WebLogic-oriented Form identification single sign on integration method

Abstract

The invention relates to a WebLogic-oriented Form identification single sign on integration method. The method requires a single sign on filter, an identity service system and a unified user database, wherein the filter is deployed on a WebLogic application server adopting Form identification; for users not finishing identification, page login requests are acquired, and the filter guides the users to the identity service system; after the identity service system identifies the users, identity assurance including both user names and passwords, which are required for the users to login the WebLogic and acquired from the unified user database, is submitted to an identity assurance verification path on the WebLogic in an automatic POST manner; after the filter intercepts and validates the identity assurance, the users names and the passwords in the identity assurance are used for calling the WebLogic login method; and the users are guided to a protected website required to be accessed at the first time if the login is successful, otherwise, the users are guided to the login website for re-login and the passwords are updated.

Description

technical field [0001] The invention belongs to the technical field of identity authentication and access control of information security, in particular, it is a WebLogic-oriented Form identity authentication single sign-on integration method. Background technique [0002] With the development of enterprise e-commerce and office informatization, enterprises and organizations have deployed a large number of information systems (hereinafter collectively referred to as application systems) that provide specific functions. In order to solve the problem that users need to memorize and input different user names and passwords when using different application systems, people have proposed the Single Sign On (SSO) technology. The so-called single sign-on means that the user only needs to use one identity credential (such as a user name, password, or a digital certificate) to complete online identity authentication (that is, login, login) in a certain system, and then he can access t...

AI Technical Summary

Problems solved by technology

[0005] In view of the situation that the Web application system uses Form identity authentication, the applicant once proposed a method that does not require modification in his patent application "Single sign-on integration method for Form identity authentication in a single sign-on system" (patent application number: 201210083321.3). A single sign-on integration solution for a Web application system and its identity authentication mechanism; however, the single sign-on integration method is deployed on a WebLogic application server (Application Server, referred to as WebLogic) for Web applications and depends on WebLogic (Web container , that is, the Form authentication mechanism of the Web Container) does not apply to the situation where the user is authenticated

This is because, in order to successfully apply the single sign-on integration method described in the patent application, HTTP plug-ins (such as Filter, Valve) developed based on the extension mechanism of the Web server (or Web container) are required to be able to intercept the user's submission through the browser. HTTP request to the username and password verification path (page); however, when the Web application system adopts the Form authentication mechanism provided by WebLogic, the HTTP plug-in developed based on the extension mechanism provided by WebLogic (including ordinary Servlet Filter and WebLogic Authentication Provider Servlet Authentication Filter) cannot intercept the HTTP request submitted by the user's browser to the username and password verification path (ie j_security_check)

Images