cas协议讲解,cas整个流程的分析流程图写的清楚明白,对于理解很有帮助
网页链接
CAS protocol
the CAS protocol is a simple and powerful ticket-based protocol developed exclusively for CAS. A complete protocol specification may be found here.
It involves one or many clients and one server. Clients are embedded in CASified applications (called “CAS services”) whereas the CAS server is a standalone component:
- The CAS server is responsible for authenticating users and granting accesses to applications
- The CAS clients protect the CAS applications and retrieve the identity of the granted users from the CAS server.
The key concepts are:
- The TGT (Ticket Granting Ticket), stored in the CASTGC cookie, represents a SSO session for a user
- The ST (Service Ticket), transmitted as a GET parameter in urls, stands for the access granted by the CAS server to the CASified application for a specific user.
Versions
The current CAS protocol is the version 3.0. The draft version of the protocol is available as part of the CAS codebase, which is hereby implemented. It’s mainly a capture of the most common enhancements built on top of the CAS protocol revision 2.0. Among all features, the most noticeable update between versions 2.0 and 3.0 is the ability to return the authentication/user attributes through the new /p3/serviceValidate
response (in addition to the /serviceValidate
endpoint, already existing for CAS 2.0 protocol).