Information processing method and device of agent platform, medium, equipment and product
By setting up an adapter between the agent platform and the authentication system, protocol decoupling is achieved, which solves the problem of code modification when the agent platform is connected to the external authentication system, improves flexibility and scalability, and simplifies the connection process.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- BEIJING VOLCANO ENGINE TECH CO LTD
- Filing Date
- 2026-05-11
- Publication Date
- 2026-06-09
AI Technical Summary
In existing technologies, intelligent agent platforms require extensive code modifications when interfacing with external authentication systems, lacking uniformity and scalability, and are particularly difficult to adapt flexibly when dealing with non-standard or proprietary protocols.
By setting up an adapter between the agent platform and the authentication system, the authentication capability protocol is decoupled. The adapter converts the authentication credentials of the external authentication system into authentication credentials that conform to the agent platform, providing a unified interface and processing logic, so that no modification to the code of the agent platform or authentication system is required when connecting to a new authentication system.
It simplifies the process of connecting the intelligent agent platform with external authentication systems, enhances flexibility and scalability, reduces development cycle, and improves integration efficiency and security.
Smart Images

Figure CN122179486A_ABST
Abstract
Description
Technical Field
[0001] This content relates to the field of artificial intelligence, specifically to an information processing method, apparatus, medium, equipment, and product for an intelligent agent platform. Background Technology
[0002] SSO (Single Sign-On) refers to a system where a user only needs to log in once to access all mutually trusted application systems.
[0003] In related technologies, it is necessary to rely on application systems and authentication systems to follow a unified standard protocol. If a non-standard or proprietary protocol is used, a large amount of code modification is required for the application system or authentication system to be compatible with the specific protocol in a "hard-coded" manner, which lacks uniformity and scalability. Summary of the Invention
[0004] This summary section is provided to provide a brief overview of the concepts, which will be described in detail in the subsequent detailed description section. This summary section is not intended to identify key or essential features of the claimed technical solution, nor is it intended to limit the scope of the claimed technical solution.
[0005] Firstly, an information processing method for an intelligent agent platform is provided, including: In response to a redirection request from the intelligent agent platform, the adapter redirects the client to the login page of the first authentication system. The intelligent agent platform, in response to a first login request, sends the redirection request to the adapter. The first login request is used to instruct login authentication through the first authentication system. The first authentication system receives and verifies the first login information entered on the login page, and returns the first authentication credential to the adapter after successful verification. The adapter receives the first authentication credential and generates a second authentication credential based on the first authentication credential. The first authentication credential is generated using the first authentication protocol of the first authentication system, and the second authentication credential is generated using the second authentication protocol of the intelligent agent platform. The first authentication protocol and the second authentication protocol are different. The adapter returns the second authentication credential to the intelligent agent platform, wherein the intelligent agent platform logs in based on the second authentication credential.
[0006] Secondly, an information processing device for an intelligent agent platform is provided, comprising: The redirection module is used to respond to the redirection request of the intelligent agent platform. The adapter redirects the client to the login page of the first authentication system. The intelligent agent platform responds to the first login request by sending the redirection request to the adapter. The first login request is used to indicate that login authentication is performed through the first authentication system. The first authentication system receives and verifies the first login information entered on the login page, and returns the first authentication credential to the adapter after successful verification. A generation module is used for the adapter to receive the first authentication credential and generate a second authentication credential based on the first authentication credential, wherein the first authentication credential is generated using a first authentication protocol of the first authentication system, and the second authentication credential is generated using a second authentication protocol of the intelligent agent platform, and the first authentication protocol and the second authentication protocol are different. The return module is used by the adapter to return the second authentication credential to the intelligent agent platform, wherein the intelligent agent platform logs in based on the second authentication credential.
[0007] Thirdly, this disclosure provides a computer-readable medium having a computer program stored thereon, which, when executed by a processing device, implements the steps of the method described in the first aspect.
[0008] Fourthly, this disclosure provides an electronic device, comprising: A storage device on which computer programs are stored; A processing device for executing the computer program in the storage device to implement the steps of the method described in the first aspect.
[0009] Fifthly, this disclosure provides a computer program product, including a computer program that, when executed by a processor, implements the steps of the method described in the first aspect.
[0010] Through the above technical solution, the intelligent agent platform responds to the first login request by sending a redirection request to the adapter. The adapter redirects the client to the login page of the first authentication system. The intelligent agent platform responds to the first login request, which instructs login authentication through the first authentication system. The first authentication system receives and verifies the first login information entered on the login page and returns a first authentication credential to the adapter after successful verification. The adapter then receives the first authentication credential, generates a second authentication credential based on it, and returns the second authentication credential to the intelligent agent platform, enabling the intelligent agent platform to log in based on the second authentication credential. Using this method, by setting up an adapter between the intelligent agent platform and the authentication system, it is possible to regenerate authentication credentials conforming to the intelligent agent platform protocol based on the authentication credentials returned by the authentication system. This achieves protocol decoupling of authentication capabilities. Therefore, when connecting to a new authentication system, no code modification to the intelligent agent platform or authentication system is required; only the processing logic of the adapter needs to be modified. This simplifies operation and improves the flexibility and scalability of intelligent agent platform integration.
[0011] Other features and advantages of the technical solution will be described in detail in the following examples section. Attached Figure Description
[0012] The above and other features, advantages, and aspects of this content will become more apparent when taken in conjunction with the accompanying drawings and the following examples. Throughout the drawings, the same or similar reference numerals denote the same or similar elements. It should be understood that the drawings are schematic, and the originals and elements are not necessarily drawn to scale. In the drawings: Figure 1 This is a schematic diagram illustrating an implementation environment according to an example.
[0013] Figure 2 This is a flowchart illustrating an information processing method for an intelligent agent platform, based on an example.
