[go: up one dir, main page]

CN101997685B - Single sign-on method, single sign-on system, and related equipment - Google Patents

Single sign-on method, single sign-on system, and related equipment Download PDF

Info

Publication number
CN101997685B
CN101997685B CN 200910171267 CN200910171267A CN101997685B CN 101997685 B CN101997685 B CN 101997685B CN 200910171267 CN200910171267 CN 200910171267 CN 200910171267 A CN200910171267 A CN 200910171267A CN 101997685 B CN101997685 B CN 101997685B
Authority
CN
China
Prior art keywords
url
request
user
single sign
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN 200910171267
Other languages
Chinese (zh)
Other versions
CN101997685A (en
Inventor
彭卫
孔勇伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN 200910171267 priority Critical patent/CN101997685B/en
Publication of CN101997685A publication Critical patent/CN101997685A/en
Priority to HK11103953.6A priority patent/HK1149862B/en
Application granted granted Critical
Publication of CN101997685B publication Critical patent/CN101997685B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

The invention provides a single sign-on method, single sign-on system and associated equipment, aims at solving the problem of the prior art which gives illegal users the chance to personate the legal user to view the destination page. The method comprises the following steps: a client treatment unit sends a registration request to a web service unit, the web service unit determines the unique uniform resource locator (URL) which is corresponded to the destination page URL within the registration request and sends a registration response which comprises the local URL to the client treatment unit, the client treatment unit sends a logon request which comprises an identification information and the local URL to a shared server after receiving the registration response, a single sign-on device indicates a web browser to send a request message for accessing the local URL to the web service unit according to the indication sent by the shared server which successfully checks the user identification according to the identification information in the registration request and the web service unit indicates the web browser to access the corresponding destination page URL according to the request message.

Description

单点登录方法、单点登录系统以及相关设备Single sign-on method, single sign-on system, and related equipment

技术领域 technical field

本申请涉及计算机网络技术领域,尤其涉及一种单点登录方法、一种单点登录设备、一种免登服务器和一种单点登录系统。The present application relates to the technical field of computer networks, and in particular to a single sign-on method, a single sign-on device, a login-free server and a single sign-on system.

背景技术 Background technique

随着信息技术和网络技术的迅猛发展,各种网络应用系统越来越多,例如网络邮箱、专业论坛、公告板系统(BBS,Bulletin Board System)等。用户在使用其中的每个网络应用系统之前,都必须按照事先约定的用户名和密码进行登录,为此用户必须记住登录每个网络系统所需的用户名和密码,对用户而言,操作非常不便。With the rapid development of information technology and network technology, there are more and more various network application systems, such as network mailboxes, professional forums, bulletin board systems (BBS, Bulletin Board System) and so on. Before using each of the network application systems, the user must log in according to the user name and password agreed in advance. For this reason, the user must remember the user name and password required to log in to each network system. For the user, the operation is very inconvenient .

为了解决上述问题,单点登录(SSO,Single Sign-on)技术应运而生。SSO技术可以为用户访问多个网络应用系统提供便利,用户在登录第一个网络应用系统时,会被客户端引导到免登服务器进行登录;免登服务器根据用户提供的用户名、密码(或客户端对用户密码加密后获得的验证信息)等登录信息进行身份验证,如果通过身份验证,返回给用户一个认证凭据ticket;用户在后续访问其他网络应用系统时会携带该ticket,其他网络应用系统在接收到用户的访问请求后会根据该ticket到免登服务器中验证ticket的合法性,如果该ticket是合法的,用户就可以无需再次登录而直接访问其他应用系统。In order to solve the above problems, single sign-on (SSO, Single Sign-on) technology came into being. SSO technology can provide convenience for users to access multiple network application systems. When users log in to the first network application system, they will be guided by the client to the free login server to log in; The client authenticates the login information such as the authentication information obtained after encrypting the user's password), and returns to the user an authentication credential ticket if the authentication is passed; After receiving the user's access request, it will verify the legitimacy of the ticket in the Binlog server according to the ticket. If the ticket is legal, the user can directly access other application systems without logging in again.

附图1为用户在第一次登录网络应用系统,以及在免登服务器进行验证过程的示意图。Accompanying drawing 1 is a schematic diagram of a user logging in to a network application system for the first time and performing verification on a free login server.

步骤101、步骤102,用户通过客户端、网页浏览器向免登服务器发送单点登录请求消息,该消息中包含用户标识UID、第一签名信息以及想要访问的目标网页的统一资源定位符(URL,Uniform Resource Locator),其中第一签名信息是客户端对UID、密码和目标网页的URL进行加密处理后获得的;Step 101, step 102, the user sends a single sign-on request message to the free log-on server through the client terminal and the web browser, which includes the Uniform Resource Locator (URL) of the target webpage ( URL, Uniform Resource Locator), wherein the first signature information is obtained by the client after encrypting the UID, password and URL of the target webpage;

步骤103,免登服务器接收到单点登录请求后,根据单点登录请求中包含的UID查找到UID对应的密码,并根据事先与客户端预定的加密方法,对UID、查找到的密码和单点登录请求中包含的目标网页的URL进行加密,获得第二签名信息,并对第一签名信息与第二签名信息进行比对,在二者一致时,为用户分配ticket,并进入步骤104;Step 103: After receiving the single sign-on request, the free login server finds the password corresponding to the UID according to the UID contained in the single sign-on request, and according to the encryption method predetermined with the client in advance, encrypts the UID, the found password and the single sign-on request. Click the URL of the target web page included in the login request to encrypt, obtain the second signature information, and compare the first signature information with the second signature information, and when the two are consistent, assign a ticket to the user, and enter step 104;

步骤104,将分配的ticket发送给网页浏览器,指示网页浏览器跳转到单点登录请求消息中包含的目标网页的URL中;Step 104, sending the allocated ticket to the web browser, instructing the web browser to jump to the URL of the target web page contained in the single sign-on request message;

步骤105,页面浏览器向目标应用系统发送请求消息,该消息包含所请求的目标网页的URL以及ticket;Step 105, the page browser sends a request message to the target application system, and the message includes the URL and ticket of the requested target web page;

步骤106,目标网页对应的网络应用系统对ticket进行身份验证;Step 106, the network application system corresponding to the target webpage performs identity verification on the ticket;

步骤107,目标网络应用系统在步骤106身份验证成功后,向用户返回所请求的目标网页的页面内容。In step 107, the target network application system returns the requested page content of the target web page to the user after successful authentication in step 106.

如果上述步骤102发送的单点登录请求消息被其他恶意用户采用黑客软件截取到,那么其他用户就可以向免登服务器发送请求,在验证成功后冒充该用户访问目标网络应用系统。If the SSO request message sent in the above step 102 is intercepted by other malicious users using hacker software, then other users can send a request to the free login server and pretend to be the user to access the target network application system after the verification is successful.

为了避免上述问题,免登服务器向用户下发ticket时确定了该ticket的有效时间,例如5分钟等,在超出有效时间后,使用该ticket将无法请求到目标应用系统的页面内容。然而,即使设定了较短的ticket有效时间,仍然难以避免恶意用户在较短的时间内冒充合法用户访问目标网络应用系统。In order to avoid the above problems, the Bindeng server determines the valid time of the ticket when issuing the ticket to the user, for example, 5 minutes, etc. After the valid time is exceeded, the page content of the target application system cannot be requested by using the ticket. However, even if a short ticket validity time is set, it is still difficult to prevent a malicious user from impersonating a legitimate user to access the target network application system within a short period of time.

发明内容 Contents of the invention

本申请实施例提供一种单点登录方法,用以解决在现有单点登录技术中,非法用户冒充合法用户访问目标页面的问题。The embodiment of the present application provides a single sign-on method, which is used to solve the problem that an illegal user pretends to be a legitimate user to access a target page in the existing single sign-on technology.

对应地,本申请实施例还提供了一种单点登录设备、免登服务器和一种单点登录系统。Correspondingly, the embodiment of the present application also provides a single sign-on device, a free login server, and a single sign-on system.

本申请实施例提供的技术方案如下:The technical scheme provided by the embodiments of the present application is as follows:

一种单点登录方法,包括:A single sign-on method that includes:

单点登录设备中的客户端处理单元向网页服务单元发送注册请求;The client processing unit in the single sign-on device sends a registration request to the webpage service unit;

网页服务单元确定与注册请求中包含的目标网页URL唯一对应的本地URL,并存储所述本地URL与目标网页URL的对应关系,以及将包含所述本地URL的注册响应发送给客户端处理单元;The webpage service unit determines the local URL uniquely corresponding to the target webpage URL included in the registration request, stores the correspondence between the local URL and the target webpage URL, and sends a registration response containing the local URL to the client processing unit;

客户端处理单元接收到注册响应后向免登服务器发送包含验证信息和所述本地URL的登录请求;After receiving the registration response, the client processing unit sends a login request including verification information and the local URL to the free login server;

单点登录设备接收免登服务器基于登录请求中的验证信息对用户身份验证成功后发送的指示,指示单点登录设备中的网页浏览器向网页服务单元发送访问本地URL的请求消息;The single sign-on device receives an instruction sent by the free login server based on the verification information in the login request after the user's identity is successfully authenticated, and instructs the web browser in the single sign-on device to send a request message for accessing the local URL to the web service unit;

网页服务单元根据所述请求消息,在确定存储有请求访问的本地URL与目标页面URL的对应关系时,指示网页浏览器访问对应的目标页面URL。According to the request message, the web page service unit instructs the web browser to access the corresponding target page URL when determining that the corresponding relationship between the requested local URL and the target page URL is stored.

