Cookie-based secure single sign-on method and unified authentication service system thereof

An authentication service and single sign-on technology, which is applied in the computer field, can solve problems such as increased difficulty of system integration, different ways of site connection, low security, stability and usability, to facilitate system integration, improve security, and stability sex high effect

Active Publication Date: 2018-09-28
SICHUAN CHANGHONG ELECTRIC CO LTD
8 Cites 31 Cited by

AI-Extracted Technical Summary

Problems solved by technology

Single sign-on seems to have a simple function, but in the process of system integration, you will encounter many personalized requirements, such as different login style requirements for different sites, different development languages ​​for...
View more

Abstract

The invention discloses a Cookie single sign-on method, which comprises the following steps: a user sends a login request to a service server through a client browser; the service server is redirectedto a unified authentication service system according to the login request, and the unified authentication service system judges whether the service server carries a request certificate correspondingto the login request; the unified authentication service system writes the user credential into the Cookie and simultaneously splices the user credential to a redirected address; and the user credential is redirected to a user request page through the service server to execute the login request. The invention also discloses a unified authentication service system of the Cookie-based single sign-on, comprising a parameter analyzing module, an account checking module, a Cookie authentication module, a user credential generating module and a return module. The Cookie single sign-on method and theunified authentication service system in the invention realize the single sign-on core function, effectively solve the problems of cross-domain, distributed deployment, style distinction of application sites and the like, and improve the security of user authentication.

Application Domain

Transmission

Technology Topic

Service systemUser authentication +4

Image

  • Cookie-based secure single sign-on method and unified authentication service system thereof

Examples

  • Experimental program(1)

Example Embodiment

[0027] The embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
[0028] A unified authentication service system based on cookie single sign-on, the unified authentication service system includes a parameter analysis module, an account verification module, a cookie authentication module, a user credential generation module and a return module;
[0029] Wherein, the parameter parsing module is used for parsing the request parameters when the unified authentication service system receives the login request sent by the client browser or the business server, to determine whether the request parameters are empty, and if the request parameters are empty, the return module is called; If the request parameter is not empty, when the request parameter contains user account information, the account verification module is called; when the request parameter contains relevant cookie information, the cookie authentication module is called;
[0030] The account verification module is used to call the background service according to the user account and password when the user logs in through the login page. If the account password is valid, the user ID and token are obtained;
[0031] The cookie authentication module is used to parse the cookie and decrypt the obtained parameters when the service server requests the credential as a cookie. If the decryption is successful, use the decrypted parameters to determine whether the cookie has expired. If not, call the background service to obtain the service. Corresponding user ID and generate token information;
[0032] The user credential generation module is used to encapsulate and encrypt the original user credential information such as user ID, business ID, token and expiration time by using the server key when the user account information is legal or the cookie has not expired, and generate the server user credential using the business key. Encapsulate and encrypt the original information of user credentials to generate client user credentials;
[0033] The return module is used to write the server user credential into the cookie, splicing the client user credential to the callback address, delete invalid parameters in the cookie, and return to the corresponding request service server. If the parameter parsing module does not obtain the request credential or When the account verification or cookie verification is invalid, the return module directly redirects to the login page of the corresponding service.
[0034] The workflow diagram of the method for single sign-on based on Cookie in the present invention is as follows: figure 1 shown:
[0035] When a user sends a login request to a business site, the business server redirects the request credentials to the unified authentication system;
[0036] The unified authentication system receives the request, and the parameter parsing module parses the request credential to determine whether the business server carries the request credential;
[0037] If the business server does not carry the request credential, the return module will redirect to the login page corresponding to the business site;
[0038] When the user sends a login request through the login page, the parameter parsing module determines that it is the user account information, and the account verification module calls the background service to obtain the user ID and token;
[0039]If the business server already carries the request credential, that is, the request credential is cookie information, the cookie authentication module calls the background service to obtain the user ID and token;
[0040] If the above process fails to obtain the corresponding user ID, the return module will redirect to the login page of the corresponding service; if the above process successfully obtains the corresponding user ID, the user credential generation module will determine the user ID, service ID, token and expiration time, etc. The original information of user credentials is encapsulated and encrypted to generate server-side user credentials and client-side user credentials;
[0041] The return module writes the server-side user credential generated by the user credential generation module into the cookie, splices the client-side user credential to the callback address, deletes the invalid parameters in the cookie, and returns to the corresponding request service server;
[0042] The business server intercepts the client user credentials from the callback address, and parses the client user credentials.
[0043] The above-mentioned embodiments only represent specific embodiments of the present invention, and the descriptions thereof are specific and detailed, but should not be construed as limiting the patent scope of the present invention. It should be pointed out that for those of ordinary skill in the art, without departing from the concept of the present invention, several modifications and improvements can also be made, which all belong to the protection scope of the present invention.

PUM

no PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.

Similar technology patents

Multifunctional carry-on power supply

InactiveCN101202462Aimprove securityIncrease charging capacity
Owner:NANKAI UNIV

Cloud data security protection method

InactiveCN104767745Aimprove securitySolve user privacy leakage
Owner:INSPUR GROUP CO LTD

Classification and recommendation of technical efficacy words

  • less invasive
  • improve security

Surgical spacer

InactiveUS20070276497A1less invasive
Owner:WARSAW ORTHOPEDIC INC

Handheld volumetric ultrasound scanning device

ActiveUS20090024039A1less invasiveless risk
Owner:U SYST

Surgical instrument holder

InactiveUS7294104B2great versatilityless invasive
Owner:TYCO HEALTHCARE GRP LP

Fiber optic probe tip

ActiveUS20060018596A1less invasive
Owner:ONDINE INT

Intelligent equipment management method and system

InactiveCN108270733Asimple functionless invasive
Owner:SUNING COM CO LTD

Pesticide micro-capsule granules and preparation method thereof

InactiveCN102100229Alow toxicityimprove security
Owner:联合国南通农药剂型开发中心 +1

Method for achieving user authentication by utilizing camera

InactiveCN103678984Aimprove securityGuaranteed picture quality
Owner:湖北微模式科技发展有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products