1. Albert Guo [email_address]

5. web browser app. #1 app. #2 app. #3 without SSO service web browser app. #1 app. #2 app. #3 with SSO service

16. Service 2 Resource CAS Login Validate Service 1 Resource 1. Initial request 2. Authentication ( send serviceId ) 3. Ticket transfer ( send ticket) 4. Validate Ticket 5. Access resource encrypted cookie SSO make it possible for users to login once and access different service PW

17. Service 2 Resource CAS Login Validate Service 1 Resource 1. Initial request 2. Authentication ( send serviceId ) 3. Ticket transfer ( send ticket) 4. Validate Ticket 5. Access resource encrypted cookie 2a. User need NOT to provide id/password again ( with SSO cookie exist )

18. Service 1 Resource 1. Initial request login 2. Authentication 3. Access resource Service 2 login Resource 2. Authentication again 1. Initial request 3. Access resource Multiple user database Multiple login PW PW

19. Service 2 Resource CAS Login Validate Service 1 Resource 1. Initial request 2. Authentication ( send serviceId ) 3. Ticket transfer ( send ticket) 4. Validate Ticket 5. Access resource encrypted cookie SSO make it possible for users to login once and access different service PW

20. Service 2 Resource CAS Login Validate Service 1 Resource 1. Initial request 2. Authentication ( send serviceId ) 3. Ticket transfer ( send ticket) 4. Validate Ticket 5. Access resource encrypted cookie 2a. User does NOT need to provide id/password again ( with SSO cookie exist )

21. Service CAS Login state ? ID and Password Correct? Validation url Initial request Redirect to CAS (send serviceId ) Y N N Login again Id and password Ticket transfer (Send ticket and set SSO cookie ) Ticket Validation Use resource N Save login state Y Y Ticket validation

27. Just provide same user name and password, then you can pass the validation

34. Modify this return page

41. In org.jasig.cas.web package