How to SSO via SUST API¶
v1.0. Written by: Zhang Cheng.
This system uses asymmetric encryption for data integration. RSA public and private keys are generated with OpenSSL and used for data encryption and decryption. The integration process is as follows.
1. Obtain the Public Key for SSO¶
Register in the student affairs system. The key is provided by the Information Section of the Student Affairs Department. You need to provide the application name, application URL, and required API names. The application URL is not required during testing, but it is required for production launch.
2. Obtain the Application ID for SSO¶
After application registration is complete, an application number is generated at the same time. This value is used as ClientId.
3. SSO Integration Endpoint¶
The unified login API endpoint is:
Public network:
https://yiban.sust.edu.cn/xgb/index.php/openapi/api/loginPrivate network:
http://10.40.0.15/xgb/index.php/openapi/api/login
Request method: POST.
4. Integration Flow¶
After parameters are constructed, the system initiates a GET request from the following domain link:
https://yiban.sust.edu.cn/xgb/index.php/openapi/api/login?ClientId=1e968d647bc1b6215&other_parameters
The other parameters can be agreed in advance to help the third party make business-logic decisions.
The system automatically redirects to the URL corresponding to ClientId, appends ciphertext containing student or teacher information, and carries through all original parameters.
For example, if the configured URL is https://www.abc.com/yanzheng.html, the redirect target is:
https://www.abc.com/yanzheng.html?AuthStr=XXXXXXX&ClientId=1e968d647bc1b6215&other_parameters
At https://www.abc.com/yanzheng.html, send AuthStr and ClientId to the following endpoint through an HTTPS POST request:
https://yiban.sust.edu.cn/xgb/index.php/openapi/api/login
The service parses the current user’s name and student ID or staff ID.
SIDis the currently logged-in student’s student ID.TIDis the currently logged-in teacher’s staff ID.
During testing, both SID and TID may be empty. After launch, data is returned according to the configured logic.