[go: up one dir, main page]

CN110753044A - An identity authentication method, system, electronic device and storage medium - Google Patents

An identity authentication method, system, electronic device and storage medium Download PDF

Info

Publication number
CN110753044A
CN110753044A CN201910968799.6A CN201910968799A CN110753044A CN 110753044 A CN110753044 A CN 110753044A CN 201910968799 A CN201910968799 A CN 201910968799A CN 110753044 A CN110753044 A CN 110753044A
Authority
CN
China
Prior art keywords
user
server
ldap server
login information
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910968799.6A
Other languages
Chinese (zh)
Inventor
程小伟
赵阳阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Yingxin Computer Technology Co Ltd
Original Assignee
Shandong Yingxin Computer Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Yingxin Computer Technology Co Ltd filed Critical Shandong Yingxin Computer Technology Co Ltd
Priority to CN201910968799.6A priority Critical patent/CN110753044A/en
Publication of CN110753044A publication Critical patent/CN110753044A/en
Priority to PCT/CN2020/092842 priority patent/WO2021068518A1/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4523Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using lightweight directory access protocol [LDAP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application discloses an identity authentication method, which comprises the following steps: receiving server configuration parameters, and connecting an LDAP server by using the server configuration parameters; receiving user login information; the user login information comprises a user name and a login password; judging whether the standard login information stored in the authentication source comprises the user login information or not; the authentication source comprises a local database and a target LDAP server, and the target LDAP server is a successfully connected LDAP server; if yes, the identity authentication state is set to be authenticated, and the identity authentication efficiency can be improved. The application also discloses an identity authentication system, an electronic device and a storage medium, which have the beneficial effects.

Description

一种身份认证方法、系统、电子设备及存储介质An identity authentication method, system, electronic device and storage medium

技术领域technical field

本申请涉及计算机技术领域,特别涉及一种身份认证方法、系统、一种电子设备及一种存储介质。The present application relates to the field of computer technology, and in particular, to an identity authentication method, a system, an electronic device, and a storage medium.

背景技术Background technique

Web(World Wide Web)即全球广域网,是一种基于超文本和HTTP的、全球性的、动态交互的、跨平台的分布式图形信息系统。Web系统是建立在Internet上的一种网络服务,为浏览者在Internet上查找和浏览信息提供了图形化的、易于访问的直观界面,其中的文档及超级链接将Internet上的信息节点组织成一个互为关联的网状结构。Web (World Wide Web) is a global wide area network, which is a global, dynamic interactive, cross-platform distributed graphic information system based on hypertext and HTTP. The Web system is a network service built on the Internet. It provides a graphical, easy-to-access and intuitive interface for browsers to find and browse information on the Internet. The documents and hyperlinks in it organize the information nodes on the Internet into a interrelated network structure.

在现有的Web系统中,用户的登录操作需要通过本地数据库用户校验,以便查询用户角色权限。但是在上述相关技术的用户登录方法中,若本地数据库业务压力较大或出现异常时,无法及时从本地数据库中查询用户的相关校验数据,导致身份认证效率较低。In the existing Web system, the user's login operation needs to be verified by the local database user in order to query the user's role permissions. However, in the user login method of the above-mentioned related art, if the local database is under great service pressure or abnormal, the relevant verification data of the user cannot be queried from the local database in time, resulting in low efficiency of identity authentication.

因此,如何提高身份认证效率是本领域技术人员目前需要解决的技术问题。Therefore, how to improve the efficiency of identity authentication is a technical problem that needs to be solved by those skilled in the art.

发明内容SUMMARY OF THE INVENTION

本申请的目的是提供一种身份认证方法、系统、一种电子设备及一种存储介质,能够提高身份认证效率。The purpose of this application is to provide an identity authentication method, a system, an electronic device and a storage medium, which can improve the efficiency of identity authentication.

为解决上述技术问题,本申请提供一种身份认证方法,该身份认证方法包括:In order to solve the above-mentioned technical problems, the present application provides an identity authentication method, which includes:

接收服务器配置参数,并利用所述服务器配置参数连接LDAP服务器;receiving server configuration parameters, and using the server configuration parameters to connect to the LDAP server;

接收用户登录信息;其中,所述用户登录信息包括用户名和登录密码;Receive user login information; wherein, the user login information includes a user name and a login password;

判断认证源存储的标准登录信息中是否包括所述用户登录信息;其中,所述认证源包括本地数据库和目标LDAP服务器,所述目标LDAP服务器为连接成功的LDAP服务器;Determine whether the standard login information stored by the authentication source includes the user login information; wherein, the authentication source includes a local database and a target LDAP server, and the target LDAP server is a successfully connected LDAP server;

若是,则将身份认证状态设置为认证通过。If so, set the authentication status to authenticated.

可选的,在将身份认证状态设置为认证通过之后,还包括:Optionally, after the identity authentication status is set to passed authentication, it also includes:

查询所述用户登录信息对应的用户属性,并为用户分配所述用户属性对应的权限。The user attribute corresponding to the user login information is queried, and the user is assigned the authority corresponding to the user attribute.

可选的,还包括:Optionally, also include:

构建权限对应关系表;其中,所述权限对应关系表中存储有所述用户属性与权限的对应关系;Building a permission correspondence table; wherein, the permission correspondence table stores the correspondence between the user attributes and the permission;

相应的,所述为用户分配所述用户属性对应的权限包括:Correspondingly, the assigning the permission corresponding to the user attribute to the user includes:

通过查询所述权限对应关系表为用户分配所述用户属性对应的权限。The permission corresponding to the user attribute is allocated to the user by querying the permission correspondence table.

可选的,查询所述用户登录信息对应的用户属性包括:Optionally, querying the user attribute corresponding to the user login information includes:

当所述本地数据库包括所述用户登录信息时,则根据所述本地数据库查询所述用户登录信息对应的用户属性;When the local database includes the user login information, query the user attribute corresponding to the user login information according to the local database;

当所述目标LDAP服务器包括所述用户登录信息时,则根据所述目标LDAP服务器查询所述用户登录信息对应的用户属性。When the target LDAP server includes the user login information, query the user attribute corresponding to the user login information according to the target LDAP server.

可选的,在接收服务器配置参数之前,还包括:Optionally, before receiving the server configuration parameters, it also includes:

通过Web配置页面为所述LDAP服务器设置标准配置参数;Set standard configuration parameters for the LDAP server through the Web configuration page;

相应的,利用所述服务器配置参数连接LDAP服务器包括:Correspondingly, using the server configuration parameters to connect to the LDAP server includes:

向所述LDAP服务器发送所述服务器配置参数,以便所述LDAP服务器根据所述标准配置参数判断所述服务器配置参数是否正确;sending the server configuration parameters to the LDAP server, so that the LDAP server judges whether the server configuration parameters are correct according to the standard configuration parameters;

其中,当所述服务器配置参数正确时,则判定连接所述LDAP服务器成功;当所述服务器配置参数不正确时,则判定连接所述LDAP服务器失败。Wherein, when the server configuration parameters are correct, it is determined that the connection to the LDAP server is successful; when the server configuration parameters are incorrect, it is determined that the connection to the LDAP server fails.

可选的,所述服务器配置参数包括服务器域名、服务器端口、基准标识名、用户类名称、用户目录和用户属性中的任一项或任几项的组合。Optionally, the server configuration parameter includes any one or a combination of any of the server domain name, server port, reference identifier, user class name, user directory, and user attributes.

可选的,目标LDAP服务器为第三方认证源名单中的LDAP服务器;Optionally, the target LDAP server is an LDAP server in the third-party authentication source list;

相应的,还包括:Accordingly, it also includes:

当接收到认证源删除信息时,根据所述认证源删除信息确定第一目标LDAP服务器,并将所述第一目标LDAP服务器从所述第三方认证源名单中删除;When receiving the authentication source deletion information, determine a first target LDAP server according to the authentication source deletion information, and delete the first target LDAP server from the third-party authentication source list;

当接收到认证源增加信息时,根据所述认证源增加信息确定第二目标LDAP服务器,并在所述第三方认证源名单中增加所述第二目标LDAP服务器。When the authentication source addition information is received, a second target LDAP server is determined according to the authentication source addition information, and the second target LDAP server is added to the third-party authentication source list.

本申请还提供了一种身份认证系统,该身份认证系统包括:The application also provides an identity authentication system, the identity authentication system includes:

服务器连接模块,用于接收服务器配置参数,并利用所述服务器配置参数连接LDAP服务器;A server connection module, configured to receive server configuration parameters, and use the server configuration parameters to connect to the LDAP server;

信息接收模块,用于接收用户登录信息;其中,所述用户登录信息包括用户名和登录密码;an information receiving module for receiving user login information; wherein the user login information includes a user name and a login password;

认证模块,用于判断认证源存储的标准登录信息中是否包括所述用户登录信息;其中,所述认证源包括本地数据库和目标LDAP服务器,所述目标LDAP服务器为连接成功的LDAP服务器;An authentication module, configured to judge whether the standard login information stored by the authentication source includes the user login information; wherein, the authentication source includes a local database and a target LDAP server, and the target LDAP server is a successfully connected LDAP server;

状态设置模块,用于当所述标准登录信息中包括所述用户登录信息时,将身份认证状态设置为认证通过。A state setting module, configured to set the identity authentication state to passed authentication when the standard login information includes the user login information.

本申请还提供了一种存储介质,其上存储有计算机程序,所述计算机程序执行时实现上述身份认证方法执行的步骤。The present application also provides a storage medium on which a computer program is stored, and when the computer program is executed, the steps performed by the above-mentioned identity authentication method are implemented.

本申请还提供了一种电子设备,包括存储器和处理器,所述存储器中存储有计算机程序,所述处理器调用所述存储器中的计算机程序时实现上述身份认证方法执行的步骤。The present application also provides an electronic device, including a memory and a processor, wherein a computer program is stored in the memory, and when the processor invokes the computer program in the memory, the steps of the above-mentioned identity authentication method are implemented.

本申请提供了一种身份认证方法,包括接收服务器配置参数,并利用所述服务器配置参数连接LDAP服务器;接收用户登录信息;其中,所述用户登录信息包括用户名和登录密码;判断认证源存储的标准登录信息中是否包括所述用户登录信息;其中,所述认证源包括本地数据库和目标LDAP服务器,所述目标LDAP服务器为连接成功的LDAP服务器;若是,则将身份认证状态设置为认证通过。The application provides an identity authentication method, which includes receiving server configuration parameters, and using the server configuration parameters to connect to an LDAP server; receiving user login information; wherein the user login information includes a user name and a login password; Whether the user login information is included in the standard login information; wherein, the authentication source includes a local database and a target LDAP server, and the target LDAP server is a successfully connected LDAP server; if so, the identity authentication status is set to pass authentication.

本申请根据服务器配置参数连接LDAP服务器,LDAP服务器中可以存储有标准登录信息,也就是说本申请将LDAP服务器只作为除本地数据库之外存储标准登录信息的装置,实现了多个认证源共同参与用户登录信息的校验。因此在接收到用户输入的用户名和登录密码之后,本申请基于本地数据库和目标LDAP服务器对用户名和密码进行校验,以便身份认证操作。由于本申请引入多个认证源参与身份认证操作,能够降低因部分认证源业务压力较大或出现异常对于争分认证业务的影响,提高了身份认证效率。本申请同时还提供了一种身份认证系统、一种电子设备和一种存储介质,具有上述有益效果,在此不再赘述。This application connects to the LDAP server according to the server configuration parameters, and the LDAP server can store standard login information, that is to say, the application uses the LDAP server only as a device for storing standard login information in addition to the local database, and realizes the joint participation of multiple authentication sources. Verification of user login information. Therefore, after receiving the user name and login password input by the user, the present application verifies the user name and password based on the local database and the target LDAP server, so as to facilitate the authentication operation. Since the present application introduces multiple authentication sources to participate in the identity authentication operation, the impact on the authentication service due to the high business pressure or abnormality of some authentication sources can be reduced, and the identity authentication efficiency can be improved. The present application also provides an identity authentication system, an electronic device, and a storage medium, which have the above beneficial effects, and are not repeated here.

附图说明Description of drawings

为了更清楚地说明本申请实施例,下面将对实施例中所需要使用的附图做简单的介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to describe the embodiments of the present application more clearly, the following will briefly introduce the drawings that are used in the embodiments. Obviously, the drawings in the following description are only some embodiments of the present application, which are not relevant to ordinary skills in the art. As far as personnel are concerned, other drawings can also be obtained from these drawings on the premise of no creative work.

图1为本申请实施例所提供的一种身份认证方法的流程图;1 is a flowchart of an identity authentication method provided by an embodiment of the present application;

图2为本申请实施例所提供的一种用户权限分配方法的流程图;2 is a flowchart of a method for assigning user rights provided by an embodiment of the present application;

图3为本申请实施例所提供的一种基于LDAP服务器和本地数据库的多域身份认证方法的原理示意图;3 is a schematic diagram of the principle of a multi-domain identity authentication method based on an LDAP server and a local database provided by an embodiment of the present application;

图4为本申请实施例所提供的一种身份认证系统的结构示意图。FIG. 4 is a schematic structural diagram of an identity authentication system provided by an embodiment of the present application.

具体实施方式Detailed ways

为使本申请实施例的目的、技术方案和优点更加清楚,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be described clearly and completely below with reference to the drawings in the embodiments of the present application. Obviously, the described embodiments It is a part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present application.

下面请参见图1,图1为本申请实施例所提供的一种身份认证方法的流程图。Referring to FIG. 1 below, FIG. 1 is a flowchart of an identity authentication method provided by an embodiment of the present application.

具体步骤可以包括:Specific steps can include:

S101:接收服务器配置参数,并利用所述服务器配置参数连接LDAP服务器;S101: Receive server configuration parameters, and use the server configuration parameters to connect to an LDAP server;

其中,本实施例的执行主体可以为Web服务器,多个客户端与Web服务器连接,客户端可以向Web服务器发送服务器配置参数以便连接LDAP(Lightweight Directory AccessProtocol,轻量目录访问协议)服务器,客户端还可以向Web服务器发送用户登录信息,以便Web服务器基于认证源对用户登录信息进行身份认证。The execution body of this embodiment may be a Web server, multiple clients are connected to the Web server, and the client may send server configuration parameters to the Web server in order to connect to an LDAP (Lightweight Directory Access Protocol) server, and the client The user login information may also be sent to the Web server, so that the Web server performs identity authentication on the user login information based on the authentication source.

在本步骤之前可以存在客户端向Web服务器发送服务器配置参数的操作,具体的服务器配置参数可以包括服务器域名、服务器端口、基准标识名、用户类名称、用户目录和用户属性中的任一项或任几项的组合。在接收到服务器配置参数之后,可以在Web配置页面中输入上述服务器配置参数以便连接LDAP服务器。在本步骤之前可以存在Web服务器设置LDAP服务器的标准连接参数的操作,若客户端发送的服务器配置参数为标准连接参数,则可以使Web服务器连接LDAP服务器;若客户端发送的服务器配置参数不为标准连接参数,则说明Web服务器连接LDAP服务器失败。Before this step, there may be an operation that the client sends server configuration parameters to the Web server, and the specific server configuration parameters may include any one of the server domain name, server port, reference identifier, user class name, user directory, and user attributes or any combination of items. After receiving the server configuration parameters, you can enter the above server configuration parameters in the web configuration page to connect to the LDAP server. Before this step, there may be an operation for the Web server to set the standard connection parameters of the LDAP server. If the server configuration parameters sent by the client are standard connection parameters, the Web server can be connected to the LDAP server; if the server configuration parameters sent by the client are not If the standard connection parameters are used, the Web server fails to connect to the LDAP server.

作为一种可行的实施方式,本步骤中接收到的服务器配置参数可以为连接多个LDAP服务器的多组服务器配置参数,可以将连接成功的LDAP服务器设置为目标LDAP服务器。在常规技术中,LDAP服务器用于提供目录服务,但是现有的LDAP服务器只是作为一个查询用户信息的数据库,没有完成登录第三方系统的功能。本申请中的LDAP服务器中可以存储有标准登录信息,通过与Web服务器连接实现进行身份认证。As a feasible implementation manner, the server configuration parameters received in this step may be multiple groups of server configuration parameters connecting to multiple LDAP servers, and the LDAP server that is successfully connected may be set as the target LDAP server. In the conventional technology, the LDAP server is used to provide directory services, but the existing LDAP server is only used as a database for querying user information, and does not complete the function of logging in to a third-party system. The LDAP server in this application may store standard login information, and implement identity authentication by connecting with the Web server.

作为对于以上步骤的进一步补充,在接收服务器配置参数之前,可以执行以下操作:通过Web配置页面为所述LDAP服务器设置标准配置参数。相应的,S101的相关操作可以为:向所述LDAP服务器发送所述服务器配置参数,以便所述LDAP服务器根据所述标准配置参数判断所述服务器配置参数是否正确;其中,当所述服务器配置参数正确时,则判定连接所述LDAP服务器成功;当所述服务器配置参数不正确时,则判定连接所述LDAP服务器失败。As a further supplement to the above steps, before receiving the server configuration parameters, the following operations may be performed: set standard configuration parameters for the LDAP server through a Web configuration page. Correspondingly, the relevant operation of S101 may be: sending the server configuration parameters to the LDAP server, so that the LDAP server judges whether the server configuration parameters are correct according to the standard configuration parameters; wherein, when the server configuration parameters When it is correct, it is determined that the connection to the LDAP server is successful; when the server configuration parameters are incorrect, it is determined that the connection to the LDAP server fails.

S102:接收用户登录信息;S102: Receive user login information;

其中,在本步骤接收的用户登录信息为客户端发送的用户名和登录密码,用户登录信息也可以为用户在前端Web页面输入的用户名和登录密码。The user login information received in this step is the user name and login password sent by the client, and the user login information may also be the user name and login password entered by the user on the front-end Web page.

S103:判断认证源存储的标准登录信息中是否包括所述用户登录信息;若是,则进入S104;S103: Determine whether the user login information is included in the standard login information stored by the authentication source; if so, enter S104;

其中,本实施例中提到的认证源可以包括Web服务器的本地数据库和接入成功的LDAP服务器,可以将S102接收的用户登录信息与所有认证源中存储的标准登录信息进行匹配,以便判断认证源中是否存储该用户登录信息,若存储有该用户登录信息则可以进入S104以便将身份认证状态设置为认证通过,若未存储有用户登录信息则可以返回登陆失败的提示信息。本实施例中的认证源可以包括本地数据库和目标LDAP服务器,所述目标LDAP服务器为S101连接成功的LDAP服务器。The authentication source mentioned in this embodiment may include the local database of the Web server and the LDAP server that has been successfully accessed, and the user login information received in S102 may be matched with the standard login information stored in all authentication sources, so as to determine the authentication Whether the user login information is stored in the source, if the user login information is stored, it can go to S104 to set the identity authentication status to authentication passed, and if the user login information is not stored, a login failure prompt message can be returned. The authentication source in this embodiment may include a local database and a target LDAP server, where the target LDAP server is an LDAP server successfully connected in S101.

作为一种可行的实施方式,本实施例中的目标LDAP服务器可以为连接成功且存在于第三方认证源名单的LDAP服务器,本实施例中可以设置有第三方认证源名单用于记录可以参与身份认证的LDAP服务器。在存在第三方认证源名单的前提下,本实施例中作为认证源的LDAP服务器既是第三方认证源名单中的服务器,还是连接成功的LDAP服务器。相应的,本实施例还可以存在更新第三方认证源名单的操作:当接收到认证源删除信息时,根据所述认证源删除信息确定第一目标LDAP服务器,并将所述第一目标LDAP服务器从所述第三方认证源名单中删除;当接收到认证源增加信息时,根据所述认证源增加信息确定第二目标LDAP服务器,并在所述第三方认证源名单中增加所述第二目标LDAP服务器。As a feasible implementation manner, the target LDAP server in this embodiment may be an LDAP server that is successfully connected and exists in the third-party authentication source list. In this embodiment, a third-party authentication source list may be set to record the identities that can participate. Authenticated LDAP server. On the premise that there is a list of third-party authentication sources, the LDAP server serving as the authentication source in this embodiment is not only a server in the list of third-party authentication sources, but also a successfully connected LDAP server. Correspondingly, this embodiment may also include an operation of updating the list of third-party authentication sources: when receiving authentication source deletion information, determine the first target LDAP server according to the authentication source deletion information, and assign the first target LDAP server to the authentication source. Delete from the third-party authentication source list; when receiving authentication source addition information, determine a second target LDAP server according to the authentication source addition information, and add the second target to the third-party authentication source list LDAP server.

可以理解的是,本实施例中存在多个认证源,当一个或一个以上的认证源中存储的标准登录信息包括用户登录信息时,则可以进入S104的操作设置用户通过身份认证。It can be understood that there are multiple authentication sources in this embodiment, and when the standard login information stored in one or more authentication sources includes user login information, the operation of S104 may be entered to set the user to pass identity authentication.

S104:将身份认证状态设置为认证通过。S104: Set the identity authentication state to pass the authentication.

其中,本步骤建立在标准登录信息中包括所述用户登录信息的基础上,可以将身份认证状态设置为认证通过。作为一种可行的实施方式,本实施例在将用户或客户端的身份认证状态设置为认证通过之后,还可以查询该用户登录信息对应的用户角色,并为该用户登录信息对应的用户或客户端分配该用户角色的权限。Wherein, this step is based on the standard login information including the user login information, and the identity authentication status may be set as authentication passed. As a feasible implementation manner, in this embodiment, after the identity authentication status of the user or client is set to pass authentication, the user role corresponding to the user's login information can also be queried, and the user or client corresponding to the user's login information can be queried. Permission to assign this user role.

本实施例根据服务器配置参数连接LDAP服务器,LDAP服务器中可以存储有标准登录信息,也就是说本实施例将LDAP服务器只作为除本地数据库之外存储标准登录信息的装置,实现了多个认证源共同参与用户登录信息的校验。因此在接收到用户输入的用户名和登录密码之后,本实施例基于本地数据库和目标LDAP服务器对用户名和密码进行校验,以便身份认证操作。由于本实施例引入多个认证源参与身份认证操作,能够降低因部分认证源业务压力较大或出现异常对于争分认证业务的影响,提高了身份认证效率。This embodiment connects to the LDAP server according to the server configuration parameters, and the LDAP server may store standard login information. That is to say, in this embodiment, the LDAP server is only used as a device for storing standard login information in addition to the local database, and multiple authentication sources are implemented. Participate in the verification of user login information together. Therefore, after receiving the user name and login password input by the user, this embodiment verifies the user name and password based on the local database and the target LDAP server, so as to facilitate the identity authentication operation. Since the present embodiment introduces multiple authentication sources to participate in the identity authentication operation, the impact on the authentication service due to the high business pressure or abnormality of some authentication sources can be reduced, and the identity authentication efficiency can be improved.

下面请参见图2,图2为本申请实施例所提供的一种用户权限分配方法的流程图;本实施例是对图1对应的实施例中S104操作之后的进一步补充,在身份认证成功的基础上描述了权限分配的方案,可以将本实施例与图1对应的实施例相结合得到更为优选的实施方式,本实施例可以包括以下操作:Please refer to FIG. 2 below, which is a flowchart of a method for assigning user rights provided by an embodiment of the present application; this embodiment is a further supplement after the operation of S104 in the embodiment corresponding to FIG. 1 . Based on the description of the authority allocation scheme, a more preferred implementation can be obtained by combining this embodiment with the embodiment corresponding to FIG. 1 , and this embodiment may include the following operations:

S201:查询所述用户登录信息对应的用户属性;S201: Query the user attribute corresponding to the user login information;

其中,本实施例中可以预先记录每一用户名与用户属性对应的关系,用户属性可以包括管理员账户、普通账户和子账户等,可以根据用户登录信息中的用户名确定用户属性。In this embodiment, the relationship between each user name and user attributes may be pre-recorded, and the user attributes may include administrator accounts, ordinary accounts, and sub-accounts, and the user attributes may be determined according to the user name in the user login information.

若将本实施例与图1对应的实施例相结合,每个认证源中均可以存储用户登录信息与用户属性的对应关系,具体的,当所述本地数据库包括所述用户登录信息时,则可以根据所述本地数据库查询所述用户登录信息对应的用户属性;当所述目标LDAP服务器包括所述用户登录信息时,则可以根据所述目标LDAP服务器查询所述用户登录信息对应的用户属性。If this embodiment is combined with the embodiment corresponding to FIG. 1 , each authentication source can store the corresponding relationship between user login information and user attributes. Specifically, when the local database includes the user login information, then The user attribute corresponding to the user login information can be queried according to the local database; when the target LDAP server includes the user login information, the user attribute corresponding to the user login information can be queried according to the target LDAP server.

S202:为用户分配所述用户属性对应的权限。S202: Allocate the user with the authority corresponding to the user attribute.

其中,在本步骤之前可以存在构建权限对应关系表的操作,所述权限对应关系表中可以存储有所述用户属性与权限的对应关系;相应的,所述为用户分配所述用户属性对应权限的操作可以为:通过查询所述权限对应关系表为用户分配所述用户属性对应的权限。Wherein, before this step, there may be an operation of constructing a permission correspondence table, and the permission correspondence table may store the correspondence between the user attributes and the permissions; correspondingly, assigning the permissions corresponding to the user attributes to the user The operation may be: by querying the permission correspondence table, assigning the permission corresponding to the user attribute to the user.

下面通过在实际应用中的实施例说明上述实施例描述的流程。请参见图3,图3为本申请实施例所提供的一种基于LDAP服务器和本地数据库的多域身份认证方法的原理示意图,本实施例可以包括以下步骤:The processes described in the above embodiments are described below through embodiments in practical applications. Please refer to FIG. 3. FIG. 3 is a schematic diagram of the principle of a multi-domain identity authentication method based on an LDAP server and a local database provided by an embodiment of this application. This embodiment may include the following steps:

步骤1:设置LDAP连接参数。Step 1: Set LDAP connection parameters.

