The same domain name to achieve single sign-on is too simple, because a system and B system domain name is the same, when access a time log in, when Access B, because the same domain name, the browser will take the cookies,cookies in the ticket information, Access B naturally no longer login.
However, if the a system and the B system domain name is different, how the CAS has been in access to a system when the login, in the access to the B system will not have to re-login it. At this time to access the B system, because the domain name is different, the browser does not have the cookies stored with the ticket information Ah, OK at this time the CAS implementation of single sign-on principle is this, please look at the picture:
Note: In cas4.2.7, this cross-domain single sign-on feature requires you to enable the HTTPS protocol, the above figure you need to realize that in the figure of the 9th step, then access to B system, because it is a cross-domain, and is the first access, ticket is empty, and after a series of redirects, plus parameters, you find that the user did nothing However, in the 13th step to access the B system, has been brought with effective ticket, because this series of redirects to the user is transparent, users feel that they did nothing to achieve the B system access.
Transferred from: https://blog.csdn.net/pucao_cug/article/details/70216109