Search

CN-122027183-A - Single sign-on method, single sign-on device, electronic equipment and storage medium

CN122027183ACN 122027183 ACN122027183 ACN 122027183ACN-122027183-A

Abstract

The application provides a single sign-on method, a single sign-on device, electronic equipment and a storage medium, wherein the single sign-on method comprises the steps of obtaining an access request for a first application, enabling the first application to run on a first browser on terminal equipment, enabling the terminal equipment to be provided with a local Web service, responding to historical sign-on operation for a second application, generating a cross-browser bill, enabling the second application to run on a second browser on the terminal equipment, sending the cross-browser bill to the local Web service, enabling the local Web service to generate a bill authentication request based on the cross-browser bill, authenticating the cross-browser bill in the bill authentication request, responding to the cross-browser bill, and sending first login credentials associated with the historical sign-on operation to the first application through authentication, so that the first application logs in based on the first login credentials.

Inventors

  • QIU JUNYANG
  • LAI YANYAN
  • GUO SHU
  • LIANG PENGFEI

Assignees

  • 中移互联网有限公司
  • 中国移动通信集团有限公司

Dates

Publication Date
20260512
Application Date
20250916

Claims (20)

  1. 1. A single sign-on method, characterized by being applied to an authentication center, comprising the steps of: an access request aiming at a first application is obtained, wherein the first application runs on a first browser on terminal equipment, and local Web service is deployed on the terminal equipment; Generating a cross-browser ticket in response to the existence of a history login operation for a second application, wherein the second application runs on a second browser on the terminal device; Sending the cross-browser ticket to the local Web service so that the local Web service generates a ticket authentication request based on the cross-browser ticket; authenticating the cross-browser bill in the bill authentication request; And in response to the cross-browser ticket passing the authentication, sending a first login credential associated with the historical login operation to the first application so that the first application logs in based on the first login credential.
  2. 2. The method of claim 1, wherein generating a cross-browser ticket in response to the presence of a history login operation for the second application comprises: Generating a character string of a set length through a set character string generation algorithm in response to the existence of a history login operation for the second application; And obtaining the cross-browser bill according to the character string.
  3. 3. The method of claim 1, wherein the ticket authentication request includes a user token corresponding to the history login operation and a device identifier of the terminal device, and wherein authenticating the cross-browser ticket in the ticket authentication request comprises: And verifying the validity of the user token, verifying the validity and authentication states of the cross-browser bill, and verifying the relevance of the equipment identifier and the cross-browser bill.
  4. 4. The method of claim 1, wherein the authentication center comprises an authentication center server for generating the cross-browser ticket and authenticating the cross-browser ticket in the ticket authentication request.
  5. 5. The method of claim 4, wherein the authentication center further comprises an authentication center client for querying the authentication center server for an authentication status of a cross-browser ticket; the sending, in response to the cross-browser ticket passing authentication, a first login credential associated with the historical login operation to the first application, comprising: And sending the first login credential to the first application through the authentication center client in response to the authentication status indicating that the cross-browser ticket passes authentication.
  6. 6. The method according to claim 1, wherein the method further comprises: Sending a user token query request to the local Web service so that the local Web service performs effective user token query to obtain an effective user token query result; and determining whether historical login operation aiming at the second application exists according to the effective user token query result.
  7. 7. The method according to claim 1, wherein the method further comprises: Acquiring user identity information input by a user in response to no historical login operation for the second application or in response to the cross-browser ticket failing authentication; and carrying out identity authentication based on the user identity information, and sending a second login credential to the first application according to the user identity information in response to the passing of the identity authentication so as to enable the first application to log in based on the second login credential.
  8. 8. The method of claim 7, wherein the method further comprises: acquiring a device identifier of the terminal device and generating a device ticket based on the device identifier; sending the equipment bill to the local Web service so that the local Web service generates a user token acquisition request based on the equipment bill and the equipment identifier; performing validity check and relevance check on the equipment bill and the equipment identifier in the user token acquisition request; And responding to the verification of the equipment bill and the equipment identifier, and sending a user token to the local Web service according to the user identity information, wherein the user token is used for indicating that a login operation aiming at the first application exists.
  9. 9. The single sign-on method is characterized by being applied to a local Web service, wherein the local Web service is deployed on a terminal device and comprises the following steps of: The method comprises the steps of receiving a cross-browser ticket sent by an authentication center, wherein the authentication center is used for acquiring an access request aiming at a first application, generating the cross-browser ticket in response to a history login operation aiming at a second application, the first application is operated on a first browser on terminal equipment, and the second application is operated on a second browser on the terminal equipment; generating a bill authentication request based on the cross-browser bill; And sending the ticket authentication request to the authentication center so that the authentication center authenticates the cross-browser ticket in the ticket authentication request, and sending a first login credential associated with the historical login operation to the first application in response to the cross-browser ticket passing authentication, wherein the first login credential is used for logging in the first application.
  10. 10. The method of claim 9, wherein the cross-browser ticket is derived from a string of a particular length, the string being generated by a set string generation algorithm.
  11. 11. The method of claim 9, wherein the authentication center authenticating the cross-browser ticket in the ticket authentication request includes verifying a validity of the user token, verifying a validity and an authentication status of the cross-browser ticket, and verifying an association of the device identification and the cross-browser ticket.
  12. 12. The method of claim 9, wherein the authentication center comprises an authentication center server for generating the cross-browser ticket and authenticating the cross-browser ticket in the ticket authentication request.
  13. 13. The method of claim 12, wherein the authentication center further comprises an authentication center client for querying the authentication center server for an authentication state of a cross-browser ticket, and sending the first login credentials to the first application in response to the authentication state indicating that the cross-browser ticket is authenticated.
  14. 14. The method according to claim 9, wherein the method further comprises: receiving a user token inquiry request sent by the authentication center; Responding to the user token inquiry request, carrying out effective user token inquiry to obtain an effective user token inquiry result; and sending the valid user token query result to the authentication center so that the authentication center determines whether a historical login operation for the second application exists according to the valid user token query result.
  15. 15. The method of claim 9, wherein the authentication center is further configured to: And carrying out identity authentication based on the user identity information, and sending a second login credential to the first application according to the user identity information in response to the passing of the identity authentication so as to enable the first application to log in based on the second login credential.
  16. 16. The method of claim 15, wherein the method further comprises: receiving a device bill sent by the authentication center, wherein the device bill is generated according to a device identifier of the terminal device; generating a user token acquisition request based on the device ticket and the device identifier; And sending the user token acquisition request to the authentication center so that the authentication center performs validity check and relevance check on the equipment bill and the equipment identifier in the user token acquisition request, and sending a user token to the local Web service according to the user identity information in response to the passing of the equipment bill and the equipment identifier check, wherein the user token is used for indicating that login operation aiming at the first application exists.
  17. 17. A single sign-on device for use in an authentication center, comprising: the first acquisition module is used for acquiring an access request aiming at a first application, wherein the first application runs on a first browser on terminal equipment, and a local Web service is deployed on the terminal equipment; the generation module is used for generating a cross-browser bill in response to the existence of a historical login operation for a second application, wherein the second application runs on a second browser on the terminal equipment; The first sending module is used for sending the cross-browser bill to the local Web service so that the local Web service generates a bill authentication request based on the cross-browser bill; The authentication module is used for authenticating the cross-browser bill in the bill authentication request; And the second sending module is used for responding to the cross-browser bill passing authentication and sending a first login credential associated with the historical login operation to the first application so that the first application can log in based on the first login credential.
  18. 18. A single sign-on device, for use with a local Web service, the local Web service deployed at a terminal device, comprising: The terminal equipment comprises a first receiving module, a first receiving module and a second receiving module, wherein the first receiving module is used for receiving a cross-browser bill sent by an authentication center, the authentication center is used for acquiring an access request aiming at a first application, and generating the cross-browser bill in response to a history login operation aiming at a second application, the first application is operated on a first browser on the terminal equipment, and the second application is operated on a second browser on the terminal equipment; The first generation module is used for generating a bill authentication request based on the cross-browser bill; The first sending module is used for sending the bill authentication request to the authentication center so that the authentication center authenticates the cross-browser bill in the bill authentication request, and sending a first login credential associated with the historical login operation to the first application in response to the cross-browser bill passing authentication, wherein the first login credential is used for logging in the first application.
  19. 19. An electronic device comprising a processor and a memory communicatively coupled to the processor; The memory stores computer-executable instructions; the processor executes computer-executable instructions stored in the memory to implement the method of any one of claims 1-8 or 9-16.
  20. 20. A computer readable storage medium having stored therein computer executable instructions which when executed by a processor are adapted to carry out the method of any one of claims 1-8 or 9-16.

Description

Single sign-on method, single sign-on device, electronic equipment and storage medium Technical Field The present application relates to the field of computer technologies, and in particular, to a single sign-on method, a single sign-on device, an electronic device, and a storage medium. Background Single sign-on is one of solutions for enterprise business integration, and is defined as that a user can access all application systems trusted by each other by logging in only once in a plurality of application systems. In the related art, the single sign-on scheme relies on a user session between a browser and an authentication center, so that a user authentication state cannot be shared across the browser, and the user needs to perform authentication login again when opening other browsers to access downstream applications. Disclosure of Invention The present application aims to solve at least one of the technical problems in the related art to some extent. To this end, a first object of the present application is to propose a single sign-on method applied to an authentication center. A second object of the present application is to propose a single sign-on method applied to a local Web service. A third object of the present application is to provide a single sign-on device applied to an authentication center. A fourth object of the present application is to propose a single sign-on device applied to a local Web service. A fifth object of the present application is to propose an electronic device. A sixth object of the present application is to propose a computer readable storage medium. A seventh object of the application is to propose a computer programme product. In order to achieve the aim, an embodiment of the first aspect of the application provides a single sign-on method, which is applied to an authentication center and comprises the steps of obtaining an access request for a first application, wherein the first application runs on a first browser on terminal equipment, a local Web service is deployed on the terminal equipment, a cross-browser bill is generated in response to historical sign-on operation for a second application, the second application runs on a second browser on the terminal equipment, the cross-browser bill is sent to the local Web service, so that the local Web service generates a bill authentication request based on the cross-browser bill, authentication is carried out on the cross-browser bill in the bill authentication request, and a first login credential associated with the historical sign-on operation is sent to the first application in response to the cross-browser bill passing authentication, so that the first application logs in based on the first login credential. In order to achieve the aim, a second aspect of the application provides a single sign-on method, which is applied to a local Web service, wherein the local Web service is deployed on a terminal device and comprises the steps of receiving a cross-browser ticket sent by an authentication center, wherein the authentication center is used for acquiring an access request for a first application, generating the cross-browser ticket in response to a historical sign-on operation for a second application, the first application runs on a first browser on the terminal device, the second application runs on a second browser on the terminal device, generating a ticket authentication request based on the cross-browser ticket, sending the ticket authentication request to the authentication center so that the authentication center authenticates the cross-browser ticket in the ticket authentication request, and sending a first login credential associated with the historical sign-on operation to the first application in response to the cross-browser ticket passing authentication, wherein the first credential is used for logging on the first application. In order to achieve the purpose, the embodiment of the third aspect of the application provides a single sign-on device, which is applied to an authentication center and comprises a first acquisition module, a generation module and a first sending module, wherein the first acquisition module is used for acquiring an access request for a first application, the first application is operated on a first browser on terminal equipment, a local Web service is deployed on the terminal equipment, the generation module is used for responding to historical login operation for a second application, the second application is operated on a second browser on the terminal equipment, the first sending module is used for sending the cross-browser ticket to the local Web service, so that the local Web service generates a ticket authentication request based on the cross-browser ticket, the authentication module is used for authenticating the cross-browser ticket in the ticket authentication request, and the second sending module is used for responding to the cross-browser ticket to pass authenticati