CN102469075A - Integrated authentication method based on WEB single sign-on - Google Patents
Integrated authentication method based on WEB single sign-on Download PDFInfo
- Publication number
- CN102469075A CN102469075A CN2010105356480A CN201010535648A CN102469075A CN 102469075 A CN102469075 A CN 102469075A CN 2010105356480 A CN2010105356480 A CN 2010105356480A CN 201010535648 A CN201010535648 A CN 201010535648A CN 102469075 A CN102469075 A CN 102469075A
- Authority
- CN
- China
- Prior art keywords
- user
- authentication
- certificate server
- service
- identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims description 35
- 230000008569 process Effects 0.000 claims description 9
- 238000012797 qualification Methods 0.000 claims description 3
- 235000014510 cooky Nutrition 0.000 abstract description 5
- 238000004891 communication Methods 0.000 abstract description 4
- 238000012795 verification Methods 0.000 abstract description 4
- 230000007246 mechanism Effects 0.000 abstract description 3
- 239000000284 extract Substances 0.000 abstract 1
- 230000003993 interaction Effects 0.000 abstract 1
- 230000005540 biological transmission Effects 0.000 description 5
- 230000006399 behavior Effects 0.000 description 2
- 150000003839 salts Chemical class 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- FFBHFFJDDLITSX-UHFFFAOYSA-N benzyl N-[2-hydroxy-4-(3-oxomorpholin-4-yl)phenyl]carbamate Chemical compound OC1=C(NC(=O)OCC2=CC=CC=C2)C=CC(=C1)N1CCOCC1=O FFBHFFJDDLITSX-UHFFFAOYSA-N 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 210000004258 portal system Anatomy 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention realizes a mode or service for carrying out single sign-on and centralized authentication of users among a plurality of WEB application servers. The service is deployed between a client browser and each application system server, and each application system server is in the same security domain. The service generates an identity document for identity information submitted by a user, generates a service document for an application system to be accessed by the user, generates, extracts and verifies the two types of documents by the authentication service, and adopts a Cookie mechanism of W3C international standard and an HTTP 302 port redirection mechanism, so that the second application system can automatically identify the user identity and directly provide service for the user without requiring identity verification again when the user accesses the second application system again after logging in the first application system. Namely, single sign-on and centralized authentication among multiple application systems are realized. The authentication service realizes multiple security authentication strategies, such as a storage strategy, a credential strategy, a communication strategy and the like, effectively reduces resource consumption of an application server end, improves the security of identity data and credential data, and finally realizes good human-computer interaction experience.
Description
One, technical field
Relate generally to WEB safety certification of the present invention field.More particularly, the present invention relates to a kind of method that between a plurality of WEB application servers, realizes user's single-sign-on and Collective qualification.
Two, background technology
Single-sign-on (Single Sign On) abbreviates SSO as, is one of solution of integrating of at present popular business event.May there be many different application systems in the enterprise; If each application system is all safeguarded the user profile of oneself; For the user; Login each application system and all will import the username and password of oneself, the user possibly be the different username and password of different application setting, obvious like this being not suitable for sometimes.SSO can be implemented in the effect that all can visit at other system after the system login, and enterprise also can be organized into all user profile together, and the user only need login the application system that once just can visit all mutual trusts.It has reached and can current main login be mapped to the mechanism that is used for same user's login in other application.
Three, summary of the invention
The invention provides a kind of visiting user's the single-sign-on and method of Collective qualification of between a plurality of WEB application servers, realizing.This method is as user for the first time access application system 1 time, because also not login can be directed in the identification service system and login; The log-on message that provides according to the user then, Verification System is carried out the identity effect, if through effect, can return to the authority of an authentication of user; Will be when this user visits again other application with on this authority band, as the authority of own authentication, other application system can be delivered to Verification System to this authority and carry out effect after the request of receiving, the legitimacy of inspection authority.If through verification, the user just can be under situation about need not login once more access application system 2 with application system 3.
3.1 explanation of nouns
①IT:
Proof-of-identity is written as Identity Ticket entirely, represents a user's identity.A user can only have an IT in a fixed time period.Proof-of-identity has of overall importance, holds property of a specified duration, uniqueness.
②ST:
Service authority is written as Service Ticket, the temporary identity when representing certain application system of user capture entirely.A user possibly have a plurality of ST in a fixed time period.Service authority has locality, holds property of a specified duration, nonuniqueness.
③Browser:
Browser, i.e. client on the ordinary meaning.
④AppSys/PortalSys:
Application system/gate system is written as ApplicationSystem/PortalSystem entirely, and it represents the information system of an application layer.
This information system need match with other information systems, accomplishes single-sign-on (SSO) jointly.
⑤SSOAgent:
The SSO agency, for accomplishing single-sign-on, a SSO agency in application system/gate system end administration is responsible for using the SSO of system all functions.
⑥AS:
Certificate server is written as Authentication Server entirely, mainly be responsible for user profile authentication, safeguard all relevant authority life cycles or the like.In this programme, has only a certificate server in logic.
