CAS central certification service

1、CAS
CAS, Central certification services , An independent open instruction protocol , by Web The application system provides a reliable single sign on method .
SSO, Single sign on , When the user logs in on the authentication server once , You can get access to other associated systems and applications in the single sign on system .
2、 Principles and protocols
For each that accesses protected resources Web request ,CAS Client Will analyze the Http Whether the request contains Service Ticket, without , The current user has not logged in , The request is then redirected to CAS Server The login address , And transmission Service（ That is, the address of the destination resource to be accessed ）, In order to return to the address after successful login . The user is at 3 Enter the authentication information in the next step , If login is successful ,CAS Server Randomly generate a unique Service Ticket, And cache for future verification , Then the system automatically redirects to Service Address , And set up a Ticket Granted Cookie（TGC）,CAS Client Get the Service And the new Ticket later , In the 5、6 Bu Zhong Yu CAS Server Make an identity check , In order to ensure that Service Ticket Legitimacy .
CAS Server, Responsible for user authentication .CAS Client, Responsible for handling access requests to client protected resources , When you need to log in , Redirect to CAS Server.TGT, yes CAS Login tickets issued for users , Stored in CAS Server in , Be similar to session.TGC, yes TGT Unique identification of , Stored in Web Browser in , Be similar to jsessionid.ST, yes CAS Service tickets issued for users
The user is in CAS Server After successful certification ,CAS Server Will generate TGT and TGC,TGT Stored in CAS Server,TGC Stored in Web Browser in . When the user visits again CAS Server when , First query cookie Whether there is TGC, If it exists, pass TGC obtain TGT, Got it TGT It means that the user has been authenticated successfully before , adopt TGT And access the source to generate ST, Single sign on .
The protocol process diagram is as follows