1. cas架構
2. cas流程,參見官網
https://apereo.github.io/cas/5.2.x/protocol/CAS-Protocol.html
3. 術語:
- The
TGT(Ticket Granting Ticket), stored in theTGCcookie, represents a SSO session for a user.
- The
ST(Service Ticket), transmitted as aGETparameter in urls, stands for the access granted by the CAS server to the CASified application for a specific user.
- service:指客戶端,包含url及其他信息
- TGC:服務端認證完成後的寫入cookie的名稱
4. 常用url及描述
/logincredential requestor / acceptor
/logoutdestroy CAS session (logout)
/validateservice ticket validation
/serviceValidateservice ticket validation [CAS 2.0]
/proxyValidateservice/proxy ticket validation [CAS 2.0]
/proxyproxy ticket service [CAS 2.0]
/p3/serviceValidateservice ticket validation [CAS 3.0]
/p3/proxyValidateservice/proxy ticket validation [CAS 3.0]
5. 參考文章
cas協議流程:客戶端和服務端的交互流程
https://apereo.github.io/cas/5.2.x/protocol/CAS-Protocol.html
Cas配置文件詳解
https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#authentication-policy
Cas管理面板:
https://apereo.github.io/cas/5.2.x/installation/Monitoring-Statistics.html
CAS 服務器搭建:
https://blog.csdn.net/oumuv/article/details/83377945
Cas客戶端搭建:
https://www.cnblogs.com/whu-2017/p/11297447.html
Cas服務端自定義登錄頁面:
https://apereo.github.io/cas/5.3.x/installation/User-Interface-Customization-Themes.html
自定義校驗器:
cas代理認證配置:
https://apereo.github.io/cas/5.2.x/integration/Delegate-Authentication.html
解決url jessionId:
https://www.cnblogs.com/fron/p/jssessionid-20161130.html?utm_source=itdadao&utm_medium=referral
6. 補充說明
客戶端登登出如果想再次回到登錄頁面,服務端需要配置:
#登出後跳轉到service路徑
cas.logout.followServiceRedirects=true
相關文章: