“This is the 8th day of my participation in the Gwen Challenge in November. Check out the details: The Last Gwen Challenge in 2021”

CAS

Central Authentication Service (CAS) is a single sign-on (SSO) framework for Web applications. The official documentation

The CAS consists of the CAS Server and CAS Client.

Working principle diagram:

CAS implements single sign-on (SSO)

Single sign-on (SSO) : Single Sign On

As shown in the figure:

The process is as follows:

The browser accesses system A for the first time

  1. System A does not log in to system A, and the ticket information is empty
  2. Redirection to the authentication center. The ticket is empty. The authentication center login page is displayed
  3. The authentication center successfully logs in and returns the ticket and redirects system A
  4. System A checks the login. If system A does not log in, system A verifies the ticket with the authentication center to exchange user information
  5. The login to system A is successful

The browser accesses system B for the first time

  1. System B does not log in to the system, and the ticket information is empty
  2. Redirect to the authentication center
  3. The authentication center has logged in. Ticket information is returned
  4. System B checks the login. If system B fails to log in, it verifies the user information with the ticket to the authentication center
  5. The login to system B is successful

Follow-up access to system A or B

When a user logs in to the authentication center for the first time, a global session is established between the user and the authentication center. If you go to the authentication center to check whether you are logged in to each subsequent access, the efficiency is low. A local session can be established between the application system and the browser. A local session stores the login status. If a local session exists when a user accesses a system application, the user has logged in. If the local session does not exist, the authentication center checks whether the global session exists and performs the preceding procedure.

The local session is attached to the global session. If the global session disappears, the local session also disappears.

logout

After the user logs out of system A, other systems should also log out.

Application SYSTEM A needs to end the local session and notifies the authentication center that the user logs out. After receiving the notification, the authentication center ends the global session and notifies other application systems to end all local sessions of the logged out user.