Single Sign On for UniqueStudio
The UniqueSSO is nearly a standard implementation of CAS.
Below is the cas diagram.
- login at
POST /cas/login?service=${redirectURI}
with body - validate ticket at
GET /cas/p3/serviceValidate?ticket=${ticket}
for login, there are four ways to login:
-
phone number with password
-
phone sms
-
email address with password
-
wechat oauth
store state in cookie, which persisted by redis.
The user info is stored in PostgreSQL with database named sso
, and the table name is user
The UniqueSSO is nearly a standard implementation of CAS. This is the cas link
-
Redirect to UniqueSSO login page
https://sso.hustuniuqe.com/cas/login
with service, which is the redirectURI from SSO. -
If user login successfully, the
UniqueSSO
will redirct the page toservice
specified in step 1 and with the ticket. Like this:https://bbs.hustunique.com?ticket=${TICKET}
For most cases, the ticket will expire after 3 minutes. In addition, the ticket is just valid at the first time whether validate successfully or not.
-
Validate ticket by sending HTTP GET request to
https://sso.hustuniuqe.com/cas/p3/serviceValidate?ticket=${ticket}&service=${service}
. If success, sso will return the user infoThe service here is used to fiter not redirect.
- edit the backend config file
- Access APM systems
{
"serviceResponse": {
"authenticationFailure": {
"code": "",
"description": ""
},
"authenticationSuccess": {
"user": "${UID}",
"attributes": {
"uid": "",
"name": "",
"phone": "",
"email": ""
}
}
}
}