阅读说明：本技术 登录认证方法及系统 (Login authentication method and system ) 是由 彭权 于 2018-07-23 设计创作，主要内容包括：本发明公开了一种登录认证方法及系统。其中,该方法包括：获取来自客户端的请求信息,其中,客户端已经预先成功登录单点登录服务器,请求信息用于表征客户端请求登录外部服务器；生成外部服务器对应的链接信息,其中,链接信息包括：客户端对应的加密信息；将链接信息发送至客户端,其中,链接信息中的加密信息用于对客户端进行验证,在验证通过之后,确定客户端成功登录外部服务器。本发明解决了现有技术中外部服务器接入单点登录服务器时,需要进行多次跳转完成登录流程的技术问题。(The invention discloses a login authentication method and system. Wherein, the method comprises the following steps: acquiring request information from a client, wherein the client successfully logs in a single sign-on server in advance, and the request information is used for representing that the client requests to log in an external server; generating link information corresponding to the external server, wherein the link information comprises: encrypting information corresponding to the client; and sending the link information to the client, wherein the encrypted information in the link information is used for verifying the client, and after the verification is passed, the client is determined to successfully log in the external server. The invention solves the technical problem that when the external server is accessed to the single sign-on server in the prior art, the login process needs to be completed by skipping for many times.)

1. A login authentication method, comprising:

acquiring request information from a client, wherein the client successfully logs in a single sign-on server in advance, and the request information is used for representing that the client requests to log in an external server;

generating link information corresponding to the external server, wherein the link information comprises: encryption information corresponding to the client;

and sending the link information to the client, wherein the encrypted information in the link information is used for verifying the client, and after the verification is passed, the client is determined to successfully log in the external server.

2. The method of claim 1, wherein generating the link information corresponding to the external server comprises:

acquiring an encryption key corresponding to the external server;

encrypting the identity information corresponding to the client by using the encryption key to obtain the encrypted information;

generating the link information based on the encryption information.

3. The method of claim 2, wherein prior to obtaining the corresponding encryption key of the external server, the method further comprises:

receiving an access request sent by the external server;

and determining an encryption key corresponding to the external server, and sending a decryption key corresponding to the encryption key to the external server.

4. A login authentication method, comprising:

receiving link information corresponding to an external server sent by a client, wherein the client has successfully logged in a single sign-on server in advance, the link information is generated by the single sign-on server after receiving request information sent by the client, the request information is used for representing that the client requests to log in the external server, and the link information comprises: encryption information corresponding to the client;

and initiating authentication of the client based on the encrypted information, wherein after the authentication is passed, the client is determined to be successfully logged in the external server.

5. The method according to claim 4, wherein before receiving the link information corresponding to the external server sent by the client, the method further comprises:

sending an access request to the single sign-on server;

and receiving the decryption key sent by the single sign-on server.

6. The method of claim 5, wherein initiating authentication of the client based on the encryption information comprises:

decrypting the encrypted information by using the decryption key to obtain decrypted information, wherein the encrypted information is obtained by encrypting the identity information corresponding to the client by using the encryption key corresponding to the decryption key by using the single sign-on server;

and calling the single sign-on server, and verifying by the single sign-on server based on the decryption information and the identity information corresponding to the client pre-stored in the single sign-on server.

7. A login authentication method, comprising:

a client sends request information to a single sign-on server, wherein the client successfully logs in the single sign-on server in advance, and the request information is used for representing that the client requests to log in an external server;

the client receives link information corresponding to the external server sent by the single sign-on server, wherein the link information comprises: encryption information corresponding to the client;

and the client sends the link information to the external server, wherein the encrypted information in the link information is used for verifying the client, and after the verification is passed, the client is determined to successfully log in the external server.

8. A login authentication system is characterized by comprising a client, a single sign-on server and an external server, wherein the client successfully logs in the single sign-on server in advance, and the login authentication system comprises:

the client is used for sending request information to the single sign-on server, wherein the request information is used for representing that the client requests to log in the external server;

the single sign-on server is configured to generate link information corresponding to the external server in response to the request information, where the link information includes: encryption information corresponding to the client;

and the external server is used for verifying the client based on the encryption information, wherein the client is determined to successfully log in the external server under the condition of passing verification.

