[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN110278187B - Multi-terminal single sign-on method, system, synchronous server and medium - Google Patents

Multi-terminal single sign-on method, system, synchronous server and medium Download PDF

Info

Publication number
CN110278187B
CN110278187B CN201910392812.8A CN201910392812A CN110278187B CN 110278187 B CN110278187 B CN 110278187B CN 201910392812 A CN201910392812 A CN 201910392812A CN 110278187 B CN110278187 B CN 110278187B
Authority
CN
China
Prior art keywords
application
login
synchronization
terminal
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201910392812.8A
Other languages
Chinese (zh)
Other versions
CN110278187A (en
Inventor
刘志文
杨绳春
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wangsu Science and Technology Co Ltd
Original Assignee
Wangsu Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wangsu Science and Technology Co Ltd filed Critical Wangsu Science and Technology Co Ltd
Priority to CN201910392812.8A priority Critical patent/CN110278187B/en
Publication of CN110278187A publication Critical patent/CN110278187A/en
Application granted granted Critical
Publication of CN110278187B publication Critical patent/CN110278187B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The embodiment of the invention relates to the technical field of information processing, in particular to a multi-terminal single sign-on method, a multi-terminal single sign-on system, a multi-terminal single sign-on synchronization server and a multi-terminal single sign-on synchronization medium. The multi-terminal single sign-on method comprises the following steps: receiving a login synchronization request of a first application; the login synchronization request is sent by the login authentication center after the user is confirmed to successfully log in the first application, and the login synchronization request comprises the account name of the user; generating login synchronization information according to the login synchronization request; the login synchronization information comprises an account name, an application corresponding to the account name and a terminal bound by the application; the application comprises a first application; and sending the login synchronization information to a logic server of the application, so that the logic server generates a synchronization token according to the login synchronization information, sends the synchronization token to the terminal bound by the application, and judges that the user logs in the application when receiving a request carrying the synchronization token sent by the application. By adopting the embodiment of the invention, synchronous login among multiple applications on multiple terminals can be realized, and the number of repeated login is reduced.

Description

Multi-terminal single sign-on method, system, synchronous server and medium
Technical Field
The embodiment of the invention relates to the technical field of information processing, in particular to a multi-terminal single sign-on method, a multi-terminal single sign-on system, a multi-terminal single sign-on synchronization server and a multi-terminal single sign-on synchronization medium.
Background
Single Sign On (Single Sign On), abbreviated as SSO, is a popular enterprise service integration solution at present, and means that in a plurality of mutually trusted application systems, a user can access all the mutually trusted application systems only by performing a login operation once. However, the inventors found that at least the following problems exist in the related art: the single sign-on method can only realize the integration of a plurality of mutually trusted application systems on a single terminal (for example, the single sign-on method can only be used among a plurality of mutually trusted application systems on a PC terminal), but does not support the login among a plurality of mutually trusted application systems on a plurality of terminals, and the application scenarios are very limited and cannot meet the increasing user requirements.
Disclosure of Invention
The embodiment of the invention aims to provide a multi-terminal single sign-on method, a multi-terminal single sign-on system, a synchronous server and a medium, which can realize synchronous sign-on among a plurality of applications on a plurality of terminals, reduce the times of repeated sign-on operation and effectively improve the user experience.
In order to solve the above technical problem, an embodiment of the present invention provides a multi-terminal single sign-on method, which is applied to a synchronization server, and the method includes: receiving a login synchronization request of a first application; the login synchronization request is sent by a login authentication center after the user is confirmed to successfully log in the first application, and the login synchronization request comprises the account name of the user; generating login synchronization information according to the login synchronization request; the login synchronization information comprises the account name, the application corresponding to the account name and the terminal bound by the application; the application comprises the first application; and sending the login synchronization information to a logic server of the application, so that the logic server generates a synchronization token according to the login synchronization information, sends the synchronization token to a terminal bound by the application, and judges that the user logs in the application when receiving a request carrying the synchronization token sent by the application.
The embodiment of the invention also provides a multi-terminal single sign-on method which is applied to the logic server and comprises the following steps: receiving login synchronization information sent by a synchronization server; the login synchronization information is generated by the synchronization server when a login synchronization request of a first application is received, the login synchronization request is sent after a login authentication center confirms that a user successfully logs in the first application, and the login synchronization information comprises an account name of the user, an application corresponding to the account name and a terminal bound with the application, wherein the account name is carried in the login synchronization request; the application comprises the first application; generating a synchronous token according to the login synchronous information; and sending the synchronization token to an application-bound terminal of the logic server, and judging that the user logs in the application when receiving a request carrying the synchronization token sent by the application.
An embodiment of the present invention further provides a synchronization server, including: the system comprises a message service center, a terminal management module and a service management module; the message service center is used for receiving a login synchronization request of a first application; the login synchronization request is sent by a login authentication center after the user is confirmed to successfully log in the first application, and the login synchronization request comprises the account name of the user; the message service center is also used for generating login synchronization information according to the login synchronization request; the login synchronization information comprises the account name, the application corresponding to the account name and the terminal bound by the application; the application comprises the first application; the message service center is further used for sending the login synchronization information to the logic server of the application, so that the logic server generates a synchronization token according to the login synchronization information and sends the synchronization token to the terminal bound by the application, and when a request carrying the synchronization token sent by the application is received, the fact that the user logs in the application is judged; the terminal management module is stored with a first corresponding relation of an account name, an application and a terminal; the service management module is internally stored with a second corresponding relation between the application and the logic server; the message service center obtains the application corresponding to the account name and the terminal bound by the application from the first corresponding relationship, and obtains the logic server of the application from the second corresponding relationship.
The embodiment of the invention also provides a multi-terminal single sign-on system, which comprises: the terminal is provided with an application, the logic server of the application logs in the authentication center and the synchronous server; the terminal is in communication connection with the logic server, and the logic server is in communication connection with the login authentication center and the synchronization server respectively; the login authentication center is in communication connection with the synchronous server; the application sends a login request to the login authentication center through the logic server when logging in on the terminal; the login authentication center is used for confirming whether login is allowed according to the login request and sending a login synchronization request to the synchronization server when the user is confirmed to successfully log in.
The embodiment of the invention also provides a computer readable storage medium, which stores a computer program, and the computer program realizes the multi-terminal single sign-on method when being executed by a processor.
Compared with the prior art, the method and the device for synchronizing the login of the first application have the advantages that the synchronization server receives the login synchronization request of the first application; the login synchronization request is sent by a login authentication center after the user is confirmed to successfully log in the first application, and the login synchronization request comprises the account name of the user; generating login synchronization information according to the login synchronization request; the login synchronization information comprises the account name, the application corresponding to the account name and the terminal bound by the application; the application comprises the first application; sending the login synchronization information to a logic server of the application, so that the logic server generates a synchronization token according to the login synchronization information, sends the synchronization token to a terminal bound by the application, and judges that the user logs in the application when receiving a request carrying the synchronization token sent by the application; that is, the account name of the user corresponds to a plurality of mutually trusted applications, and each application is bound with a terminal capable of running by the application; after a user successfully logs in a first application by using the own account name and password, a login synchronization request is generated by a login authentication center, and the login state is requested to be synchronized to other applications mutually trusted with the first application; the synchronous server generates login synchronous information according to the login synchronous request and sends the login synchronous information to the logic server of the application corresponding to the account name of the user, so that the logic server can issue a synchronous token to the terminal bound with the application according to the login synchronous information; the logic server is used for responding to the corresponding application request, and the issued synchronous token is carried when the user operates the application on the binding terminal to request the resource from the logic server, so that the logic server can directly judge that the user logs in the application with the own account name on the terminal and returns the requested resource to the application when receiving the request which is sent by the application and carries the synchronous token; in summary, according to the embodiment of the present invention, after a user successfully logs in with an account name on a terminal bound by a first application, the first application automatically logs in the account name on other terminals bound by the first application in synchronization, and other applications corresponding to the account name also automatically log in the account name on all terminals bound by the first application in synchronization, so that the user does not need to input the account name and a password again to log in the application bound by the terminal, the number of times of repeated login operations performed by the user is reduced, the waiting time when the user uses the application is effectively saved, and the user experience is improved.
In addition, the login synchronization information comprises sub-information, and the sub-information is equal to the number of the applications and corresponds to the applications one by one; each piece of sub information comprises the account name and a terminal bound with the application corresponding to the sub information; sending the login synchronization information to the logic server of the application, specifically, sending the sub-information to the logic server of the application corresponding to the sub-information; that is, the login synchronization information may be information including all data of the account name, the application corresponding to the account name, the binding terminal of the application, and the like, or may be information composed of a plurality of pieces of sub-information corresponding to the applications corresponding to the account name one by one; when the synchronous server sends the login synchronous information to the logic server of the application, the sub information can be sent to the logic server of the application corresponding to the sub information in a targeted manner, so that the logic server is not required to judge and find the terminal bound with the application corresponding to the logic server from a piece of information containing a large amount of data, and the processing workload of the logic server side is effectively reduced.
Additionally, receiving a logout synchronization request of the first application; the login authentication center sends the login synchronization request after confirming that the user logs out of the first application, and the login synchronization request comprises an account name of the user; generating login synchronization information according to the login synchronization request; the login synchronization information comprises the account name, the application corresponding to the account name and the terminal bound by the application; the application comprises the first application; sending the login synchronization information to a logic server of the application, so that the logic server stores the state that the user logs out of the application on the terminal bound by the application; that is to say, the implementation manner of the present invention can also implement synchronous logout among multiple applications on multiple terminals, when a user logs out an account name on one terminal bound to a first application, the first application synchronizes and automatically logs out the account name on other terminals bound to the first application, and other applications corresponding to the account name also synchronize and automatically log out the account name on the terminals bound to the first application, thereby implementing uniform login and logout, and effectively ensuring the security of user data.
In addition, the number of the logic servers of the first application is at least two, and the first application sends a login request to the login authentication center through one of the logic servers and successfully logs in; the login synchronization request further comprises a login logic server of the first application; the login logic server is used when the first application sends a login request to the login authentication center and successfully logs in; the login synchronization information is sent to a logic server of the application, and when the application is the first application, the login synchronization information is sent to a logic server of the first application except the login logic server; that is, the first application corresponds to at least two logic servers with the same function to realize the balanced load of the application request, and avoid that the logic servers cannot load too large amount of users; when the first application successfully logs in through one of the logic servers, the synchronization server sends login synchronization information to other logic servers corresponding to the first application, so that the other logic servers corresponding to the first application can send generated synchronization tokens to other terminals bound by the first application, and the function of synchronizing the login state is achieved.
In addition, the login synchronization information further includes a state identifier of the terminal bound by the application, and the state identifier is an online state identifier or a non-online state identifier, so that the logic server sends the synchronization token to the terminal bound by the application according to the state identifier; that is, the offline terminal itself cannot receive the synchronization token sent by the logical server, and the logical server only sends the synchronization token to the currently online terminal, thereby saving the processing workload on the logical server side.
Drawings
One or more embodiments are illustrated by way of example in the accompanying drawings, which correspond to the figures in which like reference numerals refer to similar elements and which are not to scale unless otherwise specified.
Fig. 1 is a flowchart of a multi-terminal single sign-on method according to a first embodiment of the present invention;
fig. 2 is an overall interaction diagram of a multi-terminal single sign-on method according to a first embodiment of the present invention;
fig. 3 is a schematic diagram of correspondence pre-stored by the synchronization server according to the first embodiment of the present invention;
fig. 4 is a flowchart of a multi-terminal single sign-on method according to a second embodiment of the present invention;
fig. 5 is a flowchart of a multi-terminal single sign-on method according to a fourth embodiment of the present invention;
fig. 6 is a flowchart of a multi-terminal single sign-on method according to a fifth embodiment of the present invention;
fig. 7 is a block diagram showing the construction of a synchronization server according to a sixth embodiment of the present invention;
fig. 8 is a diagram illustrating a second correspondence relationship in a sixth embodiment according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, embodiments of the present invention will be described in detail below with reference to the accompanying drawings. However, it will be appreciated by those of ordinary skill in the art that numerous technical details are set forth in order to provide a better understanding of the present application in various embodiments of the present invention. However, the technical solution claimed in the present application can be implemented without these technical details and various changes and modifications based on the following embodiments. The following embodiments are divided for convenience of description, and should not constitute any limitation to the specific implementation manner of the present invention, and the embodiments may be mutually incorporated and referred to without contradiction.
A first embodiment of the present invention relates to a multi-terminal single sign-on method, which is applied to a synchronization server, and a specific flow is shown in fig. 1, where the method includes:
step 101, receiving a login synchronization request of a first application;
102, generating login synchronization information according to the login synchronization request;
and 103, sending the login synchronization information to the logic server of the application.
The following describes implementation details of the multi-terminal single sign-on method of the present embodiment in detail, and the following is only provided for easy understanding and is not necessary to implement the present embodiment.
In step 101, a login synchronization request of a first application is received, wherein the login synchronization request is sent by a login authentication center after confirming that a user successfully logs in the first application. Specifically, the overall interaction diagram in the present embodiment is shown in fig. 2, and the following description will be given with the application 1 in fig. 2 as a first application: in fig. 2, the applications 1 are all installed on a plurality of terminals (terminal 1, terminal 2, terminal 3, etc., specifically, for example, a pc terminal, an ios terminal, and an android terminal, etc.), that is, a user can run and use the applications 1 on the plurality of terminals; when a user opens an application 1 on any terminal, the user can input an account name and a password through a login page provided by the application 1; the logic server of the application 1 receives the account name and the password of the user and sends the account name and the password to the login authentication center, generally speaking, the login authentication center is an independent application for authorizing the user information, is not used for processing the service logic, and is only used for processing the management and authorization of the user information; the login authentication center prestores user information (such as account names and passwords registered by users), after the account names and the passwords of the users are received, whether the account names and the passwords are legal or not is verified according to the prestored user information, if the account names and the passwords are legal, the users are confirmed to successfully log in the application 1, and a login permission result is returned to a logic server of the application 1; after receiving the result of allowing login, the logic server of the application 1 judges that the user logs in the application 1 by the account name; and when the login authentication center confirms that the user successfully logs in the application 1, the login authentication center sends a login synchronization request to the synchronization server in an asynchronous mode, wherein the login synchronization request comprises the name of the account logged in by the user.
In step 102, the synchronization server generates login synchronization information according to the login synchronization request. Specifically, the synchronization server prestores a correspondence relationship among an account name, an application, and a terminal, taking the account name a as an example, as shown in fig. 3, an application corresponding to the account name a includes an application 1, an application 2, and an application 3, where the application 1, the application 2, and the application 3 corresponding to the account name a are applications that are trusted with each other and can allow synchronous login; as shown in fig. 3, the application 1 binds the terminal 1, the terminal 2 and the terminal 3, the application 2 binds the terminal 1, the terminal 2 and the terminal 3, and the application 3 binds the terminal 2, the terminal 3 and the terminal 4; therefore, the synchronization server generates login synchronization information according to the account name a included in the login synchronization request, wherein the login synchronization information includes the account name, the applications (application 1, application 2, and application 3) corresponding to the account name, and the terminals bound to the applications. It should be noted that, in practice, the number relationship between the account name, the application corresponding to the account name, and the terminal bound by the application is not limited.
In one example, the application 1, the application 2, and the application 3 may be associated applications developed by the same manufacturer, such as applications that can all log in through one QQ account, e.g., QQ under Tencent flag, QQ music, QQ mailbox, QQ browser, etc.; in addition, the application 1, the application 2 and the application 3 are not particularly limited to application software, and can also be associated websites under the same system, such as websites for bean sauce reading, bean sauce groups, bean sauce music and the like under the bean sauce flag which can be logged in through a bean sauce account; that is, all applications corresponding to the account name can be registered by the same account name, and the specific form of the application is not limited.
In addition, the login synchronization information may also include sub information that is equal to the number of applications and corresponds to one another, where each sub information includes an account name and a terminal bound to the application corresponding to the sub information, for example: the sub information 1 comprises an account name A and a terminal 1, a terminal 2 and a terminal 3 bound to the application 1, the sub information 2 comprises the account name A and the terminal 1, the terminal 2 and the terminal 3 bound to the application 2, and the sub information 3 comprises the account name A and the terminal 2, the terminal 3 and the terminal 4 bound to the application 3.
In step 103, the synchronization server generates login synchronization information and then transmits the login synchronization information to the application's logical server. For example, the application 1 shown in fig. 3 binds the terminal 1, the terminal 2, and the terminal 3, the synchronization server transmits login synchronization information to the logical servers of the application 1, the application 2, and the application 3.
It should be noted that, because the logic servers are used for responding to all requests triggered by the user on the application, in view of the problem of load balancing, the number of the logic servers of the same application may be set to be multiple (at least two), and the functions of the multiple logic servers of the same application are the same, so as to form a logic server group of the application, so as to avoid that the logic servers cannot load too much user amount; after the application successfully logs in through one logic server, the synchronization server sends login synchronization information to other logic servers of the application, so that the other logic servers of the application can send generated synchronization tokens to other terminals bound by the application to realize the function of synchronizing the login state. For example, the application 1 corresponds to a logical server 1 and a logical server 2, and when a user logs in the application 1, the user sends an account name and a password through the logical server 1 and successfully logs in, the synchronization server sends login synchronization information to the logical server 2 of the application 1.
After the logic servers of the application 1, the application 2 and the application 3 receive the login synchronization information, acquiring the terminals bound by each application from the login synchronization information, for example, the logic server of the application 1 acquires the terminal 1, the terminal 2 and the terminal 3 bound by the application 1; the logic server of the application 2 acquires the terminal 1, the terminal 2 and the terminal 3 bound by the application 2; a logic server of the application 3 acquires the terminal 2, the terminal 3 and the terminal 4 bound by the application 3; subsequently, the logical server of each application generates a synchronization Token (Token) and transmits the synchronization Token to the acquired terminal bound to each application, for example, the logical server of application 1 transmits the synchronization Token to terminal 1, terminal 2, and terminal 3 bound to application 1. In practical applications, the synchronization Token (Token) may contain a small amount of user information, such as the account name of the user.
In addition, if the login synchronization information described in step 102 may also include sub information corresponding to the number of applications, the synchronization server sends the sub information to the logic servers of the applications corresponding to the sub information, for example: the synchronous server sends the sub information 1 to a logic server of the application 1, and the logic server of the application 1 directly obtains the terminal bound by the application 1; similarly, the synchronization server sends the sub information 2 to the logic server of the application 2, and sends the sub information 3 to the logic server of the application 3; that is to say, the synchronization server can transmit the sub information to the logic server of the application corresponding to the sub information in a targeted manner, so that the logic server does not need to determine and find the terminal bound to the application corresponding to the logic server from a piece of information containing a large amount of data, and the processing workload of the logic server side is effectively reduced.
After receiving the synchronization token, the terminal can store the synchronization token in a local terminal (Cookie or LocalStorage); when the application on the terminal sends a request to the logic server in the running process, the logic server carries the synchronization token received from the logic server of the application, so that the logic server judges that the user logs in the application on the terminal by using the account name when receiving the request which is sent by the application of the logic server and carries the synchronization token generated by the logic server.
In an example shown in fig. 2 and fig. 3, after the user successfully logs in the application 1 with the account name a on the terminal 1, the synchronization server sends login synchronization information to the logic servers of the application 1, the application 2, and the application 3 corresponding to the account name a; the logic server of the application 1 generates a synchronization token and sends the synchronization token to the terminal 1, the terminal 2 and the terminal 3 bound to the application 1, the logic server of the application 2 generates a synchronization token and sends the synchronization token to the terminal 1, the terminal 2 and the terminal 3 bound to the application 2, and the logic server of the application 3 generates a synchronization token and sends the synchronization token to the terminal 2, the terminal 3 and the terminal 4 bound to the application 3; then, when the application sends a request carrying the synchronization token to the logic server of the application, the logic server will determine that the user has logged in the application with the account name a; that is, after the user logs in the application 1 with the account name a on the terminal 1, the application 1 synchronizes the login state for the account name a also on the terminals 2 and 3, the application 2 synchronizes the login state for the account name a also on the terminals 1, 2, and 3, and the application 3 synchronizes the login state for the account name a also on the terminals 2, 3, and 4.
Compared with the prior art, the method has the advantages that the account name of the user corresponds to a plurality of mutually trusted applications, and each application is bound with a terminal capable of running for the application; after a user successfully logs in a first application by using the own account name and password, a login synchronization request is generated by a login authentication center, and the login state is requested to be synchronized to other applications mutually trusted with the first application; the synchronous server generates login synchronous information according to the login synchronous request, and sends the login synchronous information to the logic server of the application corresponding to the account name of the user; the embodiment also provides a form of login synchronization information, that is, the login synchronization information includes sub-information, the sub-information is equal to and in one-to-one correspondence with the number of the applications, and each sub-information includes the account name and a terminal bound to the application corresponding to the sub-information, that is, the synchronization server can pertinently send the sub-information to the logic server of the application corresponding to the sub-information, so that the logic server does not need to determine and find the terminal bound to the application corresponding to the logic server from a piece of information including a large amount of data, and the processing workload at the logic server side is effectively reduced. In addition, the number of the logic servers of the first application in this embodiment is at least two, so as to achieve a balanced load on the application request, the first application sends a login request to the login authentication center through one of the logic servers and successfully logs in, and the synchronization server sends login synchronization information to the other logic servers corresponding to the first application, so that the other logic servers corresponding to the first application can send the generated synchronization token to the other terminals bound to the first application, so as to achieve a function of synchronizing the login state. After receiving the login synchronization information, the logic server issues a synchronization token to the terminal bound with the application; the logic server is used for responding to the corresponding application request, and the issued synchronous token is carried when the user operates the application on the binding terminal to request the resource from the logic server, so that the logic server can directly judge that the user logs in the application with the own account name on the terminal and returns the requested resource to the application when receiving the request which is sent by the application and carries the synchronous token; in summary, according to the embodiment of the present invention, after a user successfully logs in with an account name on a terminal bound by a first application, the first application automatically logs in the account name on other terminals bound by the first application in synchronization, and other applications corresponding to the account name also automatically log in the account name on all terminals bound by the first application in synchronization, so that the user does not need to input the account name and a password again to log in the application bound by the terminal, the number of times of repeated login operations performed by the user is reduced, the waiting time when the user uses the application is effectively saved, and the user experience is improved.
The second embodiment of the present invention relates to a multi-terminal single sign-on method, and the present embodiment also implements a function of synchronizing a logout state on the basis of the first embodiment. The multi-terminal single sign-on method in this embodiment is shown in fig. 4, and the following describes the flow of fig. 4 specifically:
step 201, receiving a log-out synchronization request of a first application;
specifically, a user triggers a log-out button of an account name A on a first application of any terminal, and a logic server of the first application responds to a log-out request and sends the log-out request to a login authentication center; the login authentication center confirms that the user logs out the account name A on the first application, and simultaneously sends a login synchronization request to the synchronization server, wherein the login synchronization request comprises the account name A.
Step 202, generating logout synchronization information according to the logout synchronization request;
specifically, the synchronization server generates the logout synchronization information according to the pre-stored correspondence among the account name, the application, and the terminal (as shown in fig. 3), for example, the logout synchronization information includes the account name a, the application (application 1, application 2, and application 3) corresponding to the account name a, and the terminal bound to each application.
Step 203, the log-out synchronization information is sent to the logical server of the application.
Specifically, the synchronization server transmits the logout synchronization information to the logical servers of the applications, for example, the synchronization server transmits the logout synchronization information to the logical servers of the application 1, the application 2, and the application 3; the Row servers of the application 1, the application 2 and the application 3 store the state that the user logs out the account name A on the terminal bound by the application; after the user logs in the application 1, the application 2 and the application 3 are synchronized in the login state on the bound terminal, so that after the user logs out the account name a on the application 1 of the terminal 1, the application 1 also synchronously logs out the account name a on the terminal 2 and the terminal 3, the application 2 also synchronously logs out the account name a on the terminal 1, the terminal 2 and the terminal 3, and the application 3 also synchronously logs out the account name a on the terminal 2, the terminal 3 and the terminal 4, thereby realizing uniform login and logout and effectively ensuring the security of user data.
Compared with the prior art, the method and the device for logging in and out of the terminal can also achieve synchronous logging in and out among a plurality of applications on a plurality of terminals, after a user logs in the account name on one terminal bound by the first application, the first application synchronously logs in and out the account name on other terminals bound by the first application, and other applications corresponding to the account name also synchronously log in and out the account name on the terminal bound by the first application, so that unified logging in and out and consistency in logging in and out are achieved, and the safety of user data is effectively guaranteed.
A third embodiment of the present invention relates to a multi-terminal single sign-on method, which is substantially the same as the first embodiment, and in the second embodiment of the present invention, the login synchronization information further includes a status flag, specifically, an online status flag or a non-online status flag, which the terminal has. The multi-terminal single sign-on method in this embodiment is still as shown in fig. 1:
step 101, receiving a login synchronization request of a first application;
102, generating login synchronization information according to the login synchronization request;
and 103, sending the login synchronization information to the logic server of the application.
Specifically, the synchronization server is pre-stored with the corresponding relationship among the account name, the application and the terminal, and is further configured to store a status identifier of the terminal bound to each application, where the status identifier is specifically an online status identifier or a non-online status identifier; the login synchronization information generated by the synchronization server also comprises a state identifier of the terminal bound by the application, so that the logic server can determine whether to send a synchronization token according to the state of the terminal; since the non-online terminal cannot receive the synchronization token sent by the logic server through the communication network, the logic server only sends the synchronization token to the terminal with the online state identifier, and thus the processing workload of the logic server side is saved.
In addition, after the logic server sends the synchronization token to the terminal with the online state identification, the logic server records that the synchronization token is not sent to the terminal with the non-online state identification, so that when the terminal with the non-online state identification is converted into the online state, the logic server can judge whether the terminal is in a non-synchronous login state due to the fact that the synchronization token is not sent or not according to the record, and resend the synchronization token to the terminal without the synchronization token sent again.
Compared with the prior art, the method and the device have the advantages that the state identifier of the terminal is set to enable the logic server to send the synchronization token to the terminal with the online state identifier, and therefore the processing workload of the logic server side is saved.
A fourth embodiment of the present invention relates to a multi-terminal single sign-on method, which is applied to a logic server, and a specific flow is shown in fig. 5, where the method includes:
step 301, receiving login synchronization information sent by a synchronization server;
step 302, generating a synchronization token according to the login synchronization information;
step 303, sending the synchronization token to the application-bound terminal of the logic server, and determining that the user has logged in the application when receiving a request carrying the synchronization token sent by the application.
The following describes implementation details of the multi-terminal single sign-on method of the present embodiment in detail, and the following is only provided for easy understanding and is not necessary to implement the present embodiment.
In step 301, the logic server receives login synchronization information sent by the synchronization server; the login synchronization information is generated by a synchronization server when a login synchronization request of a first application is received, the login synchronization request is sent after a login authentication center confirms that a user successfully logs in the first application, and the login synchronization information comprises an account name of the user, an application corresponding to the account name and a terminal bound with the application, wherein the account name is carried in the login synchronization request; in this embodiment, the manner in which the login authentication center sends the login synchronization request, and the synchronization server sends the login synchronization information to the logic server according to the login synchronization request is the same as that described in the first embodiment, and will not be described herein again.
In step 302, the logic server generates a synchronization Token (Token) according to the login synchronization information, and the synchronization Token (Token) may contain a small amount of user information, such as an account name of the user.
In step 303, the logical server sends the synchronization token to the application-bound terminals of the logical server. Specifically, when the login synchronization information received by the logic server is a terminal including an account name, applications corresponding to all account names, and application bindings, the logic server obtains the terminal to which the application is bound from the login synchronization information, as described in step 103 in the first embodiment, the logic server of the application 1 obtains the terminal 1, the terminal 2, and the terminal 3 to which the application 1 is bound; the logic server of the application 2 acquires the terminal 1, the terminal 2 and the terminal 3 bound by the application 2; a logic server of the application 3 acquires the terminal 2, the terminal 3 and the terminal 4 bound by the application 3; or when the login synchronization information received by the logic server is sub-information corresponding to the application of the logic server, the logic server can directly acquire the terminal bound by the application without automatically judging and searching the terminal bound by the application corresponding to the logic server from a piece of information containing a large amount of data, so that the processing workload of the logic server side is effectively reduced; subsequently, the logical server transmits the generated synchronization token to each acquired application-bound terminal, and as explained in step 103 in the first embodiment, the logical server of application 1 transmits the synchronization token to terminal 1, terminal 2, and terminal 3 bound to application 1.
After the terminal receives the synchronization token, the synchronization token can be stored in the local terminal (Cookie or LocalStorage); when the application on the terminal sends a request to the logic server in the running process, the logic server carries the synchronization token received from the logic server of the application, so that the logic server judges that the user logs in the application on the terminal by using the account name when receiving the request which is sent by the application of the logic server and carries the synchronization token generated by the logic server. That is, as described in step 103 of the first embodiment, after the user logs in the application 1 with the account name a on the terminal 1, the terminal 2, and the terminal 3 bound to the application 1 will receive the synchronization token of the logical server of the application 1, the terminal 2, and the terminal 3 bound to the application 2 will receive the synchronization token of the logical server of the application 2, and the terminal 2, the terminal 3, and the terminal 4 bound to the application 3 will receive the synchronization token of the logical server of the application 3; therefore, when the application sends a request carrying the synchronization token to the logic server of the application, the logic server can judge that the user logs in the application by using the account name A.
Compared with the prior art, the method has the advantages that the logic server of the application receives the login synchronization request sent by the synchronization server, generates the synchronization token, and sends the synchronization token to the application-bound terminal of the logic server, so that the logic server can judge that a user logs in the application when receiving the request which is sent by the application use terminal and carries the synchronization token, and returns the resource of the request to the application; since the logical server is used for responding all the triggering requests of the application from the user, the login state is synchronized to the application of the logical server through the mechanism of the logical server and the synchronization token, the application of the logic server can synchronously log in on the bound terminal, namely when the user successfully logs in on the terminal bound by the first application by the account name, the logic server of the first application controls the first application to synchronize the automatic login account name on other terminals bound by the first application, the logic server of other applications corresponding to the account name controls other applications to synchronize the automatic login account name on all terminals bound by the first application, therefore, the user does not need to input the account name and the password again in the application on the binding terminal for logging in, the times of repeated logging-in operations of the user are reduced, the waiting time in the application use process is effectively saved, and the user experience is improved.
A fifth embodiment of the present invention relates to a multi-terminal single sign-on method, and the fifth embodiment is substantially the same as the fourth embodiment, and the multi-terminal single sign-on method according to the fifth embodiment of the present invention is as shown in fig. 6:
step 401, receiving login synchronization information sent by a synchronization server; this step is the same as step 301, and is not described herein again.
Step 402, generating a synchronization token according to the login synchronization information; this step is the same as step 302 and is not described herein again;
step 403, sending the synchronization token to the application-bound terminal of the logic server; this step is the same as "the terminal binding the application sending the synchronization token to the logical server" in step 303, and is not described here again.
Step 404, determining whether the synchronization token is successfully sent to the bound terminal, if yes, executing step 409, and if not, executing step 405.
Specifically, there is a case where the transmission of the synchronization token fails because the terminal cannot receive the synchronization token transmitted by the logical server when the bound terminal is not on-line (i.e., when there is no communication connection between the terminal and the logical server).
Therefore, when the logical server fails to successfully send the synchronization token to the logical server, step 405 is performed to record the identification code of the bound terminal that failed to successfully send the synchronization token;
when the logic server successfully sends the synchronization token to the logic server, step 409 is executed, and when a request carrying the synchronization token sent by the application is received, it is determined that the user has logged in the application, which is the same as "when the request carrying the synchronization token sent by the application is received, it is determined that the user has logged in the application" in step 303, and details are not repeated here.
Step 406, after recording the identification code of the bound terminal which is not successfully sent the synchronization token, when receiving a request which is sent by an application and does not carry the synchronization token, determining whether the identification code of the terminal carried in the request is recorded, if so, executing step 407, and if not, executing step 408.
Specifically, the request sent by the application further includes an identification code of the terminal used when the application sends the request; when a request which is sent by an application and does not carry a synchronous token is received, judging whether a terminal identification code carried in the request is recorded in a logic server or not; when the logic server fails to send the synchronization token to the logic server, the identification code of the bound terminal which fails to send the synchronization token is recorded, so that if the identification code of the terminal carried in the request is recorded in the logic server, it indicates that the application uses the request sent by the terminal to carry no synchronization token because the logic server fails to send the synchronization token to the terminal; if the logical server does not record the terminal identification code carried in the request, it indicates that the request sent by the application use terminal does not carry the synchronization token because the logical server has not sent the synchronization token to the terminal, that is, the terminal used by the application is not an application-bound terminal, that is, the application is not in a state of being required to be synchronously logged in on the terminal.
Step 407, the synchronization token is sent to the terminal used when the application sends the request.
Specifically, when the logic server fails to successfully send the synchronization token to the logic server, the identifier code of the bound terminal that fails to successfully send the synchronization token is recorded, so that if the identifier code of the terminal carried in the request is recorded in the logic server, it indicates that the request sent by the application use terminal does not carry the synchronization token due to the fact that the logic server fails to successfully send the synchronization token to the terminal; therefore, the logic server resends the synchronization token to the terminal used when the application sends the request, so that the application can carry the synchronization token when sending the request again through the terminal, and the logic server can judge that the user logs in the application.
Step 408, requesting the user to actively log in.
Specifically, if the logical server does not record the terminal identification code carried in the request, it indicates that the request sent by the application use terminal does not carry the synchronization token because the logical server has not sent the synchronization token to the terminal, that is, the terminal used by the application is not an application-bound terminal, that is, the application is not in a state of being synchronously logged in on the terminal; therefore, the logic server requests the user to perform active login operation, and in practical application, the user can input an account name and a password to log in a form of providing a login page.
By integrating the above steps, when a user starts an application on a terminal, the application sends a request to a logic server of the application through the terminal, and the application has the following two states: when the application is judged to be in a login state, the logic server of the application directly returns data requested by the application to the application; when the application is not synchronized to the login state, the logical server of the application returns a login page for active login to the application.
Step 409, when receiving the request with the synchronization token sent by the application, determining that the user has logged in the application, which is the same as the step 303 of determining that the user has logged in the application when receiving the request with the synchronization token sent by the application, and is not described herein again.
Compared with the prior art, the embodiment provides a state verification mechanism when an application is started on a terminal: after the logic server sends the synchronization token to the application-bound terminal of the logic server, whether the synchronization token is successfully sent is judged, if not, the identification code of the bound terminal which is not successfully sent is recorded, so that when the logic server receives a request which is not carried with the synchronization token, whether the terminal is the terminal which is not successfully sent but should be sent according to the identification code of the terminal in the request which is not carried with the synchronization token can be judged, and the operation of sending the synchronization token can be carried out again to realize the synchronization of the login state; and if the application does not need to be synchronously logged in on the terminal, requesting the user to normally log in.
A sixth embodiment of the present invention relates to a synchronization server, as shown in fig. 7, including: a message service center 701, a terminal management module 702 and a service management module 703.
The message service center 701 is configured to receive a login synchronization request of a first application; the login synchronization request is sent by a login authentication center after the user is confirmed to successfully log in the first application, and the login synchronization request comprises the account name of the user;
the message service center 701 is further configured to generate login synchronization information according to the login synchronization request; the login synchronization information comprises the account name, the application corresponding to the account name and the terminal bound by the application; the application comprises the first application;
the message service center 701 is further configured to send the login synchronization information to the logic server of the application, so that the logic server generates a synchronization token according to the login synchronization information and sends the synchronization token to the terminal bound to the application, and when receiving a request carrying the synchronization token sent by the application, determines that the user has logged in to the application;
the terminal management module 702 is configured to store a first corresponding relationship between an account name, an application, and a terminal, as shown in fig. 3;
the service management module 703 is configured to store a second correspondence between the application and the logic server, as shown in fig. 8, and actually does not limit the number of the logic servers corresponding to the application; the service management module further stores logic server information, such as an ip address and a port number of the logic server, so that the loading and unloading of the logic server can be conveniently performed during the later maintenance, and the loading and unloading of the logic server can be realized only by modifying the second corresponding relationship stored in the service management module 703 and the stored logic server information.
The message service center 701 obtains the application corresponding to the account name and the terminal bound to the application from the first corresponding relationship stored in the terminal management module 702, and obtains the logical server of the application from the second corresponding relationship stored in the service management module 703.
In one example, the login synchronization information generated by the message service center 701 includes sub-information, and the sub-information is equal to the number of the applications and corresponds to the applications one by one; each piece of sub information comprises the account name and a terminal bound with the application corresponding to the sub information; and sending the login synchronization information to the logic server of the application, specifically, sending the sub-information to the logic server of the application corresponding to the sub-information.
In one example, the message service center 701 is further configured to receive a logout synchronization request of the first application; the login authentication center sends the login synchronization request after confirming that the user logs out of the first application, and the login synchronization request comprises an account name of the user; the message service center 701 is further configured to generate logout synchronization information according to the logout synchronization request; the login synchronization information comprises an account name of the user, an application corresponding to the account name and a terminal bound by the application; the application comprises the first application; the message service center 701 is further configured to send the logout synchronization information to the logic server of the application, so that the logic server stores the state that the user has logged out of the application on the terminal bound to the application.
In one example, the number of the logic servers of the first application is at least two, and the first application sends a login request to the login authentication center through one of the logic servers and successfully logs in; the login synchronization request of the first application also comprises a login logic server of the first application; the login logic server is used when the first application sends a login request to the login authentication center and successfully logs in; the message service center 701 sends the login synchronization information to the logic server of the first application, including: and sending the login synchronization information to a logic server of the first application except the login logic server.
In an example, the login synchronization information generated by the message service center 701 further includes a status identifier of the terminal bound to the application, and the status identifier is an online status identifier or a non-online status identifier, so that the logic server sends the synchronization token to the terminal bound to the application and having the online status identifier according to the status identifier.
The embodiment provides the synchronous server consisting of the message service center, the terminal management module and the service management module, and the message service center, the terminal management module and the service management module can be independently managed and maintained, so that the framework of the synchronous server is more stable and the synchronous server has wide applicability.
A seventh embodiment of the present invention relates to a multi-terminal single sign-on system, as shown in fig. 2, including: a terminal on which an application is installed, a logical server of the application, a login authentication center, and a synchronization server in the sixth embodiment.
In the embodiment, the synchronization server is in communication connection with the login authentication center and receives a login synchronization request of a first application installed on the terminal; the login synchronization request is sent by a login authentication center after the user is confirmed to successfully log in the first application, and the login synchronization request comprises the account name of the user;
the synchronous server generates login synchronous information according to the login synchronous request; the login synchronization information comprises the account name, the application corresponding to the account name and the terminal bound by the application; the application comprises the first application;
the synchronization server is in communication connection with a logic server of the application, the login synchronization information is sent to the logic server of the application, so that the logic server generates a synchronization token according to the login synchronization information, sends the synchronization token to a terminal bound by the application, and judges that the user logs in the application when receiving a request carrying the synchronization token sent by the application.
Compared with the prior art, the embodiment provides a multi-terminal single sign-on system, wherein a synchronization server receives a sign-on synchronization request of a first application installed on a terminal; the login synchronization request is sent by a login authentication center after the user is confirmed to successfully log in the first application, and the login synchronization request comprises the account name of the user; generating login synchronization information according to the login synchronization request; the login synchronization information comprises the account name, the application corresponding to the account name and the terminal bound by the application; the application comprises the first application; sending the login synchronization information to a logic server of the application, so that the logic server generates a synchronization token according to the login synchronization information, sends the synchronization token to a terminal bound by the application, and judges that the user logs in the application when receiving a request carrying the synchronization token sent by the application; that is, the account name of the user corresponds to a plurality of mutually trusted applications, and each application is bound with a terminal capable of running by the application; after a user successfully logs in a first application by using the own account name and password, a login synchronization request is generated by a login authentication center, and the login state is requested to be synchronized to other applications mutually trusted with the first application; the synchronous server generates login synchronous information according to the login synchronous request and sends the login synchronous information to the logic server of the application corresponding to the account name of the user, so that the logic server can issue a synchronous token to the terminal bound with the application according to the login synchronous information; the logic server is used for responding to the corresponding application request, and the issued synchronous token is carried when the user operates the application on the binding terminal to request the resource from the logic server, so that the logic server can directly judge that the user logs in the application with the own account name on the terminal and returns the requested resource to the application when receiving the request which is sent by the application and carries the synchronous token; in summary, according to the embodiment of the present invention, after a user successfully logs in with an account name on a terminal bound by a first application, the first application automatically logs in the account name on other terminals bound by the first application in synchronization, and other applications corresponding to the account name also automatically log in the account name on all terminals bound by the first application in synchronization, so that the user does not need to input the account name and a password again to log in the application bound by the terminal, the number of times of repeated login operations performed by the user is reduced, the waiting time when the user uses the application is effectively saved, and the user experience is improved.
An eighth embodiment of the present invention relates to a computer-readable storage medium storing a computer program. The computer program, when executed by the processor, implements the multi-terminal single sign-on method embodiments described above.
That is, as can be understood by those skilled in the art, all or part of the steps in the method according to the above embodiments may be implemented by a program instructing related hardware, where the program is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, or the like) or a processor (processor) to execute all or part of the steps in the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It will be understood by those of ordinary skill in the art that the foregoing embodiments are specific examples for carrying out the invention, and that various changes in form and details may be made therein without departing from the spirit and scope of the invention in practice.

Claims (16)

1. A multi-terminal single sign-on method is applied to a synchronous server, and comprises the following steps:
receiving a login synchronization request of a first application; the login synchronization request is sent by a login authentication center after the user is confirmed to successfully log in the first application, and the login synchronization request comprises the account name of the user;
generating login synchronization information according to the login synchronization request; the login synchronization information comprises the account name, the application corresponding to the account name and the terminal bound by the application; the applications are mutually trusted applications logged in by the same account name and comprise the first application and other applications which are associated with the first application;
and sending the login synchronization information to a logic server of the application, so that the logic server generates a synchronization token according to the login synchronization information, sends the synchronization token to a plurality of terminals bound by the application, and judges that the user logs in the application when receiving a request carrying the synchronization token sent by the application.
2. The multi-terminal single sign-on method of claim 1,
the login synchronization information comprises sub-information, and the sub-information is equal to the application number and corresponds to the application number one by one; each piece of sub information comprises the account name and a terminal bound with the application corresponding to the sub information;
and sending the login synchronization information to the logic server of the application, specifically, sending the sub-information to the logic server of the application corresponding to the sub-information.
3. The multi-terminal single sign-on method according to any one of claims 1 or 2, further comprising:
receiving a logout synchronization request of a first application; the login authentication center sends the login synchronization request after confirming that the user logs out of the first application, and the login synchronization request comprises an account name of the user;
generating login synchronization information according to the login synchronization request; the login synchronization information comprises the account name, the application corresponding to the account name and the terminal bound by the application; the application comprises the first application;
and sending the login synchronization information to a logic server of the application, so that the logic server stores the state that the user logs out of the application on the terminal bound by the application.
4. The multi-terminal single sign-on method according to claim 1, wherein the number of the logical servers of the first application is at least two, and the first application sends a sign-on request to the sign-on authentication center through one of the logical servers and successfully signs on;
the login synchronization request further comprises a login logic server of the first application; the login logic server is used when the first application sends a login request to the login authentication center and successfully logs in;
and when the application is the first application, the login synchronization information is sent to a logic server of the first application except the login logic server.
5. The multi-terminal single sign-on method of claim 1, wherein the login synchronization information further includes a status identifier that the application-bound terminal has, and the status identifier is an online status identifier or a non-online status identifier, so that the logic server sends the synchronization token to the application-bound terminal having an online status identifier.
6. A multi-terminal single sign-on method is applied to a logic server and comprises the following steps:
receiving login synchronization information sent by a synchronization server; the login synchronization information is generated by the synchronization server when a login synchronization request of a first application is received, the login synchronization request is sent after a login authentication center confirms that a user successfully logs in the first application, and the login synchronization information comprises an account name of the user, an application corresponding to the account name and a terminal bound with the application, wherein the account name is carried in the login synchronization request; the applications are mutually trusted applications logged in by the same account name and comprise the first application and other applications which are associated with the first application;
generating a synchronous token according to the login synchronous information;
and sending the synchronous token to a plurality of terminals bound by the application of the logic server, and judging that the user logs in the application when receiving a request carrying the synchronous token sent by the application.
7. The multi-terminal single sign-on method of claim 6, wherein after the sending of the synchronization token to the application-bound terminal of the logical server, determining whether the synchronization token was successfully sent to the bound terminal;
if the synchronization token is not successfully sent to the bound terminal, recording the identification code of the bound terminal which is not successfully sent with the synchronization token.
8. The multi-terminal single sign-on method of claim 7, wherein the request further includes an identification code of a terminal used by the application when sending the request;
the multi-terminal single sign-on method further comprises the following steps: when a request which is sent by the application and does not carry the synchronization token is received, judging whether an identification code of a terminal carried in the request is recorded in the logic server;
and if so, sending the synchronization token to a terminal used by the application when sending the request.
9. A synchronization server, comprising: the system comprises a message service center, a terminal management module and a service management module;
the message service center is used for receiving a login synchronization request of a first application; the login synchronization request is sent by a login authentication center after the user is confirmed to successfully log in the first application, and the login synchronization request comprises the account name of the user;
the message service center is also used for generating login synchronization information according to the login synchronization request; the login synchronization information comprises the account name, the application corresponding to the account name and the terminal bound by the application; the applications are mutually trusted applications logged in by the same account name and comprise the first application and other applications which are associated with the first application;
the message service center is further used for sending the login synchronization information to a logic server of the application, so that the logic server can generate a synchronization token according to the login synchronization information and send the synchronization token to a plurality of terminals bound to the application, and when a request carrying the synchronization token sent by the application is received, the user is judged to have logged in the application;
the terminal management module is stored with a first corresponding relation of an account name, an application and a terminal; the service management module is internally stored with a second corresponding relation between the application and the logic server; the message service center obtains the application corresponding to the account name and the plurality of terminals bound by the application from the first corresponding relationship, and obtains the logic server of the application from the second corresponding relationship.
10. The synchronization server according to claim 9,
the login synchronization information comprises sub-information, and the sub-information is equal to the application number and corresponds to the application number one by one; each piece of sub information comprises the account name and a terminal bound with the application corresponding to the sub information;
and sending the login synchronization information to the logic server of the application, specifically, sending the sub-information to the logic server of the application corresponding to the sub-information.
11. The synchronization server according to any one of claims 9 or 10, further comprising:
the message service center is also used for receiving a logout synchronization request of the first application; the login authentication center sends the login synchronization request after confirming that the user logs out of the first application, and the login synchronization request comprises an account name of the user;
the message service center is also used for generating login synchronization information according to the login synchronization request; the login synchronization information comprises an account name of the user, an application corresponding to the account name and a terminal bound by the application; the application comprises the first application;
the message service center is further configured to send the logout synchronization information to a logic server of the application, so that the logic server stores a state that the user has logged out of the application on the terminal bound to the application.
12. The synchronization server according to claim 9, wherein the number of the logical servers of the first application is at least two, and the first application sends a login request to the login authentication center through one of the logical servers and successfully logs in;
the login synchronization request of the first application also comprises a login logic server of the first application; the login logic server is used when the first application sends a login request to the login authentication center and successfully logs in;
sending the login synchronization information to a logic server of the first application, including:
and sending the login synchronization information to a logic server of the first application except the login logic server.
13. The synchronization server of claim 9, wherein the login synchronization information further includes a status identifier that the application-bound terminal has, and the status identifier is a presence status identifier or a non-presence status identifier, so that the logic server sends the synchronization token to the application-bound terminal having the presence status identifier.
14. A multi-terminal single sign-on system, comprising: a terminal equipped with an application, a logical server of the application, a login authentication center, and the synchronization server according to any one of claims 9 to 13;
the terminal is in communication connection with the logic server, and the logic server is in communication connection with the login authentication center and the synchronization server respectively; the login authentication center is in communication connection with the synchronous server;
the application sends a login request to the login authentication center through the logic server when logging in on the terminal; the login authentication center is used for confirming whether login is allowed according to the login request and sending a login synchronization request to the synchronization server when the user is confirmed to successfully log in.
15. A computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the multi-terminal single sign-on method according to any one of claims 1 to 5.
16. A computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the multi-terminal single sign-on method according to any one of claims 6 to 8.
CN201910392812.8A 2019-05-13 2019-05-13 Multi-terminal single sign-on method, system, synchronous server and medium Expired - Fee Related CN110278187B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910392812.8A CN110278187B (en) 2019-05-13 2019-05-13 Multi-terminal single sign-on method, system, synchronous server and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910392812.8A CN110278187B (en) 2019-05-13 2019-05-13 Multi-terminal single sign-on method, system, synchronous server and medium

Publications (2)

Publication Number Publication Date
CN110278187A CN110278187A (en) 2019-09-24
CN110278187B true CN110278187B (en) 2021-11-16

Family

ID=67959794

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910392812.8A Expired - Fee Related CN110278187B (en) 2019-05-13 2019-05-13 Multi-terminal single sign-on method, system, synchronous server and medium

Country Status (1)

Country Link
CN (1) CN110278187B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113225188B (en) * 2020-01-19 2023-09-22 华为技术有限公司 Login authentication method, device and system
CN111600888B (en) * 2020-05-18 2022-08-26 海尔优家智能科技(北京)有限公司 Method and device for login verification and login verification system
CN113422752B (en) * 2020-10-30 2024-03-26 阿里巴巴集团控股有限公司 User login processing method and device and electronic equipment
CN112487390B (en) * 2020-11-27 2025-01-17 网宿科技股份有限公司 Micro-service switching method and system
CN112738021B (en) * 2020-12-02 2023-10-24 海能达通信股份有限公司 Single sign-on method, terminal, application server, authentication server and medium
CN113301050B (en) * 2021-05-26 2022-05-17 重庆紫光华山智安科技有限公司 Multi-user real-time login and logout management method, system, terminal and medium for webpage
CN113656779A (en) * 2021-08-17 2021-11-16 浙江中控技术股份有限公司 User login method, system, electronic equipment and storage medium
CN114139135B (en) * 2022-02-08 2022-06-21 深圳希施玛数据科技有限公司 Equipment login management method, device and storage medium
CN114679302B (en) * 2022-03-01 2024-05-10 中信百信银行股份有限公司 Method, device, equipment and storage medium for docking single sign-on system
CN114866335A (en) * 2022-06-09 2022-08-05 三星电子(中国)研发中心 Password synchronization method, electronic equipment and server for password synchronization

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050154886A1 (en) * 2004-01-12 2005-07-14 International Business Machines Corporation Declarative trust model between reverse proxy server and websphere application server
WO2006006704A2 (en) * 2004-07-09 2006-01-19 Matsushita Electric Industrial Co., Ltd. System and method for managing user authentication and service authorization to achieve single-sign-on to access multiple network interfaces
US8839395B2 (en) * 2011-05-13 2014-09-16 Cch Incorporated Single sign-on between applications
WO2014137063A1 (en) * 2013-03-08 2014-09-12 에스케이플래닛 주식회사 Certification method using application, and system and apparatus therefor
CN105659558B (en) * 2013-09-20 2018-08-31 甲骨文国际公司 Computer implemented method, authorization server and computer-readable memory
US9344419B2 (en) * 2014-02-27 2016-05-17 K.Y. Trix Ltd. Methods of authenticating users to a site
CN104917728A (en) * 2014-03-13 2015-09-16 盈止道明(北京)科技发展有限公司 Implementation method of cross-terminal single sign-on system
US9401912B2 (en) * 2014-10-13 2016-07-26 Netiq Corporation Late binding authentication
CN106209726B (en) * 2015-04-30 2020-06-05 中兴通讯股份有限公司 A mobile application single sign-on method and device
CN105100071B (en) * 2015-06-30 2019-05-28 华为技术有限公司 A kind of login method, apparatus and system
CN107294917A (en) * 2016-03-31 2017-10-24 阿里巴巴集团控股有限公司 One kind trusts login method and device
CN108156159A (en) * 2017-12-27 2018-06-12 质数链网科技成都有限公司 A kind of multi-application system login method and block chain distribution general ledger system
CN108200089B (en) * 2018-02-07 2022-06-07 腾讯云计算(北京)有限责任公司 Method, device and system for realizing information security and storage medium

Also Published As

Publication number Publication date
CN110278187A (en) 2019-09-24

Similar Documents

Publication Publication Date Title
CN110278187B (en) Multi-terminal single sign-on method, system, synchronous server and medium
CN108901022B (en) Micro-service unified authentication method and gateway
JP5010608B2 (en) Creating a secure interactive connection with a remote resource
EP2705642B1 (en) System and method for providing access credentials
US9059978B2 (en) System and methods for remote maintenance in an electronic network with multiple clients
CN111355713B (en) Proxy access method, device, proxy gateway and readable storage medium
CN105991614B (en) It is a kind of it is open authorization, resource access method and device, server
CN103384237A (en) Method for sharing IaaS cloud account, shared platform and network device
EP4161012A1 (en) Authentication method and apparatus, electronic device, server, program, and storage medium
CN112468481B (en) Single-page and multi-page web application identity integrated authentication method based on CAS
JP2006502496A (en) Method and system for communicating in a client-server network
US9916308B2 (en) Information processing system, document managing server, document managing method, and storage medium
CN110032842B (en) Method and system for simultaneously supporting single sign-on and third party sign-on
US12141311B2 (en) Data transmission method and apparatus, device, storage medium, and computer program product
CN112800411A (en) Multi-protocol and multi-mode supporting safe and reliable identity authentication method and device
CN111064708B (en) Authorization authentication method and device and electronic equipment
CN112491776A (en) Security authentication method and related equipment
CN104660409A (en) System login method in cluster environment and authentication server cluster
US20180034809A1 (en) Technique for connecting to a service
CN113221093B (en) Single sign-on system, method, equipment and product based on block chain
CN113761509B (en) iframe verification login method and device
CN103747051A (en) Service platform of vehicle-mounted terminal
CN103069741A (en) Credential authentication method and single sign-on server
JP7238558B2 (en) Authentication mediation device and authentication mediation program
KR20210037722A (en) Authentication method, auxiliary authentication component, management server and computer readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20211116