[0014] Figure 3 This is a schematic diagram illustrating the authentication process of an intelligent agent platform and an external authentication system, based on an example.
[0015] Figure 4 This is a schematic diagram illustrating the authentication process of another intelligent agent platform and an external authentication system, based on an example.
[0016] Figure 5 This is a schematic diagram of the structure of an information processing device for an intelligent agent platform, as illustrated by an example.
[0017] Figure 6 This is a schematic diagram of the structure of an electronic device according to an example. Detailed Implementation
[0018] The technical solution will now be described in more detail with reference to the accompanying drawings. Although certain scenarios are shown in the drawings, it should be understood that the technical solution can be implemented in various forms and should not be construed as limited to the scenarios described herein. Rather, these scenarios are provided to provide a more thorough and complete understanding of the technical solution. It should be understood that the accompanying drawings and the scenarios described are for illustrative purposes only and are not intended to limit the scope of protection of the technical solution.
[0019] It should be understood that the steps described in the method implementation may be performed in different orders and / or in parallel. Furthermore, the method implementation may include additional steps and / or omit the steps shown. The scope of the technical solution is not limited in this respect.
[0020] The term "comprising" and its variations as used herein can be open-ended, meaning "including but not limited to". The term "based on" can mean "at least partially based on". The term "one case" means "at least one case"; the term "another case" means "at least one additional case"; the term "some cases" means "at least some cases". Definitions of other terms will be given in the following description.
[0021] It should be noted that the concepts of "first" and "second" mentioned here are only used to distinguish different devices, modules or units, and are not used to limit the order of the functions performed by these devices, modules or units or their interdependencies.
[0022] It should be noted that the terms "one" and "more" used here are illustrative rather than restrictive, and those skilled in the art should understand that, unless otherwise expressly indicated in the context, they should be understood as "one or more".
[0023] The names of messages or information exchanged between the multiple devices in the implementation are for illustrative purposes only and are not intended to limit the scope of these messages or information.
[0024] It is understandable that before using the technical solutions provided here, users should be informed of the types, scope of use, and usage scenarios of the personal information involved in accordance with relevant laws and regulations, and their authorization should be obtained through appropriate means.
[0025] For example, upon receiving a user's active request, a prompt message is sent to the user to explicitly inform them that the requested operation will require the acquisition and use of the user's personal information. This allows the user to independently choose, based on the prompt message, whether to provide personal information to the software or hardware such as electronic devices, applications, servers, or storage media performing the operations described herein.
[0026] As an optional but non-limiting implementation, in response to a user's active request, sending a prompt message to the user can be done via a pop-up window, where the prompt message can be presented in text format. Furthermore, the pop-up window can also include a selection control allowing the user to choose "agree" or "disagree" to provide personal information to the electronic device.
[0027] It is understood that the above notification and user authorization process are merely illustrative and do not constitute a limitation on the implementation of the technical solution. Other methods that comply with relevant laws and regulations may also be applied to the implementation of the technical solution.
[0028] At the same time, it is understood that the data involved in the technical solution (including but not limited to the data itself, the acquisition or use of the data) should comply with the requirements of relevant laws, regulations and related provisions.
[0029] This content provides an information processing method, apparatus, medium, device, and product for an intelligent agent platform. By setting an adapter between the intelligent agent platform and the authentication system, the authentication capability protocol is decoupled, thereby improving the flexibility and scalability of the intelligent agent platform's integration.
[0030] The information processing methods for the intelligent agent platform provided in this content can be executed by electronic devices. Figure 1 This is an exemplary schematic diagram illustrating an implementation environment; see [link / reference]. Figure 1 The implementation environment includes: terminal 101, server 102 and server 103.
[0031] For example, terminal 101 can act as a client to access the intelligent agent platform, server 102 can act as a background service for the intelligent agent platform, and server 103 can act as a background service for the adapter. On the intelligent agent platform login interface of terminal 101, an external authentication system login method can be selected, a login request is generated, and the login request is sent to server 102. Server 102 redirects the request to the adapter. Terminal 101 receives and displays the login page of the external authentication system redirected by server 103, allowing the user to log in using the external authentication system. The external authentication system receives and verifies the login information entered by the user on the login page, and returns a first authentication credential to the adapter after successful verification. Server 103 generates a second authentication credential based on the first authentication credential. The first authentication credential is generated using the first authentication protocol of the first authentication system, and the second authentication credential is generated using the second authentication protocol of the intelligent agent platform. Server 102 receives the second authentication credential and logs in to the intelligent agent platform based on it. Among them, server 102 is the backend server of the intelligent agent platform, which is used to provide backend services for the intelligent agent platform, such as processing login requests sent by terminal 101. Server 103 is the backend service of the adapter, which is used to provide backend services for the adapter, such as processing authentication credentials returned by external servers.
[0032] Terminal 101 can be at least one of the following devices: smartphone, smartwatch, desktop computer, laptop, virtual reality terminal, augmented reality terminal, wireless terminal, and laptop computer. Terminal 101 has communication capabilities and can access wired or wireless networks. Terminal 101 can refer to one of multiple terminals; those skilled in the art will understand that the number of terminals can be more or less. Servers 102 and 103 can be independent physical servers, server clusters composed of multiple physical servers, or distributed file systems. They can also be cloud servers providing basic cloud computing services such as cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDN (Content Delivery Network), and big data and artificial intelligence platforms.
[0033] For example, servers 102 and 103 are directly or indirectly connected to terminal 101 via wired or wireless communication, without limitation.
[0034] Optionally, the number of servers 102 and 103 can be more or less, and there is no limitation thereto. Of course, servers 102 and 103 can be the same server, and servers 102 and 103 can also include other functional servers in order to provide more comprehensive and diversified services.
[0035] Figure 2 This is a flowchart illustrating an information processing method for an intelligent agent platform, as shown in the example. Figure 2 As shown, the method may include the following steps: S201: In response to the redirection request from the intelligent agent platform, the adapter redirects the client to the login page of the first authentication system. In response to the first login request, the intelligent agent platform sends a redirection request to the adapter. The first login request is used to instruct login authentication through the first authentication system. The first authentication system receives and verifies the first login information entered on the login page, and returns the first authentication credential to the adapter after successful verification.
[0036] An intelligent agent platform is a platform or toolset for developing, customizing, and deploying intelligent agents. It utilizes technologies such as Artificial Intelligence (AI), machine learning, and natural language processing to understand and respond to user input, automatically performing complex tasks or providing useful information and services. It can integrate AI technologies with data from multiple domains, using deep learning, natural language processing, and other technologies to intelligently analyze and process massive amounts of data, providing users with diverse intelligent services. Specific details can be determined based on actual business scenarios and are not limited thereto.
[0037] In real-world business scenarios, suppose company A purchases services from an intelligent agent platform. Company A's employees can log in to the platform to use these services. Company A can designate its internal system as the authentication system (identity provider). For example, employee 1 can log in to the internal system using username x and password xx. Alternatively, when logging into the intelligent agent platform, employee 1 can choose to authenticate using the authentication system. This redirects them to the authentication system's login page, effectively allowing employee 1 to log in to the intelligent agent platform using username x and password xx. Adapters allow the intelligent agent platform to interface with different company-specified authentication systems without requiring code modifications to the intelligent agent platform or authentication system.
[0038] Of course, among other possible implementation methods, the methods provided in this content can be applied not only to intelligent agent platforms, but also to other business platforms that need to connect to external authentication systems, without any limitation.
[0039] For example, such as Figure 3As shown, when a user accesses the intelligent agent platform on the client, and the user selects an external authentication system for login verification, a login request is generated. In response to the login request, the intelligent agent platform sends a redirection instruction to the client, first redirecting the client to the adapter. The adapter, according to the preset configuration, guides the login request to the login page of the external authentication system. The preset configuration may include information such as the login page address of the external authentication system and the parameters of the authentication protocol. The specific configuration can be determined according to the actual business scenario and is not restricted.
[0040] Furthermore, users can enter login information for an external authentication system on the login page, such as username and password. After successful verification, the external authentication system generates external authentication credentials according to its own authentication protocol, which may be temporary tickets, tokens, etc., and returns them to the adapter.
[0041] S202: The adapter receives the first authentication credential and generates a second authentication credential based on the first authentication credential. The first authentication credential is generated using the first authentication protocol of the first authentication system, and the second authentication credential is generated using the second authentication protocol of the intelligent agent platform. The first authentication protocol and the second authentication protocol are different.
[0042] like Figure 3 As shown, after receiving external authentication credentials, the adapter can interact with the external authentication system to verify the validity of the external authentication credentials. It then generates and returns an internal authentication credential that conforms to the agent platform's authentication protocol, redirecting the client back to the agent platform's callback address.
[0043] Among them, the adapter can completely encapsulate the complexity of the backend. Whether it is a general authentication protocol or a custom private protocol, the adapter can support it by developing corresponding processing logic, and realize authentication aggregation that is independent of the protocol.
[0044] In one scenario, the adapter is configured with a first interface, which is at least configured to receive a first authentication credential and generate a second authentication credential based on the first authentication credential.
[0045] For example, the adapter provides a configurable first interface that can be adaptively adjusted according to the authentication protocol and processing logic of the external authentication system being interfaced with. This first interface receives login callbacks from the external authentication system and can handle the authentication results of the authentication protocol used by the external authentication system (such as a non-standard or proprietary protocol). This includes parsing external authentication credentials, calling the external authentication system's interface to verify the credentials, extracting user information, and, upon successful verification, generating an internal authentication credential that conforms to the agent platform's authentication protocol and redirecting it back to the agent platform. By providing a unified callback interface to the agent platform, it facilitates the rapid integration of new non-standard protocols (new external authentication systems). Developers can implement the interaction logic with the external authentication system by modifying the interface file of the first interface, allowing the agent platform to operate without needing to concern itself with the specific authentication protocol of the external authentication system. This effectively improves the efficiency and flexibility of the interface between the agent platform and the external authentication system.
[0046] S203: The adapter returns a second authentication credential to the agent platform, which then logs in based on the second authentication credential.
[0047] For example, refer to Figure 3 After receiving the callback, the intelligent agent platform can log in based on its internal authentication credentials.
[0048] By using the above method, through an adapter set between the agent platform and the authentication system, authentication credentials that conform to the agent platform protocol can be regenerated based on the authentication credentials returned by the authentication system. This achieves protocol decoupling of authentication capabilities. Thus, when connecting to a new authentication system, there is no need to modify the code of the agent platform or the authentication system. Only the processing logic of the adapter needs to be modified. The operation is simple and improves the flexibility and scalability of the agent platform connection.
[0049] In one scenario, the method further includes: in response to a verification request for the second authentication credential sent by the intelligent agent platform, the adapter verifies the second authentication credential and returns the second user information corresponding to the second authentication credential after successful verification, wherein the intelligent agent platform logs in based on the second user information.
[0050] For example, refer to Figure 3 The intelligent agent platform sends a verification request for the internal authentication credentials to the adapter. The adapter responds to the verification request and verifies the internal authentication credentials, such as checking the signature of the internal authentication credentials to ensure that they have not been tampered with, verifying whether the internal authentication credentials are valid, and also verifying the client address or device identifier bound to the internal authentication credentials to prevent replay attacks between different devices, etc. The specific settings can be configured according to the requirements and there are no restrictions on this.
[0051] Furthermore, after the adapter successfully verifies the internal authentication credentials, it can request user information from the external authentication system. If the user information has already been obtained when acquiring the external authentication credentials, this step can be omitted. The user information is parsed into a preset format that conforms to the requirements of the intelligent agent platform, such as XML format, and then fed back to the intelligent agent platform. The intelligent agent platform logs in based on the user information, and once logged in successfully, the user can enter the intelligent agent platform to perform corresponding operations.
[0052] By simplifying the interaction process between the intelligent agent platform and the external authentication system using different authentication protocols into an interaction process between the adapter and the external authentication system using the same authentication protocol, and an interaction process between the intelligent agent platform and the adapter using the same authentication protocol, the authentication complexity of single sign-on for the intelligent agent platform is effectively reduced.
[0053] In one scenario, the adapter is configured with a second interface, which is at least configured to verify a second authentication credential in response to an authentication request and return the second user information corresponding to the second authentication credential upon successful verification.
[0054] For example, the adapter provides a configurable second interface that can be adaptively adjusted according to actual business scenarios. This second interface is used by the agent platform to verify the validity of internal authentication credentials. By receiving internal authentication credentials from the agent platform, it verifies their legitimacy (e.g., whether they are expired or forged) and returns standardized user information associated with the internal authentication credentials, allowing the agent platform to complete the final login process. By providing a unified verification interface to the agent platform, it facilitates the rapid integration of new non-standard protocols (new external authentication systems). Developers can modify the interface file of the second interface so that the agent platform does not need to concern itself with the specific authentication protocol of the external authentication system, effectively improving the efficiency and flexibility of the integration between the agent platform and the external authentication system.
[0055] Through the first and second interfaces mentioned above, standardized development paradigms and scaffolding code are provided, which shortens the integration of a new non-standard system from weeks of custom development to days or even less of configuration and minimal coding work, significantly reducing the development cycle for integration.
[0056] In one scenario, the first authentication credential includes first user information. Generating a second authentication credential based on the first authentication credential includes: parsing the first authentication credential based on a first authentication protocol to extract the first user information; and generating the second authentication credential based at least on the first user information and a second authentication protocol.
[0057] For example, external authentication credentials may include user information corresponding to the user who logs into the external authentication system. The adapter can parse the external authentication credentials based on the authentication protocol of the external authentication system, extract the user information, and then generate internal authentication credentials based on the user information and the authentication protocol of the intelligent agent platform.
[0058] It should be noted that the adapter in the technical solution is not a simple protocol conversion gateway, but a stateful protocol gateway. The adapter can serve as a platform-level facility independent of all clients, deployed between the agent platform and numerous heterogeneous authentication systems. As a unified entry point and policy enforcement point for all non-standard authentication traffic, it can completely terminate non-standard protocols from external authentication systems and, based on this, recreate and issue internal authentication credentials that conform to the agent platform's authentication protocol. It possesses complete authentication capabilities, supporting the aggregation and orchestration of multiple and heterogeneous protocols. It can fully handle an authentication session, including external authentication redirection, receiving callbacks, terminating external authentication protocols, and generating and issuing internal authentication protocols. It can deeply orchestrate and control the authentication process, representing a reconstruction of the authentication protocol and trust layer.
[0059] In one scenario, a second authentication credential is generated based at least on the first user information and the second authentication protocol, including: generating the second authentication credential based on the first user information, the first information, and the second authentication protocol, wherein the first information includes the credential validity period and / or the client's identification information.
[0060] For example, internal authentication credentials can be generated based on user information and the intelligent agent platform's authentication protocol, and then signed using a preset key. Alternatively, internal authentication credentials can be generated by combining other information, such as credential generation timestamps, expiration timestamps, client identifiers, and the device identifier where the client resides. The specific details can be determined according to requirements and are not limited. This allows the intelligent agent platform to verify the signature when calling the second interface to verify the internal authentication credentials, ensuring that the credentials have not been tampered with. Furthermore, the client identifier or device identifier can be verified, effectively preventing replay attacks on different devices and significantly improving the security of internal authentication credentials, thereby ensuring the secure operation of the intelligent agent platform.
[0061] In one scenario, the adapter is pre-configured with multiple processing plugins, each processing plugin corresponding to an authentication system. The process of generating a second authentication credential based on a first authentication credential includes: determining the first processing plugin corresponding to the first authentication system from among the multiple processing plugins, and calling the first processing plugin to generate a second authentication credential based on the first authentication credential.
[0062] For example, the adapter can act as a multi-tenant identity aggregation gateway. Different business parties (tenants) configure and manage multiple heterogeneous external authentication systems. By introducing the tenant identifier in the path or parameters of the first interface, the adapter can dynamically route to the tenant's dedicated protocol processing plugin and configuration file based on the tenant identifier carried by the external authentication credentials. For instance, if tenant Z1 uses a private protocol authentication and tenant Z2 uses SAML (Security Assertion Markup Language) protocol authentication, the adapter can provide services for both simultaneously within a single instance, achieving centralized and service-oriented authentication capabilities.
[0063] For example, an authentication system can correspond to one or more processing plugins. If there are multiple versions of the authentication system, and the authentication protocols or authentication logics of different versions are different, then processing plugins that handle the corresponding authentication protocols or authentication logic can be configured to be compatible with heterogeneous authentication systems and improve the flexibility and efficiency of the intelligent agent platform.
[0064] It should be understood that different authentication systems can use different or the same authentication protocols. Different processing plugins can be set in the adapter for different authentication systems or for different authentication protocols. The specific settings can be configured according to requirements, and there are no restrictions on this. The adapter has good scalability and reusability, so new authentication protocols or authentication systems can be quickly integrated in the form of plugins. This allows the capabilities of the intelligent agent platform to be reused in more scenarios without modifying the core framework of the adapter, thus avoiding redundant construction.
