Step by step single sign-on (1)-understanding of single sign-on

SSO brief introduction

Single Sign On In multiple application systems, you only need to log in once to access other mutually trusted application systems.

The problem with single sign-on

• Cookies cannot cross domain

Solution: After sso login, you can set the domain of the cookie to the top domain, that is, .a.com, so that all subdomain systems can access the cookie of the top domain. When setting cookies, we can only set the top domain and our own domain, not other domains.

• session cannot be shared

Solution: Sharing session, such as springSession, or using a certification center, the role of using a certification center is that as long as the user logs in at the certification center, it is equivalent to logging in to all systems. In
this way, users should first visit the certification center when accessing other systems Whether the user has already logged in. If there is no login, the certification center should guide the user to log in and return the successful login information to the original system. The
certification center should also store the address information of all the subsystems that can be registered in the center. .

I am a little puzzled here. How does the certification authority determine the user's identity information? And how does it know which user is logged in from other systems?
In fact, I still have to return to the cookie. I hope I can understand later.

The first realization of a simple certification center

 @RestController
public class AuthController {
    public static HashMap<String, String> tokens = new HashMap<>();
    @Autowired
    RestTemplate restTemplate; @GetMapping(value = "/isLogin/{token}")
    public Result isLogin(@PathVariable("token") String token, HttpServletRequest request) {

        //查询本地认证中心本地session或者redis或者 该用户是否已经登陆
        //todo
        //模拟已登陆

        //代表已登陆,生成一个唯一token 传给客户端.并在本地存储相应的键值
        //在tokens里根据这个token来查找是否存在,//todo JWT了解一下
        //存在就把这个令牌回显,然后将令牌回显,该用户已经在认证中心登陆
        Result result = new Result();
        if (tokens.containsKey(token)) {
            //todo 这里可以加深加密的逻辑,不应该这么简单
            result.setMsg("用户已经登陆");
            return result;
        } else {
            //未登录 跳转到登陆页面
            Result result1 = new Result();
            result1.setMsg("用户未登陆,请引导登陆!");
            return result1;
        }

    }


    @PostMapping(value = "/login")
    public Result login(User user) {
        //验证登陆
        if ("123".equals(user.getPassword())) {
            //登陆成功还是要在认证中心存储该用户
            String tkV = UUID.randomUUID().toString();
            String tkK = UUID.randomUUID().toString();
            //key值不应该为username,这里为了简便.
            //todo 存储到数据库或者redis都可以
            tokens.put(tkK, tkV);
            //然后返回给app 一个唯一token 并将该token也存入redis 或者数据库 这里失去了 原应用的uri
            Result result = new Result();
            result.setMsg("登陆成功");
            //将key值返回给app
            result.setToken(tkK);
            return result;
        } else {
            //登陆失败,重新登陆
            return null;
        }

    }
    }

Struggle from school students.