Method for implementing single sign on in multi-domain environment

A single sign-on, environmental technology, applied in electrical components, transmission systems, etc., can solve problems such as unworkable, impossible, and determining the domain to which the user belongs.

Active Publication Date: 2018-06-22
浙江网新恒天软件有限公司
View PDF12 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Since Kerberos authentication is adopted, there is no need to enter the user name and password, so the user name cannot be used to determine the domain to which the user belongs.
In addition, users in the domain generally do not have admin privileges, so the method of modifying the hosts file will not work.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for implementing single sign on in multi-domain environment
  • Method for implementing single sign on in multi-domain environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018] The purpose and effects of the present invention will become more apparent by describing the present invention in detail below in conjunction with the accompanying drawings.

[0019] (1) System architecture of the present invention

[0020] Such as figure 1 As shown, in a multi-domain environment, a Kerberos authentication server is configured for each domain, and the authentication server can be implemented with the open source product CAS. The CAS is connected to the active directory AD of this domain, and can perform Kerberos authentication on users. Set the authentication server of one of the domains as the default authentication server, in figure 1 , the authentication server of domain C is set as the default authentication server.

[0021] The authentication credentials, that is, Ticket, are shared among the authentication servers in each domain. Tickets of each authentication server are stored in the same Redis server, that is, the credential storage server. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for implementing single sign on in a multi-domain environment. In the multi-domain environment, each domain is configured with a Kerberos authentication server, the authentication servers share a credential, and the authentication server of one domain is set as a default authentication server. According to the method, a group policy is set on a domain controller, ascript is executed when a user logs in the domain, and the domain information to which the user belongs is added to a User-Agent identifier of the browser. The default authentication server can redirect users to the authentication server of the belonging domain based on the domain information in this field for Kerberos authentication. By adoption of the method disclosed by the invention, the problem of single sign on of the user in the multi-domain environment is effectively solved, and the user in the domain can access all application systems just by inputting once password during the startup. As the domain authentication servers share the credential, no additional burden is brought to a Web application program, the Web application program only needs to interact with the default authentication server, and just like the single domain environment, the existence of the multi-domain environment does not need to be concerned.

Description

technical field [0001] The invention relates to domain control, group policy, browser and Kerberos authentication technology, in particular to a method for realizing single sign-on in multi-domain environment. Background technique [0002] In the daily work of an enterprise, users may need to access many application systems, and it will be very troublesome to enter a password every time they enter an application system. So the concept of single sign-on was proposed, which can ensure that users can access all application systems after only logging in once. In enterprises, IT departments usually use LDAP user identity management system, such as Microsoft's Windows Active Directory management system to manage computers and users. Users must enter the correct user name and password to the Windows domain controller (hereinafter referred to as domain controller) to log in to the computer. ) to authenticate their identity. Therefore, after the user logs in to the domain, he has a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/0815H04L67/02
Inventor 蒋宜周李善平沈博斌
Owner 浙江网新恒天软件有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products