9. A storage medium comprising a stored program, wherein the program, when executed, controls an apparatus in which the storage medium is located to execute the login authentication method according to any one of claims 1 to 7.

10. A processor, configured to execute a program, wherein the program executes the login authentication method according to any one of claims 1 to 7.

Technical Field

The invention relates to the field of login authentication, in particular to a login authentication method and system.

Background

SSO, Single Sign-On, is known as Single Sign On, and users can access mutually trusted application systems only by logging On once. When the external system accesses the SSO system, the access needs to be performed according to the standard provided by the SSO system. The current single sign-on authentication skip flow is shown in fig. 1, and assuming that the address of the external system is https:// app.ex.com, after a user inputs https:// app.ex.com in a browser, the external system detects that no information which can identify the logged-on is available at present, so that login verification is required; then browser redirects to https:// sso. Com. The SSO server redirects to https:// app. ex. com/? And (5) the ticket is ST-12345, the external system verifies the SSO after obtaining the service ticket, and if the verification is passed, the current login state is stored, and the login process is completed.

However, the existing login authentication method has a strict requirement on an external system when accessing to an SSO system, which may limit a programming language (for example, only Java and other languages have a support package provided by the language), and if other languages do not have the support of the existing support package, the external system is required to implement an authentication process; a redirection of multiple pages is required.

Aiming at the problem that when an external server is accessed into a single sign-on server in the prior art, multiple jumps are required to complete a sign-on process, an effective solution is not provided at present.

Disclosure of Invention

The embodiment of the invention provides a login authentication method and system, which at least solve the technical problem that when an external server accesses a single-point login server in the prior art, multiple jumps are required to complete a login process.

According to an aspect of an embodiment of the present invention, there is provided a login authentication method, including: acquiring request information from a client, wherein the client successfully logs in a single sign-on server in advance, and the request information is used for representing that the client requests to log in an external server; generating link information corresponding to the external server, wherein the link information comprises: encrypting information corresponding to the client; and sending the link information to the client, wherein the encrypted information in the link information is used for verifying the client, and after the verification is passed, the client is determined to successfully log in the external server.

Further, generating link information corresponding to the external server includes: acquiring an encryption key corresponding to an external server; encrypting the identity information corresponding to the client by using the encryption key to obtain encrypted information; the link information is generated based on the encryption information.

Further, before obtaining an encryption key corresponding to the external server, the method further includes: receiving an access request sent by an external server; and determining an encryption key corresponding to the external server, and sending a decryption key corresponding to the encryption key to the external server.

According to another aspect of the embodiments of the present invention, there is also provided a login authentication method, including: receiving link information corresponding to an external server sent by a client, wherein the client successfully logs in a single sign-on server in advance, the link information is generated after the single sign-on server receives request information sent by the client, the request information is used for representing that the client requests to log in the external server, and the link information comprises: encrypting information corresponding to the client; and initiating authentication of the client based on the encrypted information, wherein after the authentication is passed, the client is determined to be successfully logged in the external server.

Further, before receiving link information corresponding to the external server sent by the client, the method further includes: sending an access request to a single sign-on server; and receiving a decryption key sent by the single sign-on server.

Further, initiating authentication of the client based on the encryption information comprises: decrypting the encrypted information by using the decryption key to obtain decrypted information, wherein the encrypted information is obtained by encrypting the identity information corresponding to the client by using the encryption key corresponding to the decryption key through the single sign-on server; and calling the single sign-on server, and verifying the identity information corresponding to the client pre-stored in the single sign-on server by the single sign-on server based on the decryption information.

According to another aspect of the embodiments of the present invention, there is also provided a login authentication method, including: the method comprises the steps that a client sends request information to a single sign-on server, wherein the client successfully logs in the single sign-on server in advance, and the request information is used for representing that the client requests to log in an external server; the client receives link information corresponding to an external server sent by a single sign-on server, wherein the link information comprises: encrypting information corresponding to the client; and the client sends link information to the external server, wherein the encrypted information in the link information is used for verifying the client, and after the verification is passed, the client is determined to successfully log in the external server.

According to another aspect of the embodiments of the present invention, there is also provided a login authentication system, including a client, a single sign-on server, and an external server, where the client has successfully logged in the single sign-on server in advance, where: the client is used for sending request information to the single sign-on server, wherein the request information is used for representing that the client requests to log in an external server; the single sign-on server is used for responding to the request information and generating link information corresponding to the external server, wherein the link information comprises: encrypting information corresponding to the client; and the external server is used for verifying the client based on the encrypted information, wherein the client is determined to successfully log in the external server under the condition that the verification is passed.

According to another aspect of the embodiments of the present invention, there is also provided a login authentication apparatus, including: the system comprises an acquisition module, a processing module and a display module, wherein the acquisition module is used for acquiring request information from a client, the client successfully logs in a single sign-on server in advance, and the request information is used for representing that the client requests to log in an external server; the generating module is used for generating link information corresponding to the external server, wherein the link information comprises: encrypting information corresponding to the client; and the sending module is used for sending the link information to the client, wherein the encrypted information in the link information is used for verifying the client, and after the verification is passed, the client is determined to successfully log in the external server.

According to another aspect of the embodiments of the present invention, there is also provided a login authentication apparatus, including: the client side is used for successfully logging in the single sign-on server in advance, the link information is generated after the single sign-on server receives request information sent by the client side, the request information is used for representing that the client side requests to log in the external server, and the link information comprises: encrypting information corresponding to the client; and the authentication module is used for initiating authentication of the client based on the encrypted information, wherein after the authentication is passed, the client is determined to successfully log in the external server.

According to another aspect of the embodiments of the present invention, there is also provided a login authentication apparatus, including: the system comprises a first sending module, a second sending module and a third sending module, wherein the first sending module is used for sending request information to a single sign-on server, a client successfully logs in the single sign-on server in advance, and the request information is used for representing that the client requests to log in an external server; the receiving module is used for receiving link information corresponding to the external server sent by the single sign-on server, wherein the link information comprises: encrypting information corresponding to the client; and the second sending module is used for sending the link information to the external server, wherein the encrypted information in the link information is used for verifying the client, and after the verification is passed, the client is determined to successfully log in the external server.

According to another aspect of the embodiments of the present invention, there is also provided a storage medium, where the storage medium includes a stored program, and when the program runs, the apparatus on which the storage medium is located is controlled to execute the above single sign-on authentication method.

According to another aspect of the embodiments of the present invention, there is also provided a processor, configured to execute a program, where the program executes the single sign-on authentication method described above.

In the embodiment of the invention, when the client needs to log in the external server, the client can send request information to the single sign-on server, the single sign-on server generates the link information corresponding to the external server, the client accesses the external server through the link information, and the client is determined to directly log in the external server after successfully verifying the client based on the encrypted information in the link information, so that the whole single sign-on authentication is completed. The single sign-on server generates the link information corresponding to the external server, and the client can sign on the external server through the link information.

Drawings

The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:

FIG. 1 is an interaction diagram of a login authentication method according to the prior art;

FIG. 2 is a flow diagram of a login authentication method according to an embodiment of the present invention;

FIG. 3 is an interaction diagram of an alternative login authentication method according to an embodiment of the present invention;

FIG. 4 is a flow diagram of another login authentication method according to an embodiment of the invention;

FIG. 5 is a flow chart of yet another login authentication method according to an embodiment of the present invention;

FIG. 6 is a schematic diagram of a login authentication system according to an embodiment of the present invention;

fig. 7 is a schematic diagram of a login authentication device according to an embodiment of the present invention;

fig. 8 is a schematic diagram of another login authentication device according to an embodiment of the present invention; and

fig. 9 is a schematic diagram of still another login authentication device according to an embodiment of the present invention.

Detailed Description

In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.