About the principle of single sign-on

Before the interview was asked to the single-sign-on implementation principle, this I have done, may be the cause of tension and some can not or say the reason, at that time, the answer is not good, today calm down to smooth the mind, a recall of their interview process is really not good.

Actually, single sign-on is simple.

Single Sign-on technology implementation mechanism: When the user first access to the application System 1, because there is no login, will be directed to the authentication system to log in, according to user-provided login information, authentication system for identity verification, if through validation, should be returned to the user a certified credential--ticket; When the user accesses another application, it will take the ticket, as the credentials of their own authentication, the application system accepts the request will send ticket to the authentication system for validation, check the legality of ticket. If tested, the user can access application System 2 and application 3 without having to log in again.

As you can see, the following key features are required to implement SSO:

A) All application systems share an identity authentication system;

b) All application systems are able to identify and extract ticket information;

c) The application system can identify the user who has logged in, can automatically determine whether the current user has logged in, so as to complete the single sign-on function

Based on the above basic principles, I have designed a single sign-on system with the PHP language program, has been put into the official build server run. The system program, the ticket information to the entire system unique session ID as a medium, so as to obtain the current online users of the entire station information (login status information and other users need to process the entire station information).

Two. Process Description:

Login process:

1. First time landing a station:

A) user input user name + password, send login request to user authentication Center

b) The current login site, through the WebService request, the user Authentication Center to verify the user name, password legitimacy. If the validation is passed, the ticket is generated to identify the user of the current session and the site identifier of the current login sub-station is logged to the User center, and finally

c) return the acquired user data and ticket to the child station. If the validation does not pass, the corresponding error status code is returned.

D) According to the results of the previous step of the webservice request returned, the current sub-station to the user login processing: If the status code is successful, then the current site through the website cookie to save ticket, and this site records the user's login status. If the status code indicates a failure, the user will be prompted for the login failure.

2. When logged in, the user goes to another child:

A) through the site cookie or session to verify the user's login status: such as verification through, into the normal site processing program; otherwise, the User Center verifies the login status of the users (sending ticket to the user authentication center), such as authentication, and then local login processing for the returned user information. Otherwise, it indicates that the user is not logged in.

Log out process

A) The current log-out station to clear the user's login status and local saved users full station unique random ID

b) through the WebService interface, clear the entire station record of the entire site unique random ID. The WebService interface returns, logs out the JavaScript code of other logged-in sub-stations, and outputs this code on this site.

c) JS code access to the corresponding station of the standard log out script