Check patentability & draft patents in minutes with Patsnap Eureka AI!

cascade authentication method based on cas

An authentication method and cascading technology, applied in the information field, can solve problems such as the inability to achieve cross-deployment unit SSO penetration, and the inability to support the application integration of large group companies, so as to achieve the effect of improving the application experience

Active Publication Date: 2018-02-06
CHINA SOUTHERN POWER GRID COMPANY +1
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The standard open source CAS framework can only achieve single sign-on (SSO) for users of business systems in the same deployment unit, and cannot achieve cross-deployment unit SSO penetration
Such restrictions cannot support the cross-unit application integration of large group companies, so a breakthrough must be sought. In order to support the system integration between the group's various units and the headquarters and improve user experience, the original SSO restrictions must be broken to achieve cross-deployment between units. Single sign-on sharing, ultimately supporting business system integration

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • cascade authentication method based on cas

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0054] Based on the CAS cascading authentication method, when the user logs in for the first time, each cross-domain authentication service will authenticate the user once, and if the authentication is successful, a TGT will be assigned to the client. As long as the user client has the TGT of each authentication domain, it will Cross-domain access between different deployment units can be realized; specifically, the following steps are included:

[0055] 1) In the CAS client component, a Servlet program is newly developed to return the cascading target authentication service address to the requester;

[0056] 2) On the CAS server, a new cascading handshake interface based on the http protocol is newly developed to receive the input of user login credentials, generate an FT, then cache the user login credentials with FT as the logo, and finally return the FT field string to the caller;

[0057] 3) When the CAS server processes the verification of user login credentials, if the ...

Embodiment 2

[0068] This embodiment is further optimized on the basis of the above embodiments. Further, in order to better realize the present invention, in the step 8), the cascade controller forwards the user request to the integrated level of the cascade target business system When connecting to the target authentication service, the user client receives a jump response, the jump address is the authentication address of the cascading target authentication service, and initiates a login authentication request to the cascading target authentication service, and the cascading target authentication service will receive the user The cascade authentication request of the client, when processing the request, first parses from the user client whether it has a valid TGT, if it is valid, generates an ST for the user client, and then forwards the request to the "system access process"; if invalid, returns Proceed to step 9).

[0069] Extend the new processing process and effectively combine with ...

Embodiment 3

[0071] This embodiment is further optimized on the basis of Embodiment 1. Further, in order to better realize the present invention, in the step 9), verifying the user login credential includes the following steps:

[0072] 9.1), authentication is successful:

[0073] 9.1.1), generate TGT, write Cookie: the cascade authentication identity verification is successful, enter the standard CAS function process, that is, generate TGT for the user client, and write the TGT into the CAS client Cookie;

[0074] 9.1.2), generate ST, response jump: After the TGT is generated successfully, then generate ST for the user according to the TGT, and then jump the user request to the "system access process";

[0075] 9.2) Respond to the login page if the identity verification is invalid: In the case of cascade authentication failure, a login page will be returned to the user client, requiring the user to log in.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a cascading authentication method based on a CAS. When a user logs in for the first time, the user is authenticated once by each cross-domain authentication server, a TGT is allocated to a client side each time after the authentication is successful, and the client side of the user can achieve cross-domain access between different deployment units when having the TGTs of all authentication domains; on the basis of a CAS frame, an SSO authentication mechanism is optimized and expanded, the existing single-point login which can not be conducted between the deployment units is broken, the authentication linkage between authentication servers of different domains can be achieved, the user can safely have access other deployment units without secondary login in an authorized service system after logging into one of the domains once, the requirement for integrating cross-unit applications of a large group company is met, and the application experience of the user is improved.

Description

technical field [0001] The invention relates to the field of information technology, specifically, a cascade authentication method based on CAS. Background technique [0002] CAS is a mainstream SSO open source solution, which mainly implements SSO for application system users based on B / S structure, and the interaction protocol is mainly based on http and secure https. [0003] The traditional SSO technology can only support the SSO of the business system of the user in the same deployment unit, and cannot realize the SSO of cross-deployment units (domains). [0004] The SSO authentication mechanism provided by native CAS technology is as follows: [0005] 1. It consists of two parts, the client and the server; during application, the client is integrated into the runtime environment of the business system (the business system here refers to the system that needs to integrate SSO authentication), and the server is deployed independently. [0006] 2. When a user accesses t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/0218H04L63/08
Inventor 林志达梁志宏吕华辉张晓韬彭永勇
Owner CHINA SOUTHERN POWER GRID COMPANY
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com