CN103095661A - Single sign on (SSO) achievement method based on Javascript wormhole technology - Google Patents
Single sign on (SSO) achievement method based on Javascript wormhole technology Download PDFInfo
- Publication number
- CN103095661A CN103095661A CN2011103460287A CN201110346028A CN103095661A CN 103095661 A CN103095661 A CN 103095661A CN 2011103460287 A CN2011103460287 A CN 2011103460287A CN 201110346028 A CN201110346028 A CN 201110346028A CN 103095661 A CN103095661 A CN 103095661A
- Authority
- CN
- China
- Prior art keywords
- javascript
- sso
- wormhole
- technology
- method based
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a single sign on (SSO) achievement method based on Javascript wormhole technology. The problem to be solved is how to achieve mutual access of a session between two different domains of an SSO center platform and a web application system. Javascript wormhole is utilized so that the cross-domain problem under a heterogeneous environment can be well solved, and the method uses the Javascript wormhole technology for solving the problem.
Description
Technical field
The present invention relates to a kind of SSO implementation based on Javascript worm hole technology, utilize JavascriptWormhole to solve Cross-domain problem preferably under isomerous environment.
Background technology
SSO, single-sign-on, it is in a plurality of application systems.The user only need to login the application system that once just can access all mutual trusts.It comprises the mechanism that is used for same user's login during current main login can be mapped to other uses. be one of solution of integrating of at present popular business event.The realization of SSO login is the key of unified identity authentication and access control system.Realize the single-sign-on common method: a kind of is to be based upon PK1, on the basis of Kerbemse and user name/Q order storage; A kind of is to be based upon on the basis of cookie 121, and as IBM Websphere, the application server of Bea WebLogic and domestic Kingdee company all belongs to this SSO mode.In this dual mode, deficiency is respectively arranged. the former need to install special client, the Web application system also needs Kerberoseization, thereby towards user object be limited, and latter's authorization can only be supported the application of this product line, and can not be well integrated to third-party authentication and permission system.
SSo door implementation is that the user is endowed certain role after by authentication, can form according to this role's Web application system level authority the Web application system list that allows user's access.The user need to select the Web application system DI of login in the list of Web application system.This implementation is suitable for the WEB application system SSO. on LNTERNET or replenishes as a kind of of the SSO implementation of campus network.The user is endowed certain angle after by authentication, web application system level according to this angle invoke extensions access control service, after the generation Access Control List (ACL), formation SSO.. family feeds back to the user. and the user need to select the WEB application system of login from the SSO door, after selection.The SSO door will access the secondary voucher that uses this system. and because the secondary voucher is encryption, need the voucher deciphering with user self, after deciphering, utilize the secondary voucher, carry out the secondary login.Successfully signing in to will be the login result feedback to the user after the WEB system.
A difficult problem that solves SSO be how at a SSO central platform with the Web application system, these two the mutual access that do not realize Session between same area.During by the different territory of browser access, Session is also clearly different as the user.Realize that the Session between same area does not share.It is the another kind of mode that solves SSO.
The slogan of JAVA is primary development, operation everywhere, but the fact is not like this, supports that much the enterprise application of JAVA is mutually incompatible.As the program of developing on IBM Websphere, possibly can't move on BeaWebLogie.Microsoft utilizes operating system and IE browser competitive advantage simultaneously, also has competitiveness on enterprise development, and a lot of application of campus network is based on the exploitations such as .net platform, ASP and PHP.Progressively replacing client software .B/S development mode at Web field browser becomes in the main flow situation, and nowadays JAVASCRIPT can move .Javascfipt in nearly all browser can bear the important task of cross-platform operation fully.JAVASCRIP11 is the script of client executing, adds the JAVASCRIPT code in the WEB application system, can affect hardly original WEB applied business flow process.AJAX makes the JAVASCRIPT function obtain great increase, and the client calculating advantage of C/S has not existed and closed.But browser has been formulated with source policy JAVASCRIPT and AJAX has been done cross-domain restrict access for security consideration.
Browser can import Javascript and image. from other territory but can not with the Frame that comprises other territory, iFrame and Popups information exchange.
Summary of the invention
Based on the problems referred to above, hereby invent a kind of SSO implementation based on Javascript worm hole technology; Solving cross-domain service end agency, the Flash etc. of can adopting realizes.But utilize Javascript Wormhole to solve Cross-domain problem preferably under isomerous environment.’
Javascript Wormhole code is as follows:
Script mark wherein is just as a worm hole. opened cross-domain door.By the src attribute, can help the src Attribute domain volume JSON effect precious jade of getting killed in convenient beautiful territory.Javaseript is due to embedded support to the JSON data. directly the JSON data are transferred to the JSON object.And called by call back function.
Utilize the DOM grammer of Javascript, can dynamically generate<script type=" text/jaCascript " mark, attribute and content.<script〉mark is as<head〉after the mark child node, this Javascript scripted code will be carried out in browser.Can expand Javascript Wormhole in this way.Method is as follows:
At first produce html file CallbackPage.html, code is as follows:
Input http://WebAppDomain/Callbaekpage.html in browser? hnp: //RAIMDomaio/Session? callback=myFunc. realize the Javaseript Wormhole word use of expansion.
The method can realize the Session information in WebAppDomain domain browsing RAIMDomain territory, and calls call back function myFtmc and process this information.The trustedDoInains array has been preserved the territory of this page trust.
Claims (2)
1. SSO implementation based on Javascript worm hole technology: the method is mainly to solve cross-domain service end agency, the Flash etc. of can adopting to realize.
2. according to claim 1 the implementation method of sandwich construction in Delphi, the method method can realize the Session information in WebAppDomain domain browsing RAIMDomain territory, and calls call back function myFtmc and process this information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011103460287A CN103095661A (en) | 2011-11-01 | 2011-11-01 | Single sign on (SSO) achievement method based on Javascript wormhole technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011103460287A CN103095661A (en) | 2011-11-01 | 2011-11-01 | Single sign on (SSO) achievement method based on Javascript wormhole technology |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103095661A true CN103095661A (en) | 2013-05-08 |
Family
ID=48207801
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011103460287A Pending CN103095661A (en) | 2011-11-01 | 2011-11-01 | Single sign on (SSO) achievement method based on Javascript wormhole technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103095661A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105516264A (en) * | 2015-11-30 | 2016-04-20 | 努比亚技术有限公司 | Distributed cluster system based session sharing method, apparatus and system |
| US9501273B1 (en) | 2015-09-25 | 2016-11-22 | International Business Machines Corporation | Data sharing |
| CN106453578A (en) * | 2016-10-21 | 2017-02-22 | 郑州云海信息技术有限公司 | Single-point cancellation implementation method in heterogeneous cross-domain Web application |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020188869A1 (en) * | 2001-06-11 | 2002-12-12 | Paul Patrick | System and method for server security and entitlement processing |
| CN1516840A (en) * | 2001-04-25 | 2004-07-28 | �ź㴫 | Adaptive multi-protocol communications system |
-
2011
- 2011-11-01 CN CN2011103460287A patent/CN103095661A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1516840A (en) * | 2001-04-25 | 2004-07-28 | �ź㴫 | Adaptive multi-protocol communications system |
| US20020188869A1 (en) * | 2001-06-11 | 2002-12-12 | Paul Patrick | System and method for server security and entitlement processing |
Non-Patent Citations (1)
| Title |
|---|
| 曾洁琼等: "基于Javascript虫洞技术的SSO实现方式研究", 《电脑知识与技术》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9501273B1 (en) | 2015-09-25 | 2016-11-22 | International Business Machines Corporation | Data sharing |
| US9674309B2 (en) | 2015-09-25 | 2017-06-06 | International Business Machines Corporation | Data sharing |
| US9705988B2 (en) | 2015-09-25 | 2017-07-11 | International Business Machines Corporation | Data sharing |
| US10075535B2 (en) | 2015-09-25 | 2018-09-11 | International Business Machines Corporation | Business logic sharing |
| CN105516264A (en) * | 2015-11-30 | 2016-04-20 | 努比亚技术有限公司 | Distributed cluster system based session sharing method, apparatus and system |
| CN106453578A (en) * | 2016-10-21 | 2017-02-22 | 郑州云海信息技术有限公司 | Single-point cancellation implementation method in heterogeneous cross-domain Web application |
| CN106453578B (en) * | 2016-10-21 | 2019-05-14 | 郑州云海信息技术有限公司 | The implementation method that single-point is nullified in a kind of cross-domain Web application of isomery |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11463488B2 (en) | Dynamic client registration for an identity cloud service | |
| US10616224B2 (en) | Tenant and service management for a multi-tenant identity and data security management cloud service | |
| CN112088373B (en) | Declarative third party identity provider integration for multi-tenant identity cloud services | |
| US11159517B2 (en) | Self-federation in authentication systems | |
| US10530578B2 (en) | Key store service | |
| US8832814B2 (en) | System and method for providing access to a software application | |
| US10447684B2 (en) | Hosted application sandbox model | |
| US20170331802A1 (en) | Key Generation and Rollover | |
| US9152781B2 (en) | Secure mobile client with assertions for access to service provider applications | |
| CN110622484A (en) | Local write of multi-tenant identity cloud service | |
| US9483627B1 (en) | Abstracting credentials for mobile client authentication | |
| US20200099685A1 (en) | Systems, methods, and apparatuses for logging in to an external website from a cloud based computing environment | |
| US20150381621A1 (en) | Enterprise Authentication Via Third Party Authentication Support | |
| US20110154130A1 (en) | Method and apparatus for secure cross-site scripting | |
| US10198560B2 (en) | Enforcing licensing policies using an application wrapper | |
| US9998453B1 (en) | Controlling access to personal data | |
| US20140095974A1 (en) | Secure html javascript code snippet usage in application integration | |
| US9503503B2 (en) | Method, user terminal, and web server for providing service among heterogeneous services | |
| Sideridis et al. | Smart cross-border e-Gov systems and applications | |
| CN103095661A (en) | Single sign on (SSO) achievement method based on Javascript wormhole technology | |
| Ribeiro de Mello et al. | Multi-factor authentication for shibboleth identity providers | |
| Berbecaru et al. | Authorize-then-authenticate: Supporting authorization decisions prior to authentication in an electronic identity infrastructure | |
| Penberthy | Exam Ref 70-486 Developing ASP. NET MVC 4 Web Applications (MCSD): Developing ASP. NET MVC 4 Web Applications | |
| JP2013235338A (en) | Storage service system | |
| Ngo et al. | Using shibboleth for authorization and authentication to the subversion version control repository system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130508 |