具体的,在本步骤中可以通过Web配置页面输入连接参数(即服务器配置参数),连接参数可以包括认证服务器域名、端口、基准DN(即基准标识名)、用户类名称、用户目录和用户唯一属性。Specifically, in this step, connection parameters (ie, server configuration parameters) can be input through the Web configuration page, and the connection parameters may include the authentication server domain name, port, reference DN (ie, reference identifier), user class name, user directory, and user unique Attributes.

步骤2:设置用户角色属性和角色更改。Step 2: Set user role attributes and role changes.

具体的,在本步骤中可以设置LDAP用户的角色属性,针对某一个用户,修改其属性值可以更改用户角色。Specifically, in this step, the role attribute of the LDAP user can be set, and for a certain user, modifying the attribute value can change the user role.

步骤3:校验LDAP可用性。Step 3: Verify LDAP availability.

具体的,本步骤通过使用配置的连接参数,连接LDAP服务器。若连接失败,则提醒用户修改配置参数;若连接成功,则提交系统配置参数。Specifically, this step connects to the LDAP server by using the configured connection parameters. If the connection fails, the user is reminded to modify the configuration parameters; if the connection is successful, the system configuration parameters are submitted.

步骤4:打开身份认证来源。Step 4: Open the authentication source.

具体的,本步骤可以在前端Web页面可以查看已经配置的LDAP服务器信息,打开或关闭认证信息来源。Specifically, in this step, you can view the configured LDAP server information on the front-end web page, and enable or disable the authentication information source.

步骤5:查询用户角色并返回用户权限。Step 5: Query user roles and return user permissions.

具体的,在本步骤中用户可以输入账号密码登录Web页面。Web服务器可以通过查询多个认证源,其中一个认证源通过校验,则判断登录成功,查询角色赋予的权限,结合用户角色一并返回相关权限。Specifically, in this step, the user can enter the account password to log in to the Web page. The web server can query multiple authentication sources. If one of the authentication sources passes the verification, it will determine that the login is successful, query the permissions granted by the role, and return the relevant permissions in combination with the user role.

上述实施例提出一种基于LDAP服务器和本地数据库的多域身份认证策略方案。本实施例包括LDAP服务器连接配置、LDAP用户角色属性设置和更改,后台身份认证方式添加和删除、本地数据库角色权限的查询。认证策略包括本地数据库和LDAP服务器,只要有一个来源通过身份认证,即可认证完成校验,根据角色名查询相关权限。LDAP服务器配置信息通过前端Web页面可以配置,LDAP认证来源可启动关闭,后台认证策略可配置。通过Web页面配置LDAP服务器相关参数,即可达到使用LDAP服务器用户登录Web系统,赋予最低权限,可以查看Web页面相关内容。本实施例提高了LDAP用户接入速度,节省人力物力。本实施例可自由添加多个LDAP,开启或关闭后台身份认证方便,用户可直接看到页面显示认证来源。The above embodiment proposes a multi-domain identity authentication strategy solution based on an LDAP server and a local database. This embodiment includes LDAP server connection configuration, LDAP user role attribute setting and modification, background authentication mode addition and deletion, and local database role permission query. The authentication strategy includes the local database and LDAP server. As long as one source passes the authentication, the authentication can be completed and the relevant permissions can be queried according to the role name. The LDAP server configuration information can be configured through the front-end Web page, the LDAP authentication source can be enabled and disabled, and the background authentication policy can be configured. By configuring the relevant parameters of the LDAP server on the Web page, you can use the LDAP server to log in to the Web system, grant the least privilege, and view the related content of the Web page. This embodiment improves the access speed of LDAP users and saves manpower and material resources. In this embodiment, multiple LDAPs can be added freely, enabling or disabling background authentication is convenient, and the user can directly see the page displaying the authentication source.

请参见图4,图4为本申请实施例所提供的一种身份认证系统的结构示意图,该系统可以包括:Please refer to FIG. 4. FIG. 4 is a schematic structural diagram of an identity authentication system provided by an embodiment of the application. The system may include:

服务器连接模块100,用于接收服务器配置参数,并利用所述服务器配置参数连接LDAP服务器;The server connection module 100 is configured to receive server configuration parameters, and use the server configuration parameters to connect to the LDAP server;

信息接收模块200,用于接收用户登录信息;其中,所述用户登录信息包括用户名和登录密码;an information receiving module 200, configured to receive user login information; wherein, the user login information includes a user name and a login password;

认证模块300,用于判断认证源存储的标准登录信息中是否包括所述用户登录信息;其中,所述认证源包括本地数据库和目标LDAP服务器,所述目标LDAP服务器为连接成功的LDAP服务器;The authentication module 300 is used for judging whether the standard login information stored by the authentication source includes the user login information; wherein, the authentication source includes a local database and a target LDAP server, and the target LDAP server is a successfully connected LDAP server;

状态设置模块400,用于当所述标准登录信息中包括所述用户登录信息时,将身份认证状态设置为认证通过。The status setting module 400 is configured to set the identity authentication status to passed authentication when the standard login information includes the user login information.

本实施例根据服务器配置参数连接LDAP服务器,LDAP服务器中可以存储有标准登录信息,也就是说本实施例将LDAP服务器只作为除本地数据库之外存储标准登录信息的装置,实现了多个认证源共同参与用户登录信息的校验。因此在接收到用户输入的用户名和登录密码之后,本实施例基于本地数据库和目标LDAP服务器对用户名和密码进行校验,以便身份认证操作。由于本实施例引入多个认证源参与身份认证操作,能够降低因部分认证源业务压力较大或出现异常对于争分认证业务的影响,提高了身份认证效率。This embodiment connects to the LDAP server according to the server configuration parameters, and the LDAP server may store standard login information. That is to say, in this embodiment, the LDAP server is only used as a device for storing standard login information in addition to the local database, and multiple authentication sources are implemented. Participate in the verification of user login information together. Therefore, after receiving the user name and login password input by the user, this embodiment verifies the user name and password based on the local database and the target LDAP server, so as to facilitate the identity authentication operation. Since the present embodiment introduces multiple authentication sources to participate in the identity authentication operation, the impact on the authentication service due to the high business pressure or abnormality of some authentication sources can be reduced, and the identity authentication efficiency can be improved.

进一步的,还包括:Further, it also includes:

权限分配模块,用于查询所述用户登录信息对应的用户属性,并为用户分配所述用户属性对应的权限。The authority assignment module is used for querying the user attribute corresponding to the user login information, and assigning the authority corresponding to the user attribute to the user.

进一步的,还包括:Further, it also includes:

关系表构建模块,用于构建权限对应关系表;其中,所述权限对应关系表中存储有所述用户属性与权限的对应关系;A relationship table building module for constructing a permission correspondence table; wherein, the permission correspondence table stores the correspondence between the user attributes and the permission;

相应的,所述权限分配模块包括:Correspondingly, the authority assignment module includes:

第一查询单元,用于当所述本地数据库包括所述用户登录信息时,则根据所述本地数据库查询所述用户登录信息对应的用户属性;a first query unit, configured to query the user attribute corresponding to the user login information according to the local database when the local database includes the user login information;

第二查询单元,用于当所述目标LDAP服务器包括所述用户登录信息时,则根据所述目标LDAP服务器查询所述用户登录信息对应的用户属性。The second query unit is configured to, when the target LDAP server includes the user login information, query the user attribute corresponding to the user login information according to the target LDAP server.

分配单元,用于通过查询所述权限对应关系表为用户分配所述用户属性对应的权限。The assigning unit is configured to assign the permission corresponding to the user attribute to the user by querying the permission corresponding relationship table.

进一步的,还包括:Further, it also includes:

配置模块,用于在接收服务器配置参数之前,通过Web配置页面为所述LDAP服务器设置标准配置参数;A configuration module for setting standard configuration parameters for the LDAP server through a Web configuration page before receiving the server configuration parameters;

相应的,服务器连接模块100,用于接收服务器配置参数,还用于向所述LDAP服务器发送所述服务器配置参数,以便所述LDAP服务器根据所述标准配置参数判断所述服务器配置参数是否正确;Correspondingly, the server connection module 100 is configured to receive server configuration parameters, and is further configured to send the server configuration parameters to the LDAP server, so that the LDAP server judges whether the server configuration parameters are correct according to the standard configuration parameters;

其中,当所述服务器配置参数正确时,则判定连接所述LDAP服务器成功;当所述服务器配置参数不正确时,则判定连接所述LDAP服务器失败。Wherein, when the server configuration parameters are correct, it is determined that the connection to the LDAP server is successful; when the server configuration parameters are incorrect, it is determined that the connection to the LDAP server fails.

进一步的,所述服务器配置参数包括服务器域名、服务器端口、基准标识名、用户类名称、用户目录和用户属性中的任一项或任几项的组合。Further, the server configuration parameters include any one or a combination of any of the server domain name, server port, reference identifier, user class name, user directory and user attributes.

进一步的,目标LDAP服务器为第三方认证源名单中的LDAP服务器;Further, the target LDAP server is the LDAP server in the third-party authentication source list;

相应的,还包括:Accordingly, it also includes:

第一名单更新模块,用于当接收到认证源删除信息时,根据所述认证源删除信息确定第一目标LDAP服务器,并将所述第一目标LDAP服务器从所述第三方认证源名单中删除;A first list update module, configured to determine a first target LDAP server according to the authentication source deletion information when receiving the authentication source deletion information, and delete the first target LDAP server from the third-party authentication source list ;

第二名单更新模块,用于当接收到认证源增加信息时,根据所述认证源增加信息确定第二目标LDAP服务器,并在所述第三方认证源名单中增加所述第二目标LDAP服务器。The second list updating module is configured to, when receiving authentication source addition information, determine a second target LDAP server according to the authentication source addition information, and add the second target LDAP server to the third-party authentication source list.

由于系统部分的实施例与方法部分的实施例相互对应,因此系统部分的实施例请参见方法部分的实施例的描述,这里暂不赘述。Since the embodiments of the system part correspond to the embodiments of the method part, for the embodiments of the system part, please refer to the description of the embodiments of the method part, which will not be repeated here.

本申请还提供了一种存储介质,其上存有计算机程序,该计算机程序被执行时可以实现上述实施例所提供的步骤。该存储介质可以包括:U盘、移动硬盘、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。The present application also provides a storage medium on which a computer program is stored, and when the computer program is executed, the steps provided by the above embodiments can be implemented. The storage medium may include: U disk, removable hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk and other media that can store program codes.

本申请还提供了一种电子设备,可以包括存储器和处理器,所述存储器中存有计算机程序,所述处理器调用所述存储器中的计算机程序时,可以实现上述实施例所提供的步骤。当然所述电子设备还可以包括各种网络接口,电源等组件。The present application also provides an electronic device, which may include a memory and a processor, where a computer program is stored in the memory, and when the processor invokes the computer program in the memory, the steps provided in the above embodiments can be implemented. Of course, the electronic device may also include various network interfaces, power supplies and other components.

说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似部分互相参见即可。对于实施例公开的系统而言,由于其与实施例公开的方法相对应,所以描述的比较简单,相关之处参见方法部分说明即可。应当指出,对于本技术领域的普通技术人员来说,在不脱离本申请原理的前提下,还可以对本申请进行若干改进和修饰,这些改进和修饰也落入本申请权利要求的保护范围内。The various embodiments in the specification are described in a progressive manner, and each embodiment focuses on the differences from other embodiments, and the same and similar parts between the various embodiments can be referred to each other. For the system disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant part can be referred to the description of the method. It should be pointed out that for those of ordinary skill in the art, without departing from the principles of the present application, several improvements and modifications can also be made to the present application, and these improvements and modifications also fall within the protection scope of the claims of the present application.

还需要说明的是,在本说明书中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的状况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。It should also be noted that, in this specification, relational terms such as first and second, etc. are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply these entities or operations. There is no such actual relationship or sequence between operations. Moreover, the terms "comprising", "comprising" or any other variation thereof are intended to encompass a non-exclusive inclusion such that a process, method, article or device that includes a list of elements includes not only those elements, but also includes not explicitly listed or other elements inherent to such a process, method, article or apparatus. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in a process, method, article, or device that includes the element.

Claims (10)

1. An identity authentication method, comprising:
receiving server configuration parameters, and connecting an LDAP server by using the server configuration parameters;
receiving user login information; the user login information comprises a user name and a login password;
judging whether the standard login information stored in the authentication source comprises the user login information or not; the authentication source comprises a local database and a target LDAP server, and the target LDAP server is a successfully connected LDAP server;
and if so, setting the identity authentication state as authentication passing.
2. The identity authentication method of claim 1, further comprising, after setting the identity authentication state to authentication pass:
and inquiring the user attribute corresponding to the user login information, and distributing the authority corresponding to the user attribute for the user.
3. The identity authentication method of claim 2, further comprising:
constructing an authority corresponding relation table; wherein, the corresponding relation between the user attribute and the authority is stored in the authority corresponding relation table;
correspondingly, the allocating the right corresponding to the user attribute to the user includes:
and distributing the authority corresponding to the user attribute for the user by inquiring the authority corresponding relation table.
4. The identity authentication method of claim 2, wherein querying the user attribute corresponding to the user login information comprises:
when the local database comprises the user login information, inquiring a user attribute corresponding to the user login information according to the local database;
and when the target LDAP server comprises the user login information, inquiring the user attribute corresponding to the user login information according to the target LDAP server.
5. The identity authentication method of claim 1, further comprising, before receiving the server configuration parameters:
setting standard configuration parameters for the LDAP server through a Web configuration page;
correspondingly, the connecting the LDAP server by using the server configuration parameter comprises the following steps:
sending the server configuration parameters to the LDAP server so that the LDAP server can judge whether the server configuration parameters are correct or not according to the standard configuration parameters;
when the server configuration parameters are correct, judging that the LDAP server is successfully connected; and when the server configuration parameters are incorrect, judging that the connection of the LDAP server fails.
6. The identity authentication method according to claim 1, wherein the server configuration parameter comprises any one or a combination of any two of a server domain name, a server port, a reference identification name, a user class name, a user directory and a user attribute.
7. The identity authentication method according to any one of claims 1 to 6, wherein the target LDAP server is an LDAP server in a third party authentication source list;
correspondingly, the method also comprises the following steps:
when authentication source deletion information is received, determining a first target LDAP server according to the authentication source deletion information, and deleting the first target LDAP server from the third party authentication source list;
and when receiving the authentication source increasing information, determining a second target LDAP server according to the authentication source increasing information, and increasing the second target LDAP server in the third party authentication source list.
8. An identity authentication system, comprising:
the server connection module is used for receiving the server configuration parameters and connecting the LDAP server by using the server configuration parameters;
the information receiving module is used for receiving user login information; the user login information comprises a user name and a login password;
the authentication module is used for judging whether the standard login information stored in the authentication source comprises the user login information; the authentication source comprises a local database and a target LDAP server, and the target LDAP server is a successfully connected LDAP server;
and the state setting module is used for setting the identity authentication state as authentication passing when the standard login information comprises the user login information.
9. An electronic device comprising a memory in which a computer program is stored and a processor which, when invoked by the computer program in the memory, carries out the steps of the identity authentication method according to any one of claims 1 to 7.
10. A storage medium having stored thereon computer-executable instructions which, when loaded and executed by a processor, carry out the steps of the identity authentication method as claimed in any one of claims 1 to 7.
CN201910968799.6A 2019-10-12 2019-10-12 An identity authentication method, system, electronic device and storage medium Pending CN110753044A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910968799.6A CN110753044A (en) 2019-10-12 2019-10-12 An identity authentication method, system, electronic device and storage medium
PCT/CN2020/092842 WO2021068518A1 (en) 2019-10-12 2020-05-28 Identity authentication method and system, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910968799.6A CN110753044A (en) 2019-10-12 2019-10-12 An identity authentication method, system, electronic device and storage medium

Publications (1)

Publication Number Publication Date
CN110753044A true CN110753044A (en) 2020-02-04

Family

ID=69278173

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910968799.6A Pending CN110753044A (en) 2019-10-12 2019-10-12 An identity authentication method, system, electronic device and storage medium

Country Status (2)

Country Link
CN (1) CN110753044A (en)
WO (1) WO2021068518A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111475553A (en) * 2020-04-09 2020-07-31 五八有限公司 Data query display method and device, electronic equipment and storage medium
CN111541654A (en) * 2020-04-08 2020-08-14 曙光信息产业(北京)有限公司 User management method, device and computer equipment based on multi-tenant cloud management platform
CN111984965A (en) * 2020-08-31 2020-11-24 成都安恒信息技术有限公司 Multi-source user management authentication system and method based on operation and maintenance audit system
WO2021068518A1 (en) * 2019-10-12 2021-04-15 山东英信计算机技术有限公司 Identity authentication method and system, electronic equipment and storage medium
CN113918926A (en) * 2021-10-15 2022-01-11 北京同城必应科技有限公司 Multi-platform multifunctional authority authentication based solution method
CN114844714A (en) * 2022-05-24 2022-08-02 中国民生银行股份有限公司 User authentication method and proxy server based on LDAP protocol
CN115150105A (en) * 2022-09-01 2022-10-04 杭州悦数科技有限公司 Identity authentication method and system in distributed graph database
CN116896477A (en) * 2023-08-29 2023-10-17 济南浪潮数据技术有限公司 Identity authentication systems, methods, servers, computer equipment and storage media
CN118573484A (en) * 2024-08-01 2024-08-30 炫我信息技术(北京)有限公司 Data access method and device
CN119420494A (en) * 2024-09-12 2025-02-11 广州益玩网络科技有限公司 Information processing method, device, system, equipment and medium based on AD server

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117354051B (en) * 2023-12-04 2024-02-20 明阳点时科技(沈阳)有限公司 Opensearch Dashboards unified login realization method and system

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1663222A (en) * 2002-06-14 2005-08-31 法国电信有限公司 System for consulting and/or updating DNS servers and/or ldap directories
CN1960255A (en) * 2006-09-21 2007-05-09 上海交通大学 Distributed access control method in multistage securities
CN101212457A (en) * 2006-12-27 2008-07-02 鸿富锦精密工业(深圳)有限公司 Web page authority control system and method
CN101605031A (en) * 2008-06-13 2009-12-16 新奥特(北京)视频技术有限公司 A kind of cross-domain single login system of using towards TV station
CN201491033U (en) * 2009-08-20 2010-05-26 福建富士通信息软件有限公司 Unified certification platform for operation systems
CN101719238A (en) * 2009-11-30 2010-06-02 中国建设银行股份有限公司 Method and system for managing, authenticating and authorizing unified identities
US7895441B2 (en) * 2007-05-31 2011-02-22 Red Hat, Inc. LDAP grouping for digital signature creation
CN102843256A (en) * 2012-05-11 2012-12-26 摩卡软件(天津)有限公司 IT (Information Technology) system management method based on lightweight directory access protocol (LDAP)
WO2015052085A1 (en) * 2013-10-07 2015-04-16 Alcatel Lucent Systems and methods for command execution authorization
CN105592035A (en) * 2015-04-03 2016-05-18 中国银联股份有限公司 Single sign on method used for multiple application systems
CN105656903A (en) * 2016-01-15 2016-06-08 国家计算机网络与信息安全管理中心 Hive platform user safety management system and application
CN108200099A (en) * 2011-09-29 2018-06-22 甲骨文国际公司 mobile application, identity relationship management
CN109815659A (en) * 2018-12-15 2019-05-28 深圳壹账通智能科技有限公司 WEB project-based security authentication method, device, electronic device and storage medium
CN110059471A (en) * 2018-01-15 2019-07-26 精工爱普生株式会社 Electronic equipment

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020116648A1 (en) * 2000-12-14 2002-08-22 Ibm Corporation Method and apparatus for centralized storing and retrieving user password using LDAP
US7996674B2 (en) * 2006-10-19 2011-08-09 International Business Machines Corporation LDAP user authentication
CN101431402B (en) * 2007-11-05 2012-02-08 中兴通讯股份有限公司 High-efficiency linking method for LDAP account source and AAA system
US8543712B2 (en) * 2008-02-19 2013-09-24 International Business Machines Corporation Efficient configuration of LDAP user privileges to remotely access clients within groups
CN102970308B (en) * 2012-12-21 2016-08-10 北京网康科技有限公司 A kind of user authen method and server
CN108377200B (en) * 2018-01-19 2020-05-05 北京大学 LDAP and SLURM-based cloud user management method and system
CN110753044A (en) * 2019-10-12 2020-02-04 山东英信计算机技术有限公司 An identity authentication method, system, electronic device and storage medium

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1663222A (en) * 2002-06-14 2005-08-31 法国电信有限公司 System for consulting and/or updating DNS servers and/or ldap directories
CN1960255A (en) * 2006-09-21 2007-05-09 上海交通大学 Distributed access control method in multistage securities
CN101212457A (en) * 2006-12-27 2008-07-02 鸿富锦精密工业(深圳)有限公司 Web page authority control system and method
US7895441B2 (en) * 2007-05-31 2011-02-22 Red Hat, Inc. LDAP grouping for digital signature creation
CN101605031A (en) * 2008-06-13 2009-12-16 新奥特(北京)视频技术有限公司 A kind of cross-domain single login system of using towards TV station
CN201491033U (en) * 2009-08-20 2010-05-26 福建富士通信息软件有限公司 Unified certification platform for operation systems
CN101719238A (en) * 2009-11-30 2010-06-02 中国建设银行股份有限公司 Method and system for managing, authenticating and authorizing unified identities
CN108200099A (en) * 2011-09-29 2018-06-22 甲骨文国际公司 mobile application, identity relationship management
CN102843256A (en) * 2012-05-11 2012-12-26 摩卡软件(天津)有限公司 IT (Information Technology) system management method based on lightweight directory access protocol (LDAP)
WO2015052085A1 (en) * 2013-10-07 2015-04-16 Alcatel Lucent Systems and methods for command execution authorization
CN105592035A (en) * 2015-04-03 2016-05-18 中国银联股份有限公司 Single sign on method used for multiple application systems
CN105656903A (en) * 2016-01-15 2016-06-08 国家计算机网络与信息安全管理中心 Hive platform user safety management system and application
CN110059471A (en) * 2018-01-15 2019-07-26 精工爱普生株式会社 Electronic equipment
CN109815659A (en) * 2018-12-15 2019-05-28 深圳壹账通智能科技有限公司 WEB project-based security authentication method, device, electronic device and storage medium

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021068518A1 (en) * 2019-10-12 2021-04-15 山东英信计算机技术有限公司 Identity authentication method and system, electronic equipment and storage medium
CN111541654A (en) * 2020-04-08 2020-08-14 曙光信息产业(北京)有限公司 User management method, device and computer equipment based on multi-tenant cloud management platform
CN111475553A (en) * 2020-04-09 2020-07-31 五八有限公司 Data query display method and device, electronic equipment and storage medium
CN111984965A (en) * 2020-08-31 2020-11-24 成都安恒信息技术有限公司 Multi-source user management authentication system and method based on operation and maintenance audit system
CN113918926A (en) * 2021-10-15 2022-01-11 北京同城必应科技有限公司 Multi-platform multifunctional authority authentication based solution method
CN114844714A (en) * 2022-05-24 2022-08-02 中国民生银行股份有限公司 User authentication method and proxy server based on LDAP protocol
CN114844714B (en) * 2022-05-24 2024-09-24 中国民生银行股份有限公司 User identity authentication method and proxy server based on LDAP protocol
CN115150105A (en) * 2022-09-01 2022-10-04 杭州悦数科技有限公司 Identity authentication method and system in distributed graph database
CN116896477A (en) * 2023-08-29 2023-10-17 济南浪潮数据技术有限公司 Identity authentication systems, methods, servers, computer equipment and storage media
CN118573484A (en) * 2024-08-01 2024-08-30 炫我信息技术(北京)有限公司 Data access method and device
CN118573484B (en) * 2024-08-01 2025-01-24 炫我信息技术(北京)有限公司 Data access method and device
CN119420494A (en) * 2024-09-12 2025-02-11 广州益玩网络科技有限公司 Information processing method, device, system, equipment and medium based on AD server

Also Published As

Publication number Publication date
WO2021068518A1 (en) 2021-04-15

Similar Documents

Publication Publication Date Title
CN110753044A (en) An identity authentication method, system, electronic device and storage medium
US11303644B2 (en) Systems and method for authenticating users of a data processing platform from multiple identity providers
CN102947797B (en) Online service access control using scale-out directory features
US10484385B2 (en) Accessing an application through application clients and web browsers
US8271536B2 (en) Multi-tenancy using suite of authorization manager components
TW201917615A (en) Method and device for implementing application and use of digital certificate capable of saving resources of devices and reducing operation of the client
EP2715971B1 (en) Automating cloud service reconnections
CN109413040B (en) Message authentication method, device, system, and computer-readable storage medium
US7748046B2 (en) Security claim transformation with intermediate claims
US20220131868A1 (en) Indirect Service-To-Service Role Mapping Systems and Methods
CN109960904A (en) Business system management method, management server, user terminal and management system
CN105306210A (en) Method, device and system for realizing authorization through application
CN112966253A (en) Third-party application integrated login method, login device and platform
US9015790B2 (en) Integrating sudo rules with entities represented in an LDAP directory
WO2023071554A1 (en) Data processing method and apparatus based on blockchain network, and device and storage medium
CN114363165A (en) Configuration method of electronic equipment, electronic equipment and server
CN107154982A (en) A kind of method and system of audit log record
CN107566329A (en) A kind of access control method and device
US10021107B1 (en) Methods and systems for managing directory information
CN114884728B (en) Security access method based on role access control token
US20110126266A1 (en) Method and system for authenticating subaccount users
CN114640467A (en) Service-based digital certificate query method and system
CN111541654A (en) User management method, device and computer equipment based on multi-tenant cloud management platform
CN102752324B (en) Network communication system and method
CN102143090B (en) The access method of CPM meeting history record and message storage server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200204