IDaaS Open Platform

Process Description

# Authentication Process

  1. The user attempts to log in to an application provided by the CAS Client.

  2. The CAS Client analyzes the HTTP request to see if it contains a Service Ticket (ST). If not, it indicates the current user is not authenticated, so it redirects to the CAS Server, passing the Service (i.e., the destination resource address to be accessed).

  3. The user inputs authentication credentials. If the login is successful, the CAS Server randomly generates a sufficiently long, unique, and unforgeable Service Ticket (ST), then redirects back to the CAS Client, attaching the generated ST.

  4. After obtaining the Service and the newly generated ST, the CAS Client interacts with the CAS Server in the background for validation.

  5. The CAS Server verifies the identity based on the request parameters Service and ST to ensure the legitimacy of the ST, and returns an XML segment of a specified format (containing user information) to the CAS Client.

  6. The CAS Client and CAS Server complete the user identity verification, and the CAS Client returns the accessed resource to the user.

# Development Steps

The development process for integrating with Zhuyun IDaaS using the CAS protocol is as follows:

Step1: The enterprise administrator creates a CAS protocol application.

Step2: Fill in the authentication configuration and set the application callback URL.

Step3: The application developer implements the "Authentication Login" API interface.

Step4: The application developer implements the "Application Callback URL" interface.

xxxxxxxxxx HTTP Status: 302 REDIRECThttps://{app_domain}/callbackhttp

Step6: The application developer implements the "Logout" API interface.

Authentication Login