How to SSO via SUST API
This system uses asymmetric encryption for data integration. RSA public and private keys are generated with OpenSSL and used for data encryption and decryption. The integration process is as follows.
1. Obtain the Public Key for SSO
Register in the student affairs system. The key is provided by the Information Section of the Student Affairs Department. You need to provide the application name, application URL, and required API names. The application URL is not required during testing, but it is required for production launch.
2. Obtain the Application ID for SSO
After application registration is complete, an application number is generated at the same time. This value is used as ClientId.
3. SSO Integration Endpoint
The unified login API endpoint is:
- Public network:
https://yiban.sust.edu.cn/xgb/index.php/openapi/api/login - Private network:
http://10.40.0.15/xgb/index.php/openapi/api/login
Request method: POST.
4. Integration Flow
After parameters are constructed, the system initiates a GET request from the following domain link:
https://yiban.sust.edu.cn/xgb/index.php/openapi/api/login?ClientId=1e968d647bc1b6215&other_parametersThe other parameters can be agreed in advance to help the third party make business-logic decisions.
The system automatically redirects to the URL corresponding to ClientId, appends ciphertext containing student or teacher information, and carries through all original parameters.
For example, if the configured URL is https://www.abc.com/yanzheng.html, the redirect target is:
https://www.abc.com/yanzheng.html?AuthStr=XXXXXXX&ClientId=1e968d647bc1b6215&other_parametersAt https://www.abc.com/yanzheng.html, send AuthStr and ClientId to the following endpoint through an HTTPS POST request:
https://yiban.sust.edu.cn/xgb/index.php/openapi/api/loginThe service parses the current user's name and student ID or staff ID.
SIDis the currently logged-in student's student ID.TIDis the currently logged-in teacher's staff ID.
TIP
During testing, both SID and TID may be empty. After launch, data is returned according to the configured logic.