CN109495486A - A method of the single page Web application integration CAS based on JWT - Google Patents

A method of the single page Web application integration CAS based on JWT Download PDF

Info

Publication number
CN109495486A
CN109495486A CN201811452511.1A CN201811452511A CN109495486A CN 109495486 A CN109495486 A CN 109495486A CN 201811452511 A CN201811452511 A CN 201811452511A CN 109495486 A CN109495486 A CN 109495486A
Authority
CN
China
Prior art keywords
cas
jwt
single page
page web
web application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811452511.1A
Other languages
Chinese (zh)
Other versions
CN109495486B (en
Inventor
孙越
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Zhidaochuangyu Information Technology Co Ltd
Original Assignee
Chengdu Zhidaochuangyu Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Zhidaochuangyu Information Technology Co Ltd filed Critical Chengdu Zhidaochuangyu Information Technology Co Ltd
Priority to CN201811452511.1A priority Critical patent/CN109495486B/en
Publication of CN109495486A publication Critical patent/CN109495486A/en
Application granted granted Critical
Publication of CN109495486B publication Critical patent/CN109495486B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

A kind of method that the present invention proposes single page Web application integration CAS based on JWT, single page Web application login page are redirected to the login page of cas system, and URL includes the service that Service parameter identification currently needs to log in;After the success of CAS login page input authentication information registration, CAS Server end is automatically redirected to single page Web according to Service parameter and applies user, redirects the Ticket parameter that link is generated comprising CAS;Single page Web is applied using Service, Ticket as parameter, and request API service end obtains JWT;Using Service, Tikcet as parameter, request CAS server-side ProxyValidate interface is verified at API service end, judges whether user has logged in cas system.The present invention does not need to save the logging state of user at API service end, requests CAS interface check to generate JWT by API service and realizes certification, reduce the degree of coupling of system, solve Cross-domain problem, improve user experience, ensure that the safety of user sensitive information.

Description

A method of the single page Web application integration CAS based on JWT
Technical field
The present invention relates to CAS integrated technology field, the side of specially a kind of single page Web application integration CAS based on JWT Method.
Background technique
In the development process of enterprise, multiple application systems are gone out for different business developments, for user experience, have increased User's degree of adhesion, each Business Application Certification service are all integrated in cas system, and user only needs to carry out by cas system Primary login and authentication, so that it may access multiple systems, which greatly enhances working efficiencies and safety.With front end skill The development of art, the architecture mode that many application systems all use front and back end to separate, client are applied using single page Web, server-side Only need to provide API, for client by calling API to realize data interaction, the client part page and data must be logical in user It is just accessible later to cross certification, likewise, service end part API also requires user authentication.
Traditional CAS integration mode mainly has following steps:
1) user accesses application system resource, and CAS client is redirected to when needing to log in, and redirecting link includes Service (URL of the application system of current request cas system) parameter;
2) user carries out authentication in CAS client;
3) after certification passes through, CAS server-side generates a random Ticket, and CAS server-side is redirected by parameter of Ticket Service into step 1);
4) application system requests CAS server-side API, verifies the legitimacy of Ticket using Ticket as parameter;
5) after CAS server-side verifying Ticket is legal, user information is returned to application system, application system locally saves user's Logging state, application system page realize user authentication.
Under traditional CAS integration mode, since current each operation system product certification service has all been integrated in CAS, and And each service product require locally save user logging state, this for using front and back end separation system for, Single page Web application and API service end must all save the logging state of user, and this considerably increases the degrees of coupling of system.Due to Single page Web is applied and API service end may not also result in cross-domain ask in the same domain under traditional CAS integration mode Topic.
Summary of the invention
In view of the above-mentioned problems, solving cross-domain ask the purpose of the present invention is to provide a kind of degree of coupling that can reduce system Topic improves user experience, guarantees the method for the single page Web application integration CAS based on JWT of the safety of user sensitive information. Technical solution is as follows:
Step A: single page Web application login page is redirected to the login page of cas system, and URL includes Service parameter identification The service for currently needing to log in;
Step B: user is after the success of CAS login page input authentication information registration, and CAS Server end is according to step A's Service parameter is automatically redirected to single page Web application, redirects the Ticket parameter that link is generated comprising CAS;
Step C: single page Web, using using Ticket, Service as parameter, requests API service end authorization interface, obtains JWT;
After step D:API service end interface receives request, using Ticket, Service as parameter, CAS is called ProxyValidate verification interface;
Step E: if verification pass through, CAS server-side return user information, API service end according to HS256 algorithm, user information, Expired time generates JWT, returns to single page Web application, and single page Web, which is applied, saves JWT in localStoage or Cookie;School It is not invalid by then returning to Ticket to test;
Step F: subsequent single page Web application request API service end interface, request header carry JWT, are authenticated;If authentication is lost It loses or JWT is out of date, then return to mistake;Otherwise the information of single page Web application request is returned;
Step G: user exits single page Web and is stored in local JWT in application, deleting in E step first, is then redirected to CAS client exits link, is in the state of publishing in client and CAS at this time.
Further, the HS256 algorithm in the step E is replaced with into RS256 algorithm.
Further, when the subsequent single page Web application request API service end interface, ciphering signature is carried out to data.
The beneficial effects of the present invention are: user of the present invention logs in single page Web in application, only needing to carry Service parameter It is redirected to CAS Server to be logged in, the sensitive information (such as account, password) of user is without API service end;API clothes Business end does not need to save the logging state of user;API is designed using the framework mode of RESTful in API service end, is recognized using JWT Card mode solves the problems, such as cross-domain;JWT carries validity period, is more than to need again single page Web application to step on again after validity period Record obtains JWT, enhances the safety of system.
Detailed description of the invention
Fig. 1 is that the present invention is based on the flow charts of the method for the single page Web application integration CAS of JWT.
Specific embodiment
The present invention is described in further details in the following with reference to the drawings and specific embodiments.The invention proposes one kind to be based on The method of the single page Web application integration CAS of JWT, single page Web, which is applied, under normal conditions obtains token reality by request API service It now authenticates, since the sensitive informations such as the password of current business system user are all stored separately on the database of CAS service, API clothes User authentication can not be implemented separately in business, and according to the method for the integrated CAS of tradition, the login of user can only be locally saved in API service State, this considerably increases the degrees of coupling of system, while if single-page is applied and API service is not under same domain name, API clothes Business end uses the architecture design of RESTful, and traditional CAS integration mode also results in Cross-domain problem.The present invention proposes a kind of base In the method for the single-page application integration CAS of JWT, does not need to save the logging state of user at API service end, be taken by API Business request CAS interface check generates JWT and realizes certification, reduces the degree of coupling of system, solves Cross-domain problem, improves user Experience, ensure that the safety of user sensitive information.The present invention integrates the flow chart of the method for CAS as shown in Figure 1, specific steps It is as follows:
Step A: single page Web application login page is redirected to the login page of cas system, and URL includes Service parameter identification The service for currently needing to log in.
User logs in single page Web and logs in application, only needing to carry Service parameter and being redirected to CAS Server, Without API service end, API service end does not need naturally also to save user's the sensitive information (such as account, password) of user Logging state.
Step B: after the success of CAS login page input authentication information registration, CAS joins user according to the Service of step A Number is automatically redirected to single page Web application, redirects the Ticket parameter that link is generated comprising CAS.
Step C: single-page is applied using Ticket, Service as parameter, and API authorization interface is requested, and obtains JWT.
After step D:API service end interface receives request, using Ticket, Service as parameter, CAS is called ProxyValidate verification interface.
Step E: if verification passes through, CAS server-side returns to user information, and API service is according to HS256 algorithm, Yong Huxin Breath, expired time generate JWT, return to single page Web application, and single page Web, which is applied, saves JWT in localStoage or Cookie; Verification is not invalid by then returning to Ticket.
Wherein, HS256 Encryption Algorithm also could alternatively be RS256 algorithm.
Step F: subsequent single page Web application request API service end interface, request header carry JWT, are authenticated;If mirror Power failure or JWT are out of date, return to mistake, otherwise return to the information of single page Web application request.
API is designed using the framework mode of RESTful in API service end, using JWT authentication mode, solves cross-domain ask Topic.
When the subsequent single page Web application request API service end interface, ciphering signature can be carried out to data.JWT is included Validity period is more than to need again single page Web application to log in again after validity period and obtain JWT, enhance the safety of system.
Step G: user exits single page Web and is stored in local JWT in application, deleting in E step first, then redirects Link is exited to CAS client, is in the state of publishing in client and CAS at this time.
The present invention is based on the methods of the single-page application integration CAS of JWT, solve single-page application integration cas system Problem.API service end does not need to save the logging state of user, and the logging state of user is unified to be saved by CAS server-side.User It needs to log in single page Web and is logged in application, jumping to CAS client;It is ginseng that single page Web, which is applied with Service, Ticket, Number, request API service end obtain JWT;CAS server-side is requested using Service, Tikcet as parameter in API service end ProxyValidate interface is verified, and judges whether user has logged in cas system;API service end possesses independent add Key SECRET_KEY;API service end judge user cas system login after, with SECRET_KEY, user information, Expiration time is parameter, carries out encryption using HS256 algorithm and generates JWT.

Claims (3)

1. a kind of method of the single page Web application integration CAS based on JWT, which comprises the following steps:
Step A: single page Web application login page is redirected to the login page of cas system, and URL includes Service parameter identification The service for currently needing to log in;
Step B: user is after the success of CAS login page input authentication information registration, and CAS Server end is according to step A's Service parameter is automatically redirected to single page Web application, redirects the Ticket parameter that link is generated comprising CAS;
Step C: single page Web, using using Ticket, Service as parameter, requests API service end authorization interface, obtains JWT;
After step D:API service end interface receives request, using Ticket, Service as parameter, CAS is called ProxyValidate verification interface;
Step E: if verification passes through, CAS server-side returns to user information, and API service end is according to HS256 algorithm, SECRET_ KEY, user information, expired time generate JWT, return to single page Web application, single page Web apply in localStoage or Cookie saves JWT;Verification is not invalid by then returning to Ticket;
Step F: subsequent single page Web application request API service end interface, request header carry JWT, are authenticated;If authentication is lost It loses or JWT is out of date, then return to mistake;Otherwise the information of single page Web application request is returned;
Step G: user exits single page Web and is stored in local JWT in application, deleting in E step first, is then redirected to CAS client exits link, is in the state of publishing in client and CAS at this time.
2. the method for the single page Web application integration CAS according to claim 1 based on JWT, which is characterized in that will be described HS256 algorithm in step E replaces with RS256 algorithm.
3. the method for the single page Web application integration CAS according to claim 1 based on JWT, which is characterized in that after described When continuous single page Web application request API service end interface, ciphering signature is carried out to data.
CN201811452511.1A 2018-11-30 2018-11-30 Single-page Web application integration CAS method based on JWT Active CN109495486B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811452511.1A CN109495486B (en) 2018-11-30 2018-11-30 Single-page Web application integration CAS method based on JWT

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811452511.1A CN109495486B (en) 2018-11-30 2018-11-30 Single-page Web application integration CAS method based on JWT

Publications (2)

Publication Number Publication Date
CN109495486A true CN109495486A (en) 2019-03-19
CN109495486B CN109495486B (en) 2020-12-22

Family

ID=65698960

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811452511.1A Active CN109495486B (en) 2018-11-30 2018-11-30 Single-page Web application integration CAS method based on JWT

Country Status (1)

Country Link
CN (1) CN109495486B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110276197A (en) * 2019-06-25 2019-09-24 四川长虹电器股份有限公司 The method to be come into force in real time based on shared blacklist revocation JWT token
CN111200596A (en) * 2019-12-25 2020-05-26 曙光信息产业(北京)有限公司 File service system based on Web technology and design method thereof
CN111931157A (en) * 2020-08-12 2020-11-13 广东电力信息科技有限公司 Access method, device, storage medium and computer equipment of single sign-on system
CN112422528A (en) * 2020-11-03 2021-02-26 北京锐安科技有限公司 Client login method, device, system, electronic equipment and storage medium
CN114422182A (en) * 2021-12-13 2022-04-29 以萨技术股份有限公司 Unified identity management platform

