Understanding CAS Single Sign-On: Architecture, Core Tickets, and Implementation Guide

CAS (Central Authentication Service) is a centralized authentication system that enables Single Sign-On (SSO) across multiple applications, allowing users to log in once and access all trusted services.

The article explains the concept of SSO, defines CAS, and details its core tickets: Ticket Granting Ticket (TGT), Ticket‑Granting Cookie (TGC), and Service Ticket (ST), describing how they work together to achieve seamless authentication.

A practical implementation scenario is presented, including a business architecture diagram where a CAS server operates as an independent domain, handling login pages, ticket issuance, and validation for both supplier and purchaser user bases.

Key API endpoints are listed with request methods, URLs, and parameter descriptions, covering the SSO authentication redirect, code exchange, token creation, token refresh, and logout processes. Example request snippets are provided:

https://sso.com?appId=***&tenantType=1&redirectUri=***

https://sso.com/api/token/create?grantType=authorization_code&appId=yuncai&code=***

{ "accessToken":"****", "expiresIn":7200, "user":{ "username":"zhangsan", "fullName":"张三", "userId":"1212", "phone":"13100000000", "email":"[email protected]", "tenantId":"S2131123", "tenantType":1 } }

The article also emphasizes security best practices, such as using HTTPS and protecting cookies, and concludes with a brief summary.