This is the fourth day of my participation in Gwen Challenge
preface
As the number of service systems increases, user status cannot be shared among service systems. Therefore, each system requires user login. This is very unfriendly to users, so it is necessary to set up an SSO SSO server to do unified login and logout.
This series of articles serves two purposes:
- Keep track of your learning
- There aren’t many articles on the web about using Apereo CAS for single sign-on, so I wanted to share them with you
Note: Apereo CAS documentation and warehouse reference is 6.3.4
Past the link
- What is SSO?
I. SSO and CAS
Relationship between
As mentioned earlier, SSO refers to a single login on multiple systems, so what is CAS? CAS is essentially a means to implement single sign-on SSO, and it is a solution to SSO. The relationship is similar to that between abstract classes and subclasses in Java (definition and implementation)
Apereo CAS is the open source enterprise single sign-on system for Apereo CAS.
- Official Github repository
- The official documentation
History of the Apereo CAS project
Apereo CAS is an open source system called Yale CAS launched in 2002 by Shawn Bayern of the Yale Technology and Planning Laboratory. In December 2004, CAS became a project of JASIG(Java Administration Special Interesting Group), and the project was renamed JASIG CAS. In 2012, JASIG merged with the Sakai Foundation to become Apereo Foundation, and CAS was renamed Apereo CAS.
Protocols supported by Apereo CAS
Apereo CAS is quite powerful and supports most authentication protocols:
- CAS (versions 1, 2, and 3)
- SAML 1.1 and 2
- OpenID Connect
- OpenID
- The 2.0
- WS Federation
2. CAS project architecture
The Apereo CAS project architecture is relatively simple, as shown below:
Description of project architecture:
CAS Clients: CAS Clients refer to applications that integrate the CAS authentication protocol. Taking the SpringBoot project in Java as an example, the official CAS-client dependency is introduced to communicate with the CAS Server through simple configuration (configuring filters, etc.)
CAS Server: THE CAS Server is a Java servlet built on top of the Spring Framework. Its main responsibility is to authenticate users and grant access to Cas-enabled services (commonly called CAS clients) by publishing and validating tickets. (It can be simply understood as issuing a token, and detailed process description will follow)
Third, summary
Thank you to see the end, very honored to help you ~♥