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1331441A (en) * 2000-06-24 2002-01-16 王以成 Chinese-character input system 'three-digit code'
US20130268755A1 (en) * 2012-04-06 2013-10-10 Microsoft Corporation Cross-provider cross-certification content protection
CN104052746A (en) * 2014-06-18 2014-09-17 华为技术有限公司 Heterogeneous application single sign-on system and method
CN104539615A (en) * 2014-12-29 2015-04-22 中国南方电网有限责任公司 Cascading authentication method based on CAS
CN107707570A (en) * 2017-11-13 2018-02-16 山东省农村信用社联合社 Cross-domain single logs in integrated approach and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1331441A (en) * 2000-06-24 2002-01-16 王以成 Chinese-character input system 'three-digit code'
US20130268755A1 (en) * 2012-04-06 2013-10-10 Microsoft Corporation Cross-provider cross-certification content protection
CN104052746A (en) * 2014-06-18 2014-09-17 华为技术有限公司 Heterogeneous application single sign-on system and method
CN104539615A (en) * 2014-12-29 2015-04-22 中国南方电网有限责任公司 Cascading authentication method based on CAS
CN107707570A (en) * 2017-11-13 2018-02-16 山东省农村信用社联合社 Cross-domain single logs in integrated approach and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
RION DOOLEY: "The MyProxy Gateway", 《2014 6TH INTERNATIONAL WORKSHOP ON SCIENCE GATEWAYS》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110276197A (en) * 2019-06-25 2019-09-24 四川长虹电器股份有限公司 The method to be come into force in real time based on shared blacklist revocation JWT token
CN111200596A (en) * 2019-12-25 2020-05-26 曙光信息产业(北京)有限公司 File service system based on Web technology and design method thereof
CN111931157A (en) * 2020-08-12 2020-11-13 广东电力信息科技有限公司 Access method, device, storage medium and computer equipment of single sign-on system
CN112422528A (en) * 2020-11-03 2021-02-26 北京锐安科技有限公司 Client login method, device, system, electronic equipment and storage medium
CN112422528B (en) * 2020-11-03 2022-10-14 北京锐安科技有限公司 Client login method, device, system, electronic equipment and storage medium
CN114422182A (en) * 2021-12-13 2022-04-29 以萨技术股份有限公司 Unified identity management platform
CN114422182B (en) * 2021-12-13 2024-01-16 以萨技术股份有限公司 Unified identity management platform

Also Published As

Publication number Publication date
CN109495486B (en) 2020-12-22

Similar Documents

Publication Publication Date Title
CN109309683B (en) Token-based client identity authentication method and system
US7747856B2 (en) Session ticket authentication scheme
CN109495486A (en) A method of the single page Web application integration CAS based on JWT
EP1771782B1 (en) Single sign-on with common access card
US7788711B1 (en) Method and system for transferring identity assertion information between trusted partner sites in a network using artifacts
CN112468481B (en) Single-page and multi-page web application identity integrated authentication method based on CAS
US8015301B2 (en) Policy and attribute based access to a resource
US8955082B2 (en) Authenticating using cloud authentication
CN103023918B (en) The mthods, systems and devices logged in are provided for multiple network services are unified
US6668322B1 (en) Access management system and method employing secure credentials
US7568098B2 (en) Systems and methods for enhancing security of communication over a public network
CN102265255B (en) Method and system for providing a federated authentication service with gradual expiration of credentials
CN104320423B (en) Single-sign-on lightweight implementation method based on Cookie
US9825938B2 (en) System and method for managing certificate based secure network access with a certificate having a buffer period prior to expiration
CN107172054A (en) A kind of purview certification method based on CAS, apparatus and system
JP2008524751A (en) Consumer Internet authentication service
US20120278863A1 (en) Ad-hoc user account creation
CN111062023B (en) Method and device for realizing single sign-on of multi-application system
US20020038426A1 (en) Method and a system for improving logon security in network applications
US7895644B1 (en) Method and apparatus for accessing computers in a distributed computing environment
US10601809B2 (en) System and method for providing a certificate by way of a browser extension
CN107872455A (en) A kind of cross-domain single login system and its method
CN105162775A (en) Logging method and device of virtual machine
US20170104748A1 (en) System and method for managing network access with a certificate having soft expiration
CN107911379A (en) A kind of CAS Server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP02 Change in the address of a patent holder

Address after: 9/F, Block C, No. 28 Tianfu Avenue North Section, Chengdu High tech Zone, China (Sichuan) Pilot Free Trade Zone, Chengdu City, Sichuan Province, 610000

Patentee after: CHENGDU KNOWNSEC INFORMATION TECHNOLOGY Co.,Ltd.

Address before: 610000, 11th floor, building 2, No. 219, Tianfu Third Street, hi tech Zone, Chengdu, Sichuan Province

Patentee before: CHENGDU KNOWNSEC INFORMATION TECHNOLOGY Co.,Ltd.

CP02 Change in the address of a patent holder