;

所述用户浏览器获取所述用户的登录信息的请求中仅携带有所述业务系统的重定向地址;The user browser's request to obtain the user's login information only carries the redirection address of the business system;

所述单点登录认证中心,还用于当判断所述请求中未携带用户的全局会话ID时,查询不到所述用户的登录信息,则将获取用户登录信息失败的结果通过所述用户浏览器重定向给所述业务系统,重定向地址为所述业务系统的重定向地址;The single sign-on authentication center is further configured to, when it is judged that the request does not carry the user's global session ID, and the user's login information cannot be queried, then the result of failing to obtain the user's login information is browsed by the user. The device is redirected to the business system, and the redirection address is the redirection address of the business system;

所述用户浏览器,还用于将所述单点登录认证中心返回的获取用户登录信息失败的结果重定向给所述业务系统,并在接收到所述业务系统发出的返回到用户当前浏览页面的指令后,显示当前浏览页面;The user browser is also used to redirect the result of failure to obtain user login information returned by the single sign-on authentication center to the business system, and return to the user's current browsing page after receiving the message sent by the business system. After the command, display the current browsing page;

所述业务系统,还用于根据所述获取用户登录信息失败的结果向所述用户浏览器发出返回到相应浏览页面的指令。The service system is further configured to send an instruction to the user browser to return to the corresponding browsing page according to the result of the failure to acquire the user login information.

进一步地,还包括用户首次登录的单点登录系统内的某个业务系统;其中:Further, it also includes a certain business system in the single sign-on system where the user logs in for the first time; where:

所述用户首次登录的单点登录系统内的某个业务系统,用于在通过所述用户的登录认证时,向所述用户浏览器发送存储所述用户在该业务系统登录时的登录信息的指令,通过所述用户浏览器请求所述单点登录认证中心存储所述用户在该业务系统登录时的登录信息;A business system in the single sign-on system that the user logs in for the first time is configured to send to the user browser a message that stores the login information of the user when logging in to the business system when the user's login authentication is passed. An instruction, requesting the single sign-on authentication center to store the login information of the user when logging in to the business system through the user browser;

所述用户浏览器,还用于在接收到所述某个业务系统请求存储所述用户在该业务系统登录时的登录信息的指令后,向所述单点登录认证中心发送存储所述用户在该业务系统登录时的登录信息的请求;The user browser is further configured to, after receiving an instruction from the certain business system requesting to store the login information of the user when logging in to the business system, send to the single sign-on authentication center the A request for login information when logging into the business system;

所述单点登录认证中心,用于在接收到所述用户浏览器的请求后,将所述用户在该业务系统登录时的登录信息进行存储。The single sign-on authentication center is configured to store the login information of the user when logging in to the business system after receiving the request from the user's browser.

进一步地,所述某个业务系统存储所述用户在该业务系统登录时的登录信息的指令中携带有所述单点登录系统内某个业务系统的重定向地址和业务系统标识;Further, the instruction for the certain business system to store the login information of the user when logging in the business system carries the redirection address and the business system identifier of a certain business system in the single sign-on system;

所述用户浏览器存储所述用户在该业务系统登录时的登录信息的请求中携带有所述某个业务系统的重定向地址、业务系统标识以及所述用户在该业务系统登录时的登录信息;The user browser's request for storing the user's login information when logging in to the business system carries the redirection address of the certain business system, the business system identifier, and the user's login information when logging in to the business system ;

所述单点登录认证中心,用于在接收到所述用户浏览器的请求后,将所述用户在该业务系统登录时的登录信息进行存储,包括:The single sign-on authentication center is used to store the login information of the user when logging in to the business system after receiving the request from the user browser, including:

所述单点登录认证中心收到所述请求后,生成所述用户在该业务系统登录时的全局会话,并为该用户在单点登录认证中心的本次登录行为配置全局会话ID,在所述全局会话的会话信息中保存所述某个业务系统的业务系统标识和所述用户在该业务系统登录时的登录信息,并将所述全局会话ID返回至所述用户浏览器,并通过所述用户浏览器重定向给所述某个业务系统,重定向地址为所述某个业务系统的重定向地址;After the single sign-on authentication center receives the request, it generates a global session for the user when logging in to the business system, and configures a global session ID for the user's current login behavior in the single sign-on authentication center, and in the Save the business system identifier of the certain business system and the login information of the user when logging in the business system in the session information of the global session, and return the global session ID to the user browser, and pass the The user browser is redirected to the certain business system, and the redirection address is the redirection address of the certain business system;

所述用户浏览器,还用于在接收并保存所述单点登录认证中心返回的所述用户的全局会话ID,并传递给所述某个业务系统。The user browser is further configured to receive and save the user's global session ID returned by the single sign-on authentication center, and pass it to the certain service system.

与现有技术相比,本发明提供的单点登录方法及系统,对于无认证信息携带访问业务系统的场景,使业务系统具有主动查询用户登录信息的功能,实现了在该场景下的单点登录,更加符合用户的互联网业务使用习惯,完善了单点登录机制。Compared with the prior art, the single sign-on method and system provided by the present invention enable the business system to have the function of actively querying user login information for the scenario of accessing the business system without carrying authentication information, and realize the single sign-on in this scenario. Login, which is more in line with the user's Internet business usage habits, and improves the single-sign-on mechanism.

附图说明Description of drawings

图1是实施例中单点登录方法的流程图;Fig. 1 is the flow chart of single sign-on method in the embodiment;

图2是一个应用示例中对于场景(1)的单点登录方法的流程图;Fig. 2 is a flow chart of the single sign-on method for scenario (1) in an application example;

图3是一个应用示例中对于场景(2)的单点登录方法的流程图;Fig. 3 is a flow chart of the single sign-on method for scenario (2) in an application example;

图4是实施例中单点登录系统的结构图。Fig. 4 is a structural diagram of the single sign-on system in the embodiment.

具体实施方式Detailed ways

为使本发明的目的、技术方案和优点更加清楚明白,下文中将结合附图对本发明的实施例进行详细说明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互任意组合。In order to make the purpose, technical solution and advantages of the present invention more clear, the embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings. It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined arbitrarily with each other.

实施例:Example:

本实施例的应用场景是用户无认证信息携带浏览业务系统场景下的单点登录,如图1所示,本实施例提供了一种单点登录方法,包括以下步骤:The application scenario of this embodiment is the single sign-on under the scene where the user browses the business system without authentication information. As shown in Figure 1, this embodiment provides a single sign-on method, including the following steps:

S101:业务系统接收到未在所述业务系统登录的用户的业务访问;S101: the business system receives a business access from a user who has not logged in the business system;

其中,未在所述业务系统登录的用户表示该用户只是未在本业务系统登录,有可能已经在属于单点登录体系的其他业务系统中登录;业务系统判断该用户是否在本业务系统登录是通过判断是否存在本地会话ID,如果不存在,就说明用户未登录所述业务系统;Among them, the user who has not logged in the business system means that the user has not logged in the business system, and may have logged in other business systems belonging to the single sign-on system; the business system judges whether the user is logged in the business system. By judging whether there is a local session ID, if it does not exist, it means that the user has not logged into the business system;

对于场景(1),用户未在其他业务系统登录,直接在浏览器输入业务系统A网址,进行访问,该场景下,用户在其他业务系统和业务系统A均未登录;For scenario (1), the user does not log in to other business systems, and directly enters the URL of business system A in the browser to access. In this scenario, the user does not log in to other business systems or business system A;

对于场景(2),用户已登录业务系统A,直接在浏览器输入业务系统B网址,进行访问,该场景下,用户并非由业务系统A跳转过来,因此,业务系统B无法获知用户信息,用户未在业务系统B登录;For scenario (2), the user has logged in to business system A, and directly enters the URL of business system B in the browser to access. In this scenario, the user is not redirected from business system A, so business system B cannot obtain user information. The user has not logged in to business system B;

对于场景(3),用户未在其他业务系统登录,用户访问业务系统A,未在业务系统A登录时,点击业务系统A上嵌入的业务系统B链接,进行访问,用户在其他业务系统和业务系统A、B上均未登录。For scenario (3), the user does not log in to other business systems. When the user accesses business system A and does not log in to business system A, he clicks the link of business system B embedded in business system A to access. Neither system A nor B is logged in.

