Since entering the first shop in the early of this year, use of the backend system many, and very messy, each product line of the background system has a separate domain name and independent login mode, from the enterprise efficiency and product line integration considerations, it is necessary to integrate all the backend system, should this SSO solution appears.
SSO English full name single Sign on, point login. SSO is a multiple application system in which users can access all trusted applications with only one login.
Today, a store SSO has been online, the effect is as follows:
The leftmost is the name of all subsystems and can be clicked to show the submenu of each subsystem
The SSO of a shop point in addition to the integration of the various subsystems of the login authentication, but also responsible for user authorization, including: Function menu permissions, function Point of Access (button link text display, etc.), data permissions, etc.
Design ideas:
Overall interaction diagram involving the system
Each subsystem common set of memcached,memcached must be a pair of HA nodes to ensure that the user information can be stabilized by the system public
After the user backend login, record the user cookie, the user login time, user information, user rights information recorded in Memcached, users click on other systems, such as: Merchant,report, The key generated by the cookie obtains the user logon time from memcached, and if the current time-the user logon time is less than the session expiration time, indicating that the user's session has not expired through can jump to the merchant and the system. Every time the SSO system modifies the user's logon time in memcached, the user's session expiration time is implemented.
class diagram Design