Method for single sign-on among different domains

Abstract

The invention discloses a method for single sign-on among different domains and relates to the technical field of computers. The method comprises two sites with different domain names, namely aa and bb, and an SSO service for verification, and comprises the following steps: step 1, accessing an aa site for the first time by a user; step 2, the SSO service returns a login page URL to enable the browser to be redirected to the login page, the user inputs login information and then submits the login information to an SSO server, and the SSO server forwards the login information to a user management system for verification; step 3, the browser sets the TOKEN in a local Storage of the browser, and the SSO server verifies the TOKEN; and step 4, the user logs in the bb site for the first time, and the SSO server verifies the bb site to complete login. According to the invention, the TOKEN is not carried through the HTTP protocol characteristic of the cookie, the TOKEN is stored in the local Storage of the browser, and the TOKEN is set in the request for each request, so that the network expenditure for transmitting the cookie is reduced, and the redirection frequency of the browser is reduced.

Description

technical field [0001] The invention belongs to the technical field of computers, in particular to a method for single sign-on between different domains. Background technique [0002] In the early stage of enterprise development, there are few systems used, usually one or two, each system has its own login module, and users log in and use it through the account registered in the system. With the development of the enterprise, the number of systems increases accordingly. When users operate different systems, they need to log in multiple times, which is a very unfriendly experience for users. The existing SSO (Single Sign On) service finally verifies the cookie in the request header (Cookie is a small text file saved on the user's browser by the Web server, which can contain information about the user's The information is one of the main places for users to obtain, communicate and transmit information. Whenever users connect to the server, the website can access the cookie in...

AI Technical Summary

Problems solved by technology

[0003] The purpose of the present invention is to provide a single sign-on method between different domains, which does not carry the TOKEN through the HTTP protocol feature of the cookie, stores the TOKEN in the localStorage of the browser, and sets the TOKEN in the request vote for each request, so as to solve the problem Carrying cookies in the existing request will increase the size of the request header and increase the network bandwidth; when there is no cookie in the SSO verification request and the user needs to log in, the browser needs to be redirected to the login page, which increases the number of browser requests and response time; The login pages of each system are maintained by each system, and users need to be redirected to each login page when they are not logged in, which increases the number of requests

Images