S102:业务系统接收到所述用户的业务访问后,通过所述用户的用户浏览器向单点登录认证中心获取所述用户的登录信息;登录信息包括该用户的账户名以及登录密码;S102: After receiving the user's business access, the business system obtains the user's login information from the single sign-on authentication center through the user's user browser; the login information includes the user's account name and login password;

S103:如果获取到,则利用所述登录信息自动完成所述用户的登录处理,通知所述用户浏览器显示登录后的页面。S103: If acquired, use the login information to automatically complete the login process of the user, and notify the user that the browser displays a page after login.

其中,在步骤S102中,对应于场景(2),用户已登录其他业务系统,直接在浏览器输入所述业务系统的网址,进行访问,对于这种场景:所述业务系统通过所述用户的用户浏览器向单点登录认证中心获取所述用户的登录信息,具体包括:Wherein, in step S102, corresponding to the scenario (2), the user has logged into other business systems, and directly enters the website address of the business system in the browser to access. For this scenario: the business system passes through the user's The user browser obtains the user's login information from the SSO authentication center, including:

1)所述业务系统向所述用户的用户浏览器发送获取所述用户的登录信息的指令,所述指令中携带有所述业务系统的重定向地址;1) The service system sends an instruction to obtain the user's login information to the user browser of the user, and the instruction carries a redirection address of the service system;

2)所述用户浏览器向所述单点登录认证中心发送获取所述用户的登录信息的请求,所述请求中携带有标识所述用户的全局会话ID和所述业务系统的重定向地址;2) The user browser sends a request to obtain the user's login information to the single sign-on authentication center, and the request carries a global session ID identifying the user and a redirection address of the service system;

其中,全局会话ID是用来标识用户在其他业务系统曾经登录过,单点登录认证中心通过全局会话ID来识别该用户,如果用户在单点登录系统内的某个业务系统首次登录,则单点登录认证中心生成全局会话,并把全局会话ID通过浏览器告诉首次登录的业务系统,这时,该全局会话(含全局会话ID)就保存在浏览器安装在电脑本地的文件中了(这是浏览器保存会话的基本机制,是浏览器的属性)。Among them, the global session ID is used to identify that the user has logged in to other business systems, and the single sign-on authentication center identifies the user through the global session ID. If the user logs in for the first time in a business system in the single Click to log in to the authentication center to generate a global session, and tell the global session ID to the business system that logs in for the first time through the browser. At this time, the global session (including the global session ID) is saved in the file installed on the computer locally by the browser (this It is the basic mechanism for browsers to save sessions and is a property of browsers).

在用户访问其他系统后,其他业务系统通过该浏览器向单点登录认证中心发起请求用户信息的请求,浏览器在发现请求指向单点登录认证中心后,会自动查询本地保存的全局会话(含ID),将查询到的全局会话ID携带在请求中,发给单点登录认证中心,这时单点登录认证中心就可以判定用户了。After the user accesses other systems, other business systems initiate a request for user information to the single sign-on authentication center through the browser. After the browser finds that the request points to the single sign-on authentication center, it will automatically query the locally saved global sessions (including ID), carry the queried global session ID in the request and send it to the single sign-on authentication center, then the single sign-on authentication center can determine the user.

3)所述单点登录认证中心判断是否存在与所述用户的全局会话ID对应的全局会话,如果存在,则根据与所述用户的全局会话ID对应的全局会话,将所述用户的登录信息通过所述用户浏览器重定向给所述业务系统,重定向地址为所述业务系统的重定向地址,所述会话信息包括所述用户的登录信息。3) The single sign-on authentication center judges whether there is a global session corresponding to the global session ID of the user, and if it exists, according to the global session corresponding to the global session ID of the user, the login information of the user is The user browser is redirected to the service system, the redirection address is the redirection address of the service system, and the session information includes the login information of the user.

此外,在步骤1)中所述业务系统发送的指令中还携带有业务系统的标识,在步骤2)中由浏览器将该业务系统标识携带在请求中发送给单点登录认证中心,单点登录认证中心用于对携带有业务系统标识的请求进行认证鉴权,即判断是哪个系统发来的请求。In addition, the instruction sent by the business system in step 1) also carries the logo of the business system, and in step 2), the browser carries the logo of the business system in the request and sends it to the single sign-on authentication center. The login authentication center is used to perform authentication on the request carrying the business system ID, that is, to judge which system sent the request.

在单点登录过程中,如果用户在其他业务系统已登录,则用户浏览器与业务系统之间默认均指向该用户,也就是说,在单点登录的标准体制中,是不能存在两个用户同时在一个浏览器中访问网站的。比如,用户A访问过的业务系统都是A为登录状态,如果此时换成用户B的账号进行登录,则需要退出A的登录账号,则A的登录信息过期,此时A的全局会话也失效。所以在单点登录体系中,不同的用户是不可能同时在一个浏览器中处于登录状态,也就是说,一个浏览器的本次文件下,有效的全局会话只能有一个,在单点登录过程中,单点登录体系内的业务系统和浏览器只识别一个用户。In the single sign-on process, if the user has logged in in other business systems, the user's browser and the business system will point to the user by default. That is to say, in the single sign-on standard system, there cannot be two users visit the website in one browser at the same time. For example, the business systems visited by user A are all logged in. If user B switches to log in at this time, he needs to log out of A's login account, and A's login information expires. At this time, A's global session also expires. invalidated. Therefore, in the single sign-on system, it is impossible for different users to be in the login state in a browser at the same time, that is to say, under this file of a browser, there can only be one valid global session. During the process, the business system and browser in the single sign-on system only recognize one user.

此外,对于场景(1)和(3),用户未在其他业务系统登录,直接在浏览器输入所述业务系统的网址,进行访问,以及,用户未在其他业务系统登录,用户访问业务系统A,未在业务系统A登录时,点击业务系统A上嵌入的所述业务系统的链接,进行访问,对于这两种场景,所述业务系统还存在没有从单点登录认证中心获取所述用户的登录信息的情况;In addition, for scenarios (1) and (3), the user does not log in to other business systems, and directly enters the URL of the business system in the browser to access, and the user does not log in to other business systems, and the user accesses business system A , when business system A is not logged in, click the link of the business system embedded in business system A to access. For these two scenarios, the business system still has no access to the user from the single sign-on authentication center the status of the login information;

所述业务系统获取所述用户的登录信息的指令中携带有所述业务系统的重定向地址;The instruction for the business system to obtain the user's login information carries the redirection address of the business system;

所述用户浏览器获取所述用户的登录信息的请求中仅携带有所述业务系统的重定向地址;The user browser's request to obtain the user's login information only carries the redirection address of the business system;

所述方法还包括:The method also includes:

所述单点登录认证中心判断出所述请求中未携带用户的全局会话ID时,则所述单点登录认证中心将获取用户登录信息失败的结果通过所述用户浏览器重定向给所述业务系统,重定向地址为所述业务系统的重定向地址ULR;When the single sign-on authentication center determines that the request does not carry the user's global session ID, the single sign-on authentication center redirects the result of failing to obtain the user's login information to the service provider via the user browser. system, the redirection address is the redirection address ULR of the business system;

所述请求中未携带用户的全局会话ID说明该用户在登录所述业务系统之前并没有在单点登录体系内的其他业务系统登录,因此,单点登录认证中心中没有为该用户建立全局会话的记录,所以也没有为该用户分配全局会话ID,也就不会存储该用户的登录信息。The request does not carry the user's global session ID, which means that the user has not logged in to other business systems in the single sign-on system before logging in to the business system. Therefore, no global session is established for the user in the single sign-on authentication center. record, so the user is not assigned a global session ID, and the user's login information will not be stored.

所述业务系统根据所述获取用户登录信息失败的结果向所述用户浏览器发出返回到用户当前浏览页面的指令;所述用户浏览器显示当前浏览页面。The business system sends an instruction to the user browser to return to the user's current browsing page according to the failure result of obtaining the user login information; the user browser displays the current browsing page.

此外,对于场景(2),用户在单点登录系统内首次登录时,在某个业务系统登录,单点登录认证中心会将登录信息保存下来,以便用户在所述业务系统登录可以获取到该用户的登录信息,因此,在所述业务系统通过所述用户浏览器向单点登录认证中心获取所述用户的登录信息之前,所述方法还包括:单点登录系统内某个业务系统通过所述用户浏览器请求单点登录认证中心存储所述用户在该业务系统登录时的登录信息;In addition, for scenario (2), when a user logs in to a business system for the first time in the single sign-on system, the single sign-on authentication center will save the login information so that the user can log in to the business system to obtain the Therefore, before the business system obtains the user's login information from the single sign-on authentication center through the user browser, the method further includes: a certain business system in the single sign-on system passes the The user browser requests the single sign-on authentication center to store the login information of the user when logging in to the business system;

具体包括:Specifically include:

1)所述某个业务系统在通过所述用户的登录认证时,所述某个业务系统向所述用户浏览器发送存储所述用户在通过登录认证时的登录信息的指令,所述指令中携带有所述某个业务系统的重定向地址和业务系统标识;1) When the certain business system passes the login authentication of the user, the certain business system sends an instruction to the user browser to store the login information of the user when the user passes the login authentication, and in the instruction carrying the redirection address and service system identifier of the certain service system;

2)所述用户浏览器向所述单点登录认证中心发送存储所述用户通过登录认证时的登录信息的请求,所述请求中携带有所述某个业务系统的重定向地址、业务系统标识以及所述用户通过登录认证时的登录信息;2) The user browser sends a request to the single sign-on authentication center to store the login information when the user passes the login authentication, and the request carries the redirection address of the certain business system and the business system identifier And the login information when the user passes the login authentication;

3)所述单点登录认证中心收到所述请求后,生成所述用户通过登录认证时的本次登录的全局会话,并为该用户在单点登录认证中心的本次登录行为配置全局会话ID,在所述全局会话的会话信息中保存所述某个业务系统的业务系统标识和所述用户通过登录认证时的登录信息,并将所述用户通过登录认证时的本次登录的全局会话ID返回至所述用户浏览器,并将登录信息已存储的处理结果通过所述用户浏览器重定向给所述某个业务系统,重定向地址为所述某个业务系统的重定向地址。3) After the single sign-on authentication center receives the request, it generates a global session for the current login when the user passes the login authentication, and configures the global session for the user's current login behavior in the single sign-on authentication center ID, save the business system identifier of the certain business system and the login information when the user passes the login authentication in the session information of the global session, and store the global session of the current login when the user passes the login authentication The ID is returned to the user browser, and the processing result of the stored login information is redirected to the certain business system through the user browser, and the redirection address is the redirection address of the certain business system.

在单点登录体系中,只有用户首次登录所在的业务系统负责存储登录信息,其他业务系统都是去单点登录认证中心查询,不再存储。In the single sign-on system, only the business system where the user logs in for the first time is responsible for storing the login information, and other business systems go to the single sign-on authentication center for query and no longer store it.

在一个应用示例中,对于应用场景(1)提供了一种单点登录方法,如图2所示,包括以下步骤:In an application example, a single sign-on method is provided for application scenario (1), as shown in Figure 2, including the following steps:

S201:用户通过浏览器访问业务系统A;S201: The user accesses the business system A through a browser;

S202:业务系统A接收到该用户的业务访问请求,业务系统A判断无本地会话,即未登录业务系统A;S202: Business system A receives the user's service access request, and business system A judges that there is no local session, that is, the business system A is not logged in;

如果用户之前在业务系统A登录后,业务系统A会在本地创建本地会话,并分配本地会话ID,同时返回给用户浏览器该业务系统A的本地会话ID;在用户再次访问业务系统A时,浏览器会根据业务系统A的本地会话ID,到业务系统A查询当前用户的登录情况;If the user logs in to business system A before, business system A will create a local session locally, assign a local session ID, and return the local session ID of the business system A to the user browser; when the user visits business system A again, The browser will query the current user's login status to business system A according to the local session ID of business system A;

如果用户之前没有在业务系统A登录,则不存在本地会话ID。If the user has not logged in to business system A before, there is no local session ID.

S203:业务系统A向所述用户的用户浏览器发送获取所述用户的登录信息的指令,所述指令中携带有业务系统A的重定向地址;S203: The service system A sends an instruction to obtain the login information of the user to the user browser of the user, and the instruction carries a redirection address of the service system A;

该重定向地址是用于当所述单点登录认证中心查询到用户的登录信息后,将该用户的登录信息通过用户浏览器重定向至业务系统A。The redirection address is used to redirect the user's login information to the service system A through the user browser after the SSO authentication center inquires about the user's login information.

S204:所述用户浏览器向所述单点登录认证中心发送获取所述用户的登录信息的请求,所述请求中携带有所述业务系统A的重定向地址和所述业务系统A的业务标识;S204: The user browser sends a request to the single sign-on authentication center to obtain the user's login information, and the request carries the redirection address of the service system A and the service identifier of the service system A ;

对于场景(1),由于用户并未在其他业务系统登录过,因此,单点登录认证中心也没有为该用户分配全局会话ID,所以,所述请求中没有携带全局会话ID;For scenario (1), since the user has not logged in to other business systems, the single sign-on authentication center has not assigned a global session ID to the user, so the request does not carry a global session ID;

S205:单点登录认证中心判断出所述请求中未携带用户的全局会话ID时,说明该用户并未在其他业务系统登录过,将获取用户登录信息失败的结果通过所述用户浏览器重定向给所述业务系统,重定向地址为所述业务系统的重定向地址;S205: When the single sign-on authentication center determines that the request does not carry the user's global session ID, it means that the user has not logged in to other business systems, and redirects the result of failing to obtain the user's login information through the user's browser For the business system, the redirection address is the redirection address of the business system;

S206:业务系统A根据所述获取用户登录信息失败的结果和自有业务逻辑向所述用户浏览器发出返回到用户当前浏览页面的指令,用户浏览器向用户展示相应的浏览页面或登录页面。S206: Business system A sends an instruction to the user browser to return to the user's current browsing page according to the result of failure to obtain user login information and its own business logic, and the user browser displays the corresponding browsing page or login page to the user.

在一个应用示例中,对于应用场景(2)提供了一种单点登录方法,如图3所示,包括以下步骤:In an application example, a single sign-on method is provided for application scenario (2), as shown in Figure 3, including the following steps:

S301:用户已经在业务系统A登录;S301: the user has logged in to business system A;

用户在业务系统A登录的时候,单点登录认证中心会为该用户建立全局会话ID,并将该用户的登录信息保存。When a user logs in to business system A, the single sign-on authentication center will create a global session ID for the user and save the user's login information.