一种单点登录方法,包括:A single sign-on method that includes:

免登服务器接收到单点登录设备发来的登录请求后,查找登录请求中包含的用户标识对应的密码,以及After receiving the login request from the single sign-on device, the free login server searches for the password corresponding to the user ID included in the login request, and

根据用户标识、查找到的密码、登录请求中包含的本地URL,获得服务器端验证信息,以及Obtain server-side authentication information based on the user ID, the password found, and the local URL included in the login request, and

在确定出登录请求包含的验证信息和服务器端验证信息一致后,指示所述单点登录设备中的网页浏览器访问所述本地URL,其中,所述本地URL与用户要访问的目标页面URL唯一对应。After determining that the authentication information contained in the login request is consistent with the server-side authentication information, instruct the web browser in the single sign-on device to access the local URL, wherein the local URL is unique to the URL of the target page to be accessed by the user correspond.

一种单点登录设备,包括:A single sign-on device comprising:

客户端处理单元,用于向网页服务单元发送注册请求,以及在接收到对应的注册响应后向免登服务器发送包含验证信息和注册响应中包含的本地URL的登录请求;The client processing unit is configured to send a registration request to the webpage service unit, and after receiving the corresponding registration response, send a login request including the verification information and the local URL contained in the registration response to the free login server;

网页服务单元,用于接收注册请求,确定与注册请求包含的目标网页URL唯一对应的本地URL,并存储所述本地URL与目标网页URL的对应关系,向客户端处理单元发送包含所述本地URL的注册响应,以及根据该单点登录设备中的网页浏览器发来的访问网页请求,在确定存储有网页请求中的本地URL与目标页面URL的对应关系时,指示所述网页浏览器访问对应的目标页面URL。The webpage service unit is used to receive the registration request, determine the local URL uniquely corresponding to the target webpage URL contained in the registration request, and store the correspondence between the local URL and the target webpage URL, and send a message containing the local URL to the client processing unit. registration response, and according to the webpage access request sent by the webpage browser in the single sign-on device, when it is determined that the corresponding relationship between the local URL in the webpage request and the target page URL is stored, instruct the webpage browser to access the corresponding The target page URL.

一种免登服务器,包括:A free login server, comprising:

接收单元,用于接收单点登录设备发来的登录请求;a receiving unit, configured to receive a login request from the single sign-on device;

查找单元,用于查找登录请求中包含的用户标识对应的密码;A search unit, configured to find the password corresponding to the user ID included in the login request;

确定单元,用于按照与单点登录设备约定的方法,根据登录请求包含的用户标识和本地URL,以及查找单元查找到的密码,获得服务器端验证信息;The determination unit is used to obtain server-side verification information according to the method agreed with the single sign-on device, according to the user ID and local URL included in the login request, and the password found by the search unit;

判断单元,用于判断确定单元获得的服务器端验证信息与所述登录请求中包含的验证信息是否一致;a judging unit, configured to judge whether the server-side verification information obtained by the determining unit is consistent with the verification information included in the login request;

指示单元,用于在判断单元判断出服务器端验证信息与登录请求中包含的验证信息一致时,指示与所述单点登录设备中的网页浏览器请求登录请求中包含的本地URL,其中所述本地URL与用户要访问的目标页面URL唯一对应。The indication unit is used to indicate that the web browser in the single sign-on device requests the local URL contained in the login request when the judging unit determines that the server-side verification information is consistent with the verification information contained in the login request, wherein the The local URL uniquely corresponds to the URL of the target page that the user wants to visit.

一种单点登录系统,包括单点登录设备和免登服务器,其中,A single sign-on system, including a single sign-on device and a free login server, wherein,

单点登录设备,用于确定与目标URL唯一对应的本地URL,向免登服务器发送包含验证信息和所述本地URL的登录请求,以及在根据免登服务器的指示,确定出存储有免登服务器指示请求的本地URL和目标页面URL的对应关系时,向网络侧提供目标URL对应页面的网页服务器发送访问目标页面URL的请求消息;The single sign-on device is used to determine the local URL uniquely corresponding to the target URL, send a login request including verification information and the local URL to the free login server, and determine that the free login server has stored the URL according to the instructions of the free login server. When indicating the corresponding relationship between the requested local URL and the target page URL, send a request message for accessing the target page URL to the web server that provides the page corresponding to the target URL on the network side;

免登服务器,用于接收登录请求,以及在根据登录请求中包含的验证信息,对用户身份验证成功后,指示单点登录设备访问登录请求中包含的URL。The free login server is configured to receive the login request, and instruct the single sign-on device to access the URL contained in the login request after successfully authenticating the user according to the verification information contained in the login request.

本申请实施例通过客户端在登录请求消息不再携带目标网页URL,而是携带预先确定的与目标网页URL唯一对应的本地URL,免登服务器在验证通过后,将指示与客户端位于同一计算机的网页浏览器请求登录请求包含的本地URL,与客户端位于同一计算机的本地网页服务器在判断出已存储有网页浏览器请求的本地URL与目标页面的对应关系时,指示所述网页浏览器请求对应的目标页面,避免了携带目标网页URL的登录请求被非法用户获取而造成的非法用户冒充合法用户访问目标页面的问题。In the embodiment of this application, the client no longer carries the URL of the target web page in the login request message, but carries a predetermined local URL uniquely corresponding to the URL of the target web page. The web browser requests the local URL contained in the login request, and the local web server located on the same computer as the client, when judging the corresponding relationship between the local URL requested by the web browser and the target page, instructs the web browser to request The corresponding target page avoids the problem that the illegal user pretends to be a legitimate user to access the target page caused by the login request carrying the URL of the target webpage being obtained by the illegal user.

附图说明 Description of drawings

图1为现有单点登录技术中验证过程的示意图;FIG. 1 is a schematic diagram of a verification process in an existing single sign-on technology;

图2为本申请实施例的主要实现原理流程图;Fig. 2 is the flow chart of the main realization principle of the embodiment of the present application;

图3为本申请实施例一提出的单点登录方法的流程图;FIG. 3 is a flowchart of a single sign-on method proposed in Embodiment 1 of the present application;

图4为本申请实施例二提出的单点登录方法的流程图;FIG. 4 is a flow chart of the single sign-on method proposed in Embodiment 2 of the present application;

图5为本申请实施例三提出的单点登录方法的流程图;FIG. 5 is a flow chart of the single sign-on method proposed in Embodiment 3 of the present application;

图6为本申请实施例提出的单点登录设备的结构示意图;FIG. 6 is a schematic structural diagram of a single sign-on device proposed in an embodiment of the present application;

图7为本申请实施例提出的免登服务器的结构示意图。FIG. 7 is a schematic structural diagram of the free login server proposed by the embodiment of the present application.

具体实施方式 Detailed ways

在现有单点登录方案中,当单点登录客户端向免登服务器发送的携带有用户标识UID、签名信息以及想要访问的目标网页URL的登录请求消息被非法用户截取后,非法用户就可以在冒充用户向免登服务器请求验证后,获得认证凭据ticket,从而可以访问目标页面,因此存在安全隐患。In the existing single sign-on scheme, when the login request message sent by the single sign-on client to the free login server, which carries the user identification UID, signature information, and the URL of the target web page to be accessed, is intercepted by the illegal user, the illegal user will After impersonating the user to request verification from the free login server, the authentication credential ticket can be obtained, so that the target page can be accessed, so there is a security risk.

本申请实施例提出了在登录请求消息不再携带目标网页URL,而是携带预先确定的与目标网页URL唯一对应的本地URL,免登服务器在验证通过后,将指示发出登录请求消息的用户跳转到本地URL,这样合法用户就可以根据预先存储的本地URL和目标网页URL的对应关系获取目标网页URL,并通过目标网页URL访问目标网页;而非法用户由于本地并不存在与所述本地URL对应的目标网页URL,因此无法继续访问目标页面,从而避免了现有单点登录技术的上述安全问题。The embodiment of the present application proposes that the login request message no longer carries the URL of the target web page, but carries a predetermined local URL uniquely corresponding to the URL of the target web page, and the free login server will instruct the user who sent the login request message to jump to Go to the local URL, so that legitimate users can obtain the target web page URL according to the corresponding relationship between the pre-stored local URL and the target web page URL, and access the target web page through the target web page URL; Therefore, the target page cannot be accessed further, thereby avoiding the above-mentioned security problems of the existing single sign-on technology.

下面结合各个附图对本申请实施例技术方案的主要实现原理、具体实施方式及其对应能够达到的有益效果进行详细地阐述。The main realization principles, specific implementation methods and corresponding beneficial effects that can be achieved of the technical solutions of the embodiments of the present application will be described in detail below in conjunction with each accompanying drawing.

如图2所示,本申请实施例的主要实现原理流程如下:As shown in Figure 2, the main implementation principle flow of the embodiment of the present application is as follows:

步骤10,单点登录设备在向免登服务器发送登录请求前,确定与目标网页唯一对应的本地URL,并在提供所述本地URL的单点登录设备中的网页服务单元中存储该本地URL与目标网页URL的对应关系;Step 10, before the single sign-on device sends a login request to the free login server, determine the local URL uniquely corresponding to the target webpage, and store the local URL and The corresponding relationship of the URL of the target web page;

步骤20,单点登录设备向免登服务器发送登录请求消息,该登录请求消息中包含验证信息和步骤10确定出的本地URL;Step 20, the single sign-on device sends a login request message to the free login server, and the login request message includes verification information and the local URL determined in step 10;

步骤30,免登服务器根据登录请求消息中包含的验证信息,验证成功后,指示单点登录设备中的网页浏览器向单点登录设备中的网页服务单元发送访问登录请求消息中包含的本地URL的请求消息;Step 30: According to the verification information contained in the login request message, the free login server instructs the web browser in the single sign-on device to send access to the local URL contained in the login request message to the webpage service unit in the single sign-on device after the verification is successful. request message;

步骤40,所述网页服务单元在确定出已存储有网页浏览器请求的本地URL与目标页面URL的对应关系时,指示网页浏览器访问对应的目标页面。Step 40, when the web page service unit determines the stored correspondence between the local URL requested by the web browser and the URL of the target page, instruct the web browser to access the corresponding target page.

下面将依据本申请上述发明原理,详细介绍一个实施例来对本申请方法的主要实现原理进行详细的阐述和说明。In the following, an embodiment will be introduced in detail based on the above-mentioned invention principles of the present application to elaborate and illustrate the main implementation principles of the method of the present application.

实施例一、Embodiment one,

请参照附图3,为本实施例提出的单点登录方法的流程图,单点登录系统包括位于用户侧的单点登录设备以及位于网络侧的免登服务器,其中单点登录设备中包含客户端处理单元、网页服务单元和网页浏览器,其中客户端处理单元用于接收用户输入的用户名、密码、需要登录的目标页面URL,以及向免登服务器发送登录请求;该客户端处理单元可以是一个独立的软件产品,也可以是在现有的浏览器的基础上加以改进形成的浏览器形式的软件产品。网页服务单元可以由现有的网页服务器来实现,网页服务器是用于提供本地网页URL,响应网页浏览器的URL访问请求的软件产品的统称,例如广泛应用与UNIX平台的Apache系列产品;网页浏览器是用于根据用户或其他应用程序的指示,访问指定的URL的软件产品的统称,例如微软公司的Internet Explorer系列产品。用户在进行单点登录前,应预先通过客户端处理单元在免登服务器中注册用户标识以及对应的密码。Please refer to accompanying drawing 3, it is the flowchart of the single sign-on method proposed in this embodiment, the single sign-on system includes the single sign-on device on the user side and the free login server on the network side, wherein the single sign-on device includes the client End processing unit, web service unit and web browser, wherein the client processing unit is used to receive user name input by the user, password, target page URL that needs to be logged in, and send a login request to the free login server; the client processing unit can It is an independent software product, or it can be a software product in the form of a browser that is improved on the basis of an existing browser. The webpage service unit can be realized by the existing webpage server, and the webpage server is a general designation for providing the local webpage URL and responding to the URL access request of the web browser, such as the Apache series products widely used on the UNIX platform; A browser is a general term for software products used to access specified URLs according to instructions from users or other applications, such as Microsoft's Internet Explorer series of products. Before the user performs single sign-on, the user shall register the user ID and the corresponding password in the free login server through the client processing unit in advance.

步骤301,用户在单点登录设备的客户端处理单元中输入用户标识、对应的密码以及需要登录的目标网页的URL后,客户端处理单元向与自身位于同一单点登录设备中的网页服务单元发送包含目标网页URL的注册请求,例如目标网页URL为http://www.targetweb.com/item_detail=23445Step 301, after the user enters the user ID, the corresponding password, and the URL of the target webpage that needs to be logged into the client processing unit of the single sign-on device, the client processing unit sends a request to the webpage service unit located in the same single sign-on device as itself. Send a registration request including the URL of the target web page, for example, the URL of the target web page is http://www.targetweb.com/item_detail=23445 ;

步骤302,网页服务单元接收到注册请求后,按照预定的规则,确定与注册请求中包含的目标网页URL唯一对应的本地URL,例如确定本地URL的规则为“http://127.0.0.1:8808/auth?sid=”+与注册请求中包含的目标网页URL唯一对应的标识,为上述目标网页URLhttp://www.targetweb.com/item_detail=23445确定出的本地URL为http://127.0.0.1:8808/auth?sid=123456;并在自身存储上述目标网页URL与确定出的本地URL的对应关系;Step 302: After receiving the registration request, the web page service unit determines the local URL uniquely corresponding to the target web page URL included in the registration request according to predetermined rules, for example, the rule for determining the local URL is " http://127.0.0.1:8808 /auth?sid= "+identification uniquely corresponding to the URL of the target web page contained in the registration request, the local URL determined for the above URL of the target web page http://www.targetweb.com/item_detail=23445 is http://127.0 .0.1:8808/auth? sid=123456 ; and store the corresponding relationship between the above-mentioned target web page URL and the determined local URL in itself;

步骤303,网页服务单元将包含步骤302中确定出的本地URL的注册响应发送给客户端处理单元;Step 303, the web page service unit sends a registration response including the local URL determined in step 302 to the client processing unit;

步骤304,客户端处理单元接收到网页服务单元发来的注册响应后,从注册响应中获取本地URL,按照预先与免登服务器约定的方法,根据用户输入的用户标识、密码、注册响应中包含的本地URL,确定第一验证信息,例如,客户端处理单元首先获得包含该本地URL、用户标识、密码的字符串,并按照预先与免登服务器约定的加密方法,例如MD5算法等,对获得的字符串加密,为了提高验证信息的安全性,还可以求取加密后的字符串的哈希反列,将求取的哈希反列作为第一验证信息。为了进一步提高验证信息的安全性,使每次登录同一目标网页时的验证信息都不同,在确定验证信息时,不仅可以根据本地URL、用户标识、密码,还可以在此基础上加入当前的时间信息。Step 304, after the client processing unit receives the registration response sent by the webpage service unit, it obtains the local URL from the registration response, and according to the method agreed with the free login server in advance, according to the user ID, password, and registration response entered by the user. local URL to determine the first authentication information, for example, the client processing unit first obtains a character string including the local URL, user ID, and password, and uses the encryption method agreed upon with the free login server in advance, such as the MD5 algorithm, to obtain In order to improve the security of the verification information, the hash inversion of the encrypted character string can also be obtained, and the obtained hash inversion can be used as the first verification information. In order to further improve the security of the verification information, the verification information is different every time you log in to the same target webpage. When determining the verification information, not only the local URL, user ID, password, but also the current time can be added on this basis. information.

步骤305,客户端处理单元确定出第一验证信息后,向免登服务器发送包含用户标识、第一验证信息以及注册响应中包含的本地URL的登录请求;Step 305, after the client processing unit determines the first verification information, it sends a login request including the user ID, the first verification information and the local URL contained in the registration response to the free login server;

步骤306,免登服务器接收到步骤305中客户端处理单元发来的登录请求后,查找自身预先存储的与登录请求中包含的用户标识对应的密码,并按照预先与客户端处理单元约定的确定验证信息的方法,例如MD5算法等,根据用户标识、查找到的密码、登录请求包含的本地URL,获得第二验证信息;Step 306: After receiving the login request sent by the client processing unit in step 305, the free login server searches for the password corresponding to the user ID contained in the login request stored in advance, and determines the password according to the pre-agreed agreement with the client processing unit. The method of verifying information, such as MD5 algorithm, etc., obtains the second verification information according to the user identification, the password found, and the local URL contained in the login request;

步骤307,免登服务器对步骤305中单点登录设备中客户端处理单元发来的登录请求中包含的第一验证信息,以及步骤306中确定出的第二验证信息进行比较,在第一验证信息与第二验证信息一致时,确定验证成功,进入步骤308,否则确定验证失败,丢弃该登录请求或返回登录失败信息;In step 307, the free login server compares the first verification information contained in the login request sent by the client processing unit in the single sign-on device in step 305 with the second verification information determined in step 306, and the first verification When the information is consistent with the second verification information, it is determined that the verification is successful and enters step 308, otherwise it is determined that the verification fails, the login request is discarded or the login failure information is returned;

步骤308,免登服务器在验证成功后,指示用户侧单点登录设备中的网页浏览器访问步骤306中接收到的登录请求中包含的本地URL。与现有技术类似,免登服务器在验证成功后指示网页浏览器访问登录请求中包含的本地URL时,可以在指示消息中携带认证凭据。具体的携带方式可以为将认证凭据作为登录请求中包含的本地URL的参数,将携带参数的本地URL指示给网页浏览器。为了提高安全性,还可以按照与网页服务器约定的加密方式,对认证凭据加密,例如携带加密后的认证凭据的本地URL  为“http://127.0.0.1/dosth?sid=123456&ticket=JDFU324o329jdcvjcv0374023842--8324-83207230432084”,其中ticket后的新增部分“JDFU324o329jdcvjcv0374023842--8324-83207230432084”为加密后的认证凭据;In step 308, after successful verification, the free login server instructs the web browser in the single sign-on device on the user side to access the local URL included in the login request received in step 306. Similar to the prior art, when the free login server instructs the web browser to access the local URL contained in the login request after successful verification, the authentication credential may be carried in the indication message. A specific carrying manner may be that the authentication credential is used as a parameter of the local URL included in the login request, and the local URL carrying the parameter is indicated to the web browser. In order to improve security, the authentication credentials can also be encrypted according to the encryption method agreed with the web server. For example, the local URL carrying the encrypted authentication credentials is "http://127.0.0.1/dosth?sid=123456&ticket=JDFU324o329jdcvjcv0374023842-- 8324-83207230432084", the newly added part after the ticket "JDFU324o329jdcvjcv0374023842--8324-83207230432084" is the encrypted authentication credential;

步骤309,单点登录设备中的网页浏览器根据步骤308中免登服务器的指示,向同一单点登录设备中的网页服务单元发送访问上述本地URL的请求消息;Step 309, the web browser in the single sign-on device sends a request message for accessing the above-mentioned local URL to the web service unit in the same single sign-on device according to the instruction of the free login server in step 308;

步骤310,单点登录设备中的网页服务单元在接收到网页浏览器发送的访问本地URL的请求消息后,判断自身存储的本地URL与目标页面URL的对应关系中,是否存在与网页浏览器发送的访问请求消息中的的本地URL对应的目标页面URL。若存在,说明步骤305中的登录请求包含的本地URL是预先通过注册过程确定出的,即登录请求是由该单点登录设备中的客户端处理单元发出的,进入步骤311,否则不进行后续处理;Step 310: After receiving the request message for accessing the local URL sent by the web browser, the web service unit in the single sign-on device judges whether there is a link between the local URL stored in itself and the URL of the target page. The target page URL corresponding to the local URL in the access request message. If it exists, it means that the local URL contained in the login request in step 305 is pre-determined through the registration process, that is, the login request is sent by the client processing unit in the single sign-on device, and enters step 311; otherwise, no follow-up deal with;

步骤311,网页服务单元指示网页浏览器向目标网页URL对应的网页服务器发送访问请求消息。网页服务单元在指示消息中可以携带认证凭据,该认证凭据是根据预先与免登服务器预定的加密方法,对步骤310中网页浏览器的访问请求消息中携带的本地URL解密后获得的。Step 311, the webpage service unit instructs the webpage browser to send an access request message to the webpage server corresponding to the URL of the target webpage. The web page service unit may carry an authentication credential in the indication message, and the authentication credential is obtained after decrypting the local URL carried in the access request message of the web browser in step 310 according to an encryption method pre-determined with the free login server.

在步骤301至步骤303的注册交互过程中,由于客户端处理单元与网页服务单元是位于同一单点登录设备中的,因此交互过程中的消息不会被网络中的其他非法用户获取到。During the registration interaction process from step 301 to step 303, since the client processing unit and the webpage service unit are located in the same single sign-on device, messages during the interaction process will not be obtained by other illegal users in the network.

本实施例中,网页服务单元也可独立于单点登录设备,例如,在单点登录设备之外单独设置一台或一组服务器。只要确保该网页服务单元与单点登录设备之间交互的通信安全,例如,网页服务单元与单点登录设置之间通过专线连接等,即可提高单点登录过程的安全性。In this embodiment, the webpage service unit may also be independent from the single sign-on device, for example, one or a group of servers is separately set up outside the single sign-on device. As long as the communication security between the web service unit and the single sign-on device is ensured, for example, the web service unit and the single sign-on device are connected through a dedicated line, etc., the security of the single sign-on process can be improved.

本实施例在用户向免登服务器发送登录请求前,预先确定与用户请求的目标页面URL对应的本地URL,登录请求中携带的不再是目标页面URL,而是本地URL,因此即使该登录请求消息被其他非法用户截获,由于非法用户所使用的计算机中并没有与本地URL对应的目标网页URL,因此非法用户也无法在验证成功后冒充该用户访问目标页面URL,从而避免了登录请求被非法用户截获所可能造成的非法用户冒充合法用户登录目标页面的问题。In this embodiment, before the user sends a login request to the free login server, the local URL corresponding to the URL of the target page requested by the user is determined in advance. What is carried in the login request is no longer the URL of the target page, but the local URL. The message was intercepted by other illegal users. Since the computer used by the illegal user does not have the URL of the target page corresponding to the local URL, the illegal user cannot pretend to be the user to visit the URL of the target page after successful verification, thus avoiding the login request being illegal User interception may cause illegal users to pretend to be legitimate users to log in to the target page.

实施例二、Embodiment two,

在实施例一中,是由单点登录设备中的客户端处理单元确定第一验证信息的,在本实施例中由单点登录设备中的网页服务单元来实现确定第一验证信息的功能,客户端处理单元发送给网页服务单元的注册请求不仅应包含目标网页URL,还应该包含用户输入的用户标识和密码,网页服务单元在确定出第一验证信息后,将第一验证信息告知客户端处理单元,由客户端处理单元在发送给免登服务器的登录请求中携带第一验证信息,具体过程请参照附图4所示。In Embodiment 1, the first verification information is determined by the client processing unit in the single sign-on device. In this embodiment, the function of determining the first verification information is realized by the web page service unit in the single sign-on device. The registration request sent by the client processing unit to the webpage service unit should not only include the URL of the target webpage, but also include the user ID and password input by the user. After the webpage service unit determines the first verification information, it will inform the client of the first verification information. The processing unit, the client processing unit carries the first verification information in the login request sent to the free login server, please refer to Figure 4 for the specific process.

步骤401,用户在单点登录设备中的客户端处理单元中输入用户标识、对应的密码以及需要登录的目标网页的URL后,客户端处理单元向同一单点登录设备中的网页服务单元发送包含目标网页URL、用户输入的用户标识和用户标识对应的密码的注册请求,例如目标网页URL为http://www.targetweb.com/item_detail=23445;Step 401, after the user enters the user ID, the corresponding password, and the URL of the target webpage to be logged into the client processing unit in the single sign-on device, the client processing unit sends a message containing A registration request for the URL of the target web page, the user ID entered by the user, and the password corresponding to the user ID, for example, the URL of the target web page is http://www.targetweb.com/item_detail=23445;

步骤402,网页服务单元接收到注册请求后,按照预定的规则,确定与注册请求中包含的目标网页URL唯一对应的本地URL,例如确定出的本地URL为http://127.0.0.1:8808/auth?sid=123456;并保存上述目标网页URL与确定出的本地URL的对应关系;Step 402, after the web page service unit receives the registration request, according to predetermined rules, determine the local URL uniquely corresponding to the target web page URL included in the registration request, for example, the determined local URL is http://127.0.0.1:8808/ auth? sid=123456; and save the corresponding relationship between the URL of the target web page and the determined local URL;

步骤403,网页服务单元在确定出目标网页URL对应的本地URL后,按照预先与免登服务器约定的方法,根据用户输入的用户标识、密码、注册响应中包含的本地URL,确定第一验证信息,进入步骤404;Step 403: After determining the local URL corresponding to the target webpage URL, the webpage service unit determines the first verification information according to the user ID, password, and local URL included in the registration response according to the method agreed with the free login server in advance. , go to step 404;

步骤404,网页服务单元向客户端发送注册响应,注册响应中包含步骤403中确定出的本地URL和第一验证信息;Step 404, the webpage service unit sends a registration response to the client, and the registration response includes the local URL determined in step 403 and the first verification information;

步骤405,客户端处理单元在接收到注册响应后,向网络侧的免登服务器发送登录请求,登录请求中包含用户输入的用户标识、以及注册响应中包含的本地URL和第一验证信息;Step 405, after receiving the registration response, the client processing unit sends a login request to the free login server on the network side, where the login request includes the user ID input by the user, and the local URL and first verification information included in the registration response;

步骤406,免登服务器接收到步骤405中单点登录设备中的客户端处理单元发来的登录请求后,从登录请求中获得用户标识,从存储的用户标识和密码的对应关系中查找到该用户标识对应的密码,并按照预先与单点登录设备中的网页服务单元约定的确定验证信息的方法,根据该用户标识、查找到的密码和登录请求中包含的URL,确定第二验证信息;Step 406: After receiving the login request from the client processing unit in the single sign-on device in step 405, the free login server obtains the user ID from the login request, and finds the user ID from the stored correspondence between the user ID and the password. The password corresponding to the user ID, and according to the method for determining the verification information agreed with the webpage service unit in the single sign-on device in advance, according to the user ID, the found password and the URL contained in the login request, determine the second verification information;

步骤407,免登服务器对步骤405中单点登录设备中的客户端处理单元发来的登录请求中包含的第一验证信息和步骤406中确定出的第二验证信息进行比较,在二者一致时,确定验证成功,进入步骤408,否则,丢弃该登录请求或告知用户验证失败;Step 407, the free login server compares the first verification information contained in the login request sent by the client processing unit in the single sign-on device in step 405 with the second verification information determined in step 406, and if the two are consistent , determine that the verification is successful, and enter step 408, otherwise, discard the login request or inform the user that the verification has failed;

步骤408,免登服务器在验证成功后,指示用户侧单点登录设备中的网页浏览器访问步骤406中接收到的登录请求中包含的本地URL,与步骤308类似,免登服务器可以将认证凭据作为登录请求中包含的本地URL的参数;In step 408, after successful verification, the free login server instructs the web browser in the user-side single sign-on device to access the local URL contained in the login request received in step 406. Similar to step 308, the free login server can send the authentication credentials to As a parameter of the local URL contained in the login request;

步骤409,网页浏览器根据步骤408中免登服务器的指示,向同一单点登录设备中的网页服务单元发送访问上述本地URL的请求消息;Step 409, the web browser sends a request message to access the above-mentioned local URL to the web service unit in the same single sign-on device according to the instructions of the free login server in step 408;

步骤410,单点登录设备中的网页服务单元在接收到网页浏览器发送的访问本地URL的请求消息后,判断在自身存储的本地URL与目标页面URL的对应关系中,是否存在与网页浏览器发送的访问请求消息中的本地URL对应的目标页面URL。若存在,说明步骤405中的登录请求包含的本地URL是预先通过注册过程确定出的,即登录请求是由该单点登录设备中的客户端处理单元发出的,进入步骤411,否则不进行后续处理;Step 410: After receiving the request message for accessing the local URL sent by the web browser, the web service unit in the single sign-on device judges whether there is an URL of the target page corresponding to the local URL in the sent access request message. If it exists, it means that the local URL included in the login request in step 405 is pre-determined through the registration process, that is, the login request is sent by the client processing unit in the single sign-on device, and enters step 411; otherwise, no follow-up deal with;

步骤411,网页服务单元指示网页浏览器向目标网页URL对应的网页服务器发送发送访问请求消息。网页服务单元在指示消息中可以携带认证凭据,该认证凭据是根据预先与免登服务器预定的加密方法,对步骤410中网页浏览器的访问请求消息中携带的本地URL解密后获得的。Step 411, the webpage service unit instructs the webpage browser to send an access request message to the webpage server corresponding to the URL of the target webpage. The webpage service unit may carry an authentication credential in the indication message, and the authentication credential is obtained by decrypting the local URL carried in the access request message of the web browser in step 410 according to an encryption method pre-determined with the free login server.

同理,在本实施例中,网页服务单元也可独立于单点登录设备,例如,在单点登录设备之外单独设置一台或一组服务器。只要确保该网页服务单元与单点登录设备之间交互的通信安全,例如,网页服务单元与单点登录设置之间通过专线连接等,即可提高单点登录过程的安全性。Similarly, in this embodiment, the webpage service unit may also be independent from the single sign-on device, for example, one or a group of servers is separately set up outside the single sign-on device. As long as the communication security between the web service unit and the single sign-on device is ensured, for example, the web service unit and the single sign-on device are connected through a dedicated line, etc., the security of the single sign-on process can be improved.

实施例三、Embodiment three,

在实施例一或实施例二中,第一验证信息、或第二验证信息是由客户端处理单元、网页服务单元或免登服务器按照约定的方法,根据用户标识、密码、本地URL确定的,在本实施例中,确定验证信息时不仅根据上述三种信息,还包括确定第一验证信息时的时间信息,这样即使使用同一台计算机,在不同时间访问同一目标网页时,确定出的验证信息也是不同的,以免使用同一台计算机的其他非法用户冒充合法用户来访问该目标网页。具体过程请参照附图5所示。In Embodiment 1 or Embodiment 2, the first verification information or the second verification information is determined by the client processing unit, the webpage service unit or the free login server according to the agreed method, according to the user ID, password, and local URL, In this embodiment, the determination of the verification information is not only based on the above three types of information, but also includes the time information when determining the first verification information, so that even if the same computer is used to access the same target web page at different times, the determined verification information It is also different, so as to prevent other illegal users using the same computer from pretending to be legitimate users to visit the target webpage. Please refer to the accompanying drawing 5 for the specific process.

步骤501,用户在单点登录设备中的客户端处理单元中输入用户标识、对应的密码以及需要登录的目标网页的URL后,客户端处理单元向同一单点登录设备中的网页服务单元发送包含目标网页URL、用户输入的用户标识和用户标识对应的密码的注册请求,例如目标网页URL为http://www.targetweb.com/item_detail=23445;Step 501, after the user enters the user ID, the corresponding password, and the URL of the target webpage to be logged into the client processing unit in the single sign-on device, the client processing unit sends a message containing A registration request for the URL of the target web page, the user ID entered by the user, and the password corresponding to the user ID, for example, the URL of the target web page is http://www.targetweb.com/item_detail=23445;

步骤502,网页服务单元接收到注册请求后,按照预定的规则,确定与注册请求中包含的目标网页URL唯一对应的本地URL,例如确定出的本地URL为http://127.0.0.1:8808/auth?sid=123456;并保存上述目标网页URL与确定出的本地URL的对应关系;Step 502, after the web page service unit receives the registration request, according to predetermined rules, determine the local URL uniquely corresponding to the target web page URL included in the registration request, for example, the determined local URL is http://127.0.0.1:8808/ auth? sid=123456; and save the corresponding relationship between the URL of the target web page and the determined local URL;

步骤503,网页服务单元在确定出目标网页URL对应的本地URL后,按照预先与免登服务器约定的方法,根据用户输入的用户标识、密码、注册响应中包含的本地URL以及当前时间信息,确定第一验证信息,进入步骤504;Step 503: After determining the local URL corresponding to the URL of the target webpage, the webpage service unit determines according to the method agreed with the free login server in advance, according to the user ID, password, local URL included in the registration response and the current time information input by the user. First verification information, enter step 504;

步骤504,网页服务单元向客户端发送注册响应,注册响应中包含步骤503中确定出的本地URL、第一验证信息和该网页服务单元在确定第一验证信息时的时间信息;Step 504, the webpage service unit sends a registration response to the client, and the registration response includes the local URL determined in step 503, the first verification information, and the time information when the webpage service unit determines the first verification information;

步骤505,客户端处理单元在接收到注册响应后,向网络侧的免登服务器发送登录请求,登录请求中包含用户输入的用户标识、以及注册响应中包含的本地URL、第一验证信息和时间信息;Step 505. After receiving the registration response, the client processing unit sends a login request to the free login server on the network side. The login request includes the user ID input by the user, and the local URL, first verification information, and time included in the registration response. information;

步骤506,免登服务器接收到步骤505中单点登录设备中的客户端处理单元发来的登录请求后,从登录请求中获得用户标识,从存储的用户标识和密码的对应关系中查找到该用户标识对应的密码,并按照预先与单点登录设备中的网页服务单元约定的确定验证信息的方法,根据该用户标识、查找到的密码、登录请求中包含的URL和时间信息,确定第二验证信息;Step 506: After receiving the login request sent by the client processing unit in the single sign-on device in step 505, the free login server obtains the user ID from the login request, and finds the user ID from the stored correspondence between the user ID and the password. The password corresponding to the user ID, and according to the method of determining the verification information pre-agreed with the webpage service unit in the single sign-on device, according to the user ID, the password found, the URL and time information contained in the login request, determine the second verify message;

步骤507,免登服务器对步骤505中单点登录设备中的客户端处理单元发来的登录请求中包含的第一验证信息和步骤506中确定出的第二验证信息进行比较,在二者一致时,确定验证成功,进入步骤508,否则,丢弃该登录请求或告知用户验证失败;Step 507, the free login server compares the first verification information contained in the login request sent by the client processing unit in the single sign-on device in step 505 with the second verification information determined in step 506, and if the two are consistent , determine that the verification is successful, and enter step 508, otherwise, discard the login request or inform the user that the verification has failed;

步骤508,免登服务器在验证成功后,指示用户侧单点登录设备中的网页浏览器访问步骤506中接收到的请求登录请求中包含的本地URL,与步骤308类似,免登服务器可以将认证凭据作为登录请求中包含的网页URL的参数;In step 508, after successful verification, the free login server instructs the web browser in the user-side single sign-on device to access the local URL contained in the request login request received in step 506. Similar to step 308, the free login server can pass the authentication Credentials as parameters to the URL of the webpage included in the login request;

步骤509,网页浏览器根据步骤508中免登服务器的指示,向同一单点登录设备中的网页服务单元发送访问上述本地URL的请求消息;Step 509, the web browser sends a request message for accessing the local URL to the web service unit in the same single sign-on device according to the instructions of the free login server in step 508;

步骤510,单点登录设备中的网页服务单元在接收到网页浏览器发送的访问本地URL的请求消息后,判断在自身存储的本地URL与目标页面URL的对应关系中,是否存在与网页浏览器发送访问请求消息中的本地URL对应的目标页面URL。若存在,说明步骤505中的登录请求包含的本地URL是预先通过注册过程确定出的,即登录请求是由该单点登录设备中的客户端处理单元发出的,进入步骤511,否则不进行后续处理;Step 510: After receiving the request message for accessing the local URL sent by the web browser, the web service unit in the single sign-on device judges whether there is an Send the target page URL corresponding to the local URL in the access request message. If it exists, it means that the local URL included in the login request in step 505 is pre-determined through the registration process, that is, the login request is sent by the client processing unit in the single sign-on device, and enters step 511; otherwise, no follow-up deal with;

步骤511,网页服务单元指示网页浏览器向目标网页URL对应的网页服务器发送发送访问请求消息。网页服务单元在指示消息中可以携带认证凭据,该认证凭据是根据预先与免登服务器预定的加密方法,对步骤510中网页浏览器的访问请求消息中携带的本地URL解密后获得的。Step 511, the webpage service unit instructs the webpage browser to send an access request message to the webpage server corresponding to the URL of the target webpage. The web page service unit may carry an authentication credential in the indication message, and the authentication credential is obtained after decrypting the local URL carried in the access request message of the web browser in step 510 according to an encryption method pre-determined with the free login server.

其中,为了提高安全性,步骤501中单点登录设备中的客户端处理单元发送的注册请求中所包含的密码可以为客户端处理单元按照与免登服务器约定的加密方法,对用户输入的密码加密后获得的;同样,免登服务器根据登录请求中包含的用户标识查找到的密码为按照约定的加密方法,对用户在该免登服务器中注册时输入的密码加密后获得的。Among them, in order to improve security, the password contained in the registration request sent by the client processing unit in the single sign-on device in step 501 can be the password entered by the client processing unit according to the encryption method agreed with the free login server. obtained after encryption; similarly, the password found by the free login server based on the user ID contained in the login request is obtained after encrypting the password entered by the user when registering with the free login server according to the agreed encryption method.

在步骤503中,单点登录设备中的网页服务单元根据用户输入的用户标识、密码、注册响应中包含的本地URL以及当前时间信息,确定第一验证信息的过程与步骤304中客户端确定第一验证信息的过程类似:网页服务单元首先获得包含该本地URL、用户标识、密码和当前时间的字符串,并按照预先与免登服务器约定的加密方法,例如MD5算法,对获得的字符串加密,为了提高验证信息的安全性,还可以求取加密后的字符串的哈希反列,将求取的哈希反列作为第一验证信息。In step 503, the web page service unit in the single sign-on device determines the first verification information according to the user ID, password, local URL contained in the registration response, and current time information input by the user. The process of verifying information is similar: the webpage service unit first obtains the string containing the local URL, user ID, password and current time, and encrypts the obtained string according to the encryption method agreed with the Bindlog server in advance, such as the MD5 algorithm , in order to improve the security of the verification information, the reverse hash of the encrypted character string may also be obtained, and the obtained reverse hash may be used as the first verification information.

在上述步骤506中,免登服务器按照与步骤503中确定第一验证信息类似的方法,根据用户标识、查找到的密码、登录请求包含的本地URL和时间信息,获得第二验证信息。In the above step 506, the free login server obtains the second verification information according to the user ID, the found password, the local URL included in the login request and the time information in a method similar to that of determining the first verification information in step 503.

与实施例一相类似,在步骤503中,网页服务单元确定第一验证信息的功能也可以由同一单点登录设备中的客户端处理单元来实现。Similar to Embodiment 1, in step 503, the function of the webpage service unit to determine the first verification information may also be implemented by the client processing unit in the same single sign-on device.

与实施例一相类似,为了保证认证凭据传输的安全性,免登服务器在验证成功后,按照预先与单点登录设备中的网页服务单元约定的加密方法,对分配给用户的认证凭据加密,并在指示单点登录设备中的网页浏览器访问本地URL的指示消息中携带加密后的认证凭据的,例如,将加密后的认证凭据作为请求的本地URL的参数,网页服务单元在判断出已存在网页浏览器请求的本地URL与目标页面URL的对应关系时,按照约定的加密方法对网页浏览器发送的网页请求消息中携带的已加密的认证凭据解密,并在指示网页浏览器访问的目标页面的指示消息中携带解密后的认证凭据。Similar to Embodiment 1, in order to ensure the security of authentication credential transmission, the free login server encrypts the authentication credential assigned to the user according to the encryption method pre-agreed with the webpage service unit in the single sign-on device after the verification is successful, If the encrypted authentication credential is carried in the instruction message instructing the web browser in the single sign-on device to access the local URL, for example, the encrypted authentication credential is used as a parameter of the requested local URL, and the webpage service unit determines that the When there is a corresponding relationship between the local URL requested by the web browser and the URL of the target page, the encrypted authentication credentials carried in the web page request message sent by the web browser are decrypted according to the agreed encryption method, and the target page URL instructing the web browser to access The instruction message on the page carries the decrypted authentication credentials.

在步骤510中,网页服务单元在确定出登录请求是由与网页浏览器位于同一单点登录设备中的客户端处理单元发出的后,还可以清除本地URL与目标页面URL的对应关系,这样可以节省存储空间。In step 510, after the web page service unit determines that the login request is sent by the client processing unit located in the same single sign-on device as the web browser, it can also clear the correspondence between the local URL and the target page URL, so that Save storage space.

相应地,请参照附图6,为本申请提出的一种单点登录设备的结构示意图,该单点登录设备包括客户端处理单元601、网页服务单元602和网页浏览器603,其中,Correspondingly, please refer to FIG. 6 , which is a schematic structural diagram of a single sign-on device proposed in this application. The single sign-on device includes a client processing unit 601, a web page service unit 602 and a web browser 603, wherein,

客户端处理单元601,用于向网页服务单元602发送注册请求,以及在接收到对应的注册响应后向网络侧的免登服务器发送包含验证信息和注册响应中包含的本地URL的登录请求;The client processing unit 601 is configured to send a registration request to the web page service unit 602, and send a login request including the verification information and the local URL included in the registration response to the free login server on the network side after receiving the corresponding registration response;

网页服务单元602,用于接收注册请求,确定与注册请求包含的目标网页URL唯一对应的本地URL,并存储所述本地URL与目标网页URL的对应关系,向客户端处理单元601发送包含所述本地URL的注册响应,以及根据网页浏览器603发来的访问网页的请求消息,在确定存储有网页请求消息中的本地URL与目标页面URL的对应关系时,指示网页浏览器603访问对应的目标页面URL;The web page service unit 602 is configured to receive a registration request, determine a local URL uniquely corresponding to the target web page URL included in the registration request, store the correspondence between the local URL and the target web page URL, and send a message containing the URL to the client processing unit 601. The registration response of the local URL, and the request message for visiting the webpage sent according to the webpage browser 603, when determining the corresponding relationship between the local URL and the target page URL stored in the webpage request message, instruct the webpage browser 603 to access the corresponding target page URL;

网页浏览器603,用于根据网络侧的免登服务器基于登录请求中的验证信息对用户身份验证成功后发送的指示,向网页服务器602发送的包含本地URL的访问网页的请求消息,以及根据网页服务单元602的指示,向目标URL对应的网页服务器发送访问请求消息。The web browser 603 is configured to send a request message to the web server 602 for accessing the web page containing the local URL according to the instruction sent by the free login server on the network side based on the verification information in the login request after the user identity verification is successful, and according to the web page According to the instruction of the service unit 602, an access request message is sent to the webpage server corresponding to the target URL.

上述单点登录设备可以位于用户的同一台计算机中,其组成部分也可以彼此独立位于多台计算机内或具有数据处理功能的设备内。The above-mentioned single sign-on device can be located in the same computer of the user, and its components can also be located independently of each other in multiple computers or devices with data processing functions.

对应地,本申请还提供了一种网络侧的免登服务器,请参照附图7,该免登服务器包括接收单元701、查找单元702、确定单元703、判断单元704和指示单元705,其中,Correspondingly, this application also provides a free login server on the network side. Please refer to FIG.

接收单元701,用于接收上述单点登录设备发来的登录请求;The receiving unit 701 is configured to receive the login request sent by the above-mentioned single sign-on device;

查找单元702,用于查找登录请求中包含的用户标识对应的密码;A search unit 702, configured to search for a password corresponding to the user ID contained in the login request;

确定单元703,用于按照与单点登录设备约定的方法,根据登录请求包含的用户标识和本地URL,以及查找单元查找到的密码,获得服务器端验证信息;The determination unit 703 is configured to obtain server-side verification information according to the method agreed with the single sign-on device, according to the user ID and local URL included in the login request, and the password found by the search unit;

判断单元704,用于判断确定单元703获得的服务器端验证信息与所述登录请求中包含的验证信息是否一致;A judging unit 704, configured to judge whether the server-side verification information obtained by the determining unit 703 is consistent with the verification information contained in the login request;

指示单元705,用于在判断单元704判断出服务器端验证信息与登录请求中包含的验证信息一致时,指示与所述单点登录设备中的网页浏览器请求登录请求中包含的本地URL,其中所述本地URL与用户要访问的目标页面URL唯一对应。The indicating unit 705 is configured to indicate that the web browser in the single sign-on device requests the local URL contained in the login request when the judging unit 704 determines that the server-side verification information is consistent with the verification information contained in the login request, wherein The local URL uniquely corresponds to the URL of the target page to be accessed by the user.

为了描述的方便,描述以上系统时以功能分为各种单元分别描述。当然,在实施本申请时可以把各单元的功能在同一个或多个软件和/或硬件中实现。For the convenience of description, when describing the above system, functions are divided into various units and described separately. Of course, when implementing the present application, the functions of each unit can be realized in one or more pieces of software and/or hardware.

显然,本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的精神和范围。这样,倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the application without departing from the spirit and scope of the application. In this way, if these modifications and variations of the present application fall within the scope of the claims of the present application and their equivalent technologies, the present application is also intended to include these modifications and variations.

Claims (14)

1.一种单点登录方法,其特征在于,包括:1. A single sign-on method, characterized in that, comprising: 单点登录设备中的客户端处理单元向网页服务单元发送注册请求;The client processing unit in the single sign-on device sends a registration request to the webpage service unit; 网页服务单元确定与注册请求中包含的目标网页URL唯一对应的本地URL,并存储所述本地URL与目标网页URL的对应关系,以及将包含所述本地URL的注册响应发送给客户端处理单元;The webpage service unit determines the local URL uniquely corresponding to the target webpage URL included in the registration request, stores the correspondence between the local URL and the target webpage URL, and sends a registration response containing the local URL to the client processing unit; 客户端处理单元接收到注册响应后向免登服务器发送包含验证信息和所述本地URL的登录请求;After receiving the registration response, the client processing unit sends a login request including verification information and the local URL to the free login server; 单点登录设备接收免登服务器基于登录请求中的验证信息对用户身份验证成功后发送的指示,指示单点登录设备中的网页浏览器向网页服务单元发送访问本地URL的请求消息;The single sign-on device receives an instruction sent by the free login server based on the verification information in the login request after the user's identity is successfully authenticated, and instructs the web browser in the single sign-on device to send a request message for accessing the local URL to the web service unit; 网页服务单元根据所述请求消息,在确定存储有请求访问的本地URL与目标页面URL的对应关系时,指示网页浏览器访问对应的目标页面URL。According to the request message, the web page service unit instructs the web browser to access the corresponding target page URL when determining that the corresponding relationship between the requested local URL and the target page URL is stored. 2.如权利要求1所述的方法,其特征在于,所述验证信息为客户端处理单元接收到注册响应后,按照预先与免登服务器约定的方法,根据用户输入的用户标识、密码、以及注册响应中包含的本地URL确定出的。2. The method according to claim 1, wherein the verification information is that after the client processing unit receives the registration response, according to the method agreed with the free login server in advance, according to the user ID, password, and determined by the local URL included in the registration response. 3.如权利要求1所述的方法,其特征在于,所述验证信息为网页服务单元接收到注册请求后,按照与免登服务器约定的方法,根据确定出的与目标网页唯一对应的本地URL、注册请求包含的用户标识和密码确定出的;3. The method according to claim 1, wherein the verification information is that after the webpage service unit receives the registration request, according to the method agreed with the free login server, according to the determined local URL uniquely corresponding to the target webpage , determined by the user ID and password included in the registration request; 网页服务单元在确定出验证信息后,将该验证信息包含在注册响应中发送给客户端。After determining the verification information, the web page service unit includes the verification information in the registration response and sends it to the client. 4.如权利要求3所述的方法,其特征在于,网页服务单元根据所述本地URL、注册请求包含的用户标识和密码、以及当前时间信息,来确定验证信息;4. The method according to claim 3, wherein the webpage service unit determines verification information according to the local URL, the user ID and password contained in the registration request, and current time information; 网页服务单元发送给客户端的注册响应还包括所述时间信息;The registration response sent by the webpage service unit to the client also includes the time information; 客户端处理单元向免登服务器发送的登录请求还包括所述时间信息;The login request sent by the client processing unit to the free login server also includes the time information; 免登服务器根据登录请求中包含的验证信息进行验证,具体包括:The free login server performs verification according to the verification information contained in the login request, including: 免登服务器查找登录请求中包含的用户标识对应的密码,并The free login server looks up the password corresponding to the user ID contained in the login request, and 根据该用户标识、查找到的密码、登录请求包含的本地URL和时间信息,获得服务器端验证信息,以及According to the user ID, the found password, the local URL and time information included in the login request, obtain server-side authentication information, and 判断登录请求中包含的验证信息和获得的服务器端验证信息是否一致,在一致时,确定验证成功;否则,验证失败。Determine whether the authentication information included in the login request is consistent with the obtained server-side authentication information, and if they are consistent, determine that the authentication is successful; otherwise, the authentication fails. 5.如权利要求4所述的方法,其特征在于,网页服务单元按照与免登服务器约定的方法,根据本地URL、注册请求包含的用户标识和密码、以及当前时间信息,获得验证信息,具体包括:5. The method according to claim 4, wherein the webpage service unit obtains verification information according to the method agreed with the free login server, according to the local URL, the user ID and password included in the registration request, and the current time information, specifically include: 网页服务单元获得包含所述本地URL、用户标识、密码、以及当前时间信息的字符串,并The web page service unit obtains a character string comprising the local URL, user ID, password, and current time information, and 按照与免登服务器约定的加密方法对获得的字符串加密,以及Encrypt the obtained character string according to the encryption method agreed with the Binance server, and 求取加密后的字符串的哈希反列;Obtain the hash inversion of the encrypted string; 网页服务单元将求取的哈希反列作为验证信息。The web page service unit uses the calculated hash inversion as verification information. 6.如权利要求1至3中任一权利要求所述的方法,其特征在于,免登服务器根据登录请求中包含的验证信息,对用户身份进行验证,具体包括:6. The method according to any one of claims 1 to 3, wherein the free login server verifies the identity of the user according to the verification information contained in the login request, specifically including: 免登服务器查找登录请求中包含的用户标识对应的密码,并The free login server looks up the password corresponding to the user ID contained in the login request, and 根据该用户标识、查找到的密码和登录请求包含的本地URL,获得服务器端验证信息,以及Obtain server-side authentication information based on the user ID, the found password, and the local URL contained in the login request, and 判断登录请求中包含的验证信息和获得的服务器端验证信息是否一致,在一致时,确定验证成功;否则,验证失败。Determine whether the authentication information included in the login request is consistent with the obtained server-side authentication information, and if they are consistent, determine that the authentication is successful; otherwise, the authentication fails. 7.如权利要求1所述的方法,其特征在于,注册请求中包含的密码为客户端处理单元按照与免登服务器约定的加密方法,对用户输入的密码加密后获得的;7. The method according to claim 1, wherein the password contained in the registration request is obtained by the client processing unit after encrypting the password input by the user according to the encryption method agreed with the free login server; 免登服务器根据登录请求中包含的用户标识查找到的密码为按照约定的加密方法,对用户在该免登服务器中注册时输入的密码加密后获得的。The password found by the free login server based on the user ID contained in the login request is obtained by encrypting the password entered by the user when registering with the free login server according to the agreed encryption method. 8.如权利要求1所述的方法,其特征在于,免登服务器对用户身份验证成功后,指示单点登录设备中的网页浏览器请求本地URL时,还包括按照与单点登录设备中的网页服务单元约定的加密方法,对分配给用户的认证凭据加密,并在指示单点登录设备中的网页浏览器访问本地URL的指示消息中携带加密后的认证凭据的步骤;以及8. The method according to claim 1, wherein after the free login server successfully authenticates the user, instructing the web browser in the single sign-on device to request a local URL, it also includes: The encryption method agreed by the web service unit, encrypting the authentication credentials assigned to the user, and carrying the encrypted authentication credentials in the instruction message instructing the web browser in the single sign-on device to access the local URL; and 网页服务单元在确定出存储有网页浏览器访问的本地URL与目标页面URL的对应关系后,还包括:对网页浏览器发送的访问网页的请求消息中携带的已加密的认证凭据解密,并在指示网页浏览器访问对应的目标页面URL的指示消息中携带解密后的认证凭据。After the webpage service unit determines the corresponding relationship between the local URL accessed by the webpage browser and the URL of the target page, it also includes: decrypting the encrypted authentication credentials carried in the request message for accessing the webpage sent by the webpage browser, and The decrypted authentication credential is carried in the indication message instructing the web browser to access the corresponding target page URL. 9.如权利要求1至3中任一权利要求所述的方法,其特征在于,网页服务单元在确定出存储有网页浏览器访问的本地URL与目标页面URL的对应关系,并指示网页浏览器访问对应的目标页面URL后,还包括:9. The method according to any one of claims 1 to 3, wherein the web service unit determines the correspondence between the local URL and the target page URL stored in the web browser and instructs the web browser to After visiting the corresponding target page URL, it also includes: 网页服务单元清除存储的所述本地URL与目标页面URL的对应关系。The web page service unit clears the stored correspondence between the local URL and the target page URL. 10.如权利要求1所述的方法,其特征在于,所述网页服务单元与客户端处理单元位于同一单点登录设备内,或所述网页服务单元独立于单点登录设备。10. The method according to claim 1, wherein the web page service unit and the client processing unit are located in the same single sign-on device, or the web page service unit is independent of the single sign-on device. 11.一种单点登录方法,其特征在于,包括:11. A single sign-on method, characterized in that, comprising: 免登服务器接收到单点登录设备发来的登录请求后,查找登录请求中包含的用户标识对应的密码,以及After receiving the login request from the single sign-on device, the free login server searches for the password corresponding to the user ID included in the login request, and 根据用户标识、查找到的密码、登录请求中包含的本地URL,获得服务器端验证信息,以及Obtain server-side authentication information based on the user ID, the password found, and the local URL included in the login request, and 在确定出登录请求包含的验证信息和服务器端验证信息一致后,指示所述单点登录设备中的网页浏览器访问所述本地URL,其中,所述本地URL与用户要访问的目标页面URL唯一对应。After determining that the authentication information contained in the login request is consistent with the server-side authentication information, instruct the web browser in the single sign-on device to access the local URL, wherein the local URL is unique to the URL of the target page to be accessed by the user correspond. 12.一种单点登录设备,其特征在于,包括:12. A single sign-on device, characterized in that it comprises: 客户端处理单元,用于向网页服务单元发送注册请求,以及在接收到对应的注册响应后向免登服务器发送包含验证信息和注册响应中包含的本地URL的登录请求;The client processing unit is configured to send a registration request to the webpage service unit, and after receiving the corresponding registration response, send a login request including the verification information and the local URL contained in the registration response to the free login server; 网页服务单元,用于接收注册请求,确定与注册请求包含的目标网页URL唯一对应的本地URL,并存储所述本地URL与目标网页URL的对应关系,向客户端处理单元发送包含所述本地URL的注册响应,以及根据该单点登录设备中的网页浏览器发来的访问网页请求,在确定存储有网页请求中的本地URL与目标页面URL的对应关系时,指示所述网页浏览器访问对应的目标页面URL。The webpage service unit is used to receive the registration request, determine the local URL uniquely corresponding to the target webpage URL contained in the registration request, and store the correspondence between the local URL and the target webpage URL, and send a message containing the local URL to the client processing unit. registration response, and according to the webpage access request sent by the webpage browser in the single sign-on device, when it is determined that the corresponding relationship between the local URL in the webpage request and the target page URL is stored, instruct the webpage browser to access the corresponding The target page URL. 13.一种免登服务器,其特征在于,包括:13. A free login server, comprising: 接收单元,用于接收单点登录设备发来的登录请求;a receiving unit, configured to receive a login request from the single sign-on device; 查找单元,用于查找登录请求中包含的用户标识对应的密码;A search unit, configured to find the password corresponding to the user ID included in the login request; 确定单元,用于按照与单点登录设备约定的方法,根据登录请求包含的用户标识和本地URL,以及查找单元查找到的密码,获得服务器端验证信息;The determination unit is used to obtain server-side verification information according to the method agreed with the single sign-on device, according to the user ID and local URL included in the login request, and the password found by the search unit; 判断单元,用于判断确定单元获得的服务器端验证信息与所述登录请求中包含的验证信息是否一致;a judging unit, configured to judge whether the server-side verification information obtained by the determining unit is consistent with the verification information included in the login request; 指示单元,用于在判断单元判断出服务器端验证信息与登录请求中包含的验证信息一致时,指示所述单点登录设备中的网页浏览器访问登录请求中包含的本地URL,其中所述本地URL与用户要访问的目标页面URL唯一对应。An instructing unit, configured to instruct the web browser in the single sign-on device to access the local URL contained in the login request when the judging unit determines that the server-side verification information is consistent with the verification information contained in the login request, wherein the local The URL uniquely corresponds to the URL of the target page that the user wants to visit. 14.一种单点登录系统,其特征在于,包括单点登录设备和免登服务器,其中,14. A single sign-on system, characterized in that it includes a single sign-on device and a free login server, wherein, 单点登录设备,用于确定与目标URL唯一对应的本地URL,向免登服务器发送包含验证信息和所述本地URL的登录请求,以及在根据免登服务器的指示,确定出存储有免登服务器指示请求的本地URL和目标页面URL的对应关系时,向网络侧提供目标URL对应页面的网页服务器发送访问目标页面URL的请求消息;The single sign-on device is used to determine the local URL uniquely corresponding to the target URL, send a login request including verification information and the local URL to the free login server, and determine that the free login server has stored the URL according to the instructions of the free login server. When indicating the corresponding relationship between the requested local URL and the target page URL, send a request message for accessing the target page URL to the web server that provides the page corresponding to the target URL on the network side; 免登服务器,用于接收登录请求,以及在根据登录请求中包含的验证信息,对用户身份验证成功后,指示单点登录设备访问登录请求中包含的URL。The free login server is configured to receive the login request, and instruct the single sign-on device to access the URL contained in the login request after successfully authenticating the user according to the verification information contained in the login request.
CN 200910171267 2009-08-27 2009-08-27 Single sign-on method, single sign-on system, and related equipment Expired - Fee Related CN101997685B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN 200910171267 CN101997685B (en) 2009-08-27 2009-08-27 Single sign-on method, single sign-on system, and related equipment
HK11103953.6A HK1149862B (en) 2011-04-19 Single sign-on method, single sign-on system and relevant device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200910171267 CN101997685B (en) 2009-08-27 2009-08-27 Single sign-on method, single sign-on system, and related equipment

Publications (2)

Publication Number Publication Date
CN101997685A CN101997685A (en) 2011-03-30
CN101997685B true CN101997685B (en) 2013-05-29

Family

ID=43787333

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200910171267 Expired - Fee Related CN101997685B (en) 2009-08-27 2009-08-27 Single sign-on method, single sign-on system, and related equipment

Country Status (1)

Country Link
CN (1) CN101997685B (en)

Families Citing this family (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102497443B (en) * 2011-12-23 2015-04-22 王艾勉 Vehicle-mounted station based on Internet, system and communication method thereof
CN102420836A (en) * 2012-01-12 2012-04-18 中国电子科技集团公司第十五研究所 Sign-on method and sign-on management system for service information system
CN102624737B (en) * 2012-03-27 2015-05-06 武汉理工大学 Single sign-on integrated method for Form identity authentication in single login system
CN103916372B (en) * 2013-01-07 2017-07-21 中国银联股份有限公司 A kind of third party's log-on message trustship method and system
CN103209168B (en) * 2013-01-30 2017-03-08 广东欧珀移动通信有限公司 A kind of method and system for realizing single-sign-on
CN104125558B (en) * 2013-04-26 2017-11-03 中国移动通信集团上海有限公司 A kind of client-based method for processing business, equipment and system
CN104219194B (en) * 2013-05-29 2018-04-03 财付通支付科技有限公司 Data information sharing method, data information pull method, equipment and system
CN109831492B (en) * 2013-08-14 2021-06-22 华为技术有限公司 Method and device for accessing OTT applications and server push messages
CN104144054B (en) * 2013-10-17 2015-07-22 腾讯科技(深圳)有限公司 Login system based on server, login server and verification method of login server
US9787658B2 (en) 2013-10-17 2017-10-10 Tencent Technology (Shenzhen) Company Limited Login system based on server, login server, and verification method thereof
CN103634111B (en) * 2013-11-19 2017-09-26 北京国双科技有限公司 Single-point logging method and system and single sign-on client-side
CN104038474A (en) * 2014-05-09 2014-09-10 深信服网络科技(深圳)有限公司 Internet access detection method and device
CN104394133B (en) * 2014-11-14 2017-12-22 百度在线网络技术(北京)有限公司 Login method and login system
CN104579682A (en) * 2014-12-30 2015-04-29 华夏银行股份有限公司 Access method and system for multi-service server
CN105072108B (en) * 2015-08-04 2018-10-19 小米科技有限责任公司 Transmission method, the apparatus and system of user information
CN105956136B (en) * 2016-05-11 2020-08-11 腾讯科技(深圳)有限公司 Method and device for acquiring login information
CN106533678B (en) * 2016-07-06 2019-09-13 天津米游科技有限公司 A kind of login method and its system based on multi-signature
CN105978914B (en) * 2016-07-18 2019-05-21 北京小米移动软件有限公司 Web access method and device
CN110324296B (en) * 2018-03-30 2021-11-26 武汉斗鱼网络科技有限公司 Bullet screen server connection method and device and client
CN110753018A (en) * 2018-07-23 2020-02-04 北京国双科技有限公司 Login authentication method and system
CN112579998B (en) * 2019-09-30 2023-09-26 北京京东尚科信息技术有限公司 Webpage access method, management system and electronic equipment in information interaction platform
KR20210057609A (en) * 2019-11-12 2021-05-21 김금철 App system that works with media, app, website, etc.
CN111404921B (en) * 2020-03-12 2022-05-17 广州市百果园信息技术有限公司 Webpage application access method, device, equipment, system and storage medium
CN112417328B (en) * 2020-12-03 2024-05-31 杭州海量存储技术有限公司 Webpage monitoring method and device
CN112613022A (en) * 2020-12-25 2021-04-06 航天信息股份有限公司 Method and system for user single sign-on service system
CN112765583A (en) * 2021-01-27 2021-05-07 海尔数字科技(青岛)有限公司 Single sign-on method, device, equipment and medium
CN113609425A (en) * 2021-07-15 2021-11-05 西安四叶草信息技术有限公司 Webpage data processing method and system
CN113849749B (en) * 2021-10-09 2024-09-24 云南经济管理学院 Access method and access system based on Wordpress
CN116249095A (en) * 2021-12-07 2023-06-09 中国移动通信有限公司研究院 A page display method and related equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101075875A (en) * 2007-06-14 2007-11-21 中国电信股份有限公司 Method and system for realizing monopoint login between gate and system
CN101179387A (en) * 2007-12-12 2008-05-14 江苏省电力公司 Unified identity management and authentication method based on digital certificate and multi-level domain
US7404204B2 (en) * 2004-02-06 2008-07-22 Hewlett-Packard Development Company, L.P. System and method for authentication via a single sign-on server

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030188193A1 (en) * 2002-03-28 2003-10-02 International Business Machines Corporation Single sign on for kerberos authentication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7404204B2 (en) * 2004-02-06 2008-07-22 Hewlett-Packard Development Company, L.P. System and method for authentication via a single sign-on server
CN101075875A (en) * 2007-06-14 2007-11-21 中国电信股份有限公司 Method and system for realizing monopoint login between gate and system
CN101179387A (en) * 2007-12-12 2008-05-14 江苏省电力公司 Unified identity management and authentication method based on digital certificate and multi-level domain

Also Published As

Publication number Publication date
CN101997685A (en) 2011-03-30
HK1149862A1 (en) 2011-10-14

Similar Documents

Publication Publication Date Title
CN101997685B (en) Single sign-on method, single sign-on system, and related equipment
CN102201915B (en) A terminal authentication method and device based on single sign-on
JP6643373B2 (en) Information processing system, control method and program therefor
US9871791B2 (en) Multi factor user authentication on multiple devices
CN109088889B (en) SSL encryption and decryption method, system and computer readable storage medium
CN101227468B (en) Method, device and system for authenticating user to network
US10225260B2 (en) Enhanced authentication security
US10218691B2 (en) Single sign-on framework for browser-based applications and native applications
JP7202688B2 (en) Authentication system, authentication method, application providing device, authentication device, and authentication program
US20170006020A1 (en) Authentication context transfer for accessing computing resources via single sign-on with single use access tokens
US10764294B1 (en) Data exfiltration control
US20170223009A1 (en) Late binding authentication
WO2017028804A1 (en) Web real-time communication platform authentication and access method and device
CN104065616A (en) Single sign-on method and system
US10257171B2 (en) Server public key pinning by URL
CN103716292A (en) Cross-domain single-point login method and device thereof
US20160381001A1 (en) Method and apparatus for identity authentication between systems
CN108076077A (en) A kind of conversation controlling method and device
CN105656854B (en) A method, device and system for verifying the source of wireless local area network users
US8875244B1 (en) Method and apparatus for authenticating a user using dynamic client-side storage values
CN107786515A (en) A kind of method and apparatus of certificate verification
CN106487752B (en) Method and device for verifying access security
CN109729045B (en) Single sign-on method, system, server and storage medium
CN118381626B (en) Inter-application authentication method, device and readable storage medium
KR20190114505A (en) Single sign on service authentication method and system using token management demon

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1149862

Country of ref document: HK

C14 Grant of patent or utility model
GR01 Patent grant
REG Reference to a national code

Ref country code: HK

Ref legal event code: GR

Ref document number: 1149862

Country of ref document: HK

CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20130529

CF01 Termination of patent right due to non-payment of annual fee