A single point of login (SSO) solution collected from the Internet ~
Single Sign On (SSO) is one of the most popular solutions for enterprise business integration. SSO is defined in multiple application systems. Users only need to log on once to access all mutually trusted application systems. It includes a mechanism for ing the main logon to other applications for the login of the same user.
When a user accesses Application System 1 for the first time, the user is directed to the authentication system for Logon because the user has not yet logged on. Based on the login information provided by the user, the authentication system performs identity verification, if the verification is successful, a verification credential ticket should be returned to the user. When the user accesses another application, the ticket is carried as the authentication credential, after receiving the request, the application system sends the ticket to the authentication system for verification to check the validity of the ticket. After verification, you can access application system 2 and Application System 3 without having to log on again.
Supports single-point login for multiple domains:
1. Verify that the server verification server is equivalent to the same portal. Any login and cancellation work will be passed here. The verification work will also be conducted here. 2. The process
Server a, server B, and server c are service servers, and server d is the verification server.
User A performs operations to be verified on server a (such as url_a). If server a finds that the user has not logged on, it will jump to the login page of server d. After server d passes user A's authentication, generate a user session, generate a one-time token for the user, and append the token to url_a (such as url_a? Server a calls server d's verification service remotely or through a private channel between servers based on the incoming ssid. Server d checks whether the token is valid and deletes the token, if Server a obtains user information after verification, server d records the address of server a. At this time, user A has logged on to server. If user A accesses the operation to be verified on server B or server c, for example (url_ B), the login page of server d is displayed, because the session of user a already exists, A one-time token is also generated to repeat the above process.
3. User A logs on to server a and server B During the exit process. If the user clicks the exit link of server d, server d clears the session of server d, at the same time, according to the list of servers that user A has logged on to in the session, the img indicates the exit function of server a and server B on the page. In this way, the session of user a on server A and server B is cleared at the same time.