S302:用户直接在浏览器输入业务系统B的网址,访问业务系统B;S302: The user directly inputs the URL of the business system B in the browser to access the business system B;

S303:业务系统B根据本地会话ID判断是否有本地会话,即是否登录业务系统B;若有本地会话,则执行步骤S304,否则执行步骤S305;S303: Business system B judges whether there is a local session according to the local session ID, that is, whether to log in to business system B; if there is a local session, execute step S304, otherwise execute step S305;

如果用户之前在业务系统B登录后,业务系统B会在本地创建本地会话,并分配本地会话ID,同时返回给用户浏览器该业务系统B的本地会话ID;在用户再次访问业务系统B时,浏览器会根据业务系统B的本地会话ID,到业务系统B查询当前用户的登录情况;If the user logs in to the business system B before, the business system B will create a local session locally, assign a local session ID, and return the local session ID of the business system B to the user browser; when the user visits the business system B again, The browser will query the login status of the current user from business system B according to the local session ID of business system B;

如果用户之前没有在业务系统B登录,则不存在本地会话ID。If the user has not logged in to business system B before, there is no local session ID.

S304:若有本地会话,则业务系统B向用户浏览器发送向用户呈现登录后页面的指令,用户浏览器向用户呈现登录后的页面;S304: If there is a local session, the business system B sends an instruction to the user browser to present a page after login to the user, and the user browser presents the page after login to the user;

S305:若无本地会话,则业务系统B向所述用户的用户浏览器发送获取所述用户的登录信息的指令,所述指令中携带有业务系统B的重定向地址;S305: If there is no local session, the service system B sends an instruction to obtain the user's login information to the user browser of the user, and the instruction carries the redirection address of the service system B;

该重定向地址是用于当所述单点登录认证中心查询到用户的登录信息后,将该用户的登录信息通过用户浏览器重定向至业务系统B。The redirection address is used to redirect the user's login information to the service system B through the user's browser after the SSO authentication center inquires about the user's login information.

S306:所述用户浏览器向所述单点登录认证中心发送获取所述用户的登录信息的请求,所述请求中携带有标识所述用户的全局会话ID、所述业务系统B的重定向地址和所述业务系统B的标识;S306: The user browser sends a request to the single sign-on authentication center to obtain the user's login information, and the request carries the global session ID identifying the user and the redirection address of the service system B and the identification of the business system B;

S307:单点登录认证中心判断存在与所述用户的全局会话ID对应的全局会话,将所述用户的登录信息通过所述用户浏览器重定向给业务系统B,重定向地址为业务系统B的重定向地址,所述全局会话的会话信息包括所述用户的登录信息;S307: The single sign-on authentication center determines that there is a global session corresponding to the global session ID of the user, and redirects the user's login information to business system B through the user browser, and the redirection address is business system B's A redirection address, the session information of the global session includes the login information of the user;

S308:该业务系统B根据该用户的登录信息进行后续的单点登录流程。S308: The business system B performs a subsequent single sign-on process according to the user's login information.

单点登录流程为现有流程,具体包括:业务系统B根据该用户的登录信息向单点登录认证中心请求认证该登录信息,单点登录认证中心认证成功向业务系统B返回认证成功信息,业务系统B创建本地会话,并向浏览器返回登录成功信息。The single sign-on process is an existing process, specifically including: business system B requests the single sign-on authentication center to authenticate the login information according to the user's login information, and the single sign-on authentication center returns authentication success information to business system B after successful authentication, and the business System B creates a local session and returns login success information to the browser.

在一个应用示例中,对于应用场景(3),用户未在其他业务系统登录,用户访问业务系统A,未在业务系统A登录时,会先触发通过所述用户的用户浏览器向单点登录认证中心获取该用户的登录信息(登录业务系统A的登录信息),与应用场景(1)的对应流程(如步骤S202~S206)类似,由于用户并未在其他业务系统登录过,因此,单点登录认证中心也没有为该用户分配全局会话ID,所以,所述请求中没有携带全局会话ID;单点登录认证中心判断出所述请求中未携带用户的全局会话ID时,说明该用户并未在其他业务系统登录过,将获取用户登录信息失败的结果通过所述用户浏览器重定向给所述业务系统A,业务系统A根据所述获取用户登录信息失败的结果和自有业务逻辑向所述用户浏览器发出返回到用户当前浏览页面的指令,用户浏览器向用户展示相应的浏览页面或登录页面,用户点击业务系统B链接时,则触发通过所述用户的用户浏览器向单点登录认证中心获取该用户的登录信息(登录业务系统B的登录信息),按照应用场景(1)的对应流程(如步骤S202~S206),业务系统B根据所述获取用户登录信息失败的结果和自有业务逻辑向所述用户浏览器发出返回到用户当前浏览页面的指令,用户浏览器向用户展示相应的浏览页面或登录页面。In an application example, for the application scenario (3), the user does not log in to other business systems, and the user accesses business system A, but when the user does not log in to business system A, it will first trigger the user's user browser to log in to the single sign-on The authentication center obtains the user's login information (login information of the business system A), which is similar to the corresponding process of the application scenario (1) (such as steps S202-S206). Since the user has not logged in other business systems, a single The single sign-on authentication center does not assign a global session ID to the user, so the request does not carry the global session ID; when the single sign-on authentication center determines that the request does not carry the user's global session ID, it means that the user does not If you have not logged in in other business systems, redirect the result of failure to obtain user login information to the business system A through the user browser, and business system A will send the result based on the result of failure to obtain user login information and its own business logic. The user browser sends an instruction to return to the user's current browsing page, and the user browser displays the corresponding browsing page or login page to the user. The login authentication center obtains the user's login information (the login information of the login business system B), and according to the corresponding process of the application scenario (1) (such as steps S202-S206), the business system B will The self-owned business logic sends an instruction to the user browser to return to the user's current browsing page, and the user browser displays the corresponding browsing page or login page to the user.

本实施例中,场景(1)和(3)也属于单点登录体系中的场景,因为也存在主动向单点登录认证中心获取用户登录信息的机制。由于用户之前未在属于单点登录认证体系的任何一个业务系统中登录,所以向单点登录认证中心发起的请求中不会有全局会话ID,所以单点登录认证中心也不存在该用户的登录信息。该场景下需要用户在访问的业务系统中主动登录,则该业务系统就成为用户首次登录的业务系统,具有向单点登录认证中心存储用户登录信息的义务。In this embodiment, scenarios (1) and (3) also belong to the scenarios in the single sign-on system, because there is also a mechanism to actively obtain user login information from the single sign-on authentication center. Since the user has not logged in any business system belonging to the single sign-on authentication system before, there will be no global session ID in the request to the single sign-on authentication center, so the user's login does not exist in the single sign-on authentication center information. In this scenario, the user needs to actively log in to the business system that the user visits, so the business system becomes the business system that the user logs in for the first time, and has the obligation to store the user's login information to the single sign-on authentication center.

