Suppose there are two applications, App1 and app2, and the user has logged in to App1 and needs to jump or directly access the function page in App2.
The access address of App1 is: http://192.168.1.100/app1/ ; the access address of App2 is: http://192.168.1.101/app2/, and the page that needs to access App2 is http://192.168.101/app2/ action2.action _
1. The request parameters and path of the App1 organization requesting to log in to app2
1.1. Assuming that the user has logged in to App1, the user needs to access the page of App2, and first sends the jump (external access) request to the ssoURLRequestServlet of App1, as shown in link ① in the above figure .
The requested URL is : http://192.168.1.100/ app1 /ssoURLRequest?app=app2&url=action2.action
1.2. App1 obtains the URL information according to ssoURLRequest. The target application for the jump is App2, and the address is action2.action (relative address), and other information of the application is found according to App2, such as: application homepage path, IP address, context path and other information , which constitutes the absolute path for accessing the App2 function page and the absolute path for SSO login verification.
2. App1 sends user information to App2 to request to generate credentials: App1's ssoURLRequest obtains the current logged-in user id (such as the job number, which is consistent with the relevant information of app2), and encrypts the data of: user id+app2+sessionId+uuid to generate Token1 credentials , and save the credential information in the cache (memory, centralized cache or database), send it to App2, and request App2 to generate credentials for logging in to App2. The request address is : http://192.168.1.101/app2/tokenGenerat , as shown above Section ② in .
3. App2 goes to App1 to verify the certificate, and returns the certificate of app2: After App2 receives the request to generate verification information, it obtains the certificate of Token1 sent by App1, and requests http://192.168.1.100/app1/ tokenValidate of App1 to verify Token1 Whether it is valid, as shown in link ③ in the above figure .
4. App1 jumps to App2 through the credential page: After the ssoURLRequestServlet of App1 receives the login credential information returned by App1, it returns the credential information to the browser that sent the jump (access to App2) request, and returns the script of the browser jump, browse The device carries the login credential information (cipher text) and jumps to App2, as shown in link ④ in the above figure .
5. App2 verifies that the credential is valid and successfully logs in: After App2 receives the request with the login credential, it decrypts the credential information and verifies whether the credential information is valid. If it is valid, it converts the decrypted credential information into user login information. And save it to the session (or other places), so far, the login to App2 is realized. During the whole process, the user does not need to enter the login information of App2 to log in to App2, as shown in the link ⑤ in the above figure.