preface
Next: CAS single Sign-on infrastructure
introduce
CAS
CAS is a single sign-on framework. It is an open source project initiated by Yale University, aiming to provide a reliable single sign-on method for Web application systems. CAS officially became a project of JA-SIG in December 2004. The code is currently managed on Github
SSO
Single Sign On (SSO)
SSO means that in multiple applications, users only need to log in once to access all trusted applications.
For example,
Here we use Taobao and Tmall for example to show a single point login
As shown in the picture, we have not logged in to the two websites. Now we log in to Taobao and refresh directly without logging in to Tmall.
From this, we can see, when taobao landing, day cat automatic login. This is single sign-on, one login, everywhere.
Characteristics of the
The CAS project supports the following functions:
- CAS v1, V2, and V3 protocols
- SAML V1 and V2 protocols
- Request the v2 protocol
- OpenID and OpenID connection protocols
- Ws-federation Passive requester protocol
- Authenticate with JAAS, LDAP, RDBMS, X.509, Radius, SPNEGO, JWT, Remote, Trusted, BASIC, Apache Shiro, MongoDb, Pac4J, etc.
- Delegate authentication to WS-Fed, Facebook, Twitter, SAML IdP, OpenID, OpenID Connect, CAS, etc.
- Authorization via ABAC, time/date, REST, Internet2 Grouper, etc.
- HA cluster deployment via Hazelcast, Ehcache, JPA, Memcached, Apache Ignite, MongoDb, Redis, DynamoDb, Couchbase, and more.
- Register with JSON, LDAP, YAML, JPA, Couchbase, MongoDb, DynamoDb, Redis, etc.
- Multi-factor authentication through Duo Security, YubiKey, RSA, Google Authenticator, etc.
- An administrative UI for managing logging, monitoring, statistics, configuration, client registration, and more.
- Global and per-application USER interface themes and branding.
- Manage passwords and implement password policies.
CAS is based on Spring Boot and Spring Cloud.
The flow chart
Flowchart of cas protocol