如图4所示,本实施例提供了一种单点登录系统,包括:用户浏览器、一个或多个业务系统以及单点登录认证中心,其中:As shown in Figure 4, this embodiment provides a single sign-on system, including: a user browser, one or more business systems and a single sign-on authentication center, wherein:

业务系统,用于在接收到未在所述业务系统登录的用户的业务访问后,向用户浏览器发送获取所述用户的登录信息的指令,通过所述用户的用户浏览器向单点登录认证中心获取所述用户的登录信息,如果获取到,则利用所述登录信息自动完成所述用户的登录处理,并通知所述用户浏览器显示登录后的页面;The business system is configured to, after receiving a business visit from a user who has not logged in the business system, send an instruction to obtain the user's login information to the user browser, and authenticate the single sign-on through the user browser of the user The center obtains the login information of the user, and if obtained, uses the login information to automatically complete the login processing of the user, and notifies the user that the browser displays the logged-in page;

用户浏览器,用于在接收到所述业务系统获取用户的登录信息的指令后,向单点登录认证中心发送获取所述用户的登录信息的请求,并将所述单点登录认证中心返回的所述用户的登录信息传递至所述业务系统,在收到所述业务系统通知后显示登录后的页面;The user browser is configured to send a request to obtain the user's login information to the single sign-on authentication center after receiving the instruction from the business system to obtain the user's login information, and send the request returned by the single sign-on authentication center The user's login information is transmitted to the business system, and the logged-in page is displayed after receiving the notification from the business system;

单点登录认证中心,用于在接收到所述用户浏览器的请求后,在本地查询所述用户的登录信息,若查询到,则将查询到的所述用户的登录信息通过所述用户浏览器返回给所述业务系统。The single sign-on authentication center is used to query the login information of the user locally after receiving the request from the user browser, and if found, browse the query login information of the user through the user The server returns to the business system.

对于场景(2),用户已登录其他业务系统,直接在浏览器输入所述业务系统的网址,进行访问,对于这种场景:For scenario (2), the user has logged in to other business systems, and directly enters the URL of the business system in the browser to access. For this scenario:

所述业务系统获取所述用户的登录信息的指令中携带有所述业务系统的重定向地址;The instruction for the business system to acquire the user's login information carries the redirection address of the business system;

所述用户浏览器获取所述用户的登录信息的请求中携带有所述用户的全局会话ID和所述业务系统的重定向地址;The user browser's request to obtain the user's login information carries the user's global session ID and the redirection address of the service system;

所述单点登录认证中心,用于在接收到所述用户浏览器的请求后,在本地查询所述用户的登录信息,若查询到,则将查询到的所述用户的登录信息通过所述用户浏览器返回给所述业务系统,包括:The single sign-on authentication center is configured to query the user's login information locally after receiving the request from the user's browser, and if found, pass the queried user's login information through the The user browser returns to the business system, including:

所述单点登录认证中心,用于判断是否存在与所述用户的全局会话ID对应的全局会话,如果存在,则根据与所述用户的全局会话ID对应的全局会话的会话信息,将所述用户的登录信息通过所述用户浏览器重定向给所述业务系统,重定向地址为所述业务系统的重定向地址,所述会话信息包括所述用户的登录信息。The single sign-on authentication center is used to judge whether there is a global session corresponding to the global session ID of the user, and if it exists, according to the session information of the global session corresponding to the global session ID of the user, the The user's login information is redirected to the service system through the user browser, the redirection address is the redirection address of the service system, and the session information includes the user's login information.

此外,所述业务系统发送的指令中还携带有业务系统的标识,由用户浏览器将该业务系统的标识携带在请求中发送给单点登录认证中心,所述单点登录认证中心用于对携带有业务系统的标识的请求进行认证鉴权,即判断是哪个系统发来的请求。In addition, the instruction sent by the business system also carries the logo of the business system, and the user browser carries the logo of the business system in the request and sends it to the single sign-on authentication center, and the single sign-on authentication center is used to verify the The request carrying the identification of the business system is authenticated, that is, it is judged which system sent the request.

此外,对于场景(1)和(3),用户未在其他业务系统登录,直接在浏览器输入所述业务系统的网址,进行访问,以及,用户未在其他业务系统登录,用户访问业务系统A,未在业务系统A登录时,点击业务系统A上嵌入的所述业务系统的链接,进行访问,对于这两种场景,所述业务系统还存在没有从单点登录认证中心获取所述用户的登录信息的情况:In addition, for scenarios (1) and (3), the user does not log in to other business systems, and directly enters the URL of the business system in the browser to access, and the user does not log in to other business systems, and the user accesses business system A , when business system A is not logged in, click the link of the business system embedded in business system A to access. For these two scenarios, the business system still has no access to the user from the single sign-on authentication center In the case of login information:

所述业务系统获取所述用户的登录信息的指令中携带有所述业务系统的重定向地址;The instruction for the business system to obtain the user's login information carries the redirection address of the business system;

所述用户浏览器获取所述用户的登录信息的请求中仅携带有所述业务系统的重定向地址;The user browser's request to obtain the user's login information only carries the redirection address of the business system;

所述单点登录认证中心,还用于当判断所述请求中未携带用户的全局会话ID时,查询不到所述用户的登录信息,则将获取用户登录信息失败的结果通过所述用户浏览器重定向给所述业务系统,重定向地址为所述业务系统的重定向地址;The single sign-on authentication center is further configured to, when it is judged that the request does not carry the user's global session ID, and the user's login information cannot be queried, then the result of failing to obtain the user's login information is browsed by the user. The device is redirected to the business system, and the redirection address is the redirection address of the business system;

所述请求中未携带用户的全局会话ID说明该用户在登录所述业务系统之前并没有在单点登录系统的其他业务系统登录,因此,单点登录认证中心中没有为该用户建立全局会话的记录,所以也没有为该用户分配全局会话ID,也就不会存储该用户的登录信息。The request does not carry the user's global session ID, indicating that the user has not logged in to other business systems of the single sign-on system before logging in to the business system. Therefore, there is no global session established for the user in the single sign-on authentication center. record, so the user is not assigned a global session ID, and the user's login information is not stored.

所述用户浏览器,还用于将所述单点登录认证中心返回的获取用户登录信息失败的结果重定向给所述业务系统,并在接收到所述业务系统发出的返回到用户当前浏览页面的指令后,显示当前浏览页面;The user browser is also used to redirect the result of failure to obtain user login information returned by the single sign-on authentication center to the business system, and return to the user's current browsing page after receiving the message sent by the business system. After the command, display the current browsing page;

所述业务系统,还用于根据所述获取用户登录信息失败的结果向所述用户浏览器发出返回到相应浏览页面的指令。The service system is further configured to send an instruction to the user browser to return to the corresponding browsing page according to the result of the failure to acquire the user login information.

此外,对于场景(2),用户在首次登录单点登录系统内的某个业务系统时,该业务系统会通过用户浏览器请求单点登录认证中心会将登录信息保存下来,以便用户在单点登录系统内的业务系统登录可以获取到该用户的登录信息,其中:In addition, for scenario (2), when a user logs in to a business system in the single sign-on system for the first time, the business system will request the single sign-on authentication center through the user browser to save the login information so that the user The login information of the user can be obtained by logging in to the business system in the login system, where:

所述用户首次登录的单点登录系统内的某个业务系统,用于在通过所述用户的登录认证时,向所述用户浏览器发送存储所述用户在该业务系统登录时的登录信息的指令,通过所述用户浏览器请求所述单点登录认证中心存储所述用户在该业务系统登录时的登录信息;A business system in the single sign-on system that the user logs in for the first time is configured to send to the user browser a message that stores the login information of the user when logging in to the business system when the user's login authentication is passed. An instruction, requesting the single sign-on authentication center to store the login information of the user when logging in to the business system through the user browser;

所述用户浏览器,还用于在接收到所述某个业务系统请求存储所述用户在该业务系统登录时的登录信息的指令后,向所述单点登录认证中心发送存储所述用户在该业务系统登录时的登录信息的请求;The user browser is further configured to, after receiving an instruction from the certain business system requesting to store the login information of the user when logging in to the business system, send to the single sign-on authentication center the A request for login information when logging into the business system;

即该用户在浏览所述业务系统之前在某个业务系统登录时,将该用户的登录信息保存;That is, when the user logs in to a certain business system before browsing the business system, save the user's login information;

所述单点登录认证中心,用于在接收到所述用户浏览器的请求后,将所述用户在该业务系统登录时的登录信息进行存储。The single sign-on authentication center is configured to store the login information of the user when logging in to the business system after receiving the request from the user's browser.

