5. web browser app. #1 app. #2 app. #3 without SSO service web browser app. #1 app. #2 app. #3 with SSO service
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16. Service 2 Resource CAS Login Validate Service 1 Resource 1. Initial request 2. Authentication ( send serviceId ) 3. Ticket transfer ( send ticket) 4. Validate Ticket 5. Access resource encrypted cookie SSO make it possible for users to login once and access different service PW
17. Service 2 Resource CAS Login Validate Service 1 Resource 1. Initial request 2. Authentication ( send serviceId ) 3. Ticket transfer ( send ticket) 4. Validate Ticket 5. Access resource encrypted cookie 2a. User need NOT to provide id/password again ( with SSO cookie exist )
18. Service 1 Resource 1. Initial request login 2. Authentication 3. Access resource Service 2 login Resource 2. Authentication again 1. Initial request 3. Access resource Multiple user database Multiple login PW PW
19. Service 2 Resource CAS Login Validate Service 1 Resource 1. Initial request 2. Authentication ( send serviceId ) 3. Ticket transfer ( send ticket) 4. Validate Ticket 5. Access resource encrypted cookie SSO make it possible for users to login once and access different service PW
20. Service 2 Resource CAS Login Validate Service 1 Resource 1. Initial request 2. Authentication ( send serviceId ) 3. Ticket transfer ( send ticket) 4. Validate Ticket 5. Access resource encrypted cookie 2a. User does NOT need to provide id/password again ( with SSO cookie exist )
21. Service CAS Login state ? ID and Password Correct? Validation url Initial request Redirect to CAS (send serviceId ) Y N N Login again Id and password Ticket transfer (Send ticket and set SSO cookie ) Ticket Validation Use resource N Save login state Y Y Ticket validation
22.
23.
24.
25.
26.
27. Just provide same user name and password, then you can pass the validation