Skip to main content

Ticket

1. Create configuration file

The default data directory is /data/hap/script/volume/sso/sso.json, with the following contents:

Note: If 404 still appears after mounting, you can copy the content to json.cn to verify whether the json format is legal

{
"mode": "common-ticket",
"name": "ticket",
"ticket": {
"getUidUrl": "",
"ticketParams": {
"ticketParam": "ticket"
},
"getUserInfoUrl": "",
"params": {
"UserId": "uid",
"Name": "name",
"Email": "email",
"Mobile": "mobilePhone"
},
"autoRegister": true,
"projectId": ""
}
}

Some parameters and explanations

ParametersTypeRequiredExplanation
ticket.getUidUrlStringYesGet the user ID interface address; the parameters configured in ticketParams will be sent to this interface in Post mode to obtain the user ID; Interface requirements
ticket.ticketParamsObjectYesMore custom parameters can be added to ticketParams as needed; this parameter is used to obtain the user id
ticket.ticketParams.ticketParamStringYesThe ticket parameter name carried in the URL; if configured as "ticketParam": "tkt", the configured address needs to be /ticket?tkt=xxx&.... Get the value correctly
ticket.getUserInfoUrlStringYesThe interface address for obtaining user information; Interface requirement
ticket.paramsObjectYesReturns the user information field mapping rules, the key is a fixed field and the value is configured according to the actual user information; Parameter configuration method
autoRegisterBooleanNoWhether to automatically create an account when the account does not exist; the default is true
projectIdStringYesHAP organization number; Organization Management (upper right corner) > Organization Information (page) > Organization Number ID; (Multi-organization single sign-on does not require configuring this parameter, see Step 3); such as 1x-2x-3x-4x-5x

Interaction diagram The interface for obtaining user ID needs to meet the following requirements:

  • Support POST (application/json) method call (the request body is the parameters configured in ticketParams)
  • The return value is in JSON format and must meet the following format:
{
"code": "1",
"message": "success",
"data": "248289761" // user id
}

The interface for obtaining user information needs to meet the following requirements:

  • Support POST (application/json) method call, the request parameters are as follows
{
"userId": "248289761"
}
  • The return value is in JSON format and must meet the following format:
{
"code": "1",
"message": "success",
"data": {
"uid": "248289761001",
"name": "Jane Doe",
"email": "janedoe@example.com",
"mobilePhone": "123"
}
}

As shown in the above return value, the configuration of params is:

"params": {
"UserId": "uid",
"Name": "name",
"Email": "email",
"Mobile": "mobilePhone"
}

2. Mount configuration file

Modify the docker-compose.yaml corresponding to the microservice application, the default path is /data/hap/script/docker-compose.yaml, add file mounting in volumes and restart the microservice application.

- ./volume/sso/sso.json:/usr/local/MDPrivateDeployment/sso/OptionFile/sso.json

If you need to bind a third-party association ID, you need to create the file extend.json. The default path is /data/hap/script/volume/sso/extend.json and the content is as follows

{
"relation": true
}

Add mounting files

- ./volume/sso/extend.json:/usr/local/MDPrivateDeployment/sso/extend.json
tip

After the mounting configuration is completed, the microservice application needs to be restarted. After the restart is successful, you can access the {server}/orgsso/checkssoconfig interface through GET to check whether the configuration file is successfully mounted.

3. Single sign-on

Single Organization Browser access: {server}/orgsso/ticket?{ticketParams.ticketParam}={ticket}&returnUrl={returnUrl}

Multiple Organizations Browser access: {server}/orgsso/ticket?returnUrl={returnUrl}&appKey={appKey}&sign={sign}&timestamp={timestamp}&projectId={projectId}

For multi-organization projectId needs to be passed through parameters, and enterprise authorization authentication parameters are also required;

For enterprise authentication and authorization signature algorithm, please refer to: https://www.showdoc.com.cn/mingdao/15539798

note

{server} is the HAP system address, for example, it can be replaced with: http://192.168.10.20:8880

{returnUrl} is the jump address after successful login, does not need to be filled in; for example, if you need to jump to the application page, it can be replaced with: http://192.168.10.20:8880/app/cf595091-e3ac-4669 -a320-068e55533c33/64477b37df36209b5f36f1cf/64477b4f61655012a90ed994?from=insite

If an SSO Error prompt appears during the access process, you can log in to the HAP system through the administrator account, click the avatar in the upper right corner: System Configuration > Log; search for the service name as sso, and check the specific cause of the error.