具体地,所述某个业务系统存储所述用户在该业务系统登录时的登录信息的指令中携带有所述单点登录系统内某个业务系统的重定向地址和业务系统标识;Specifically, the instruction for the certain business system to store the login information of the user when logging in the business system carries the redirection address and business system identifier of a certain business system in the single sign-on system;

所述用户浏览器存储所述用户在该业务系统登录时的登录信息的请求中携带有所述某个业务系统的重定向地址、业务系统标识以及所述用户在该业务系统登录时的登录信息;The user browser's request for storing the user's login information when logging in to the business system carries the redirection address of the certain business system, the business system identifier, and the user's login information when logging in to the business system ;

所述单点登录认证中心,用于在接收到所述用户浏览器的请求后,将所述用户在该业务系统登录时的登录信息进行存储,包括:The single sign-on authentication center is used to store the login information of the user when logging in to the business system after receiving the request from the user browser, including:

所述单点登录认证中心收到所述请求后,生成所述用户在该业务系统登录时的全局会话,并为该用户在单点登录认证中心的本次登录行为配置全局会话ID,在所述全局会话的会话信息中保存所述某个业务系统的业务系统标识和所述用户在该业务系统登录时的登录信息,并将所述全局会话ID返回至所述用户浏览器,并通过所述用户浏览器重定向给所述某个业务系统,重定向地址为所述某个业务系统的重定向地址;After the single sign-on authentication center receives the request, it generates a global session for the user when logging in to the business system, and configures a global session ID for the user's current login behavior in the single sign-on authentication center, and in the Save the business system identifier of the certain business system and the login information of the user when logging in the business system in the session information of the global session, and return the global session ID to the user browser, and pass the The user browser is redirected to the certain business system, and the redirection address is the redirection address of the certain business system;

所述用户浏览器,还用于在接收并保存所述单点登录认证中心返回的所述用户的全局会话ID,并传递给所述某个业务系统。The user browser is further configured to receive and save the user's global session ID returned by the single sign-on authentication center, and pass it to the certain service system.

从上述实施例可以看出,相对于现有技术,上述实施例中提供的单点登录方法及系统,对于无认证信息携带访问业务系统的场景,使业务系统具有主动查询用户登录信息的功能,实现了在该场景下的单点登录,更加符合用户的互联网业务使用习惯,完善了单点登录机制。It can be seen from the above embodiments that, compared with the prior art, the single sign-on method and system provided in the above embodiments enable the business system to have the function of actively querying user login information for scenarios where no authentication information is carried to access the business system. The single sign-on in this scenario is realized, which is more in line with the user's Internet business usage habits, and the single sign-on mechanism is improved.

本领域普通技术人员可以理解上述方法中的全部或部分步骤可通过程序来指令相关硬件完成,所述程序可以存储于计算机可读存储介质中,如只读存储器、磁盘或光盘等。可选地,上述实施例的全部或部分步骤也可以使用一个或多个集成电路来实现。相应地,上述实施例中的各模块/单元可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。本发明不限制于任何特定形式的硬件和软件的结合。Those skilled in the art can understand that all or part of the steps in the above method can be completed by instructing relevant hardware through a program, and the program can be stored in a computer-readable storage medium, such as a read-only memory, a magnetic disk or an optical disk, and the like. Optionally, all or part of the steps in the foregoing embodiments may also be implemented using one or more integrated circuits. Correspondingly, each module/unit in the foregoing embodiments may be implemented in the form of hardware, or may be implemented in the form of software function modules. The present invention is not limited to any specific combination of hardware and software.

以上所述仅为本发明的优选实施例而已,并非用于限定本发明的保护范围。根据本发明的发明内容,还可有其他多种实施例,在不背离本发明精神及其实质的情况下,熟悉本领域的技术人员当可根据本发明作出各种相应的改变和变形,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the protection scope of the present invention. According to the content of the present invention, there can also be other various embodiments. Those skilled in the art can make various corresponding changes and deformations according to the present invention without departing from the spirit and essence of the present invention. Within the spirit and principles of the present invention, any modifications, equivalent replacements, improvements, etc., shall be included within the protection scope of the present invention.

Claims (4)

