Want to ask next if an enterprise has multiple systems, if want to do a single sign-on, the users in each user name and password of the system is need to be consistent?
Everyone has a good page or scheme of single sign-on, want to reference, thank you.

CodePudding user response:

SSO mature plan now have a lot of, you search to find a lot, if you don't want to increase the cost, I've done before a project can give you a reference, I 08 did a project that is Websphper Portal + BPM + CRM + Mail + SSLVPN, SSO product was not yet, so in order to solve the single sign-on (SSO), according to the user login access the location planning of two processes:
1, all users must first login internal portal system,
2, the external user first login SSLVPN + ADSSO, redirected to the portal login successful pass parameters,
So that after the user logs in to the portal, and then through a portal links on other systems, this process will be based on user portal Session generated a pass the login credentials, other secondary development was made in the system, accept this way of login credentials to realize a second login,

CodePudding user response:

refer to the original poster qq115882147 response:

want to ask next if an enterprise has multiple systems, if want to do a single sign-on, the users in each user name and password of the system is need to be consistent?
Everyone has a good page or scheme of single sign-on, want to reference, thank you.

SSO system integration, scrap request user name password mechanism of subsystem, but by the SSO system to handle the login, its core concept is "subsystem can't be able to get the user to enter the password" , suppose you make every subsystem have a password, so not SSO,

Regardless of any subsystem, when a user need to log in, is redirected to the SSO login page, the page the user then unified on the SSO login, if you want to read cookies or localstorage also SSO web site information, rather than application system website,

When the user login successfully, the page redirects back to the site, application system and application system can through the relevant page parameters of authorization number (via the backend server communication way) to obtain the user's identity information,

Core mechanism is that - application system can't get the user to enter the password, who want to allow the user to enter the password in subsystem, are all play rascal, are fishing sites, rather than the SSO architecture application website,

CodePudding user response:

Each application subsystem can have their own personnel data, position and department data, authorization data, etc., but there is just little "password (signature)" the project, if subsystem of data in the table have a "password" that might be rogue!!

CodePudding user response:

Don't need a password to connect to the each system is unified, single sign-on is from a password system to achieve the purpose of entering different password system,

CodePudding user response:

Don't need, now more mature myself using SSO system integration of Yale university open source of CAS, all user login authentication is actually on the CAS server, there is no need to do each subsystem is a set of user management system, only need to be synchronized in the CAS system users only primary and key information, when various subsystems need user details can get user information through webservice, only do users each subsystem is the existence of a check, don't need to do the user password authentication,

CodePudding user response:

You can refer to http://blog.csdn.net/xiangyuanhong08/article/details/78390664

CodePudding user response:

Now many businesses, after log in OA system, the home page here are many business systems, if you have any business system permissions, their log in, don't have to enter the password

CodePudding user response:

Browser can know about the red core enterprises, can solve the problem of enterprise single sign-on for office, Shanghai urban construction institute of informationization construction of case, you can refer to https://blog.csdn.net/weixin_41834816/article/details/79709768