A SSO CAS Framework Popular principle

SSO Unified Authentication

SSO, SSO Unified authentication is designed to allow multiple systems to use the unified login portal, the user only need to log in one of the system, in the cookie time can not be logged in, directly into the system.

About CAs

CAS is a framework for SSO, all known as: Central authentication Service, a nice single sign-on framework for Web applications, including Java. Net,php,prel,apache,uportal,ruby and so on.

Directly on the schematic, as shown in:

This picture is very good, after thinking, or directly moved over, we have the first login and not the first time to log on as the dividing line to tell.

First you need to understand a few reasons, what is the server, what is the client?

Server, from the first time to hear the word to now has made us feel very mysterious feeling, a high feeling, in the sky feeling. And in fact the server and we feel exactly the opposite, the server, is to provide services for others, Baidu Encyclopedia is said, the server refers to a management resources and provide services to users of the computer. Plainly, the server is a computer, but this computer can provide services to other applications or computers, like the restaurant waiter for customer service, and a computer like this, people put him personified, called the server.

And the waiter is relative to the customer, no customer attendant is no longer a waiter, and the customer may be other waiter, the computer is the same, the server is relative to the client.

In, the first thing we see is CAS client and CAs Server, which is two relative concepts. Without this framework, our system is logged into the page of our system, the Web browser is the client, and the machine that supports the background deployment to the system belongs to the server. When we add CAs, we go up another layer, because CAS server is for CAS client service.

Here the CAS client includes CAS own client (that is, a Java program CAS client jar package) and we want to use CAS Single sign-on project, they put together to form the CAS client, and CAS Server is to verify the user name and password entered in different ways.

Log in to the system for the first time, using the CAS process

The user opens the browser, through the address first request the protected resource, the CAS client will redirect the request automatically to the CAS server side, the CAS server side discovers the no evidence, directly transfers the CAS server login interface to the browser, presents to the user. At this point, after the user enters the user name and password, click the login button, request authentication, the CAS client also redirects to the CAS server, discovers that there is a session ID, starts to authenticate, fails the validation, and the browser renders the failed information. Successful verification, the user name and password will be placed in the session, and add an evidence to jump to the system's main interface.

Request your own system for the second time, CAS process

When the user requests their own system, will directly request to the CAS landing page, and then the CAS server side to judge, found that there is a session and evidence, directly to the system main interface.

If we do this, we can only use CAs's own default login interface, and various applications use the unified login interface, which is very impersonal. That can not allow different applications have their own different login interface, but all memory of the same CAS validation it? Next, different applications customize their own CAs landing page.

A SSO CAS Framework Popular principle