Single sign-on (SSO) enables a user to access multiple systems and applications once the user passes the authentication of the single sign-on system, without requiring the administrator to edit the login state or other information of the user. SSO enables a user to access multiple associated application systems by one login regardless of whether the systems have the same authentication and authorization mode or not.
An enterprise might have multiple application systems such as financial system, CRM system, OA system, and mailbox system. It is difficult for employees to manage login accounts and passwords if each application system uses an independent authentication system. You can configure SSO to address this issue.
The system supports two SSO authentication methods, UNI-RZT and WST.
If the system is connected to a WST encryption module, WST authentication is supported.
If the system is connected to a UNI-RZT encryption module, UNI-RZT authentication is supported.
The system supports the following SSO protocols. Two sets of the system are required in use, one as the client side and the other as the server side.
Central Authentication Service (CAS) is a single sign-on system that provides trusted identity authentication for applications. CAS itself does not have authorization or permission control functions.
CAS includes the following components:
CAS server: The CAS server is used to authenticate users and must be deployed independently.
CAS client: The CAS client is used to process users' access requests. When a user requests to access the client, the client redirects the user to the CAS server for authentication.
OPENID must be configured together with QAuth 2.0, which is an authentication and authorization standard called OpenID Connect (OIDC).
OpenID is responsible for identity authentication. To use OpenID, a user must register an OpenID account on the OpenID identity server
OAuth is responsible for permission authorization.
OPENID includes the following components:
OPENID server: The OPENID server is used to authenticate users and must be deployed independently.
OAuth2.0: OAuth 2.0 automatically generates client ID and client secret for a client after you connect the OPENID client to the OAuth2.0 protocol of the OPENID server.
OPENID client: The OPENID client is used to process users' access requests. When a user requests to access the client, the client redirects the user to the OPENID server for authentication.
OAuth 2.0 is an open standard protocol that provides unified authorization for third-party applications. As an authorization server, the system allows its users to be the login users of third-party applications.