======================= How to SSO via SUST API ======================= v1.0. Written by: Zhang Cheng. This system uses asymmetric encryption for data integration. RSA public and private keys are generated with OpenSSL and used for data encryption and decryption. The integration process is as follows. 1. Obtain the Public Key for SSO -------------------------------- Register in the student affairs system. The key is provided by the Information Section of the Student Affairs Department. You need to provide the application name, application URL, and required API names. The application URL is not required during testing, but it is required for production launch. 2. Obtain the Application ID for SSO ------------------------------------ After application registration is complete, an application number is generated at the same time. This value is used as ``ClientId``. 3. SSO Integration Endpoint --------------------------- The unified login API endpoint is: - Public network: ``https://yiban.sust.edu.cn/xgb/index.php/openapi/api/login`` - Private network: ``http://10.40.0.15/xgb/index.php/openapi/api/login`` Request method: POST. 4. Integration Flow ------------------- After parameters are constructed, the system initiates a GET request from the following domain link: .. code:: text https://yiban.sust.edu.cn/xgb/index.php/openapi/api/login?ClientId=1e968d647bc1b6215&other_parameters The other parameters can be agreed in advance to help the third party make business-logic decisions. The system automatically redirects to the URL corresponding to ``ClientId``, appends ciphertext containing student or teacher information, and carries through all original parameters. For example, if the configured URL is ``https://www.abc.com/yanzheng.html``, the redirect target is: .. code:: text https://www.abc.com/yanzheng.html?AuthStr=XXXXXXX&ClientId=1e968d647bc1b6215&other_parameters At ``https://www.abc.com/yanzheng.html``, send ``AuthStr`` and ``ClientId`` to the following endpoint through an HTTPS POST request: .. code:: text https://yiban.sust.edu.cn/xgb/index.php/openapi/api/login The service parses the current user’s name and student ID or staff ID. - ``SID`` is the currently logged-in student’s student ID. - ``TID`` is the currently logged-in teacher’s staff ID. During testing, both ``SID`` and ``TID`` may be empty. After launch, data is returned according to the configured logic.