登陆方式及SSO学习笔记一

1. 博客园登陆的验证方式是Post，将用户名密码一起Post到服务器验证 ,如POST /login.aspx HTTP/1.1

Post的部分内容：UserName=whzncut&tbPassword=****&btnLogin=%E7%99%BB++%E5%BD%95

2. chinaren的验证则是先连接到https服务器获取Session及Random等，然后Get方式传URL验证，再到关联的服务器登陆（这个请求过程应该是异步的），并分别设置cookie.（setcookie.jsp）

例如

Request：

CONNECT passport.sohu.com:443 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
Proxy-Connection: Keep-Alive
Content-Length: 0
Host: passport.sohu.com
Pragma: no-cache

The data sent represents an SSLv3-compatible ClientHello handshake.  For your convenience, the data is extracted below.

Major Version: 3
Minor Version: 1
Random: 4A 5E E6 EC D9 A8 16 40 E7 BC 67 27 05 F3 47 D2 65 C6 89 3A 76 34 4F B1 01 DC 50 87 61 A2 6B 65
SessionID: empty
Ciphers:
 [0004] SSL_RSA_WITH_RC4_128_MD5
 [0005] SSL_RSA_WITH_RC4_128_SHA
 [000A] SSL_RSA_WITH_3DES_EDE_SHA
 [0009] SSL_RSA_WITH_DES_SHA
 [0064] TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
 [0062] TLS_RSA_EXPORT1024_WITH_DES_SHA
 [0003] SSL_RSA_EXPORT_WITH_RC4_40_MD5
 [0006] SSL_RSA_EXPORT_WITH_RC2_40_MD5
 [0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA
 [0012] SSL_DHE_DSS_WITH_DES_SHA
 [0063] TLS_DHE_DSS_EXPORT1024_WITH_DES_SHA

 Response：

 

This is a CONNECT tunnel, through which encrypted HTTPS traffic flows.
To view the encrypted sessions inside this tunnel, ensure that the Tools | Fiddler Options | Decrypt HTTPS traffic option is checked.

The data sent represents an SSLv3-compatible ServerHello handshake.  For your convenience, the data is extracted below.

Major Version: 3
Minor Version: 1
SessionID: D7 05 39 2F 13 95 A8 DF 8A E2 65 51 FF 51 30 53 34 66 37 98 E5 B2 31 B3 11 4A 23 A6 3B DC 34 69
Random: 4A 5E E6 F2 B1 D0 9B E2 39 2A AA EC 40 E3 9B 21 40 9A 33 FC 54 AC 98 E8 1C 1B 43 23 45 27 5E B6
Cipher: 0x0A

 

 然后去验证Get方式，将参数放在Url中 如下：

GET /sso/login.jsp?userid=ww%40chinaren.com&password=81dc9bdb52d04dc20036dbd8313ed055&appid=1005&persistentcookie=0&isSLogin=1&s=1247733484250&b=6&w=1280&pwdtype=1&domain=chinaren.com HTTP/1.1
Accept: */*
Referer: http://www.chinaren.com/
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
Accept-Encoding: gzip, deflate
Host: passport.sohu.com
Connection: Keep-Alive
Cookie: IPLOC=CN1101; SUV=0907031348247863; vjuids=-214d7a71c.1225293b267.0.f5a0fd1532726; JSESSIONID=abczn_KcVO2f5gAQpScks

如果验证成功，则Redirect跳转到 http://passport.chinaren.com/sso/setcookie.jsp?passport=1|1247733768|0|dXNlcmlkOjI0OndoejAwYTEyNTE0QGNoaW5hcmVuLmNvbXxzZXJ2aWNldXNlOjIwOjAxMDAwMDAxMTAwMDAwMDAwMDAwfA==|a|EzV6ermvRW16KLXj692b-25M2ppFOA4otHeeKX4Y2RSakdfPKpzq6U3Qy9ge9X9rV3MA_thTsM0chXai7NzXHftrhF9WX4uIrXGvFMcC4d-tSGXHeljfoOanImteJ4Sag1Uh4f9QJh6PiUInRD-f_5SRDzeBmmVB3cKhR8zIsAw=&code=e5d38dc00abcc006e34941d45cbfe60e&ppinf=2|1247733768|0|dXNlcmlkOjI0OndoejAwYTEyNTE0QGNoaW5hcmVuLmNvbXx1aWQ6OTpjMTQ4MzIzODN8c2VydmljZXVzZToyMDowMTAwMDAwMTEwMDAwMDAwMDAwMHxjcnQ6MTA6MjAwMy0wOC0yOHxlbXQ6MTowfGFwcGlkOjQ6MTAwNXx0cnVzdDoxOjF8cGFydG5lcmlkOjE6MHw=&code1=fd0b9470224b3360f423988b94d00df2&pprdig=kcZ6r-PqMiguzCtb5B2EGkI1VAujHnea6egJ3K6o5_kQePQY1vXPh_JFAZcRzevzfXagDVcsXhttUjtmrV2bSh0Os72k1ewfXlQ-ezm-qu7_kmTDCQkvY9oNIFTIELfuopIwAISLs1Y-g45L1R9sYpP-kf9JXpEBQRm52A98pMk=&code2=7d645a3ef507ea885aa9e1437751659d&lastdomain=1248943368|d2h6MDBhMTI1MTRAY2hpbmFyZW4uY29tfA==|chinaren.com&s=1247733768435
并设置Cookie，然后分别到各个Domain"登陆"，并设置Cookies，调用 （http://passport.sogou.com/sso/setcookie.jsp?） 如：

GET /sso/crossdomain_all.jsp?action=login HTTP/1.1

GET /sso/crossdomain.jsp?action=login&domain=17173.com HTTP/1.1

返回：跳转到http://pass.17173.com/sso/setcookie.jsp.......

HTTP/1.1 302 Found
Server: nginx/0.6.37
Date: Thu, 16 Jul 2009 08:42:41 GMT
Content-Type: text/html; charset=GBK
Connection: close
Set-Cookie: ppmdig=-1483128256739e4da9b7b0801641bc15912374ff9d; domain=..mail.sohu.com; path=/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Location: http://pass.17173.com/sso/setcookie.jsp?lastdomain=1248943368|d2h6MDBhMTI1MTRAY2hpbmFyZW4uY29tfA==|chinaren.com|1&passport=1|1247733768|0|dXNlcmlkOjI0OndoejAwYTEyNTE0QGNoaW5hcmVuLmNvbXxzZXJ2aWNldXNlOjIwOjAxMDAwMDAxMTAwMDAwMDAwMDAwfA==|a|EzV6ermvRW16KLXj692b-25M2ppFOA4otHeeKX4Y2RSakdfPKpzq6U3Qy9ge9X9rV3MA_thTsM0chXai7NzXHftrhF9WX4uIrXGvFMcC4d-tSGXHeljfoOanImteJ4Sag1Uh4f9QJh6PiUInRD-f_5SRDzeBmmVB3cKhR8zIsAw=&code=e99dbe30b35718a1a239ba1ecdea2f3b&ppinf=2|1247733768|0|dXNlcmlkOjI0OndoejAwYTEyNTE0QGNoaW5hcmVuLmNvbXx1aWQ6OTpjMTQ4MzIzODN8c2VydmljZXVzZToyMDowMTAwMDAwMTEwMDAwMDAwMDAwMHxjcnQ6MTA6MjAwMy0wOC0yOHxlbXQ6MTowfGFwcGlkOjQ6MTAwNXx0cnVzdDoxOjF8cGFydG5lcmlkOjE6MHw=&code1=3006b2124f497a58c52b90783a5cf7ba&pprdig=kcZ6r-PqMiguzCtb5B2EGkI1VAujHnea6egJ3K6o5_kQePQY1vXPh_JFAZcRzevzfXagDVcsXhttUjtmrV2bSh0Os72k1ewfXlQ-ezm-qu7_kmTDCQkvY9oNIFTIELfuopIwAISLs1Y-g45L1R9sYpP-kf9JXpEBQRm52A98pMk=&code2=243a4bb1d6d2852ec2f65733e8049864
Content-Length: 965

The URL has moved <a href="http://pass.17173.com/sso/setcookie.jsp?lastdomain=1248943368|d2h6MDBhMTI1MTRAY2hpbmFyZW4uY29tfA==|chinaren.com|1&passport=1|1247733768|0|dXNlcmlkOjI0OndoejAwYTEyNTE0QGNoaW5hcmVuLmNvbXxzZXJ2aWNldXNlOjIwOjAxMDAwMDAxMTAwMDAwMDAwMDAwfA==|a|EzV6ermvRW16KLXj692b-25M2ppFOA4otHeeKX4Y2RSakdfPKpzq6U3Qy9ge9X9rV3MA_thTsM0chXai7NzXHftrhF9WX4uIrXGvFMcC4d-tSGXHeljfoOanImteJ4Sag1Uh4f9QJh6PiUInRD-f_5SRDzeBmmVB3cKhR8zIsAw=&code=e99dbe30b35718a1a239ba1ecdea2f3b&ppinf=2|1247733768|0|dXNlcmlkOjI0OndoejAwYTEyNTE0QGNoaW5hcmVuLmNvbXx1aWQ6OTpjMTQ4MzIzODN8c2VydmljZXVzZToyMDowMTAwMDAwMTEwMDAwMDAwMDAwMHxjcnQ6MTA6MjAwMy0wOC0yOHxlbXQ6MTowfGFwcGlkOjQ6MTAwNXx0cnVzdDoxOjF8cGFydG5lcmlkOjE6MHw=&code1=3006b2124f497a58c52b90783a5cf7ba&pprdig=kcZ6r-PqMiguzCtb5B2EGkI1VAujHnea6egJ3K6o5_kQePQY1vXPh_JFAZcRzevzfXagDVcsXhttUjtmrV2bSh0Os72k1ewfXlQ-ezm-qu7_kmTDCQkvY9oNIFTIELfuopIwAISLs1Y-g45L1R9sYpP-kf9JXpEBQRm52A98pMk=&code2=243a4bb1d6d2852ec2f65733e8049864">here</a>

 

个人理解，错误的地方请大家指正。