1.一种单点登录方法,包括:1. A single sign-on method comprising: 在用户首次登录单点登录系统内的第一业务系统时,所述第一业务系统通过用户浏览器请求单点登录认证中心存储所述用户在所述第一业务系统登录时的登录信息;When the user first logs in to the first business system in the single-sign-on system, the first business system requests the single-sign-on authentication center through the user browser to store the login information of the user when logging in to the first business system; 所述登录单点登录系统内的第二业务系统接收到未在所述第二业务系统登录的用户的业务访问后,所述第二业务系统通过所述用户的用户浏览器向所述单点登录认证中心获取该用户的登录信息,如果获取到,则所述第二业务系统利用所述登录信息自动完成所述用户的登录处理,通知所述用户浏览器显示登录后的页面;After the second business system in the login single sign-on system receives a service visit from a user who has not logged in the second business system, the second business system sends a message to the single point through the user browser of the user. The login authentication center obtains the user's login information, if obtained, the second business system uses the login information to automatically complete the user's login process, and notifies the user's browser to display the logged-in page; 所述第二业务系统通过所述用户的用户浏览器向所述单点登录认证中心获取所述用户的登录信息,包括:The second service system acquires the user's login information from the single sign-on authentication center through the user's user browser, including: 所述第二业务系统向所述用户的用户浏览器发送获取所述用户的登录信息的指令,所述指令中携带有所述第二业务系统的重定向地址;The second service system sends an instruction to obtain the user's login information to the user browser of the user, and the instruction carries a redirection address of the second service system; 所述用户浏览器向所述单点登录认证中心发送获取所述用户的登录信息的请求,所述请求中携带有所述用户的全局会话ID和所述第二业务系统的重定向地址;The user browser sends a request to obtain the user's login information to the single sign-on authentication center, and the request carries the user's global session ID and the redirection address of the second service system; 所述单点登录认证中心判断是否存在与所述用户的全局会话ID对应的全局会话,如果存在,则根据与所述用户的全局会话ID对应的全局会话的会话信息,将所述用户的登录信息通过所述用户浏览器重定向给所述第二业务系统,重定向地址为所述第二业务系统的重定向地址,所述会话信息包括所述用户的登录信息;The single sign-on authentication center judges whether there is a global session corresponding to the global session ID of the user, and if it exists, according to the session information of the global session corresponding to the global session ID of the user, the user's login The information is redirected to the second business system through the user browser, the redirection address is the redirection address of the second business system, and the session information includes the login information of the user; 所述第一业务系统通过所述用户浏览器请求所述单点登录认证中心存储所述用户在所述第一业务系统登录时的登录信息,包括:The first business system requests the single sign-on authentication center to store the login information of the user when logging in the first business system through the user browser, including: 所述第一业务系统在通过所述用户的登录认证时,向所述用户浏览器发送存储所述用户在所述第一业务系统登录时的登录信息的指令,所述指令中携带有所述第一业务系统的重定向地址和业务系统标识;When the first business system passes the user's login authentication, it sends an instruction to the user browser to store the login information of the user when logging in to the first business system, and the instruction carries the The redirection address and service system identifier of the first service system; 所述用户浏览器向所述单点登录认证中心发送存储所述用户在所述第一业务系统登录时的登录信息的请求,所述请求中携带有所述第一业务系统的重定向地址、业务系统标识以及所述用户通过登录认证时的登录信息;The user browser sends a request to the single sign-on authentication center to store the login information of the user when logging in to the first business system, and the request carries the redirection address of the first business system, The business system identification and the login information of the user when he passes the login authentication; 所述单点登录认证中心收到所述请求后,生成所述用户在所述第一业务系统登录时的全局会话,并为该用户在单点登录认证中心的本次登录行为配置全局会话ID,在所述全局会话的会话信息中保存所述第一业务系统的业务系统标识和所述用户在该业务系统登录时的登录信息,并将所述全局会话ID返回至所述用户浏览器,并通过所述用户浏览器重定向给所述第一业务系统,重定向地址为所述第一业务系统的重定向地址。After receiving the request, the single sign-on authentication center generates a global session for the user when logging in to the first business system, and configures a global session ID for the user's current login behavior in the single sign-on authentication center , saving the service system identifier of the first service system and the login information of the user when logging in the service system in the session information of the global session, and returning the global session ID to the user browser, And redirect to the first service system through the user browser, and the redirection address is the redirection address of the first service system. 2.如权利要求1所述的方法,其特征在于:所述方法还包括:2. The method according to claim 1, characterized in that: the method further comprises: 所述第二业务系统通过所述用户的用户浏览器向单点登录认证中心获取所述用户的登录信息,包括:The second service system acquires the user's login information from the single sign-on authentication center through the user's user browser, including: 所述第二业务系统向所述用户的用户浏览器发送获取所述用户的登录信息的指令,所述指令中携带有所述第二业务系统的重定向地址;The second service system sends an instruction to obtain the user's login information to the user browser of the user, and the instruction carries a redirection address of the second service system; 所述用户浏览器向所述单点登录认证中心发送获取所述用户的登录信息的请求,所述请求中仅携带有所述第二业务系统的重定向地址;The user browser sends a request to obtain the user's login information to the single sign-on authentication center, and the request only carries the redirection address of the second service system; 所述单点登录认证中心判断所述请求中未携带用户的全局会话ID时,将获取用户登录信息失败的结果通过所述用户浏览器重定向给所述第二业务系统,重定向地址为所述第二业务系统的重定向地址;When the single sign-on authentication center judges that the request does not carry the user's global session ID, it redirects the result of failure to obtain the user's login information to the second service system through the user browser, and the redirection address is the The redirection address of the second business system; 所述方法还包括:如果没有获取到,则所述第二业务系统根据所述获取用户登录信息失败的结果向所述用户浏览器发出返回到用户当前浏览页面的指令;所述用户浏览器显示当前浏览页面。The method further includes: if not obtained, the second service system sends an instruction to the user browser to return to the user's current browsing page according to the result of the failure to obtain the user login information; the user browser displays Currently browsing the page. 3.一种单点登录系统,包括:3. A single sign-on system, comprising: 第一业务系统,用于在通过用户的登录认证时,向用户浏览器发送存储所述用户在所述第一业务系统登录时的登录信息的指令,通过所述用户浏览器请求单点登录认证中心存储所述用户在第一业务系统登录时的登录信息;The first business system is configured to send an instruction to store the login information of the user when logging in to the first business system to the user browser when the user's login authentication is passed, and request single sign-on authentication through the user browser The center stores the login information of the user when logging in to the first business system; 所述用户浏览器,用于在接收到所述第一业务系统请求存储所述用户在该业务系统登录时的登录信息的指令后,向所述单点登录认证中心发送存储所述用户在所述第一业务系统登录时的登录信息的请求;The user browser is configured to, after receiving an instruction from the first business system requesting to store the login information of the user when logging in the business system, send to the single sign-on authentication center an A request for login information when logging in to the first business system; 所述单点登录认证中心,用于在接收到所述用户浏览器的请求后,将所述用户在所述第一业务系统登录时的登录信息进行存储;The single sign-on authentication center is configured to store the login information of the user when logging in to the first business system after receiving the request from the user browser; 第二业务系统,用于在接收到未在所述第二业务系统登录的用户的业务访问后,向用户浏览器发送获取所述用户的登录信息的指令,通过所述用户的用户浏览器向所述单点登录认证中心获取所述用户的登录信息,如果获取到,则利用所述登录信息自动完成所述用户的登录处理,并通知所述用户浏览器显示登录后的页面;The second business system is configured to, after receiving a business visit from a user who has not logged in the second business system, send an instruction to obtain the user's login information to the user browser, and send an instruction to the user through the user browser of the user The single sign-on authentication center obtains the login information of the user, and if obtained, uses the login information to automatically complete the login processing of the user, and notifies the user's browser to display the logged-in page; 所述用户浏览器,还用于在接收到所述第二业务系统获取用户的登录信息的指令后,向所述单点登录认证中心发送获取所述用户的登录信息的请求,并将所述单点登录认证中心返回的所述用户的登录信息传递至所述第二业务系统,在收到所述第二业务系统通知后显示登录后的页面;The user browser is further configured to, after receiving an instruction from the second service system to obtain the user's login information, send a request to the single sign-on authentication center to obtain the user's login information, and send the The user's login information returned by the single sign-on authentication center is passed to the second business system, and the logged-in page is displayed after receiving the notification from the second business system; 所述单点登录认证中心,还用于在接收到所述用户浏览器的请求后,在本地查询所述用户的登录信息,若查询到,则将查询到的所述用户的登录信息通过所述用户浏览器返回给所述第二业务系统;The single sign-on authentication center is further configured to locally inquire about the user's login information after receiving the request from the user's browser, and if found, pass the inquired user's login information through the The user browser returns to the second service system; 所述第二业务系统获取所述用户的登录信息的指令中携带有所述第二业务系统的重定向地址;The instruction for the second business system to acquire the user's login information carries the redirection address of the second business system; 所述用户浏览器获取所述用户的登录信息的请求中携带有所述用户的全局会话ID和所述业务系统的重定向地址;The user browser's request to obtain the user's login information carries the user's global session ID and the redirection address of the service system; 所述单点登录认证中心判断是否存在与所述用户的全局会话ID对应的全局会话,如果存在,则根据与所述用户的全局会话ID对应的全局会话的会话信息,将所述用户的登录信息通过所述用户浏览器重定向给所述第二业务系统,重定向地址为所述第二业务系统的重定向地址,所述会话信息包括所述用户的登录信息;The single sign-on authentication center judges whether there is a global session corresponding to the global session ID of the user, and if it exists, according to the session information of the global session corresponding to the global session ID of the user, the user's login The information is redirected to the second business system through the user browser, the redirection address is the redirection address of the second business system, and the session information includes the login information of the user; 所述第一业务系统存储所述用户在该第一业务系统登录时的登录信息的指令中携带有所述单点登录系统内第一业务系统的重定向地址和业务系统标识;The instruction of the first business system to store the login information of the user when logging in the first business system carries the redirection address and business system identifier of the first business system in the single sign-on system; 所述用户浏览器存储所述用户在该第一业务系统登录时的登录信息的请求中携带有所述第一业务系统的重定向地址、业务系统标识以及所述用户在该第一业务系统登录时的登录信息;The user browser's request for storing the login information of the user when logging in to the first business system carries the redirection address of the first business system, the business system identifier, and the user's login information in the first business system. login information at the time; 所述单点登录认证中心,用于在接收到所述用户浏览器的请求后,将所述用户在该第一业务系统登录时的登录信息进行存储,包括:The single sign-on authentication center is configured to store the login information of the user when logging in to the first business system after receiving the request from the user browser, including: 所述单点登录认证中心收到所述请求后,生成所述用户在该第一业务系统登录时的全局会话,并为该用户在单点登录认证中心的本次登录行为配置全局会话ID,在所述全局会话的会话信息中保存所述第一业务系统的业务系统标识和所述用户在该第一业务系统登录时的登录信息,并将所述全局会话ID返回至所述用户浏览器,并通过所述用户浏览器重定向给所述第一业务系统,重定向地址为所述第一业务系统的重定向地址;After receiving the request, the single sign-on authentication center generates a global session for the user when logging in to the first business system, and configures a global session ID for the user's current login behavior in the single sign-on authentication center, Save the service system identifier of the first service system and the login information of the user when logging in the first service system in the session information of the global session, and return the global session ID to the user browser , and redirect to the first business system through the user browser, the redirection address is the redirection address of the first business system; 所述用户浏览器,还用于在接收并保存所述单点登录认证中心返回的所述用户的全局会话ID,并传递给所述第一业务系统。The user browser is further configured to receive and save the user's global session ID returned by the single sign-on authentication center, and pass it to the first service system. 4.如权利要求3所述的系统,其特征在于,还包括:4. The system of claim 3, further comprising: 所述第二业务系统获取所述用户的登录信息的指令中携带有所述第二业务系统的重定向地址;The instruction for the second business system to acquire the user's login information carries the redirection address of the second business system; 所述用户浏览器获取所述用户的登录信息的请求中仅携带有所述第二业务系统的重定向地址;The request of the user browser to obtain the user's login information only carries the redirection address of the second service system; 所述单点登录认证中心判断所述请求中未携带用户的全局会话ID时,将获取用户登录信息失败的结果通过所述用户浏览器重定向给所述第二业务系统,重定向地址为所述第二业务系统的重定向地址;When the single sign-on authentication center judges that the request does not carry the user's global session ID, it redirects the result of failure to obtain the user's login information to the second service system through the user browser, and the redirection address is the The redirection address of the second business system; 所述用户浏览器将所述单点登录认证中心返回的获取用户登录信息失败的结果重定向给所述第二业务系统,并在接收到所述第二业务系统发出的返回到用户当前浏览页面的指令后,显示当前浏览页面;The user browser redirects to the second business system the result returned by the single sign-on authentication center that the acquisition of user login information fails, and returns to the user's current browsing page after receiving the message sent by the second business system. After the command, display the current browsing page; 所述第二业务系统根据所述获取用户登录信息失败的结果向所述用户浏览器发出返回到相应浏览页面的指令。The second service system sends an instruction to the user browser to return to the corresponding browsing page according to the result of failure to obtain the user login information.
CN201410422428.5A 2014-08-25 2014-08-25 A kind of single-point logging method and system Active CN104158818B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410422428.5A CN104158818B (en) 2014-08-25 2014-08-25 A kind of single-point logging method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410422428.5A CN104158818B (en) 2014-08-25 2014-08-25 A kind of single-point logging method and system

