SSO - Single Sign On

JavaSpringE2E

Dec 01, 2024

What is SSO?

Single Sign-On (SSO) is an authentication process that enables users to access multiple systems or applications with a single account.

Let's go through step by step to see how SSO comes about.

Phase 1: Single System

Suppose we have a startup company selling products online. We need a simple e-commerce system with multiple services, and the architecture may look like this:

Initially, the system operated smoothly. However, as the business expands rapidly, additional features are needed on each server. The growing team and increasing complexity make development and maintenance challenging. Dozens of developers working in the same repository, pulling the main branches, merging branches and deploying services become overwhelming work. If a bug requires a rollback, other features may also be affected. To manage the system more effectively and ensure reliability, we must revamp the architecture and potentially reorganize the team structure.

Phase 2: Microservices

We divide the services into smaller, independent components, making each standalone and decoupled.

Each service focuses on its own business and has its development process. If necessary, public interfaces can be exposed to other services. Even if a rollback is required for a particular service, it won't significantly impact other services.

Phase 3: Multiple System

Over time, our products have become quite popular and attracted a large user base. To further enhance user engagement, we plan to establish a form where users can discuss our products. This forum will be independent and distinct from the e-commerce platform, as it serves a different purpose. To simplify user access, we aim to avoid requiring users to create new username and password pairs for the forum. Instead, we will separate the User Service as an SSO System from the e-commerce system, allowing it to support both our current and future system, as well as third-party integrations.

After users log in to the SSO once, they will have seamless access to all other systems without needing to log in again.

The Principles and Process of SSO Implementation

As shown in the above sequence diagram, there are three key techs:

  1. Cookie: Store necessary data on browsers, which can be shared within the same domain.
  2. AuthToken: Unique user identification.
  3. Redis: Cache user login status

SSO System Architecture

  1. Authorization Page: Let users confirm if share account information with other application
  2. Home Page: Manage account information such as password, email, host, etc.
  3. Log Table: Record user key behaviors such as authorization, change of password, etc.

Code Implementation

I will use Java Spring MVC to achieve this system.