[SSO single-point series] (6): CAS4.0 single-point process Sequence Diagram (Chinese version) and related terminology (TGT, ST, PGT, PT, PGTIOU), tgtpgt

[SSO single-point series] (6): CAS4.0 single-point process Sequence Diagram (Chinese version) and related terminology (TGT, ST, PGT, PT, PGTIOU), tgtpgt

CAS-related content has not been written for a long time. It may be updated next week.

 

Since the single-point process sequence diagram in the previous article was directly downloaded from the official website, it was in English and may not be understood by some friends, so it was changed to Chinese.

PS: Only one modified. The second image will be added tomorrow...

 

Before that, explain several CAS-relatedGlossaryRight:

1. Concepts ①.Glossary

TGT, ST, PGT, PGTIOU, PT, whereCAS1.0 all the tickets in the protocol, PGT, PGTIOU, PT isCAS2.0. notes contained in the Agreement.

CASThe login ticket issued for the user,CASSuccessfully logged on.CASAfter successful authentication,TGTObject, put it into your own cache,CASThe generated cookie, thenTGTIf yes, the user has logged on before. If no, the user needs to log on again.

Http://www.coin163.com/java/cas/ticket.html

·TGC(Ticket-granting cookie ):

The cookie that stores the user identity authentication credencookie.CASServer is used to identify the credential of the user.

·ST(Service Ticket)

ST isCASObtain the ST. User orientationCASThe cookie value is used as the key to query whether the cache containsTGT, Use thisCASAfter the verification is passed, the user is allowed to access the resource.

·PGT(Proxy Granting Ticket)

Proxy Service. The user passesCASGenerate a PGT object and cache it in·PGTIOU(Proxy Granting Ticket I Owe You)

PGTIOU isCASAfter the serviceValidate API,CASAn xml message that successfully verifies the ST is generated and returned to the Proxy Service. The xml message contains PGTIOU. After receiving the Xml message, the proxy service parses the PGTIOU value and uses it as the key, find the PGT value in map, assign a value to the pgtId of the Assertion object that represents the user information, and delete it in map.

·PT(Proxy Ticket)

PT is the user's ticket to access the Target Service (back-end service. If a user accesses a Web application, the Web application requires the browser to provide the ST, And the browser will use the cookieCASObtain the ST, but obtain a PT through the proxy service access interface with the PGT of the proxy service before accessing the application.

② , TGT , ST , PGT , PT Relationship

1) ST isCASAfter successful authentication,TGT, UseTGTObject, and then redirect the ST value to the customer application.

2) PGT is issued by ST. The user uses ST to access Proxy service and Proxy serviceCAS). If ST is successfully verifiedTGTObject.

3) PT is issued by PGT. Proxy service Proxy back-end service goesCASObtain the pgt object based on the sent PGT parameter, and call its grantServiceTicket method to generate a PT object.

 

 

2. CAS Basic flowchart (No PROXY is used)

 

 

3. CAS flowchart Using proxy

To be continued...