i need pass loging process of child application , pass on session id , access token master application.
user accesses application 1:
application 1 needs user sign on, sends token auth server through channel.
application 1 redirects user log in page on auth server token parameter on request.
user logs in auth server. auth server sets cookie, flags token authenticated , associates user details it. auth server redirects user application 1.
4.application 1 gets request user , calls auth server on channel check if token ok. auth server response user details.
5.application 1 knows user authorised , has basic user details.
now sso bit comes in.
user accesses application 2.
- application 2 needs user sign on, sends token auth server through channel.
2.application 2 redirects user log in page on auth server token parameter on request.
3.auth server sees there valid log in cookie, can tell user authenticated, , knows are. auth server flags token authenticated , associates user details it. auth server redirects user application 2.
4.application 2 gets request user , calls auth server on channel check if token ok. auth server response user details.
5.application 2 knows user authorised , has basic user details.
note : there existing implementations of method, example cas (central authentication service). note cas supported out of box in spring security. . have simplified things in questions , there lot of potential introducing security holes if you're new this.
Comments
Post a Comment