SSO single Point series (6): CAS4.0 single-point process sequence diagram (Chinese version) and related terminology interpretation (TGT, ST, PGT, PT, Pgtiou)

1. Concept-related ①. Terminology Interpretation

TGT, ST, PGT, Pgtiou, PT, wherein the CAS1.0 protocol in the bill, PGT, Pgtiou, PT is the CAS2.0 protocol in the notes.

CAs is a user-issued login ticket that has a successful login with CAs . After CAs authentication succeeds, theTGT object, put into its own cache,CAS -generated cookie, then the TGT , if any, then indicates the user has logged in before, if not, The user needs to sign in again.

Http://www.coin163.com/java/cas/ticket.html

· TGC (ticket-granting cookie):

A cookie that holds user authentication credentials, which is used by the browser and the CAS server to identify the user's identity.

· ST (Service Ticket)

St is the CAS get St. The user to CAs will use this cookie value as the key in the query cache if there is no TGT, then this CAS authentication, after the validation passed, allows users to access resources.

· PGT (Proxy granting Ticket)

Proxy credentials for a proxy service.         The user generates a PGT object through CAS , which is slow to exist · Pgtiou (full name Proxy granting Ticket I Owe you)

Pgtiou is a cas servicevalidate Interface Validation St succeeds,CAs generates a validation St successful XML message that is returned to the proxy Service,xml message that contains Pgtiou, When the proxy service receives the XML message, it parses out the value of the Pgtiou, then takes it as key, finds the value of PGT in the map, assigns the Pgtid to the assertion object that represents the user's information, and deletes it in the map.

· PT (Proxy Ticket)

PT is a ticket for the user to access the target service (back-end service). If a user is accessing a web app, the Web app will ask the browser to provide St, and the browser will use the cookie to go to CAS to get St, instead of accessing the proxy service's PGT to get a PT Before you can access this app.

② , TGT , ST , PGT , PT Relationship between

1) ST is certified successfully on CAS after theTGT, with the TGT object, and then the value of St redirect to the customer application.

2) PGT is issued by St. User with St to access Proxy Service,proxy service to CAS), if St authentication succeeds, then the TGT object.

3) PT is issued by PGT. Proxy service Proxy Back-end service go to CAS based on the PGT parameter, get to the PGT object, and then call its Grantserviceticket method to generate a PT object.

2.CAS Basic Flowchart (no proxy agent is used)

3. Using the agent's CAS flowchart

SSO single Point series (6): CAS4.0 single-point process sequence diagram (Chinese version) and related terminology interpretation (TGT, ST, PGT, PT, Pgtiou)