Single Sign-on

Source: Internet
Author: User

What is single sign-on?

Single Sign-on, or SSO, is one of the most popular solutions for enterprise business integration at the moment. The definition of SSO is that in multiple application systems, users can access all trusted applications with only one login.

How to implement single sign-on

Using cookies as a voucher medium

The simplest way to implement a single sign-on is to use cookies as a medium to store user credentials.

After the user logs in to the parent app, the app returns an encrypted cookie that, when the user accesses the sub-app, carries this cookie, authorizes the app to decrypt the cookie and checks it, and checks to log in to the current user.


650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/89/C4/wKioL1gcKa3xuiSYAADozfjqaPQ359.jpg-wh_500x0-wm_3 -wmp_4-s_3166792663.jpg "title=" 79702-b33138a8d24fc12b.jpg "alt=" Wkiol1gcka3xuisyaadozfjqapq359.jpg-wh_50 "/>

A cookie exists in the browser when the user logs on

private void initcookie (string pin)  {try { Cookievalidate cookievalidate = new cookievalidate (); Cookievalidate.setpin (PIN); Cookievalidate.setceshi (Securityutil.md5 (New stringbuffer (Cookieencrypt.get ("DesPrefix")). Append (PIN). Append (Dateutil.formatdate (New date ())). ToString ()); Cookievalidate.settest (Securityutil.encrypt (new  stringbuffer (PIN). Append (","). Append (Dateutil.formatdate (New date ())). ToString (),  Cookieencrypt.get ("Deskey")); Cookievalidate.setip (SECURITYUTIL.MD5 (request)); Cookievalidate.setbrower (SECURITYUTIL.MD5 (Request.getheader ("user-agent")); String cookiestring = escapeutil.escape (Jsonutil.tojson (cookievalidate)); Cookieutil.createdcookie (Cookieencrypt.get ("Logincookiename"), cookiestring, -1);}  catch  (exception e)  {log.error ("###### initcookie error ######",  e);}} 

Log in the interceptor to determine if the cookie resolves the correct user

If you do not jump to the login page correctly

The problem with this approach:

1. Cookies are not safe

2, can not be implemented across the domain to avoid landing

Single Sign-on

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.