[0065] In the above example, through the pluggable and coded modular architecture of the adapter, developers can define a complete set of authentication logic by writing and implementing core processors such as the first interface and the second interface, which effectively improves the flexibility of the interface, can handle complex authentication interaction processes, and can add advanced capabilities such as routing, policies, and risk control on this basis, realizing a leap from "configuration" to "orchestration".
[0066] In one scenario, the method further includes: the adapter obtaining first data from the first authentication system and synchronizing the first data to the intelligent agent platform, wherein the first data includes user information from the first authentication system.
[0067] For example, the adapter can periodically or trigger a synchronization task to pull data from an external authentication system and call the intelligent agent platform's interface to synchronize the data from the external authentication system to the intelligent agent platform. The specific data can be configured according to requirements and is not limited. For example, it can be user information and departmental organization information from the external authentication system. By synchronizing user information and departmental organization information, the intelligent agent platform can control user access. For example, it can use the user permissions of the external authentication system to implement user access control on the intelligent agent platform, or set permissions on the synchronized user information and departmental organization information on the intelligent agent platform, thereby achieving unified adaptation of identity authentication and organizational management.
[0068] Alternatively, data from the intelligent agent platform can be synchronized to an external authentication system. Two-way synchronization can be either full synchronization or incremental synchronization, without any restrictions.
[0069] In one scenario, generating a second authentication credential based on a first authentication credential includes: obtaining second information, which includes at least one of the login time corresponding to the first login request, the credibility of the login address, and the device status of the client; performing security verification based on the second information, and generating a second authentication credential based on the first authentication credential after successful verification.
[0070] For example, the adapter can also integrate a risk engine when handling the authentication process. Risk assessment is performed based on information such as the user's login time, login address trustworthiness, and device status. When a high-risk operation is detected, the adapter can perform additional security verification steps after completing external authentication. Only after successful verification can it issue internal authentication credentials to the intelligent agent platform, achieving dynamic, risk-based, step-by-step authentication capabilities. This transforms the adapter from a passive converter into a proactive security defense tool.
[0071] In another scenario, the method further includes: the adapter obtaining the operation and maintenance information of the second authentication system, which is used for the operation and maintenance management of the second authentication system.
[0072] For example, the adapter can also obtain authentication logs, link tracing, security audits and other operational information from all external authentication systems to form a unified management view, which facilitates unified operation and maintenance, process detection, upgrades and scaling up, effectively improving the operational security of the intelligent agent platform.
[0073] For example, the adapter can be configured with observability criteria to trace each authentication request as a distributed link and display detailed performance metrics (such as request latency, success rate, response time, etc.) and structured logs. This allows operations and maintenance personnel to clearly see the complete call chain from user request to external identity authentication and then to the intelligent agent platform, enabling them to quickly locate problems.
[0074] For example, the adapter can have built-in circuit breakers, timeout retries, request rate limiting, and degradation circuit breaker mechanisms for downstream external authentication systems. When an external authentication system fails or responds slowly, the circuit breaker will automatically open to prevent a cascading failure effect on the adapter itself. Simultaneously, degradation strategies can be configured, such as returning a temporary identity with only basic permissions or redirecting to a static prompt page, ensuring the availability of core business operations.
[0075] In another scenario, the adapter's processing flow is determined as follows: the adapter's first configuration file is obtained, and the adapter's processing flow is determined based on the first configuration file. The first configuration file is used to define the adapter's processing flow and is written in a domain-specific language (DSL).
[0076] For example, by elevating the adapter's processing logic from pure code implementation to being driven by a declarative configuration language, the authentication process is made data-driven and visualized, achieving "policy as configuration," making policy adjustments more flexible and less code-intensive, and further reducing adaptation complexity.
[0077] In addition, the adapter also supports routing some traffic to new or experimental protocol processing plugins based on user percentage, user tags, or request headers, enabling canary access and fast rollback.
[0078] In another scenario, the method further includes: receiving a third authentication credential returned by middleware, wherein the intelligent agent platform, in response to the second login request, sends a first instruction to the client, the first instruction being used to redirect the client to the middleware, the middleware guiding the client to the login page of the third authentication system, the third authentication system receiving and verifying the second login information entered on the login page, and returning a third authentication credential to the middleware after successful verification, the middleware passing the third authentication credential to the adapter; the adapter generating a fourth authentication credential based on the third authentication credential, the third authentication credential being generated using the third authentication protocol of the third authentication system, and the fourth authentication credential being generated using the second authentication protocol of the intelligent agent platform; the adapter returning the fourth authentication credential to the intelligent agent platform, wherein the intelligent agent platform performs login based on the fourth authentication credential.
[0079] For example, for enterprise users who want to integrate with the intelligent agent platform themselves, an integration process including middleware can be provided. Enterprise users can develop the middleware's integration logic to connect the intelligent agent platform with external authentication systems. Figure 4As shown, when a user accesses the intelligent agent platform from the client, and selects an external authentication system for login verification, a login request is generated. In response to the login request, the intelligent agent platform sends a redirection instruction to the client, redirecting the client to the middleware. The middleware then directs the login request to the login page of the external authentication system. The user can enter the login information of the external authentication system, such as username and password, on the login page. After successful verification, the external authentication system generates external authentication credentials (including user information) according to its own authentication protocol. These credentials can be temporary tickets, tokens, etc., and are returned to the middleware. The middleware then redirects the client to the adapter, passing in the external authentication credentials. The adapter generates and returns an internal authentication credential that conforms to the intelligent agent platform's authentication protocol, redirecting the client back to the callback address of the intelligent agent platform.
[0080] The intelligent agent platform then sends a verification request for the internal authentication credentials to the adapter. The adapter responds to the verification request by verifying the internal authentication credentials. After the adapter verifies the internal authentication credentials, it parses the user information into a preset format that conforms to the requirements of the intelligent agent platform, such as XML format, and feeds back the user information in the preset format to the intelligent agent platform. The intelligent agent platform logs in based on the user information. Once logged in, the user can enter the intelligent agent platform to perform corresponding operations.
[0081] This allows for the integration of different authentication systems and improves the flexibility of the intelligent agent platform.
[0082] Based on the same concept, this content provides an information processing device for an intelligent agent platform, such as... Figure 5 As shown, the information processing device 500 includes: The redirection module 501 is used to respond to the redirection request of the intelligent agent platform. The adapter redirects the client to the login page of the first authentication system. The intelligent agent platform responds to the first login request by sending the redirection request to the adapter. The first login request is used to indicate that login authentication is performed through the first authentication system. The first authentication system receives and verifies the first login information entered on the login page, and returns the first authentication credential to the adapter after successful verification. The generation module 502 is used for the adapter to receive the first authentication credential and generate a second authentication credential based on the first authentication credential, wherein the first authentication credential is generated using the first authentication protocol of the first authentication system, and the second authentication credential is generated using the second authentication protocol of the intelligent agent platform, and the first authentication protocol and the second authentication protocol are different. The return module 503 is used for the adapter to return the second authentication credential to the intelligent agent platform, wherein the intelligent agent platform logs in based on the second authentication credential.
[0083] By using the above-mentioned device, through the adapter set between the intelligent agent platform and the authentication system, the authentication credentials returned by the authentication system can be regenerated into authentication credentials that conform to the intelligent agent platform protocol, thus achieving protocol decoupling of authentication capabilities. In this way, when connecting to a new authentication system, there is no need to modify the code of the intelligent agent platform or the authentication system, only the processing logic of the adapter needs to be modified. The operation is simple and improves the flexibility and scalability of intelligent agent platform connection.
[0084] Optionally, the first authentication credential includes first user information, and the generation module 502 is used to: Based on the first authentication protocol, the first authentication credential is parsed to extract the first user information; The second authentication credential is generated based at least on the first user information and the second authentication protocol.
[0085] Optionally, the generation module 502 is used for: The second authentication credential is generated based on the first user information, the first information, and the second authentication protocol. The first information includes the credential validity period and / or the client's identification information.
[0086] Optionally, the adapter is pre-configured with multiple processing plugins, each processing plugin corresponding to an authentication system. The generation module 502 is used to: determine the first processing plugin corresponding to the first authentication system from the multiple processing plugins, and call the first processing plugin to generate the second authentication credential based on the first authentication credential.
[0087] Optionally, the adapter is configured with a first interface, which is at least configured to receive the first authentication credential and generate the second authentication credential based on the first authentication credential.
[0088] Optionally, the generation module 502 is used for: Obtain second information, which includes at least one of the following: the login time corresponding to the first login request, the credibility of the login address, and the device status of the client. Security verification is performed based on the second information, and the second authentication credential is generated based on the first authentication credential after the verification is successful.
[0089] Optionally, the information processing device 500 further includes a verification module, the verification module being used for: In response to the verification request for the second authentication credential sent by the intelligent agent platform, the adapter verifies the second authentication credential and returns the second user information corresponding to the second authentication credential after successful verification, wherein the intelligent agent platform logs in based on the second user information.
[0090] Optionally, the adapter is configured with a second interface, which is at least configured to verify the second authentication credential in response to the verification request, and return the second user information corresponding to the second authentication credential after successful verification.
[0091] Optionally, the information processing device 500 further includes a synchronization module, which is used for: The adapter obtains first data from the first authentication system and synchronizes the first data to the intelligent agent platform. The first data includes user information from the first authentication system.
[0092] Regarding the information processing device 500 of the intelligent agent platform mentioned above, the method logic executed by each functional module has been explained in detail in the section on methods, and will not be repeated here.
[0093] Based on the same concept, a computer-readable medium is also provided, on which a computer program is stored, which, when executed by a processing device, implements the steps of the information processing method of any of the above-described intelligent agent platforms.
[0094] In this way, by setting up an adapter between the agent platform and the authentication system, authentication credentials that conform to the agent platform protocol can be regenerated based on the authentication credentials returned by the authentication system. This achieves protocol decoupling of authentication capabilities. When connecting to a new authentication system, there is no need to modify the code of the agent platform or the authentication system. Only the processing logic of the adapter needs to be modified. The operation is simple and improves the flexibility and scalability of the agent platform connection.
[0095] Based on the same concept, an electronic device is also provided, which may include: A storage device on which computer programs are stored; A processing device for executing a computer program stored in a storage device to implement the steps of the information processing method of any of the above-described intelligent agent platforms.
[0096] In this way, by setting up an adapter between the agent platform and the authentication system, authentication credentials that conform to the agent platform protocol can be regenerated based on the authentication credentials returned by the authentication system. This achieves protocol decoupling of authentication capabilities. When connecting to a new authentication system, there is no need to modify the code of the agent platform or the authentication system. Only the processing logic of the adapter needs to be modified. The operation is simple and improves the flexibility and scalability of the agent platform connection.
[0097] Based on the same concept, a computer program product is also provided, including a computer program that, when executed by a processor, implements the steps of the information processing method of any of the above-described intelligent agent platforms.
[0098] In this way, by setting up an adapter between the agent platform and the authentication system, authentication credentials that conform to the agent platform protocol can be regenerated based on the authentication credentials returned by the authentication system. This achieves protocol decoupling of authentication capabilities. When connecting to a new authentication system, there is no need to modify the code of the agent platform or the authentication system. Only the processing logic of the adapter needs to be modified. The operation is simple and improves the flexibility and scalability of the agent platform connection.
[0099] The following is for reference. Figure 6 The diagram illustrates a structural schematic of an electronic device 600 suitable for implementing the above-described technical solution. The terminal device may include, but is not limited to, mobile terminals such as mobile phones, laptops, digital broadcast receivers, PDAs (Personal Digital Assistants), PADs (Tablet Personal Computers), PMPs (Portable Media Players), in-vehicle terminals (e.g., in-vehicle navigation terminals), and fixed terminals such as digital TVs (Televisions), desktop computers, etc. Figure 6 The electronic device shown is merely an example and should not be construed as limiting its functionality or scope of use.
[0100] like Figure 6 As shown, electronic device 600 may include a processing unit (e.g., a central processing unit, a graphics processing unit, etc.) 601, which can perform various appropriate actions and processes according to a program stored in read-only memory (ROM) 602 or a program loaded from storage device 608 into random access memory (RAM) 603. The random access memory 603 also stores various programs and data required for the operation of electronic device 600. The processing unit 601, ROM 602, and RAM 603 are interconnected via bus 604. An input / output (I / O) interface 605 is also connected to bus 604.
[0101] Typically, the following devices can be connected to the input / output interface 605: input devices 606 including, for example, a touchscreen, touchpad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; output devices 607 including, for example, a liquid crystal display (LCD), speaker, vibrator, etc.; storage devices 608 including, for example, magnetic tape, hard disk, etc.; and communication devices 609. Communication device 609 allows electronic device 600 to communicate wirelessly or wiredly with other devices to exchange data. Although Figure 6An electronic device 600 with various devices is shown; however, it should be understood that it is not required to implement or possess all of the devices shown. More or fewer devices may be implemented or possessed alternatively.
[0102] In particular, depending on certain circumstances, the processes described in the flowchart above can be implemented as computer software programs. For example, a computer program product is provided, comprising a computer program carried on a non-transitory computer-readable medium, the computer program containing program code for performing the methods shown in the flowchart. This computer program can be downloaded and installed from a network via communication device 609, or installed from storage device 608, or installed from read-only memory 602. When the computer program is executed by processing device 601, it performs the functions defined in the above-described methods.
[0103] It should be noted that the aforementioned computer-readable medium may be a computer-readable signal medium or a computer-readable storage medium, or any combination thereof. A computer-readable storage medium may be, for example,—but not limited to—an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of a computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer disk, a hard disk, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM, or flash memory), optical fiber, portable compact disc read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination thereof. In one case, a computer-readable storage medium may be any tangible medium containing or storing a program that can be used by or in conjunction with an instruction execution system, apparatus, or device. In another case, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, carrying computer-readable program code. The transmitted data signal can take various forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination thereof. The computer-readable signal medium can also be any computer-readable medium other than a computer-readable storage medium, which can send, propagate, or transmit a program for use by or in connection with an instruction execution system, apparatus, or device. The program code contained on the computer-readable medium can be transmitted using any suitable medium, including but not limited to: wires, optical fibers, RF (Radio Frequency), etc., or any suitable combination thereof.
[0104] In some implementations, communication can be conducted using any currently known or future-developed network protocol, such as HTTP (Hypertext Transfer Protocol), and can be interconnected with digital data communication (e.g., communication networks) of any form or medium. Examples of communication networks include local area networks (LANs), wide area networks (WANs), the internet (e.g., the Internet), and end-to-end networks (e.g., ad-hoc end-to-end networks), as well as any currently known or future-developed networks.
[0105] The aforementioned computer-readable medium may be included in the aforementioned electronic device; or it may exist independently and not assembled into the electronic device.
[0106] The aforementioned computer-readable medium carries one or more programs that, when executed by the electronic device, cause the electronic device to: respond to a redirection request from an intelligent agent platform, redirect the client to the login page of a first authentication system, wherein the intelligent agent platform, in response to a first login request, sends the redirection request to the adapter, the first login request indicating login authentication through the first authentication system, the first authentication system receiving and verifying first login information entered on the login page, and returning a first authentication credential to the adapter after successful verification; the adapter receiving the first authentication credential and generating a second authentication credential based on the first authentication credential, wherein the first authentication credential is generated using a first authentication protocol of the first authentication system, and the second authentication credential is generated using a second authentication protocol of the intelligent agent platform, the first authentication protocol being different from the second authentication protocol; the adapter returning the second authentication credential to the intelligent agent platform, wherein the intelligent agent platform performs login based on the second authentication credential.
[0107] Computer program code for performing the above operations can be written in one or more programming languages or a combination thereof. These programming languages include, but are not limited to, object-oriented programming languages, as well as conventional procedural programming languages. The program code can be executed entirely on the user's computer, partially on the user's computer, as a standalone software package, partially on the user's computer and partially on a remote computer, or entirely on a remote computer or server. In cases involving remote computers, the remote computer can be connected to the user's computer via any type of network—including a local area network (LAN) or a wide area network (WAN)—or can be connected to an external computer (e.g., via the Internet using an Internet service provider).
[0108] The flowcharts and block diagrams in the accompanying figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products under various scenarios. In this respect, each block in a flowchart or block diagram may represent a module, segment, or portion of code containing one or more executable instructions for implementing the specified logical function. It should also be noted that in some alternative implementations, the functions indicated in the blocks may occur in a different order than those indicated in the figures. For example, two consecutively indicated blocks may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each block in the block diagrams and / or flowcharts, and combinations of blocks in the block diagrams and / or flowcharts, can be implemented using a dedicated hardware-based system that performs the specified function or operation, or using a combination of dedicated hardware and computer instructions.
[0109] The modules mentioned above can be implemented in software or hardware. In some cases, the name of a module does not necessarily limit the functionality of that module.
[0110] The functions described above can be performed, at least in part, by one or more hardware logic components. For example, exemplary types of hardware logic components that can be used, without limitation, include: Field-Programmable Gate Arrays (FPGAs), Application-Specific Integrated Circuits (ASICs), Application-Specific Standard Parts (ASSPs), Systems on Chips (SoCs), Complex Programmable Logic Devices (CPLDs), and so on.
[0111] In this context, a machine-readable medium can be a tangible medium that may contain or store a program for use by or in conjunction with an instruction execution system, apparatus, or device. A machine-readable medium can be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium can be, but is not limited to, electronic, magnetic, optical, electromagnetic, infrared, or semiconductor systems, apparatus, or devices, or any suitable combination of the foregoing. More specific examples of machine-readable storage media include electrical connections based on one or more wires, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fibers, portable compact disk read-only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination of the foregoing.
[0112] The above description is merely illustrative and explains the technical principles employed. Those skilled in the art should understand that the scope of the technical solution is not limited to specific combinations of the above-described technical features, but also includes other technical solutions formed by arbitrary combinations of the above-described technical features or their equivalents without departing from the above concept. For example, technical solutions formed by substituting the above-described features with (but not limited to) technical features provided herein that have similar functions.
[0113] Furthermore, while the operations are described in a specific order, this should not be construed as requiring these operations to be performed in the specific order shown or in a sequential order. Multitasking and parallel processing may be advantageous in certain environments. Similarly, although some specific implementation details are included in the above discussion, these should not be interpreted as limitations on the scope of the technical solution. Certain features described in the context of a single example can also be implemented in combination in a single example. Conversely, various features described in the context of a single example can also be implemented individually or in any suitable sub-combination in multiple examples.
[0114] Although the technical solution has been described using language specific to structural features and / or methodological logic, it should be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or actions described above. Rather, the specific features and actions described above are merely illustrative examples of implementing the claims. Regarding the aforementioned apparatus, the specific manner in which each module performs its operation has already been described in detail in the section concerning the method, and will not be elaborated upon here.
Claims
1. An information processing method for an intelligent agent platform, comprising: In response to a redirection request from the intelligent agent platform, the adapter redirects the client to the login page of the first authentication system. The intelligent agent platform, in response to a first login request, sends the redirection request to the adapter. The first login request is used to instruct login authentication through the first authentication system. The first authentication system receives and verifies the first login information entered on the login page, and returns the first authentication credential to the adapter after successful verification. The adapter receives the first authentication credential and generates a second authentication credential based on the first authentication credential. The first authentication credential is generated using the first authentication protocol of the first authentication system, and the second authentication credential is generated using the second authentication protocol of the intelligent agent platform. The first authentication protocol and the second authentication protocol are different. The adapter returns the second authentication credential to the intelligent agent platform, wherein the intelligent agent platform logs in based on the second authentication credential.
2. The method according to claim 1, wherein the first authentication credential includes first user information, and the step of generating a second authentication credential based on the first authentication credential includes: Based on the first authentication protocol, the first authentication credential is parsed to extract the first user information; The second authentication credential is generated based at least on the first user information and the second authentication protocol.
3. The method according to claim 2, wherein generating the second authentication credential based at least on the first user information and the second authentication protocol includes: The second authentication credential is generated based on the first user information, the first information, and the second authentication protocol. The first information includes the credential validity period and / or the client's identification information.
4. The method according to any one of claims 1-3, wherein the adapter is pre-configured with multiple processing plug-ins, one processing plug-in corresponding to one authentication system, and the step of generating a second authentication credential based on the first authentication credential includes: The first processing plugin corresponding to the first authentication system is determined from the plurality of processing plugins, and the first processing plugin is invoked to generate the second authentication credential based on the first authentication credential.
5. The method according to any one of claims 1-3, wherein the adapter is configured with a first interface, the first interface being configured at least to receive the first authentication credential and generate the second authentication credential based on the first authentication credential.
6. The method according to any one of claims 1-3, wherein generating the second authentication credential based on the first authentication credential comprises: Obtain second information, which includes at least one of the following: the login time corresponding to the first login request, the credibility of the login address, and the device status of the client. Security verification is performed based on the second information, and the second authentication credential is generated based on the first authentication credential after the verification is successful.
7. The method according to any one of claims 1-3, further comprising: In response to the verification request for the second authentication credential sent by the intelligent agent platform, the adapter verifies the second authentication credential and returns the second user information corresponding to the second authentication credential after successful verification, wherein the intelligent agent platform logs in based on the second user information.
8. The method according to claim 7, wherein the adapter is configured with a second interface, the second interface being configured at least to verify the second authentication credential in response to the verification request, and to return the second user information corresponding to the second authentication credential after successful verification.
9. The method according to any one of claims 1-3, further comprising: The adapter obtains first data from the first authentication system and synchronizes the first data to the intelligent agent platform. The first data includes user information from the first authentication system.
10. An information processing device for an intelligent agent platform, comprising: The redirection module is used to respond to the redirection request of the intelligent agent platform. The adapter redirects the client to the login page of the first authentication system. The intelligent agent platform responds to the first login request by sending the redirection request to the adapter. The first login request is used to indicate that login authentication is performed through the first authentication system. The first authentication system receives and verifies the first login information entered on the login page, and returns the first authentication credential to the adapter after successful verification. A generation module is used for the adapter to receive the first authentication credential and generate a second authentication credential based on the first authentication credential, wherein the first authentication credential is generated using a first authentication protocol of the first authentication system, and the second authentication credential is generated using a second authentication protocol of the intelligent agent platform, and the first authentication protocol and the second authentication protocol are different. The return module is used by the adapter to return the second authentication credential to the intelligent agent platform, wherein the intelligent agent platform logs in based on the second authentication credential.
11. A computer-readable medium having a computer program stored thereon, wherein, When executed by a processing device, the computer program performs the steps of the method according to any one of claims 1-9.
12. An electronic device, comprising: A storage device on which computer programs are stored; A processing device for executing the computer program in the storage device to implement the steps of the method according to any one of claims 1-9.
13. A computer program product comprising a computer program, wherein, When the computer program is executed by a processor, it implements the steps of the method according to any one of claims 1-9.