⑦LoginPage:
User's log in page, the certificate server end provides with the list form, is used for the user and inputs user name, password, selection user certificate (if implementing PKI) etc., to accomplish the SSO login.
⑧DataSource:
Data source is preserved the data source of user profile, is used for the legitimacy of verified users information.
3.2 authority characteristic
1. proof-of-identity IT:
◇ proof-of-identity information is formed:
1) authority call number: can think unique ID of authority, generate by special algorithm.
2) authentication result information: encapsulation authentication result information.Mainly comprise the customer attribute information that requested service information (like the SSOAgent inlet link of request etc.), authenticated time, authentication success need return.
3) authority Policy Info: some security policies that authority itself is applied.
◇ proof-of-identity call number generating algorithm:
1) adopts the GUID algorithm.
2) the salt value-based algorithm of employing word string generating algorithm and expansion.
◇ proof-of-identity storage mode:
1) AS certificate server: support multiple storage mode, as: buffer memory, RDB database, LDAP or the like
2) Browser client: the Cookie that can hold of a specified durationization.
3) SSOAgent end: do not store.
2. serve authority ST:
◇ service authority information is formed:
1) authority call number: can think unique ID of authority, generate by special algorithm.
2) requested service information: like SSOAgent inlet link etc.
3) authority Policy Info: some security policies that authority itself is applied.
◇ service authority call number generating algorithm:
1) adopts the GUID algorithm.
2) the salt value-based algorithm of employing word string generating algorithm and expansion.
◇ service authority storage mode:
1) AS certificate server: support multiple storage mode, as: buffer memory, RDB database, LDAP or the like
2) Browser client: do not store.
3) SSOAgent end: do not store.
3.3 operation instruction
1. user logins AppSys/PortalSys first
The ◇ precondition:
The Browser end is not stored the identity documents IT of user; The AppSys/PortalSys end does not have the Session state (being that user does not login this information system) of user; User identity documents IT situation in the certificate server AS end unknown (or have or do not have, effective or invalid).
The ◇ flow process is described (asking for an interview accompanying drawing 1):
The 1st step: user clicks the inlet link URL of an AppSys/PortalSys on Browser; Send logging request (annotate: this inlet link is that SSOAgent aims at SSO and the inlet that provides to the external world, is different from original application system inlet) to application system/gate system.
After the 2nd step: SSOAgent terminates to this request, through judging: not login (no user correlation behavior among the Session) user this moment; Perhaps this request does not comprise a ST; Perhaps this request comprises a ST but lost efficacy.Then this moment, SSOAgent can send redirect instruction to the Browser end, was redirected to the AS end, required user to login.
After the 3rd step: AS terminates to the redirect request of Browser end, through judging: do not comprise the proof-of-identity IT (Cookie who is present in the Browser end) of user in this request, then this moment, AS can send a LoginPage log in page to the Browser end.
The 4th step: user inserts information such as user name, password at the Browser end, submits to the AS end and carries out authentication.
The 5th step: after the AS end is received the identity information of user, carry out proof procedure.If verify successfully; Then the AS end can generate a proof-of-identity IT for user; Be kept at the AS end, the application system/gate system that will conduct interviews for user generates a service evidence ST, also is kept at the AS end; Send a redirect instruction to the Browser end then, be redirected to the SSOAgent inlet link URL of original application system/gate system; In this redirection process, simultaneously the proof-of-identity IT of user is returned to the Browser end, service evidence ST is attached to parametric form is redirected the inlet link URL and returns to SSOAgent at the back.If checking is unsuccessful, then AS can resend a LoginPage log in page to the Browser end, gets back to the 4th step of this flow process.
The 6th step: after the SSOAgent end is received the redirect request of Browser end: comprise a service authority ST this moment in the request through judging.Then this moment, SSOAgent can send whether effective request (because ST is produced by AS, so by its checking) of this ST of checking to AS end.
The 7th step: after the AS end is received the request of checking ST, can check ST.Through after a series of checkout procedures,, then can return the user profile of this ST representative to SSOAgent if this ST is effective; If this ST is invalid, then also return the invalid information of this ST to SSOAgent.
The 8th step: SSOAgent can make correspondingly action after receiving the checking result of this ST.If it is effective that the result is ST, then SSOAgent can note user Session state, returns homepage or the welcome page of AppSys/PortalSys simultaneously to the Browser end; If it is invalid that the result is ST, then SSOAgent can send redirect instruction to the Browser end, is redirected to the AS end, requires user to login, and gets back to the 3rd step of this flow process afterwards.
2. user logins AppSys/PortalSys for the second time
The ◇ precondition:
The Browser end has been stored the identity documents IT (Cookie form) of user; The AppSys/PortalSys end does not have the Session state (be that user does not login this information system, refer in particular to login for the second time here) of user; User identity documents IT situation in the certificate server AS end unknown (or have or do not have, effective or invalid).
The ◇ flow process is described (asking for an interview accompanying drawing 2):
The 1st step: user clicks the inlet link URL of an AppSys/PortalSys on Browser; Send logging request (annotate: this inlet link is that SSOAgent aims at SSO and the inlet that provides to the external world, is different from original application system inlet) to application system/gate system.
After the 2nd step: SSOAgent terminates to this request, through judging: not login (no user correlation behavior among the Session) user this moment; Perhaps this request does not comprise a ST; Perhaps this request comprises a ST but lost efficacy.Then this moment, SSOAgent can send redirect instruction to the Browser end, was redirected to the AS end, required user to login.
After the 3rd step: AS terminates to the redirected request of Browser end, through judging: comprised the proof-of-identity IT (being the Cookie of Browser end) of a user in this request, then AS can carry out proof procedure to this IT at this moment.If this IT is effective; Then can upgrade this IT and preservation; The AppSys/PortalSys that will conduct interviews for user simultaneously generates a ST and preserves, and sends a redirect instruction to the Browser end then, is redirected to the SSOAgent inlet link URL of original application system/gate system; User proof-of-identity IT after in this redirection process, will upgrading simultaneously returns to the Browser end, service evidence ST is attached to redirected inlet link back with parametric form returns to SSOAgent, gets back to the 6th step of flow process 1 afterwards.If this IT is invalid, then this moment, AS can send a LoginPage log in page to the Browser end, got back to afterwards with the 4th step of flow process.
3. proof procedure:
◇ usemame/password proof procedure:
At AS certificate server end, after receiving the usemame/password that Browser sends over, can verify to the user profile data source.
◇ proof-of-identity IT proof procedure:
At AS certificate server end, after receiving the proof-of-identity that Browser sends over, can retrieve proof-of-identity according to the proof-of-identity call number, verify according to the policy information in this authority then.Proof procedure is substantially as follows:
1) current system time thinks then that greater than the term of validity time of proof-of-identity this proof-of-identity lost efficacy.
2) blanking time that differs by more than appointment last service time mutually of current system time and bill, think that then this proof-of-identity lost efficacy.
3) the proof-of-identity access times think then that greater than predetermined number of times this proof-of-identity lost efficacy.
4) other strategy is like expired strategy etc. never.
◇ service authority ST proof procedure:
At AS certificate server end, after receiving the service authority that SSOAgent sends over, can retrieve service authority according to service authority call number, verify according to the policy information in this authority then.Proof procedure is consistent with the proof-of-identity proof procedure, omits here.
3.4 authentication security
1. authority fail safe:
One co-exist in two kinds of authoritys (IT and ST) in the method, these two kinds of authoritys all have authority, confidentiality, integrality, so it is most important that relevant authority is carried out safeguard protection.
◇ storage aspect: the extent of disclosure that depends on credential information.If full disclosure then can be encrypted storage and be transferred to Browser (to IT) and SSOAgent (to ST) the authority related data; If underground, then can adopt authority generation unique index form is transmitted, what this moment, Browser and SSOAgent obtained is not authority itself, but the authority call number.
◇ strategy aspect: authority itself because of some security strategies that safety factor applies, is depended on the safe coefficient of the real system of scheme own.Concrete detailed strategy is exemplified below:
(1) term of validity strategy: the authority term of validity is that what, the authority term of validity can prolong or shorten, verify at every turn that can the term of validity automatically prolong behind the authority (what prolong)
(2) threshold values number of times strategy: whether in the authority term of validity, how many maximum access times of authority are, reach after the maximum times authority ceases to be in force automatically or becomes sleep authority
(3) pot life strategy: authority just can use, use the minimum interval size in which special time scope
(4) authority detecting strategy: the situation for illegal use authority is carried out Auto-Sensing, and provides relevant treatment and (carry out repeatedly authentication, multiple authentication authority or the like in the short time singularly such as the utmost point; )
2. communications security:
Application layer communication protocol mainly is to adopt http protocol in the method, and institute thinks that assurance user name, password, authority information are not stolen, usurp, and can adopt ssl protocol to strengthen the fail safe of communication channel.
In this programme, co-exist in four channels, safe coefficient is roughly following:
◇ Browser <>AS: transmission user name, password, proof-of-identity IT, service authority ST in this channel, security intensity is the highest, strong suggest SSL.
◇ AS <>DataSource: transmission user name, password in this channel, and possibly cross over security domain, security intensity is higher, suggest SSL (annotating: if the authentication interface that DataSource provides provides encrypted transmission, also can not use SSL).
◇ Browser <>SSOAgent: transmission service authority ST in this channel, security intensity is moderate, can use SSL.
◇ SSOAgent <>AS: transmission service authority ST, user profile in this channel, security intensity is moderate, can use SSL.
3. server security property:
Emphasis is embodied on the security solution that server itself provides, and such as IIS, Weblogic, DBServer or the like, on macroscopic view, can be divided into following two types substantially:
The ◇ server is based on the access control of territory/IP address
The ◇ server is based on the access control of local file system
Four, description of drawings
[Fig. 1]: when the user access application system first time, identifying procedure figure.
