SSO (Single sign-on) is the only way to access all trusted apps after logging in with a login authentication service. CAS is a classic SSO implementation, it sub-server and client, the server is the login authentication service, the client needs to protect the authorized application, its process is:
Assume that there are www.360kjh.com (referred to as WWW), agent.360kjh.com (agent) Two main business services, and a passport.360kjh.com ("Passport") login authentication Service. When a user accesses a resource that requires authorization at WWW without logging in, it jumps to passport, and when the user enters the user password authentication succeeds, carries a ticket to www,www to take the ticket and passport for another certification, and the Passport returns the user name to WWW after successful authentication. When a user accesses a resource that the agent needs to authorize, it jumps to the passport, where the passport no longer needs to sign in, and creates a ticket for the agent and jumps to agent,agent holding the ticket and passport for re-certification. The Passport returns the user name to the agent after successful authentication.
Because CAs needs to purchase a certificate, this project temporarily leverages the shared primary domain cookie and the Redis analog CAs, which is when the Passport service logs on successfully, writes a ticket to the cookie, and then the WWW and Agent writes an interceptor, reads the cookie, The value of the cookie is found in Redis for this user object, and finally determines whether the login succeeds.
Single Sign-on
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
