Summary of Single Sign-On (SSO) systems

Some days ago, a colleague from other development departments found out about SSO Single Sign-On. They wanted to perform single sign-on and integrate with our systems, I want to help you with single-point logon and learn about the single-point logon solution and materials. Although I have been doing single-point logon for a long time, I think I know more about the SSO system. However, if he asks this question, he cannot tell it clearly. Therefore, to sum up the implementation principle of the SSO solution currently in use, it is truly another time to learn SSO.

 

First, Single Sign-On (SSO) is used to obtain access permissions in other subsystems for one login, so you do not need to enter the user name and password. Therefore, centralized authentication is generally used, centralized SSO verification for multiple sites. As shown in:

 

Therefore, we can see that when the access to the main site is, SSO will be requested for authentication. After the SSO system is successfully verified, a token will be returned to the main site, in this way, when the main station (OA) accesses other subsystems, it carries a token, which enables single-point logon without the need to verify the user name and password.

 

The following describes the SSO System Single Sign-On verification process:

 

When a user accesses the application system, the system verifies whether the session exists. If the session exists, the user directly enters the system. If the session does not exist, the user has not logged on to the system, then, verify whether the user's main system is logged on, whether there is a token, if there is a token to verify whether the token is valid, if the token is valid, then enter the application system, otherwise you need to log on again to generate a token.

 

Note: The token here is transmitted through an encrypted cookie. The SSO system issues an identifier that can be circulated in each substation.

A token is issued by the SSO system. After receiving the token, the system generates a session ). Tokens are circulated in cross-origin substations through cookies. Therefore, the tokens generated by SSO are returned to each system in cookies and cookie. Domain = "oa.com" is specified ".

Because tokens are circulated through cookies, each service subsystem must be in the oa.com domain, and no one will receive the token generated by SSO. The second step is to add a sysadapter. aspx intermediate page for token acquisition and verification.

 

Summary of Single Sign-On (SSO) systems