This is the third day of my participation in Gwen Challenge
preface
As the number of service systems increases, user status cannot be shared among service systems. Therefore, each system requires user login. This is very unfriendly to users, so it is necessary to set up an SSO SSO server to do unified login and logout.
This series of articles serves two purposes:
- Record your learning process and share it with others
- There aren’t many articles on the web about using Apereo CAS for single sign-on, so I wanted to share them with you
1. Understand SSO
define
Single Sign On (SSO). SSO is defined as the ability for users to log in once to access all trusted applications in multiple applications. The purpose of single sign-on (SSO) is to integrate user authentication in each subsystem into the SSO service.
As shown below:
After logging in to system A, users can directly access systems B and C without logging in again
Existing programs
At present, there are two popular single sign-on schemes:
- Cookie-based Session sharing
- CAS Central Authentication service
1. Cookie-based Session sharing
Test.cn Service system A: A.test.cn Service system B: B.test.cn Service system C: C.test.cn
The user initiates the login request for the first time
Take the first access to service system A as an example, and the process is as follows:
Cookie: mainly used to store the SessionId in the front end (for example, the key is the JSessionId in tomcat) Session: The basic information and login status of the user are saved in the Session
User access to other business systems (second)
Take the second access to service system B as an example. The process is as follows:
Because you have logged in to the domain for the first time, the SessionId corresponding to the top-level domain name has been saved in the front end. When accessing sub-domain names, the SessionId can pass the verification and normal service processes can be performed
2. CAS Central Authentication service
Central Authentication Service (CAS) is an enterprise-level and open source project initiated by Yale University, aiming to provide a reliable SSO solution for Web application systems (official document).
The certification process
The simple authentication process is as follows: The CAS is divided into two parts: the service and the client
advantage
User information can be shared between multiple CAS domains. For example, the CAS service is deployed on test1.cn, application system A is deployed on test2.cn, and application system C on test3.cn
Second, the summary
Thank you to see the end, very honored to help you ~♥