概览
在本节中,我们将向您展示如何将您的应用程序连接到Casdoor。
作为服务提供商(SP),Casdoor 支持两项认证协议:
OAuth 2.0 (OIDC)SAML
作为身份提供商 (Idp),Casdoor 支持四项认证协议:
OAuth 2.0OIDCSAMLCAS 1.0, 2.0, 3.0
OAuth 2.0 (OIDC)
什么是 OAuth 2.0?
OAuth 2 is an authorization framework that enables applications—such as Facebook, GitHub, and Casdoor—to obtain limited access to user accounts on an HTTP service. It works by delegating user authentication to the service that hosts a user account and authorizing third-party applications to access that user account. OAuth 2 provides authorization flows for web and desktop applications, as well as mobile devices.
Casdoor的授权程序基于OAuth 2.0协议 。 我们推荐使用 OAuth 2.0 协议,原因如下:
- 该协议简单易行,能解决多种问题。
- 该协议成熟度高且社区支持广泛.
如此,您的应用程序将通过 OAuth 2.0 (OIDC) 与 Casdoor 通讯。 这里有三种方式连接到 Cassdoor:
标准 OIDC 客户端
标准OIDC 客户端: 使用一个标准的 OIDC 客户端实现,通常在各类编程语言或框架都广泛提供。
什么是OIDC?
OpenID Connect (OIDC) 是一个在OAuth 2.0 框架顶端运行的开放身份验证协议。 针对消费者,OIDC允许个人通过单点登录(SSO)访问使用OpenID提供商(OPs)的依赖方站点,如电子邮件提供商或社交网络平台,以验证其身份。 它向应用程序或服务提供用户信息、认证背景,并允许访问用户个人资料。
Casdoor 完全支持 OIDC 协议。 If your application is already using another OAuth 2.0 (OIDC) identity provider via a standard OIDC client library, and you want to migrate to Casdoor, using OIDC discovery will make it very easy to switch to Casdoor.
Casdoor SDKs
Casdoor SDKs: For most programming languages, Casdoor provides easy-to-use SDK libraries on top of OIDC, with extended functionality that is only available in Casdoor.
Compared to the standard OIDC protocol, Casdoor's SDK provides more functionalities, like user management and resource uploading, among others. Connecting to Casdoor via the Casdoor SDK requires more time than using a standard OIDC client library, but it offers the best flexibility and the most powerful API.
Casdoor插件
Casdoor plugin: If your application is built on top of a popular platform (like Spring Boot, WordPress, etc.) and Casdoor (or a third party) has already provided a plugin or middleware for it, you should use it. Using a plugin is much easier than manually invoking the Casdoor SDK because the former is specially made for the platform.
Plugins:
中间件:
SAML
什么是SAML?
安全鉴别标记语言(SAML)是一种开放标准,允许身份提供者(IDP)将授权证书传给服务提供者。 What this jargon means is that you can use one set of credentials to log into many different websites. It's much simpler to manage one login per user than it is to manage separate logins to email, customer relationship management (CRM) software, Active Directory, etc.
SAML交易使用可扩展标记语言(XML) 在标识提供者和服务提供者之间进行标准化通信。 SAML is the link between the authentication of a user's identity and the authorization to use a service.
Casdoor can be used as an SAML IdP. Currently, Casdoor supports the main features of SAML 2.0. For more details, see SAML.
示例:
Casdoor as a SAML IdP in Keycloak
Suggestions:
- The protocol is powerful and covers many scenarios, making it one of the most comprehensive SSO protocols.
- The protocol is large, with many optional parameters, so it is difficult to cover all application scenarios 100% in the actual implementation.
- If the application is newly developed, SAML is not recommended due to its high technical complexity.
CAS
什么是CAS?
The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to allow a user to access multiple applications while providing their credentials (such as user ID and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password.
Casdoor has implemented CAS 1.0, 2.0, and 3.0 features. For more details, see CAS.
Suggestions:
- The protocol itself is relatively lightweight and easy to implement, but it can only solve a single scenario.
- CAS 客户端和CAS服务器之间的相互信任是通过在没有任何加密或签名机制的情况下使用接口建立的,目的是确保进一步的安全。
- The CAS protocol has no advantage over other protocols.
集成表
一些应用程序已有连接到Casdoor的示例。 您可以按照文档指示操作,快速连接到Casdoor。 You can see all applications in the Integrations table.