[Fig. 2]: when user's back-call application system, identifying procedure figure.
Claims (5)
1. method that between a plurality of WEB application servers, realizes user's single-sign-on and Collective qualification, this method is provided with independently certificate server, and on the WEB application server, authentication proxy is set, and said method comprises step:
The inlet link URL of a WEB system of the last click of user is sent logging request to application system
After authentication proxy receives this request, the judges authentication state, and will not have certified user's request to be redirected to certificate server.
After certificate server is received user's request, judge the proof-of-identity that does not comprise the user in this Http request, then certificate server can require the user to carry out authentication.
The user inserts information such as user name, password, submits to certificate server and carries out authentication.
Behind the certificate server identifying user identity.If verify successfully, certificate server will generate this user's proof-of-identity and be directed against the service authority of user's current request application system, and is kept on the certificate server, then in user browser, preserves proof-of-identity; Send a redirect instruction to user browser simultaneously, be redirected to the user authentication proxy of request application system before, and service evidence is sent to authentication proxy with the URL parametric form.If checking is unsuccessful, get back to a step on this flow process.
After service evidence is received by the authentication proxy of application system, can send the request of this service evidence of checking to certificate server.
After certificate server is received the request of service for checking credentials voucher, can check service evidence.If through checking, certificate server will send this user's information to the authentication proxy of application system; Otherwise certificate server can return the notice of authentication failed.
After the checking result of service ticket receives in the authentication proxy of application system, control user capture according to checking result and user profile.
During other application systems except that the current application system of user capture; The authentication proxy of access application system of institute also can be redirected to certificate server with the user and carry out authentication; At this moment certificate server can be through the identity documents in the user browser; Judge whether whether this user expired through authentication and authentication, thereby determine whether this user needs authentication again.
2. the method for claim 1 is characterized in that being provided with independently certificate server, and certificate server generates and preserve the proof-of-identity of sign user identity for the user's through authentication browser.
3. the method for claim 1 is characterized in that in application server, disposing authentication proxy, and authentication proxy is through the validity of service for checking credentials authority, and whether judges is through authentication.
4. the method for claim 1 is characterized in that being the process of auth-proxy authentication service authority validity to send this service authority to certificate server, and judging the validity of this bill through the result that certificate server returns
5. the method for claim 1; When it is characterized in that user through authentication visits other custom systems once more; The user can be redirected in authentication proxy asks certificate server, and certificate server judges that through the proof-of-identity of visitor views device whether this user is through authentication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105356480A CN102469075A (en) | 2010-11-09 | 2010-11-09 | Integrated authentication method based on WEB single sign-on |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105356480A CN102469075A (en) | 2010-11-09 | 2010-11-09 | Integrated authentication method based on WEB single sign-on |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102469075A true CN102469075A (en) | 2012-05-23 |
Family
ID=46072251
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010105356480A Pending CN102469075A (en) | 2010-11-09 | 2010-11-09 | Integrated authentication method based on WEB single sign-on |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102469075A (en) |
Cited By (42)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102739658A (en) * | 2012-06-16 | 2012-10-17 | 华南师范大学 | Offline verification method for single sign on |
| CN103078912A (en) * | 2012-12-27 | 2013-05-01 | 北京思特奇信息技术股份有限公司 | Single-point logging method and system |
| CN103078932A (en) * | 2012-12-31 | 2013-05-01 | 中国移动通信集团江苏有限公司 | Method, device and system for realizing universal single sign-on |
| CN103152351A (en) * | 2013-03-15 | 2013-06-12 | 深信服网络科技(深圳)有限公司 | Network equipment and AD (Active Directory) domain single sign on method and system |
| CN103209168A (en) * | 2013-01-30 | 2013-07-17 | 广东欧珀移动通信有限公司 | Method and system for achieving single sign-on |
| CN103295125A (en) * | 2013-04-29 | 2013-09-11 | 重庆市三健科技有限公司 | One-point multi-communication software system for middle and small size enterprises |
| CN104065612A (en) * | 2013-03-18 | 2014-09-24 | 中国移动通信集团公司 | A user management method, device and unified user management system |
| CN104125070A (en) * | 2014-07-30 | 2014-10-29 | 中国银行股份有限公司 | Mutual trust authentication method and system for plurality of information exchange systems |
| CN104168262A (en) * | 2014-07-02 | 2014-11-26 | 百度在线网络技术(北京)有限公司 | Method and server for logging in third party site |
| CN104468749A (en) * | 2014-11-23 | 2015-03-25 | 国云科技股份有限公司 | A Method of Realizing the Single Sign-on of DotNET Client and CAS Integration |
| CN105245554A (en) * | 2015-11-24 | 2016-01-13 | 无锡江南计算技术研究所 | Dynamic property access control method in cloud environment |
| CN105306423A (en) * | 2014-07-04 | 2016-02-03 | 中国银联股份有限公司 | Unified login method for distributed web station system |
| CN105530232A (en) * | 2014-10-24 | 2016-04-27 | 腾讯科技(深圳)有限公司 | Account login method and device |
| CN105592003A (en) * | 2014-10-22 | 2016-05-18 | 北京拓尔思信息技术股份有限公司 | Cross-domain single sign-on method and system based on notification |
| CN106101160A (en) * | 2016-08-26 | 2016-11-09 | 北京恒华伟业科技股份有限公司 | A kind of system login method and device |
| CN106131090A (en) * | 2016-08-31 | 2016-11-16 | 北京力鼎创软科技有限公司 | A kind of method and system of the customer access network under web authentication |
| CN106657125A (en) * | 2017-01-03 | 2017-05-10 | 上海金融云服务集团安全技术有限公司 | Flow control mechanism suitable for online identity authentication |
| CN106790063A (en) * | 2016-12-20 | 2017-05-31 | 兴唐通信科技有限公司 | A kind of method of isomery WEB system single-sign-ons |
| CN106850517A (en) * | 2015-12-04 | 2017-06-13 | 北京京东尚科信息技术有限公司 | A kind of method, apparatus and system for solving intranet and extranet repeat logon |
| CN106878260A (en) * | 2016-12-14 | 2017-06-20 | 新华三技术有限公司 | Single sign-on realization method and device |
| CN107257346A (en) * | 2017-07-07 | 2017-10-17 | 东软集团股份有限公司 | The Operational Visit processing method and its equipment of single-sign-on |
| CN107682330A (en) * | 2017-09-27 | 2018-02-09 | 广州市万表科技股份有限公司 | Unified Authentication Method and System |
| CN107809407A (en) * | 2016-09-08 | 2018-03-16 | 杭州海康威视系统技术有限公司 | A kind of streaming media resource acquisition methods, device and stream media system |
| CN107846414A (en) * | 2017-12-04 | 2018-03-27 | 山东浪潮通软信息科技有限公司 | A kind of single-point logging method and system, Centralized Authentication System |
| CN107864160A (en) * | 2017-12-21 | 2018-03-30 | 南京东巴电子科技有限公司 | A kind of method that unifying user authentication is carried out based on unique login identification card number |
| CN107872455A (en) * | 2017-11-09 | 2018-04-03 | 武汉虹旭信息技术有限责任公司 | A kind of cross-domain single login system and its method |
| CN107888568A (en) * | 2017-10-23 | 2018-04-06 | 广州星耀悦教育科技有限公司 | Unified identity authentication data managing method, electronic equipment, storage medium and system |
| CN107948131A (en) * | 2012-06-18 | 2018-04-20 | 谷歌有限责任公司 | User is set to sign in the method, system and equipment of browser |
| CN108200060A (en) * | 2018-01-03 | 2018-06-22 | 深圳壹账通智能科技有限公司 | Single sign-on authentication method, server and storage medium based on web subsystems |
| CN108600203A (en) * | 2018-04-11 | 2018-09-28 | 四川长虹电器股份有限公司 | Secure Single Sign-on method based on Cookie and its unified certification service system |
| CN108667761A (en) * | 2017-03-27 | 2018-10-16 | 上海格尔软件股份有限公司 | A method of protecting single-sign-on using safe socket character layer conversation |
| CN109274685A (en) * | 2018-11-02 | 2019-01-25 | 深圳壹账通智能科技有限公司 | Multisystem login method, device, computer equipment and storage medium |
| CN109359252A (en) * | 2018-10-30 | 2019-02-19 | 北京小米移动软件有限公司 | Browser selection method and device |
| CN109743338A (en) * | 2019-03-21 | 2019-05-10 | 深圳市网心科技有限公司 | Verification method, system, server and readable storage medium for automatic login |
| CN109936565A (en) * | 2019-01-28 | 2019-06-25 | 平安科技(深圳)有限公司 | Method, apparatus, computer equipment and storage medium for logging in to multiple service clusters |
| CN110008669A (en) * | 2019-03-28 | 2019-07-12 | 深兰科技(上海)有限公司 | A kind of platform login method, system, device, terminal device and storage medium |
| CN110291757A (en) * | 2017-02-21 | 2019-09-27 | 科因普拉格株式会社 | For providing the method for simplified account register service, user authentication service and utilizing its certificate server |
| CN112153041A (en) * | 2020-09-21 | 2020-12-29 | 南京智数云信息科技有限公司 | Method and system for realizing multisystem single sign-on based on user synchronization |
| CN113630377A (en) * | 2015-06-15 | 2021-11-09 | 安维智有限公司 | Single sign-on for hosting mobile devices |
| CN113821784A (en) * | 2021-10-13 | 2021-12-21 | 鼎道智联(北京)科技有限公司 | Multi-system single sign-on method, device and computer-readable storage medium |
| CN114531451A (en) * | 2021-12-30 | 2022-05-24 | 北京大学 | double-IP management method for computer of computer room |
| CN117319087A (en) * | 2023-11-28 | 2023-12-29 | 北京车与车科技有限公司 | Single sign-on method, device and storage medium based on centralized authentication service |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1855814A (en) * | 2005-04-29 | 2006-11-01 | 中国科学院计算机网络信息中心 | Safety uniform certificate verification design |
| US20080005789A1 (en) * | 2006-06-28 | 2008-01-03 | Fuji Xerox Co., Ltd. | Information processing system, recording medium storing control program, and computer data signal embodied in a carrier wave |
| CN101159557A (en) * | 2007-11-21 | 2008-04-09 | 华为技术有限公司 | Single point logging method, device and system |
| CN101355527A (en) * | 2008-08-15 | 2009-01-28 | 深圳市中兴移动通信有限公司 | Method for implementing single-point LOG striding domain name |
| CN101719238A (en) * | 2009-11-30 | 2010-06-02 | 中国建设银行股份有限公司 | Method and system for managing, authenticating and authorizing unified identities |
-
2010
- 2010-11-09 CN CN2010105356480A patent/CN102469075A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1855814A (en) * | 2005-04-29 | 2006-11-01 | 中国科学院计算机网络信息中心 | Safety uniform certificate verification design |
| US20080005789A1 (en) * | 2006-06-28 | 2008-01-03 | Fuji Xerox Co., Ltd. | Information processing system, recording medium storing control program, and computer data signal embodied in a carrier wave |
| CN101159557A (en) * | 2007-11-21 | 2008-04-09 | 华为技术有限公司 | Single point logging method, device and system |
| CN101355527A (en) * | 2008-08-15 | 2009-01-28 | 深圳市中兴移动通信有限公司 | Method for implementing single-point LOG striding domain name |
| CN101719238A (en) * | 2009-11-30 | 2010-06-02 | 中国建设银行股份有限公司 | Method and system for managing, authenticating and authorizing unified identities |
Cited By (65)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102739658A (en) * | 2012-06-16 | 2012-10-17 | 华南师范大学 | Offline verification method for single sign on |
| CN102739658B (en) * | 2012-06-16 | 2015-09-30 | 华南师范大学 | A kind of offline verification method of single-sign-on |
| CN107948131B (en) * | 2012-06-18 | 2021-01-12 | 谷歌有限责任公司 | Method, system and equipment for logging user in browser |
| CN107948131A (en) * | 2012-06-18 | 2018-04-20 | 谷歌有限责任公司 | User is set to sign in the method, system and equipment of browser |
| CN103078912A (en) * | 2012-12-27 | 2013-05-01 | 北京思特奇信息技术股份有限公司 | Single-point logging method and system |
| CN103078932B (en) * | 2012-12-31 | 2016-01-27 | 中国移动通信集团江苏有限公司 | A kind of methods, devices and systems realizing universal single sign-on |
| CN103078932A (en) * | 2012-12-31 | 2013-05-01 | 中国移动通信集团江苏有限公司 | Method, device and system for realizing universal single sign-on |
| CN103209168A (en) * | 2013-01-30 | 2013-07-17 | 广东欧珀移动通信有限公司 | Method and system for achieving single sign-on |
| CN103152351A (en) * | 2013-03-15 | 2013-06-12 | 深信服网络科技(深圳)有限公司 | Network equipment and AD (Active Directory) domain single sign on method and system |
| CN104065612A (en) * | 2013-03-18 | 2014-09-24 | 中国移动通信集团公司 | A user management method, device and unified user management system |
| CN104065612B (en) * | 2013-03-18 | 2017-11-14 | 中国移动通信集团公司 | A kind of user management method, device and Union user management system |
| CN103295125A (en) * | 2013-04-29 | 2013-09-11 | 重庆市三健科技有限公司 | One-point multi-communication software system for middle and small size enterprises |
| CN104168262A (en) * | 2014-07-02 | 2014-11-26 | 百度在线网络技术(北京)有限公司 | Method and server for logging in third party site |
| CN104168262B (en) * | 2014-07-02 | 2017-08-18 | 百度在线网络技术(北京)有限公司 | Log in the method and server of third party's website |
| CN105306423A (en) * | 2014-07-04 | 2016-02-03 | 中国银联股份有限公司 | Unified login method for distributed web station system |
| CN105306423B (en) * | 2014-07-04 | 2018-12-25 | 中国银联股份有限公司 | Unified login method for distribution Web web station system |
| CN104125070B (en) * | 2014-07-30 | 2018-05-15 | 中国银行股份有限公司 | A kind of mutual trust authentication method and system for multiple information interaction systems |
| CN104125070A (en) * | 2014-07-30 | 2014-10-29 | 中国银行股份有限公司 | Mutual trust authentication method and system for plurality of information exchange systems |
| CN105592003A (en) * | 2014-10-22 | 2016-05-18 | 北京拓尔思信息技术股份有限公司 | Cross-domain single sign-on method and system based on notification |
| CN105592003B (en) * | 2014-10-22 | 2019-08-09 | 北京拓尔思信息技术股份有限公司 | A kind of cross-domain single login method and system based on notice |
| CN105530232A (en) * | 2014-10-24 | 2016-04-27 | 腾讯科技(深圳)有限公司 | Account login method and device |
| CN105530232B (en) * | 2014-10-24 | 2020-06-16 | 腾讯科技(深圳)有限公司 | Account login method and device |
| CN104468749A (en) * | 2014-11-23 | 2015-03-25 | 国云科技股份有限公司 | A Method of Realizing the Single Sign-on of DotNET Client and CAS Integration |
| CN113630377A (en) * | 2015-06-15 | 2021-11-09 | 安维智有限公司 | Single sign-on for hosting mobile devices |
| CN113630377B (en) * | 2015-06-15 | 2023-07-04 | 安维智有限公司 | Single sign-on for hosted mobile devices |
| CN105245554B (en) * | 2015-11-24 | 2018-04-10 | 无锡江南计算技术研究所 | A kind of dynamic attribute access control method under cloud environment |
| CN105245554A (en) * | 2015-11-24 | 2016-01-13 | 无锡江南计算技术研究所 | Dynamic property access control method in cloud environment |
| CN106850517A (en) * | 2015-12-04 | 2017-06-13 | 北京京东尚科信息技术有限公司 | A kind of method, apparatus and system for solving intranet and extranet repeat logon |
| CN106101160A (en) * | 2016-08-26 | 2016-11-09 | 北京恒华伟业科技股份有限公司 | A kind of system login method and device |
| CN106131090A (en) * | 2016-08-31 | 2016-11-16 | 北京力鼎创软科技有限公司 | A kind of method and system of the customer access network under web authentication |
| CN107809407B (en) * | 2016-09-08 | 2020-04-03 | 杭州海康威视系统技术有限公司 | A kind of streaming media resource acquisition method, device and streaming media system |
| CN107809407A (en) * | 2016-09-08 | 2018-03-16 | 杭州海康威视系统技术有限公司 | A kind of streaming media resource acquisition methods, device and stream media system |
| CN106878260A (en) * | 2016-12-14 | 2017-06-20 | 新华三技术有限公司 | Single sign-on realization method and device |
| CN106878260B (en) * | 2016-12-14 | 2020-04-03 | 新华三技术有限公司 | Single sign-on realization method and device |
| CN106790063A (en) * | 2016-12-20 | 2017-05-31 | 兴唐通信科技有限公司 | A kind of method of isomery WEB system single-sign-ons |
| CN106790063B (en) * | 2016-12-20 | 2020-07-17 | 兴唐通信科技有限公司 | Method for single sign-on of heterogeneous WEB system |
| CN106657125A (en) * | 2017-01-03 | 2017-05-10 | 上海金融云服务集团安全技术有限公司 | Flow control mechanism suitable for online identity authentication |
| CN110291757B (en) * | 2017-02-21 | 2022-08-09 | 科因普拉格株式会社 | Method for providing simplified account registration service, user authentication service, and authentication server using the same |
| CN110291757A (en) * | 2017-02-21 | 2019-09-27 | 科因普拉格株式会社 | For providing the method for simplified account register service, user authentication service and utilizing its certificate server |
| CN108667761A (en) * | 2017-03-27 | 2018-10-16 | 上海格尔软件股份有限公司 | A method of protecting single-sign-on using safe socket character layer conversation |
| CN108667761B (en) * | 2017-03-27 | 2022-02-08 | 格尔软件股份有限公司 | Method for protecting single sign-on by using session of secure socket layer |
| CN107257346A (en) * | 2017-07-07 | 2017-10-17 | 东软集团股份有限公司 | The Operational Visit processing method and its equipment of single-sign-on |
| CN107257346B (en) * | 2017-07-07 | 2020-01-24 | 东软集团股份有限公司 | Single sign-on service access processing method, system end and storage medium |
| CN107682330A (en) * | 2017-09-27 | 2018-02-09 | 广州市万表科技股份有限公司 | Unified Authentication Method and System |
| CN107888568A (en) * | 2017-10-23 | 2018-04-06 | 广州星耀悦教育科技有限公司 | Unified identity authentication data managing method, electronic equipment, storage medium and system |
| CN107872455A (en) * | 2017-11-09 | 2018-04-03 | 武汉虹旭信息技术有限责任公司 | A kind of cross-domain single login system and its method |
| CN107846414A (en) * | 2017-12-04 | 2018-03-27 | 山东浪潮通软信息科技有限公司 | A kind of single-point logging method and system, Centralized Authentication System |
| CN107864160A (en) * | 2017-12-21 | 2018-03-30 | 南京东巴电子科技有限公司 | A kind of method that unifying user authentication is carried out based on unique login identification card number |
| CN108200060A (en) * | 2018-01-03 | 2018-06-22 | 深圳壹账通智能科技有限公司 | Single sign-on authentication method, server and storage medium based on web subsystems |
| CN108200060B (en) * | 2018-01-03 | 2020-07-14 | 深圳壹账通智能科技有限公司 | Single sign-on authentication method, server and storage medium based on web subsystem |
| CN108600203A (en) * | 2018-04-11 | 2018-09-28 | 四川长虹电器股份有限公司 | Secure Single Sign-on method based on Cookie and its unified certification service system |
| CN109359252A (en) * | 2018-10-30 | 2019-02-19 | 北京小米移动软件有限公司 | Browser selection method and device |
| CN109274685A (en) * | 2018-11-02 | 2019-01-25 | 深圳壹账通智能科技有限公司 | Multisystem login method, device, computer equipment and storage medium |
