Shulou(Shulou.com)06/03 Report--

This article mainly explains "how to solve SSO single sign-on redirection". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to solve SSO single sign-on redirection".

When we write the code for the SSO single sign-on service, the process looks normal by calling the API, but there is a problem when we start to co-debug with the frontend.

The process goes like this: the front end uses ajax on the home page to access the back-end interface for menu or user information to trigger login verification, and redirect to the SSO login page if not logged in.

But there is a problem with this step because ajax cannot intercept 302 processing. When ajax receives the 302 response, it looks like ajax initiates a request directly to the redirect link, rather than asking the browser to redirect it, and nothing is done.

As for the reason why ajax can not intercept 302 processing, the author found the following explanation from the Internet.

When the server sends the 302 response to the browser, the browser does not directly carry out the ajax callback processing, but first performs the 302 redirection, reads the Location information from the response header, and then sends a request to the Url in the Location. The ajax callback processing will not be carried out until the response of the request is received.

General process: ajax-> browser-> server-> 302-> browser (redirect)-> server-> browser-> ajax callback.

Originally, it was intended to make the front end access to SSO with the least changes, but because the author has a shallow understanding of the front end, I made such a mistake.

Since ajax cannot handle 302, the process can only be modified so that the front end initiates the redirection actively.

After the process is modified, when the back-end authenticated user does not log in or the login expires, the 401 status code is responded to, and the body gives the redirect link, while the front end needs to globally block the 401 error, obtain the link from the response body and redirect the browser to the specified link, which is the link that is spliced by the back-end to jump to the SSO login.

Finally, there is a cookie problem. Because of local testing, the frontend forwards the request to the backend that is deployed to the test environment. The domain name of the frontend is 127.0.0.1, and the domain name of the backend test environment is xxx. Com, which causes the local test to jump to SSO to log in successfully and return, the front end initiates a request to the backend and still responds to 401.

The reason has been described in the previous article. Because the domain name is different, the frontend uses ajax to initiate the request, and the browser will not bring the cookie under the xxx.com domain name, but only the cookie under the 127.0.0.1 domain name.

To solve this problem, you only need to modify the domain name of the checkToken API that is redirected after a successful SSO login to the domain name tested locally by the frontend, and the frontend forwards the request to the backend, or forwards the request for this API to the backend for processing in the nginx configuration. Only in this way can the session be consistent.

In addition, cross-protocol cannot be redirected. In other words, the domain name of sso is https://sso.xx.com in the test environment, while the domain name of the service connected to sso is http://127.0.0.1 locally. It is not supported to redirect to http://127.0.0.1 after a successful login from https://sso.xx.com, because the cross-protocol redirection is changed from https protocol to http protocol.

From these things, we can see that actual combat is very important! Even if you understand the process and the principle of implementation, you can't learn the details if you don't do the actual combat, and you can't grow from all kinds of trampling process.

Thank you for reading, the above is the content of "how to solve SSO single sign-on redirection". After the study of this article, I believe you have a deeper understanding of how to solve the problem of SSO single sign-on redirection, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.