CN107786552A - Single-point logging method, system and computer equipment - Google Patents
Single-point logging method, system and computer equipment Download PDFInfo
- Publication number
- CN107786552A CN107786552A CN201710979073.3A CN201710979073A CN107786552A CN 107786552 A CN107786552 A CN 107786552A CN 201710979073 A CN201710979073 A CN 201710979073A CN 107786552 A CN107786552 A CN 107786552A
- Authority
- CN
- China
- Prior art keywords
- login
- service
- single sign
- request
- state
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 120
- 238000012545 processing Methods 0.000 claims description 30
- 238000012544 monitoring process Methods 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 10
- 230000002452 interceptive effect Effects 0.000 abstract 1
- 230000008447 perception Effects 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 18
- 230000008569 process Effects 0.000 description 14
- 230000003993 interaction Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000012423 maintenance Methods 0.000 description 4
- 238000013515 script Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a kind of single-point logging method, system and computer equipment.Wherein, a kind of single-point logging method, including:Service request is received, obtains the logging status of current browser;In the state of being not logged in, the login page of operation system is shown, obtains customer parameter, and the customer parameter is sent to login service domain, logging request is handled by login service domain;The login result that login service domain returns is monitored, completes to log in.By technical scheme, for client user, can only arrive perception and once be logged in operation system, the page reorientation for avoiding operation system in correlation technique redirects, good with interactive experience, safe, using it is efficient and convenient the advantages of.
Description
Technical Field
The invention relates to the technical field of big data, in particular to a single sign-on method, a single sign-on system, computer equipment and a computer readable storage medium.
Background
In the existing single sign-on system, a unified ticket checking interceptor is adopted, a unified login page of a login server is redirected to log in under the state of no login, and a destination address is skipped after the login is finished, at least two cross-domain page redirection appear in the whole process, the page styles of a service system and the login server cannot be completely unified, and the interaction experience is not good; in addition, some business systems need to use their own ticket checking service, and require various kinds of services, and a unified single sign-on scheme has certain disadvantages, as shown in fig. 1.
Disclosure of Invention
The present invention is directed to solving at least one of the problems of the prior art or the related art.
To this end, an aspect of the present invention is to provide a single sign-on method.
Another aspect of the present invention is to provide a single sign-on system.
Yet another aspect of the invention is directed to a computer device.
Yet another aspect of the present invention is to provide a computer-readable storage medium.
In view of the above, an aspect of the present invention provides a single sign-on method, including: receiving a service request, and acquiring the login state of the current browser; in the non-login state, displaying a login page of a business system, acquiring user parameters, sending the user parameters to a login service domain, and processing a login request by the login service domain; and monitoring a login result returned by the login service domain to complete login.
According to the single sign-on method, the single sign-on state of the current browser is pre-judged by receiving the service request, the login page of the service system is displayed under the condition that the single sign-on verification is not carried out on the current browser, the user parameters are obtained, the login request is sent to the login service domain, the login request is processed by the login service domain, the login result sent by the server is monitored and received, and the corresponding callback method is executed according to the login result to complete the login. Through the technical scheme of the invention, the service system domain and the login service domain are linked in the whole process, the login result information is monitored and received after the cross-domain login request occurs, and the corresponding callback processing is carried out to realize login. For a client user, the user can only sense that the login is performed on the service system once, so that the page redirection skip of the service system in the related technology is avoided, and the method has the advantages of good interaction experience, high safety and quickness and convenience in use.
In addition, the single sign-on method according to the present invention may further include the following additional features:
in the above technical solution, preferably, the step of monitoring a login result returned by the login service domain to complete the login includes: in the successful login state, sending the user parameters to a custom ticket checking address of the service system, checking the ticket, and entering the service system in the successful ticket checking state; or directly entering a service system in a successful login state; and executing the failure callback method under the state of login failure.
In the technical scheme, a login result returned by a login service domain is monitored, and under the condition of successful login, two callback processing modes are provided, wherein one mode is that after unified login, user parameters are sent to a self-defined ticket checking address of the service system, self-defined ticket checking is carried out, and the service system is entered after the self-defined ticket checking is successful; the other is unified login and unified ticket checking, and the user can directly enter the service system after the login is successful; and in the state of login failure, executing a failure callback method, such as displaying a login page of the service system, reminding a user to log in again, or displaying login failure and the like. According to the technical scheme, the single sign-on requirements are met, meanwhile, the unified ticket checking and the user-defined ticket checking requirements are supported in the face of various sign-on requirements of the service system, the complex logic processing of a sign-on server end can be avoided from being aggravated, operation and maintenance cost caused by repeated requirement adjustment in the later period is avoided, the requirements of the service system are well adapted, and the sign-on purpose of meeting different service requirements and perfect experience is achieved.
In any of the above technical solutions, preferably, the login service domain uses an IFrame service framework and integrates an Html5 message interface to communicate with the current service domain.
In the technical scheme, an IFrame service frame is embedded into a service system, an Html5 message interface is integrated, the service system is communicated with a login service domain by calling an Html5 message interface, a method contained in the Html5 message interface sends a cross-domain request to a server through a JSONP protocol, and the problem of the cross-domain request is solved. For a user, the IFrame window is invisible and cannot be perceived, the whole login process is carried out without traces, and the experience is smooth; meanwhile, the message API based on the Html5 has good compatibility, allows scripts of different sources to effectively communicate in an asynchronous mode, and realizes efficient and safe cross-domain communication.
In any of the above technical solutions, preferably, the user parameter at least includes: a user name, a password, a callback method, a self-checking ticket request and a system ID number; the callback method comprises a failure callback method.
In the technical solution, the user parameters at least include a user name, a password, a callback method, a self-checking ticket request, and a system ID number, wherein the callback method includes a failed callback method, but is not limited thereto. The single sign-on system has the changeful conditions that the business system needs to check the ticket automatically, and the ticket can be checked automatically by the business system after the single sign-on is successful by obtaining the request parameter of the ticket checking.
In any of the above technical solutions, preferably, the login page of the business system is a custom login page.
In the technical scheme, the login page of the business system is a user-defined login page, and the requirement of diversification of the login page in the single sign-on system is met.
In another aspect of the present invention, a single sign-on system is provided, which includes: the login prejudging unit is used for receiving the service request and acquiring the login state of the current browser; the login request unit is used for displaying a login page of the business system and loading a login service domain in a non-login state; acquiring user parameters, sending the user parameters to the login service domain, and processing a login request by the login service domain; and the processing unit is used for monitoring a login result returned by the login service domain to complete login.
According to the single sign-on system, the single sign-on state of the current browser is pre-judged by receiving the service request, the login page of the service system is displayed under the condition that the current browser does not perform single sign-on verification, the user parameters are acquired, the login request is sent to the login service domain, the login request is processed by the login service domain, the login result sent by the server is monitored and received, and the corresponding callback method is executed according to the login result to complete login. Through the technical scheme of the invention, the service system domain and the login service domain are linked in the whole process, the login result information is monitored and received after the cross-domain login request occurs, and the corresponding callback processing is carried out to realize login. For a client user, the user can only sense that the login is performed on the service system once, so that the page redirection skip of the service system in the related technology is avoided, and the method has the advantages of good interaction experience, high safety and quickness and convenience in use.
In the foregoing technical solution, preferably, the processing unit is specifically configured to: in the successful login state, sending the user parameters to a custom ticket checking address of the service system for checking tickets, and entering the service system in the successful ticket checking state; or directly entering a service system in a successful login state; and executing the failure callback method under the state of login failure.
In the technical scheme, a login result returned by a login service domain is monitored, and under the condition of successful login, two callback processing modes are provided, wherein one mode is that after unified login, user parameters are sent to a self-defined ticket checking address of the service system, self-defined ticket checking is carried out, and the service system is entered after the self-defined ticket checking is successful; the other is unified login and unified ticket checking, and the user can directly enter the service system after the login is successful; and in the state of login failure, executing a failure callback method, such as displaying a login page of the service system, reminding a user to log in again, or displaying login failure and the like. According to the technical scheme, the single sign-on requirements are met, meanwhile, the unified ticket checking and the user-defined ticket checking requirements are supported in the face of various sign-on requirements of the service system, the complex logic processing of a sign-on server end can be avoided from being aggravated, operation and maintenance cost caused by repeated requirement adjustment in the later period is avoided, the requirements of the service system are well adapted, and the sign-on purpose of meeting different service requirements and perfect experience is achieved.
In any of the above technical solutions, preferably, the login service domain uses an IFrame service framework and integrates an Html5 message interface to communicate with the current service domain.
In the technical scheme, an IFrame service frame is embedded into a service system, an Html5 message interface is integrated, the service system is communicated with a login service domain by calling an Html5 message interface, a method contained in the Html5 message interface sends a cross-domain request to a server through a JSONP protocol, and the problem of the cross-domain request is solved. For a user, the IFrame window is invisible and cannot be perceived, the whole login process is carried out without traces, and the experience is smooth; meanwhile, the message API based on the Html5 has good compatibility, allows scripts of different sources to effectively communicate in an asynchronous mode, and realizes efficient and safe cross-domain communication.
In any of the above technical solutions, preferably, the user parameter at least includes: a user name, a password, a callback method, a self-checking ticket request and a system ID number; the callback method comprises a failure callback method.
In the technical solution, the user parameters at least include a user name, a password, a callback method, a self-checking ticket request, and a system ID number, wherein the callback method includes a failed callback method, but is not limited thereto. The single sign-on system has the changeful conditions that the business system needs to check the ticket automatically, and the ticket can be checked automatically by the business system after the single sign-on is successful by obtaining the request parameter of the ticket checking.
In any of the above technical solutions, preferably, the login page of the business system is a custom login page.
In the technical scheme, the login page of the business system is a user-defined login page, and the requirement of diversification of the login page in the single sign-on system is met.
In a further aspect of the invention, a computer device is proposed, which comprises a memory, a processor and a computer program stored on the memory and executable on the processor, the processor being adapted to perform the steps of the method according to any of the above-mentioned claims.
The computer device according to the present invention, includes a processor for executing the steps of the single sign-on method in any of the above technical solutions, so that the computer device can achieve all the advantages of the single sign-on method, and therefore, the detailed description thereof is omitted here
In a further aspect of the invention, a computer-readable storage medium is proposed, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the method according to any one of the preceding claims.
According to the computer-readable storage medium of the present invention, when being executed by a processor, the computer program stored thereon implements the steps of the single sign-on method in any of the above technical solutions, so that the computer-readable storage medium can implement all the beneficial effects of the single sign-on method, and will not be described herein again.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 is a schematic diagram showing a single sign-on system in the related art;
FIG. 2 shows a flow diagram of a single sign-on method according to one embodiment of the invention;
FIG. 3 shows a flow diagram of a single sign-on method according to another embodiment of the invention;
FIG. 4 shows a flow diagram of a single sign-on method according to yet another embodiment of the invention;
FIG. 5 shows a schematic block diagram of a single sign-on system according to one embodiment of the invention;
FIG. 6 illustrates a schematic diagram of a single sign-on system in accordance with a specific embodiment of the present invention;
FIG. 7 illustrates a cross-domain single sign-on workflow diagram for a single sign-on system in accordance with a specific embodiment of the present invention;
FIG. 8 illustrates a cross-domain single sign-on workflow diagram for a single sign-on system in accordance with another specific embodiment of the present invention;
FIG. 9 is a diagram illustrating a login service domain window of a single sign-on system in accordance with an illustrative embodiment of the present invention;
FIG. 10a is a diagram illustrating a custom landing page of a business system in accordance with one embodiment of the present invention;
FIG. 10b is a schematic diagram illustrating a page for single sign-on success in accordance with one embodiment of the present invention;
FIG. 10c is a schematic diagram illustrating a page logged into a business system in accordance with a specific embodiment of the present invention;
FIG. 11 illustrates a schematic diagram comparing a single sign-on system with a conventional single sign-on system according to an embodiment of the invention;
FIG. 12 shows a schematic diagram of a computer device according to an embodiment of the invention.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described herein, and therefore the scope of the present invention is not limited by the specific embodiments disclosed below.
Fig. 2 is a flow chart of a single sign-on method according to an embodiment of the invention. The single sign-on method comprises the following steps:
step 202, receiving a service request, and acquiring the login state of the current browser;
step 204, in the state of not logging in, displaying a login page of the business system, and loading a login service domain;
step 206, obtaining user parameters, sending the user parameters to a login service domain, and processing a login request by the login service domain;
and step 208, monitoring a login result returned by the login service domain to complete login.
The single sign-on method provided by the invention carries out pre-judgment on the single sign-on state of the current browser by receiving the service request, displays the login page of the service system under the condition that the current browser does not carry out single sign-on verification, acquires the user parameters, sends the login request to the login service domain, processes the login request by the login service domain, monitors and receives the login result sent by the server, and executes a corresponding callback method according to the login result to complete login. Through the embodiment of the invention, the business system domain and the login service domain are linked in the whole process, the login result information is monitored and received after the cross-domain login request occurs, and the corresponding callback processing is carried out to realize login. For a client user, the user can only sense that the login is performed on the service system once, so that the page redirection skip of the service system in the related technology is avoided, and the method has the advantages of good interaction experience, high safety and quickness and convenience in use.
Fig. 3 is a flow chart of a single sign-on method according to another embodiment of the invention. The single sign-on method comprises the following steps:
step 302, receiving a service request, and acquiring the login state of the current browser;
304, displaying a login page of the business system and loading a login service domain in a non-login state;
step 306, acquiring user parameters, sending the user parameters to a login service domain, and processing a login request by the login service domain;
step 308, monitoring the login result returned by the login service domain, and judging whether the login is successful;
step 310, in the successful login state, sending the user parameters to a custom ticket checking address of the service system, checking the ticket, and in the successful ticket checking state, entering the service system;
in step 312, in the state of login failure, the failure callback method is executed.
In the embodiment, the user-defined ticket checking is performed after the unified login, so that the parameters need to be transmitted to the user-defined ticket checking address, and the user-defined ticket checking is performed after the unified login is completed.
Fig. 4 is a flow chart illustrating a single sign-on method according to still another embodiment of the invention. The single sign-on method comprises the following steps:
step 402, receiving a service request, and acquiring the login state of the current browser;
404, displaying a login page of the business system and loading a login service domain in a non-login state;
step 406, acquiring user parameters, sending the user parameters to a login service domain, and processing a login request by the login service domain;
step 408, monitoring the login result returned by the login service domain, and judging whether the login is successful;
step 410, directly entering a service system in a successful login state;
in step 412, in the login failure state, the failure callback method is executed.
In this embodiment, a single sign-on server unified interceptor and ticketing service is used, with parameters including user name, password, system ID number, callback method, etc. And after unified login and unified ticket checking, directly entering a service system.
In any of the above embodiments, preferably, the login service domain uses the IFrame service framework and integrates the Html5 message interface to communicate with the current service domain.
In the embodiment, the IFrame service frame is embedded into the business system, and the Html5 message interface is integrated, the business system communicates with the login service domain by calling the Html5 message interface, and the method included in the Html5 message interface sends the cross-domain request to the server through the JSONP protocol, so that the problem of the cross-domain request is solved. For a user, the IFrame window is invisible and cannot be perceived, the whole login process is carried out without traces, and the experience is smooth; meanwhile, the message API based on the Html5 has good compatibility, allows scripts of different sources to effectively communicate in an asynchronous mode, and realizes efficient and safe cross-domain communication.
In any of the above embodiments, preferably, the user parameters include at least: a user name, a password, a callback method, a self-checking ticket request and a system ID number; the callback method comprises a failure callback method.
In this embodiment, the user parameters include at least a username, a password, a callback method, a self-ticketing request, and a system ID number, wherein the callback method includes, but is not limited to, a failed callback method. The single sign-on system has the changeful conditions that the business system needs to check the ticket automatically, and the ticket can be checked automatically by the business system after the single sign-on is successful by obtaining the request parameter of the ticket checking.
In any of the above embodiments, preferably, the login page of the business system is a custom login page.
In the embodiment, the login page of the business system is a user-defined login page, and the requirement of diversification of the login page in the single sign-on system is met.
FIG. 5 is a schematic block diagram of a single sign-on system according to one embodiment of the present invention. The single sign-on system 500 includes:
a login prejudging unit 502, configured to receive a service request and obtain a login state of a current browser;
a login request unit 504, configured to display a login page of the business system and load a login service domain in an unregistered state; and
acquiring user parameters, sending the user parameters to a login service domain, and processing a login request by the login service domain;
the processing unit 506 is configured to monitor a login result returned by the login service domain to complete login.
The single sign-on system provided by the invention carries out pre-judgment on the single sign-on state of the current browser by receiving the service request, displays the login page of the service system under the condition that the current browser does not carry out single sign-on verification, acquires the user parameters, sends the login request to the login service domain, processes the login request by the login service domain, monitors and receives the login result sent by the server, and executes a corresponding callback method according to the login result to complete login. Through the embodiment of the invention, the business system domain and the login service domain are linked in the whole process, the login result information is monitored and received after the cross-domain login request occurs, and the corresponding callback processing is carried out to realize login. For a client user, the user can only sense that the login is performed on the service system once, so that the page redirection skip of the service system in the related technology is avoided, and the method has the advantages of good interaction experience, high safety and quickness and convenience in use.
In the foregoing embodiment, preferably, the processing unit 506 is specifically configured to: in the successful login state, sending the user parameters to a custom ticket checking address of the service system for checking tickets, and entering the service system in the successful ticket checking state; or directly entering a service system in a successful login state; and executing the failure callback method under the state of login failure.
In the embodiment, a login result returned by a login service domain is monitored, and under the condition of successful login, two callback processing modes are provided, wherein one mode is that after unified login, user parameters are sent to a self-defined ticket checking address of the business system to perform self-defined ticket checking, and the user enters the business system after the self-defined ticket checking is successful; the other is unified login and unified ticket checking, and the user can directly enter the service system after the login is successful; and in the state of login failure, executing a failure callback method, such as displaying a login page of the service system, reminding a user to log in again, or displaying login failure and the like. According to the technical scheme, the single sign-on requirements are met, meanwhile, the unified ticket checking and the user-defined ticket checking requirements are supported in the face of various sign-on requirements of the service system, the complex logic processing of a sign-on server end can be avoided from being aggravated, operation and maintenance cost caused by repeated requirement adjustment in the later period is avoided, the requirements of the service system are well adapted, and the sign-on purpose of meeting different service requirements and perfect experience is achieved.
In the above embodiment, preferably, the login service domain uses the IFrame service framework and integrates the Html5 message interface to communicate with the current service domain.
In the embodiment, the IFrame service frame is embedded into the business system, and the Html5 message interface is integrated, the business system communicates with the login service domain by calling the Html5 message interface, and the method included in the Html5 message interface sends the cross-domain request to the server through the JSONP protocol, so that the problem of the cross-domain request is solved. For a user, the IFrame window is invisible and cannot be perceived, the whole login process is carried out without traces, and the experience is smooth; meanwhile, the message API based on the Html5 has good compatibility, allows scripts of different sources to effectively communicate in an asynchronous mode, and realizes efficient and safe cross-domain communication.
In the above embodiment, preferably, the user parameters include at least: a user name, a password, a callback method, a self-checking ticket request and a system ID number; the callback method comprises a failure callback method.
In this embodiment, the user parameters include at least a username, a password, a callback method, a self-ticketing request, and a system ID number, wherein the callback method includes, but is not limited to, a failed callback method. The single sign-on system has the changeful conditions that the business system needs to check the ticket automatically, and the ticket can be checked automatically by the business system after the single sign-on is successful by obtaining the request parameter of the ticket checking.
In the above embodiment, preferably, the login page of the business system is a custom login page.
In the embodiment, the login page of the business system is a user-defined login page, and the requirement of diversification of the login page in the single sign-on system is met.
Fig. 6 is a schematic diagram of a single sign-on system according to an embodiment of the invention. The single sign-on system comprises a business system domain, namely, a Parent _ Window, a login service domain, namely, an IFrame _ Window, a login state pre-judging module and a ticket checking module. Wherein,
the method comprises the steps of determining a login state, initiating a login request to an Iframe Window, monitoring and processing a login result, checking a ticket and the like in a message Window of a business system domain;
IFrame _ Window, really executing the login request method, monitoring and processing the login event, and sending the login result to Parent;
the login state pre-judging module initiates a GET request cross-domain scheme through JSONP to acquire a login state;
and the ticket checking module supports unified ticket checking and custom ticket checking requests.
In the embodiment, a cross-domain login request in a traceless mode is carried out in a current request domain on a self-designed login page of a service system, a unified ticket checking scheme and a user-defined ticket checking scheme are supported, and the login purpose of meeting service requirements and perfect experience is achieved.
The cross-domain workflow based on one embodiment of the single sign-on system is illustrated in fig. 7.
In the embodiment, a business system initiates a self-ticket checking request, firstly, the single sign-on state of the current business system is judged, and in the sign-on state, a successful callback method is executed to go to a self-defined ticket checking address for self-ticket checking; and executing a failure callback method in the unregistered state, and displaying a self-defined login page.
A cross-domain workflow based on another embodiment of the single sign-on system is shown in fig. 8. Wherein, the cross-domain workflow specifically comprises:
step 802, acquiring a user name, a password, a system ID, a self-checking ticket request and a failure callback method, and sending a login request;
step 804, judging whether to log in;
step 806, loading an Iframe window;
step 808, sending login parameters to the Iframe;
step 810, monitoring and processing a login request by an Iframe window;
step 812, receiving a login event result;
step 814, judging whether the login is successful;
step 816, returning to execute step 806;
at step 818, the failure callback method is executed.
In this embodiment, first, a logic.highly.js file is introduced on a WEB page, the JS file defining a plurality of methods within the current window; secondly, calling a window method window. Then, a window method window is called in a highly self-defined page, and a login request is made by a highlylselflogin () method; finally, the login result sent by the IFrame domain is monitored, and corresponding processing is carried out. In the whole process, the login server domain which really processes the login request is placed in the IFrame, the request of two windows is sent through the message API of the Html5, the final ticket checking and callback processing are completed in the current window, and the login is finally completed.
The IFrame window message is shown in fig. 9, and each calling method that can be loaded into the window by introducing the JS file into the current WEB window includes a login state, a pre-judgment and login request method (the window is visible), and other methods are opaque; when a login request is executed, loading an IFrame window embedded in a login server page highly.html under the condition of no login, carrying out message callback through a PostMessage of an information interface of Html5, and finally returning a result to finish login; for a user, the IFrame window is invisible and cannot be perceived, the whole login process is carried out seamlessly, and the experience is smooth.
The presentation form of the single sign-on system provided by this embodiment applied to the SSO single sign-on system is shown in fig. 10a, 10b, and 10c, where fig. 10a presents a custom login page of the business system, fig. 10b presents a single sign-on success page, and fig. 10c presents a page logged in to the business system.
In the embodiment, the highly customized cross-domain single sign-on scheme can meet diversified single sign-on requests, is compatible with the login page of the service system, meets the customized requirements, avoids heavy and redundant processing logic of a login server, and is convenient for later maintenance and expansion. The requirement of self-checking tickets of the business system is supported, and the compatibility is higher. The method not only meets the unity of single sign-on, but also realizes diversified sign-on requirements.
Fig. 11 is a schematic diagram comparing a single sign-on system according to an embodiment of the present invention with a conventional single sign-on system. For a traditional single sign-on system, a user-defined login page cannot be realized, and meanwhile, self ticket checking cannot be performed; the single sign-on system provided by the invention not only meets the requirements of self-designed sign-on pages, but also meets the requirements of self-ticket checking. Therefore, the highly customized cross-domain login scheme can meet diversified login requirements of services to the maximum extent, has a great promoting effect on unified login, and is widely applicable.
FIG. 12 is a schematic diagram of a computer device according to one embodiment of the invention. The computer device 1 comprises a memory 12, a processor 14 and a computer program stored on the memory 12 and executable on the processor 14, the processor 14 being adapted to perform the steps of the method according to any of the previous embodiments.
The computer device provided by the present invention includes a processor for executing the steps of the single sign-on method in any of the above embodiments, so that the computer device can achieve all the advantages of the single sign-on method, and details are not repeated herein.
In a further aspect of the invention, a computer-readable storage medium is proposed, on which a computer program is stored, which computer program, when being executed by a processor, realizes the steps of the method according to any one of the preceding embodiments.
The computer program stored on the computer readable storage medium provided by the present invention, when executed by a processor, implements the steps of the single sign-on method in any of the above embodiments, so that the computer readable storage medium can implement all the beneficial effects of the single sign-on method, and is not described herein again.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (12)
1. A single sign-on method, comprising:
receiving a service request, and acquiring the login state of the current browser;
displaying a login page of the business system and loading a login service domain in a non-login state;
acquiring user parameters, sending the user parameters to the login service domain, and processing a login request by the login service domain;
and monitoring a login result returned by the login service domain to complete login.
2. The single sign-on method according to claim 1, wherein the step of monitoring the login result returned by the login service domain to complete login comprises:
in the successful login state, the user parameters are sent to a custom ticket checking address of the service system for checking tickets, and the service system is entered in the successful ticket checking state; or
Directly entering the service system in a successful login state; and
and executing a failure callback method in the state of login failure.
3. The single sign-on method of claim 2,
the login service domain adopts an IFrame service frame and integrates an Html5 message interface to communicate with the current service domain.
4. Single sign-on method according to any one of claims 1 to 3,
the user parameters at least include: a user name, a password, a callback method, a self-checking ticket request and a system ID number;
wherein the callback method comprises a failed callback method.
5. The single sign-on method of claim 4,
and the login page of the service system is a user-defined login page.
6. A single sign-on system, comprising:
the login prejudging unit is used for receiving the service request and acquiring the login state of the current browser;
the login request unit is used for displaying a login page of the business system and loading a login service domain in a non-login state; and
acquiring user parameters, sending the user parameters to the login service domain, and processing a login request by the login service domain;
and the processing unit is used for monitoring a login result returned by the login service domain to complete login.
7. The single sign-on system of claim 6, wherein the processing unit is specifically configured to:
in the successful login state, the user parameters are sent to a custom ticket checking address of the service system for checking tickets, and the service system is entered in the successful ticket checking state; or
Directly entering the service system in a successful login state; and
and executing a failure callback method in the state of login failure.
8. The single sign-on system of claim 7,
the login service domain adopts an IFrame service frame and integrates an Html5 message interface to communicate with the current service domain.
9. Single sign-on system according to any one of claims 6 to 8,
the user parameters at least include: a user name, a password, a callback method, a self-checking ticket request and a system ID number;
wherein the callback method comprises a failed callback method.
10. The single sign-on system of claim 9,
and the login page of the service system is a user-defined login page.
11. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor is adapted to perform the steps of the method according to any of the claims 1 to 5.
12. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710979073.3A CN107786552A (en) | 2017-10-19 | 2017-10-19 | Single-point logging method, system and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710979073.3A CN107786552A (en) | 2017-10-19 | 2017-10-19 | Single-point logging method, system and computer equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107786552A true CN107786552A (en) | 2018-03-09 |
Family
ID=61434781
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710979073.3A Pending CN107786552A (en) | 2017-10-19 | 2017-10-19 | Single-point logging method, system and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107786552A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111786969A (en) * | 2020-06-17 | 2020-10-16 | 朗新科技集团股份有限公司 | Single sign-on method, device and system |
| CN112104641A (en) * | 2020-09-11 | 2020-12-18 | 中国联合网络通信集团有限公司 | Login form conversion method and device, storage medium and electronic equipment |
| CN112751805A (en) * | 2019-10-30 | 2021-05-04 | 北京国双科技有限公司 | Login method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102316080A (en) * | 2010-06-30 | 2012-01-11 | 百度在线网络技术(北京)有限公司 | Function for supporting anonymous verification of central authentication service in same master domain |
| CN102739678A (en) * | 2012-06-28 | 2012-10-17 | 用友软件股份有限公司 | Single sign-on processing system and single sign-on processing method |
| CN103501344A (en) * | 2013-10-10 | 2014-01-08 | 从兴技术有限公司 | Method and system for realizing single sign-on of plurality of applications |
| CN104394133A (en) * | 2014-11-14 | 2015-03-04 | 百度在线网络技术(北京)有限公司 | Login method and login system |
| CN106156131A (en) * | 2015-04-08 | 2016-11-23 | 苏宁云商集团股份有限公司 | Templating online page editing method and system |
-
2017
- 2017-10-19 CN CN201710979073.3A patent/CN107786552A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102316080A (en) * | 2010-06-30 | 2012-01-11 | 百度在线网络技术(北京)有限公司 | Function for supporting anonymous verification of central authentication service in same master domain |
| CN102739678A (en) * | 2012-06-28 | 2012-10-17 | 用友软件股份有限公司 | Single sign-on processing system and single sign-on processing method |
| CN103501344A (en) * | 2013-10-10 | 2014-01-08 | 从兴技术有限公司 | Method and system for realizing single sign-on of plurality of applications |
| CN104394133A (en) * | 2014-11-14 | 2015-03-04 | 百度在线网络技术(北京)有限公司 | Login method and login system |
| CN106156131A (en) * | 2015-04-08 | 2016-11-23 | 苏宁云商集团股份有限公司 | Templating online page editing method and system |
Non-Patent Citations (1)
| Title |
|---|
| 文德民: "基于Cookie的跨域单点登录系统的设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112751805A (en) * | 2019-10-30 | 2021-05-04 | 北京国双科技有限公司 | Login method and device |
| CN111786969A (en) * | 2020-06-17 | 2020-10-16 | 朗新科技集团股份有限公司 | Single sign-on method, device and system |
| CN111786969B (en) * | 2020-06-17 | 2024-04-23 | 朗新科技集团股份有限公司 | Single sign-on method, device and system |
| CN112104641A (en) * | 2020-09-11 | 2020-12-18 | 中国联合网络通信集团有限公司 | Login form conversion method and device, storage medium and electronic equipment |
| CN112104641B (en) * | 2020-09-11 | 2022-07-29 | 中国联合网络通信集团有限公司 | Login form conversion method and device, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9686267B2 (en) | Establishing and maintaining an improved single sign-on (SSO) facility | |
| CN103036902B (en) | Log-in control method and system based on Quick Response Code | |
| US11785096B2 (en) | Systems and methods for monitoring cross-domain applications in web environments | |
| CN104412272B (en) | User is set to sign in the method, system and equipment of browser | |
| EP2472452A1 (en) | Method of providing assistance to the end-user of a software application | |
| US7984170B1 (en) | Cross-domain communication in domain-restricted communication environments | |
| US20150205882A1 (en) | Testing accessibility and compatibility of websites and web-based software | |
| US20170046013A1 (en) | Web-browser based desktop and application remoting solution | |
| CN110232265A (en) | Dual-identity authentication method, apparatus and system | |
| CN107835155B (en) | Double-authentication protection method and device | |
| CN107786552A (en) | Single-point logging method, system and computer equipment | |
| JP2018504677A (en) | Phishing page detection method and system | |
| CN110493239B (en) | Authentication method and device | |
| CN113079164A (en) | Remote control method and device for bastion machine resources, storage medium and terminal equipment | |
| CN106161521A (en) | The processing method and processing device of hypertext transfer protocol requests | |
| CN107203576A (en) | Information synchronization method and device | |
| CN110674435A (en) | Page access method, server, terminal, electronic equipment and readable storage medium | |
| CN108540552B (en) | Device interconnection method, apparatus, system, device and storage medium | |
| CN106878260B (en) | Single sign-on realization method and device | |
| CN105959278B (en) | A kind of method, apparatus and system for calling VPN | |
| US20160381160A1 (en) | System and Computer Implemented Method of Personal Monitoring | |
| CN104168261B (en) | Dynamic password login method and device | |
| JP2018063665A (en) | Development support system, development support device, response control program, response control method, and response control device | |
| CN106412116A (en) | Method and device for distributed processing on logging in of user by cloud access controller | |
| CN104423973B (en) | Processing method, device and system for floating frame page loading information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180309 |
|
| RJ01 | Rejection of invention patent application after publication |