Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A single sign-on method and system thereof

A single sign-on and consistent technology, applied in the field of single sign-on methods and systems, can solve the problems of frequent CAS server interaction, business module impact, insufficient security, etc., to reduce frequent interactions, increase transmission efficiency, and improve security. sexual effect

Active Publication Date: 2019-04-23
FUJIAN YIRONG INFORMATION TECH
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] 1. In actual environment applications, hundreds or even thousands of application service nodes are often deployed. Because of the verification mechanism of CAS itself, all business links must be verified by the CAS server for security reasons. In order to verify the authenticity of the Ticket string To obtain the necessary user information, it is necessary to initiate requests to the CAS server several times. This highly coupled design mode causes the CAS server to interact too frequently, and the business module is highly dependent on the CAS server. Once the CAS server is abnormal, all business modules will be affected;
[0011] 2. The CAS service only authenticates the Ticket string issued by it. Hackers can easily forge or steal the Ticket string and carry out replay attacks on other machines, resulting in information leakage and insufficient security.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A single sign-on method and system thereof
  • A single sign-on method and system thereof
  • A single sign-on method and system thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] Such as figure 2 and image 3 As shown, a single sign-on method includes the following steps:

[0047] Step 1. Access the CAS client through a web browser ( figure 2 The CAS client in is the CAS client);

[0048] Step 2. Check whether the Web browser contains authentication information NewTicket through the CAS client, if so, enter step 5, and directly authenticate; otherwise, jump back to the browser, redirect the Web browser to the CAS server, enter Step 3;

[0049] Step 3, log in the user through a web browser, if the user login account and password are correct, then enter step 4, otherwise, exit the authentication;

[0050] Step 4. Generate the authentication information NewTicket through the CAS server according to the information sent by the web browser, and store the authentication information NewTicket and the public key of the CAS server in the web browser for the next time the web browser accesses the CAS client directly To authenticate, the authenticat...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a single sign on system and method. The system comprises an access module, a redirection module, a login module, an encryption module and an authentication module. The method comprises the steps that: a Web browser accesses a CAS client, and the CAS client obtains authentication information NewTicket in the Web browser for authentication; the NewTicket is generated by a CAS server according to the first time login information of the Web and is stored in the Web browser together with a public key of the CAS server for the next time authentication, the NewTicket comprises Ticket and signature information, the signature information is obtained by converting the Ticket and encrypting the Ticket by a private key of the CAS server, during the authentication, the CAS client decrypts the signature information in the NewTicket by use of the public key of the CAS server to obtain a signature content, and compares whether the signature content is consistent with the converted Ticket, and if so, the authentication is successful; and if not, the authentication is failed. The single sign on system and method provided by the invention are used for realizing the self check and the bidirectional authentication mechanism of the CAS client, greatly reducing the dependence on the CAS server and improving the security at the same time.

Description

technical field [0001] The invention relates to the technical field of computer network information security, in particular to a single sign-on method and system thereof. Background technique [0002] Single Sign On (SSO), referred to as SSO, is currently one of the more popular enterprise business integration solutions. The definition of SSO is that in multiple application systems, users only need to log in once to access all mutually trusted application systems. Single sign-on is an authorization mechanism and unified authentication. At present, the commonly used technology in this technical field is CAS (Central Authentication Service ) is an open source project initiated by Yale University, which aims to provide a stable and reliable single sign-on solution. The CAS client is deployed together with the protected client application to protect the protected resources of the Web application by filtering, such as figure 1 As shown, the basic verification process of the exis...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/0442H04L63/0815H04L63/12
Inventor 倪时龙林振天陈又咏谢海强蔡清远李汝佳
Owner FUJIAN YIRONG INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products