The protocol is a modified version of CAS¹⁾ protocol. The enhancement provided by Chula SSO is the application authentication. The application authentication allows the system to control which application should be allowed to use the SSO system. The workflow is provided below.

The SSO application is based on a Java EE7 Web application. In addition to Glassfish 4.1, it has been tested extensive with Tomcat 8.0 running on Java 1.8. The default database is MongoDB.

There are five servlets for the application to connect with the SSO. They are Login, Logout, ServiceValidation, activation, and forget.

End Point: /login
Method: GET/POST
Description

The login service for validating and generating TGT (session).

Parameters

• service : a url to redirect to after successful authentication
• username : a username (email)
• password : a password
• remember : [0:1] if remember!=0 the session will never expire

Return

• Without a valid session, 302 redirect to /html/login.html with service parameter.
• With a valid session, 302 redirect to a service url with ticket parameter.

End Point: /logout
Method: GET/POST
Description

The logout service for killing the session.

Parameters:

• service : a url to redirect to after successful authentication. If not specify, the default value is /html/logout.html

Return:

• 302 Redirect to the service url.

End Point: /serviceValidation
Method: GET/POST
Description

Validate Ticket

Headers:

• DeeAppId : Application identification
• DeeAppSecret : Application secret key
• DeeTicket : ticketid for validation

Parameters: * ticket : ticketid for validation

Return:

• On success, Status 200 - content is the json object representing user information

  {
  "uid" : "0001",
  "username" : "demo",
  "gecos" : "Demo Account",
  "email" : "demo@example.com"
  "roles" : ["faculty","student"]
  "ouid" : {employeeid or studentid}
  }

• On failed, Status 401 - content is the json object representing error.

  {
  "type" : "error",
  "content" : "invalid ticket/permission"
  }