CAS Web flow diagram
2016-08-18 15:53:01 35 举报
CAS Web flow diagram
作者其他创作
大纲/内容
程序开始验证CAS 服务器发送过来的Ticket
Cookie:MOD_AUTH_CAS = XYZ1234567GET:https//app2.example.com/
访问App
200 [XML Content]
GET: https://cas.example.com/serviceValidate?service = https%3A%2F%2Fapp2.example.com%2F&ticket = ST-345678
“200 [Resource Content]”
显示 App2的信息
POST: https://cas.example.com/cas/login?service = https%3A%2F%2Fapp.example.com%2F
验证 Session Cookie
需要授权访问的 App2
Session Cookie随着请求被发送过来,并由程序进行验证
GET: https://app2.example.com/?ticket = ST-12345678
GET: https://app.example.com/?ticket = ST-12345678
用户名,密码以及登录的ticket被发送到CAS 服务器,服务器进行验证通过后授权
CAS 服务器会返回一个XML 文档,该文档中包含成功授权的信息,已经授权的项目,以及可操作的属性
Cookie:JSESSIONID = ABC1234567GET: https://app.example.com/resource
用户
显示CAS登录界面
Set-Cookie:CASTGC=TGT-2345678302 Location: https://app.example.com/?ticket = ST-12345678
GET: https://cas.example.com/serviceValidate?service = https%3A%2F%2Fapp.example.com%2F&ticket = ST-12345678
200 [Content of https//app.example.com/]
Cookie:CASTGC=TGT-2345678GET: https://cas.example.com/cas/login?service = https%3A%2F%2Fapp2.example.com%2F
Set-Cookie:JSESSIONID = ABC1234567302 Location: https://app.example.com/
CAS 服务器
访问App2
请求资源
浏览器
GET: https://cas.example.com/cas/login?service = https%3A%2F%2Fapp.example.com%2F
需要授权访问的 App
Cookie:JSESSIONID = ABC1234567GET: https://app.example.com/
由于没有授权访问,app需要找CAS进行授权,得到一个含有相关信息的service参数
CAS 登录界面
GET https://app2.example.com/
GET https://app.example.com/
CAS 服务器验证了发送过来的Cookie有效,因此毋须登录
用户由于需要授权,因此需要进行登录
显示资源
用户被授权后,服务器会创建一个SSO session以及一个ticket
Set - Cookie:MOD_AUTH_CAS = XYZ1234567302 Location:https//app2.example.com/
302 Location: https://cas.example.com/cas/login?service = https%3A%2F%2Fapp2.example.com%2F
Location:https://app2.example.com/?ticket=ST-345678
第一次访问App2
200 [Content of https://app2.example.com/]
用户输入登录信息
第二次访问App
302 Location: https://cas.example.com/cas/login?service = https%3A%2F%2Fapp.example.com%2F
授权登录成功,显示站点信息
收藏
收藏
0 条评论
下一页