cas_sso框架.pptVIP

* * SSO: the user’s point of view web browser app. #1 app. #2 app. #3 without SSO service web browser app. #1 app. #2 app. #3 with SSO service web browser app. #1 app. #2 app. #3 with CAS service CAS: why did we choose it? web browser app. #1 app. #2 app. #3 authenticationserver without SSO userdatabase userdatabase service netIdpassword netIdpassword web browser app. #1 app. #2 app. #3 with CAS service CAS: why did we choose it? web browser app. #1 app. #2 app. #3 authenticationserver without SSO userdatabase userdatabase service netIdpassword netIdpassword User authentication CASserver HTTPS web browser User authentication TGC: Ticket Granting Cookie User’s passport to the CAS server Private and protected cookie(the only one used by CAS, optional) Opaque re-playable ticket CASserver netIdpassword HTTPS userdatabase web browser TGC TGC Accessing an applicationafter authentication web browser CASserver TGC HTTPS application TGC ST ST ST ST: Service Ticket Browser’s passport to the CAS client (application) Opaque and non re-playable ticket Very limited validity (a few seconds) ID Accessing an applicationafter authentication CASserver HTTPS TGC ST ST ST ID web browser TGC Redirections are transparent to users application ST: Service Ticket Browser’s passport to the CAS client (application) Opaque and non re-playable ticket Very limited validity (a few seconds) Accessing an applicationwithout authentication web browser CASserver HTTPS Authentication form application Accessing an applicationwithout authentication web browser CASserver TGC HTTPS ST ST ID netIdpassword ST TGC No need to be previously authenticated to access an application application Authenticating users with CAS CAS authentication left to administrators ESUP-Portail CAS Generic Handler Mixed authentication XML configuration LDAPdirectory database NISdomain X509certificates Kerberosdomain Windows NTdomain flat files CASserver N-tier installations PGT: Proxy Granting Ticket A