[英]Single Sign On (SSO) using JWT
I have read several articles about sso but could not find an answer in my mind. 我已经阅读了几篇关于sso的文章,但在我的脑海中找不到答案。 I have a scenario like below: 我有一个如下情况:
Scenario: 场景:
Question: 题:
If user tries to open a page in xyz domain, how does the system understand that the user loggedin before? 如果用户尝试在xyz域中打开页面,系统如何理解用户之前登录过? I mean xyz domain cannot reach the cookie of abc which has the jwt. 我的意思是xyz域无法访问具有jwt的abc的cookie。 What information should be sent to xyz that indicates the user X is trying to login? 应该向xyz发送哪些信息表明用户X正在尝试登录?
Thanks in advance 提前致谢
You can store the JWT authentication token in a cookie / localStorage of a intermediate domain connected to the home page using an iframe 您可以使用iframe将JWT身份验证令牌存储在连接到主页的中间域的cookie / localStorage中
Scenario 脚本
abc sends credentials to masterdomain and masterdomain authenticates user then create a signed jwt in order to send back to abc. abc将凭据发送到masterdomain , masterdomain对用户进行身份验证,然后创建一个签名的jwt,以便发送回abc。
abcmasterdomain keeps this jwt in a cookie.abcmasterdomain将这个jwt保存在cookie中。After a while if a login to abc is attempted at the same computer, system does not ask for credentials and automatically login the user. 如果在同一台计算机上尝试登录abc一段时间后,系统不会要求提供凭据并自动登录用户。
Finally when the user enters in the second domain xyz , the jwt is recovered from masterdomain storage using the iframe, and automatically login the user 最后,当用户进入第二个域xyz时 ,使用iframe从masterdomain存储中恢复jwt,并自动登录用户
CORS is not a problem because masterdomain.com have access to its storage and communication between iframes is allowed if origin and destination are recognized (see http://blog.teamtreehouse.com/cross-domain-messaging-with-postmessage ) CORS不是问题,因为masterdomain.com可以访问其存储,并且如果识别出源和目标,则允许iframe之间的通信(请参阅http://blog.teamtreehouse.com/cross-domain-messaging-with-postmessage )
To simplify development, we have released recently an opensource project cross domain SSO with JWT at https://github.com/Aralink/ssojwt 为了简化开发,我们最近在https://github.com/Aralink/ssojwt上发布了一个带有JWT的开源项目跨域SSO
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.