| CN109274685B (en) * | 2018-11-02 | 2021-09-17 | 深圳壹账通智能科技有限公司 | Multi-system login method and device, computer equipment and storage medium |
| WO2020087778A1 (en) * | 2018-11-02 | 2020-05-07 | 深圳壹账通智能科技有限公司 | Multiple system login method, apparatus, computer device and storage medium |
| CN109936565A (en) * | 2019-01-28 | 2019-06-25 | 平安科技(深圳)有限公司 | Method, apparatus, computer equipment and storage medium for logging in to multiple service clusters |
| CN109743338A (en) * | 2019-03-21 | 2019-05-10 | 深圳市网心科技有限公司 | Verification method, system, server and readable storage medium for automatic login |
| CN110008669A (en) * | 2019-03-28 | 2019-07-12 | 深兰科技(上海)有限公司 | A kind of platform login method, system, device, terminal device and storage medium |
| CN112153041A (en) * | 2020-09-21 | 2020-12-29 | 南京智数云信息科技有限公司 | Method and system for realizing multisystem single sign-on based on user synchronization |
| CN113821784A (en) * | 2021-10-13 | 2021-12-21 | 鼎道智联(北京)科技有限公司 | Multi-system single sign-on method, device and computer-readable storage medium |
| CN113821784B (en) * | 2021-10-13 | 2025-01-28 | 鼎道智联(北京)科技有限公司 | Multi-system single sign-on method, device and computer-readable storage medium |
| CN114531451A (en) * | 2021-12-30 | 2022-05-24 | 北京大学 | double-IP management method for computer of computer room |
| CN114531451B (en) * | 2021-12-30 | 2023-12-05 | 北京大学 | A method for dual IP management of computer rooms |
| CN117319087A (en) * | 2023-11-28 | 2023-12-29 | 北京车与车科技有限公司 | Single sign-on method, device and storage medium based on centralized authentication service |
| CN117319087B (en) * | 2023-11-28 | 2024-02-27 | 北京车与车科技有限公司 | Single sign-on method, device and storage medium based on centralized authentication service |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102469075A (en) | Integrated authentication method based on WEB single sign-on | |
| US9191375B2 (en) | System and method for accessing integrated applications in a single sign-on enabled enterprise solution | |
| US8196193B2 (en) | Method for retrofitting password enabled computer software with a redirection user authentication method | |
| US8832782B2 (en) | Single sign-on system and method | |
| CN105024819B (en) | A kind of multiple-factor authentication method and system based on mobile terminal | |
| JP6170158B2 (en) | Mobile multi single sign-on authentication | |
| US10778668B2 (en) | HTTP session validation module | |
| CN101938473B (en) | Single-point login system and single-point login method | |
| CN102638454B (en) | A plug-in single sign-on integration method for HTTP authentication protocol | |
| CN112468481B (en) | Single-page and multi-page web application identity integrated authentication method based on CAS | |
| CN104767731B (en) | A kind of Restful move transactions system identity certification means of defence | |
| US8800013B2 (en) | Devolved authentication | |
| CN102624720B (en) | Method, device and system for identity authentication | |
| CN108600203A (en) | Secure Single Sign-on method based on Cookie and its unified certification service system | |
| WO2017028804A1 (en) | Web real-time communication platform authentication and access method and device | |
| CN111131301A (en) | Unified authentication and authorization scheme | |
| CN105430014B (en) | A kind of single-point logging method and its system | |
| US7665127B1 (en) | System and method for providing access to protected services | |
| CN111062023B (en) | Method and device for realizing single sign-on of multi-application system | |
| JP2015535984A5 (en) | ||
| CN109165500A (en) | A kind of single sign-on authentication system and method based on cross-domain technology | |
| WO2014048749A1 (en) | Inter-domain single sign-on | |
| CN101902327A (en) | A method, device and system for realizing single sign-on | |
| CN109495486B (en) | Single-page Web application integration CAS method based on JWT | |
| CN106161348A (en) | A single sign-on method, system and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C53 | Correction of patent of invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 100080 Beijing City, Haidian District Zhongguancun street, No. 19 gate tower B 16 floor North Wing Applicant after: Zhongke Information Security Common Technology National Engineering Research Center Co., Ltd. Address before: 100080 Beijing City, Haidian District Zhongguancun street, No. 19 gate tower B 16 floor North Wing Applicant before: Zhongke Zhengyang Information Security Technology Co., Ltd. |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: APPLICANT; FROM: ZHONGKE ZHENGYANG INFORMATION SECURITY TECHNOLOGY CO., LTD. TO: NERCIS |
|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120523 |