Publications (2)

Publication Number Publication Date
CN104158818A CN104158818A (en) 2014-11-19
CN104158818B true CN104158818B (en) 2018-09-11

Family

ID=51884223

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410422428.5A Active CN104158818B (en) 2014-08-25 2014-08-25 A kind of single-point logging method and system

Country Status (1)

Country Link
CN (1) CN104158818B (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105592031B (en) * 2014-11-25 2019-07-19 中国银联股份有限公司 User login method and system based on identity authentication
CN106331042B (en) * 2015-07-01 2020-04-07 阿里巴巴集团控股有限公司 Single sign-on method and device for heterogeneous user system
CN106899615A (en) * 2017-04-18 2017-06-27 北京思特奇信息技术股份有限公司 A kind of single sign-on authentication method and system
CN107040543B (en) * 2017-04-26 2020-08-04 埃摩森网络科技(上海)有限公司 Single sign-on method, terminal and storage medium
CN109729045B (en) * 2017-10-30 2021-01-05 腾讯科技(深圳)有限公司 Single sign-on method, system, server and storage medium
CN109145039B (en) * 2017-12-25 2022-01-28 北极星云空间技术股份有限公司 UI bridging method suitable for federal workflow integration
CN108289101B (en) * 2018-01-25 2021-02-12 中企动力科技股份有限公司 Information processing method and device
CN110213356B (en) * 2019-05-21 2021-11-12 深圳壹账通智能科技有限公司 Login processing method based on data processing and related equipment
CN110336828A (en) * 2019-07-15 2019-10-15 中国联合网络通信集团有限公司 A kind of information synchronization method and first server
CN110765443A (en) * 2019-10-24 2020-02-07 深圳前海环融联易信息科技服务有限公司 Single sign-on method and device, computer equipment and storage medium
CN113011695A (en) * 2020-10-20 2021-06-22 上海仪电鑫森科技发展有限公司 Big data ecological environment system based on SOA technology
CN112632491A (en) * 2020-12-15 2021-04-09 读书郎教育科技有限公司 Method for realizing account system shared by multiple information systems
CN114238927A (en) * 2021-12-07 2022-03-25 中国建设银行股份有限公司 Business system login method, system, device, computer equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101026481A (en) * 2006-02-21 2007-08-29 华为技术有限公司 Integrated user safety management method and device
CN102857484A (en) * 2011-07-01 2013-01-02 阿里巴巴集团控股有限公司 Method, system and device for implementing single sign-on

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101026481A (en) * 2006-02-21 2007-08-29 华为技术有限公司 Integrated user safety management method and device
CN102857484A (en) * 2011-07-01 2013-01-02 阿里巴巴集团控股有限公司 Method, system and device for implementing single sign-on

Also Published As

Publication number Publication date
CN104158818A (en) 2014-11-19

Similar Documents

Publication Publication Date Title
CN104158818B (en) A kind of single-point logging method and system
CN103051630B (en) Method, the Apparatus and system of third-party application mandate is realized based on open platform
EP3092775B1 (en) Method and system for determining whether a terminal logging into a website is a mobile terminal
US11128621B2 (en) Method and apparatus for accessing website
CN111783067B (en) Automatic login method and device between multiple websites
CN102098158B (en) Cross-domain name single sign on and off method and system as well as corresponding equipment
CN103023918B (en) The mthods, systems and devices logged in are provided for multiple network services are unified
CN104735066B (en) A kind of single-point logging method of object web page application, device and system
CN103023893B (en) Access online resources using the resource transfer platform
EP3203709B1 (en) Cloud service server and method for managing cloud service server
CN104468592B (en) Login method and login system
CN104539615B (en) Cascade connection authentication method based on CAS
US20160294812A1 (en) Account login method and device
CN103384198A (en) User identity identification service method and system on basis of mailbox
WO2015143855A1 (en) Method, apparatus and system for accessing data resources
CN103428179A (en) Method, system and device for logging into multi-domain-name website
CN108200040A (en) Mobile client exempts from method, system, browser and the mobile terminal of close login
CN101764808A (en) Authentication processing method and system for automatic login as well as server
CN102112991A (en) An apparatus for managing user authentication
CN109936579A (en) Single sign-on method, device, equipment and computer readable storage medium
CN106254319B (en) Light application login control method and device
CN109510799B (en) Page display method, browser client, equipment and storage medium
CN108173839B (en) Rights management method and system
CN114338078B (en) A CS client login method and device
US11075922B2 (en) Decentralized method of tracking user login status

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant