Cookie-based secure single sign-on method and unified authentication service system thereof

An authentication service and single sign-on technology, which is applied in the computer field, can solve problems such as increased difficulty of system integration, different ways of site connection, low security, stability and usability, to facilitate system integration, improve security, and stability sex high effect

Active Publication Date: 2018-09-28

SICHUAN CHANGHONG ELECTRIC CO LTD

8 Cites 31 Cited by

AI-Extracted Technical Summary

Problems solved by technology

Single sign-on seems to have a simple function, but in the process of system integration, you will encounter many personalized requirements, such as different login style requirements for different sites, different development languages for...

Abstract

The invention discloses a Cookie single sign-on method, which comprises the following steps: a user sends a login request to a service server through a client browser; the service server is redirectedto a unified authentication service system according to the login request, and the unified authentication service system judges whether the service server carries a request certificate correspondingto the login request; the unified authentication service system writes the user credential into the Cookie and simultaneously splices the user credential to a redirected address; and the user credential is redirected to a user request page through the service server to execute the login request. The invention also discloses a unified authentication service system of the Cookie-based single sign-on, comprising a parameter analyzing module, an account checking module, a Cookie authentication module, a user credential generating module and a return module. The Cookie single sign-on method and theunified authentication service system in the invention realize the single sign-on core function, effectively solve the problems of cross-domain, distributed deployment, style distinction of application sites and the like, and improve the security of user authentication.

Application Domain

Transmission

Technology Topic

Service systemUser authentication +4

Image

Examples

Experimental program(1)

Example Embodiment

[0027] The embodiments of the present invention will be described in detail below with reference to the accompanying drawings.

[0028] A unified authentication service system based on cookie single sign-on, the unified authentication service system includes a parameter analysis module, an account verification module, a cookie authentication module, a user credential generation module and a return module;

[0029] Wherein, the parameter parsing module is used for parsing the request parameters when the unified authentication service system receives the login request sent by the client browser or the business server, to determine whether the request parameters are empty, and if the request parameters are empty, the return module is called; If the request parameter is not empty, when the request parameter contains user account information, the account verification module is called; when the request parameter contains relevant cookie information, the cookie authentication module is called;

[0030] The account verification module is used to call the background service according to the user account and password when the user logs in through the login page. If the account password is valid, the user ID and token are obtained;

[0031] The cookie authentication module is used to parse the cookie and decrypt the obtained parameters when the service server requests the credential as a cookie. If the decryption is successful, use the decrypted parameters to determine whether the cookie has expired. If not, call the background service to obtain the service. Corresponding user ID and generate token information;

[0032] The user credential generation module is used to encapsulate and encrypt the original user credential information such as user ID, business ID, token and expiration time by using the server key when the user account information is legal or the cookie has not expired, and generate the server user credential using the business key. Encapsulate and encrypt the original information of user credentials to generate client user credentials;

[0033] The return module is used to write the server user credential into the cookie, splicing the client user credential to the callback address, delete invalid parameters in the cookie, and return to the corresponding request service server. If the parameter parsing module does not obtain the request credential or When the account verification or cookie verification is invalid, the return module directly redirects to the login page of the corresponding service.

[0034] The workflow diagram of the method for single sign-on based on Cookie in the present invention is as follows: figure 1 shown:

[0035] When a user sends a login request to a business site, the business server redirects the request credentials to the unified authentication system;

[0036] The unified authentication system receives the request, and the parameter parsing module parses the request credential to determine whether the business server carries the request credential;

[0037] If the business server does not carry the request credential, the return module will redirect to the login page corresponding to the business site;

[0038] When the user sends a login request through the login page, the parameter parsing module determines that it is the user account information, and the account verification module calls the background service to obtain the user ID and token;

[0039]If the business server already carries the request credential, that is, the request credential is cookie information, the cookie authentication module calls the background service to obtain the user ID and token;

[0040] If the above process fails to obtain the corresponding user ID, the return module will redirect to the login page of the corresponding service; if the above process successfully obtains the corresponding user ID, the user credential generation module will determine the user ID, service ID, token and expiration time, etc. The original information of user credentials is encapsulated and encrypted to generate server-side user credentials and client-side user credentials;

[0041] The return module writes the server-side user credential generated by the user credential generation module into the cookie, splices the client-side user credential to the callback address, deletes the invalid parameters in the cookie, and returns to the corresponding request service server;

[0042] The business server intercepts the client user credentials from the callback address, and parses the client user credentials.

[0043] The above-mentioned embodiments only represent specific embodiments of the present invention, and the descriptions thereof are specific and detailed, but should not be construed as limiting the patent scope of the present invention. It should be pointed out that for those of ordinary skill in the art, without departing from the concept of the present invention, several modifications and improvements can also be made, which all belong to the protection scope of the present invention.

PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.

Classification and recommendation of technical efficacy words

less invasive
improve security

Cookie-based secure single sign-on method and unified authentication service system thereof

AI-Extracted Technical Summary

Problems solved by technology

Abstract

Image

Examples

Example Embodiment

PUM

Description & Claims & Application Information

Similar technology patents

Foodstuff monitoring method and device

Method, device and system for carrying out service access control on third-party application

Multifunctional carry-on power supply

A method for WFII/3G router access authentication by using fingerprint

Cloud data security protection method

Classification and recommendation of technical efficacy words

Surgical spacer

Handheld volumetric ultrasound scanning device

Surgical instrument holder

Fiber optic probe tip

Intelligent equipment management method and system

Low-temperature charge and heating system and method for power battery for all-electric vehicles

Block chain system, and data storage method and apparatus

Pesticide micro-capsule granules and preparation method thereof

Method for achieving user authentication by utilizing camera

Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm