This is the third day of my participation in Gwen Challenge

preface

As the number of service systems increases, user status cannot be shared among service systems. Therefore, each system requires user login. This is very unfriendly to users, so it is necessary to set up an SSO SSO server to do unified login and logout.

This series of articles serves two purposes:

Record your learning process and share it with others

There aren’t many articles on the web about using Apereo CAS for single sign-on, so I wanted to share them with you

1. Understand SSO

define

Single Sign On (SSO). SSO is defined as the ability for users to log in once to access all trusted applications in multiple applications. The purpose of single sign-on (SSO) is to integrate user authentication in each subsystem into the SSO service.

As shown below:

After logging in to system A, users can directly access systems B and C without logging in again

Existing programs

At present, there are two popular single sign-on schemes:

Cookie-based Session sharing
CAS Central Authentication service

1. Cookie-based Session sharing

Test.cn Service system A: A.test.cn Service system B: B.test.cn Service system C: C.test.cn

The user initiates the login request for the first time

Take the first access to service system A as an example, and the process is as follows:

Cookie: mainly used to store the SessionId in the front end (for example, the key is the JSessionId in tomcat) Session: The basic information and login status of the user are saved in the Session

User access to other business systems (second)

Take the second access to service system B as an example. The process is as follows:

Because you have logged in to the domain for the first time, the SessionId corresponding to the top-level domain name has been saved in the front end. When accessing sub-domain names, the SessionId can pass the verification and normal service processes can be performed

2. CAS Central Authentication service

Central Authentication Service (CAS) is an enterprise-level and open source project initiated by Yale University, aiming to provide a reliable SSO solution for Web application systems (official document).

The certification process

The simple authentication process is as follows: The CAS is divided into two parts: the service and the client

advantage

User information can be shared between multiple CAS domains. For example, the CAS service is deployed on test1.cn, application system A is deployed on test2.cn, and application system C on test3.cn

Second, the summary

Thank you to see the end, very honored to help you ~♥

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

【 combat 】 Set up SSO server from scratch – what is SSO?

preface

1. Understand SSO

define

Existing programs

1. Cookie-based Session sharing

The user initiates the login request for the first time

User access to other business systems (second)

2. CAS Central Authentication service

The certification process

advantage

Second, the summary

【 combat 】 Set up SSO server from scratch – what is SSO?

preface

1. Understand SSO

define

Existing programs

1. Cookie-based Session sharing

The user initiates the login request for the first time

User access to other business systems (second)

2. CAS Central Authentication service

The certification process

advantage

Second, the summary

Related Posts

Mariadb knowledge combing – query statement

Go pointer & Switch fallthrough

Refer to the two-stage transaction (2PC) idea of multi-threaded transactions