Implementation of single sign on

 be based on cookie：
	 Use Cookie As a medium , Store user credentials , After the user logs in, an encrypted cookie When accessing sub applications , Take this cookie, Authorized application decryption cookie, Log in to this application after the verification is passed . however cookie Single sign on is not secure and cross domain login is not possible .

 Distributed session Realization ：
	 When a user registers, the user's information is stored as a set of key value pairs in session Back to one sessionid To the client , When the user logs in again, compare the currently logged in user id Whether or not session Medium id Do the same and then match , If the verification is successful, the information will be stored in cookie in , If the verification fails, return to the login page to log in again .

SSO（ Single sign on Technology ）：
	 You only need to log in once to access other mutually trusted reference systems in multiple application systems .
	 Under the same domain （session Pattern ）： The user logs in for the first time , After logging in, the user information will be stored in session in , then session Store yourself in cookie in , Wait until the user logs in for the second time , Background verification session Whether there is user information in .
	 Cross domain （CAS Pattern ）：1、 The first time a user visits the site , from CAS Client Redirect to after processing CAS server, Did you find any cookie Then redirect to CAS server  Login page for , meanwhile URL Carry the address of the website in , It is convenient to perform a jump after the authentication is successful ;2、 After the user logs in successfully, a ticket is generated according to the user name and user password TGT(Ticket Granting ticket) Stored on the server , Reuse TGT Generate a one-time verification ticket ST(Service Ticket) as well as TGC(Ticket Granting Cookie) It is used to store user information and is controlled by server Send to Client End , Finally back to ST and Cookie Go to browser ;3、 The browser carries ST Visit the address you want to visit ;4、 Browser received ST Later CAS server To verify , After verification, you will be redirected to the beginning URL And display the page information , This is the end of the first login ;5、 Then log in to another account with CAS Website , Again by CAS Client Redirect to CAS Server Verification in , But at this time there is TGC You don't have to log in again , then CAS server To create a ST Then redirect to the page you need to visit ;7、 Received by the browser ST Go to CAS Server Do verification in , If the verification is successful, the page information will be displayed 
 notes ：CAS in CAS Client Be responsible for handling the client's request for access to protected resources , Redirect to when you need to log in again CAS server;CAS server Independent deployment is required. It is mainly responsible for user authentication .

 Single sign on cross domain implementation ：
	 use first Spring-session take session Stored in redis in , Each subsystem can access session; Implement that all systems in the cross domain use one session, It's in every cookie Set the same in cookie