SSO is a very big topic. I have deep feelings about this topic. Since the establishment of the Guangzhou usergroup Forum, countless netizens have tried to use the open-source CAS, kerberos also provides another way of SSO, that is, SSO Based on Windows domains, and SAML, which has been booming since 2005.
If you compare these free SSO solutions with commercial Tivoli, SiteMinder, or RSA Secure SSO products, the gap exists. After all, the security and user experience of commercial products are unparalleled. The SSO we mentioned now is only web SSO, that is, web-SSO is reflected in the client; the other is desktop SSO, for example, you only need to log on to Windows 2000 as Administrator once, so that I can skip the logon process when using MSN/QQ (note that this is not the password memory function of the client software ), it is a type of proxy User Password Input Function. Therefore, desktop SSO is reflected at the OS level. Today, when we mention SSO, we usually refer to Web SSO, which is mainly characterized by web protocols (such as HTTP/SSL) between SSO applications ), SSO has only one logon portal. In a simple SSO system, there are three roles: 1 , User (multiple) 2 , Web applications (multiple) 3 , SSO authentication center (1) Although the SSO implementation mode is strange, it is always the same: L The Web application does not process user logon. Otherwise, multiple logins are performed. All logins are performed in the SSO authentication center. L The SSO authentication center uses some methods to tell the web application whether the current user is Zhang San/Li Si. L The SSO authentication center establishes a trust relationship with all web applications. The SSO authentication center determines whether a user's identity is correct and informs the web application in some way, and the judgment result must be trusted by the web application.