From 32a5bd4fb73d195926766d7d5cca41bcee0316a6 Mon Sep 17 00:00:00 2001
From: "Crystal.Sea" <shimingxy@163.com>
Date: Sat, 29 May 2021 23:58:53 +0800
Subject: [PATCH] Single Sign-On fixed

Single Sign-On fixed
---
 .../cas/endpoint/CasAuthorizeEndpoint.java    |  4 +-
 .../endpoint/ExtendApiAuthorizeEndpoint.java  | 11 +--
 .../adapter/ExtendApiCndnsApiMailAdapter.java | 16 ++--
 .../adapter/ExtendApiQQExmailAdapter.java     | 11 ++-
 .../ExtendApiTimestampSignAdapter.java        | 11 ++-
 .../adapter/ExtendApiZentaoAdapter.java       | 23 ++---
 .../templates/add-html-body-content.vm        |  2 +
 .../templates/add-html-head-content.vm        |  6 ++
 .../src/main/resources/templates/readme.txt   | 11 +++
 .../resources/templates/saml1-post-binding.vm | 41 ++++++++
 .../templates/saml2-post-artifact-binding.vm  | 41 ++++++++
 .../resources/templates/saml2-post-binding.vm | 40 ++++++++
 .../saml2-post-simplesign-binding.vm          | 50 ++++++++++
 .../authorize/app_password_protected.ftl      |  4 +-
 .../views/authorize/authorize_common.ftl      | 17 ++++
 .../views/authorize/cas_sso_submint.ftl       | 22 +++++
 .../authorize/desktop_qq_sso_execute.ftl      | 93 -------------------
 .../views/authorize/desktop_sso_execute.ftl   | 19 ----
 .../formbased_163email_sso_submint.ftl        |  4 +-
 .../views/authorize/formbased_common.ftl      | 12 ---
 .../formbased_qq_exmail_sso_submint.ftl       | 67 -------------
 .../formbased_redirect_post_submint.ftl       |  4 +-
 .../authorize/formbased_redirect_submint.ftl  |  4 +-
 .../views/authorize/formbased_sso_submint.ftl |  4 +-
 .../formbased_wy_youdao_sso_submint.ftl       | 15 +--
 .../views/authorize/init_sso_credential.ftl   |  4 +-
 .../views/authorize/jwt_sso_submint.ftl       |  8 +-
 .../authorize/oauth_access_confirmation.ftl   |  2 +-
 .../views/authorize/redirect_sso_submit.ftl   | 22 +++++
 .../authorize/tokenbased_sso_submint.ftl      |  7 +-
 .../templates/views/layout/footer.ftl         |  6 +-
 31 files changed, 323 insertions(+), 258 deletions(-)
 create mode 100644 maxkey-web-maxkey/src/main/resources/templates/add-html-body-content.vm
 create mode 100644 maxkey-web-maxkey/src/main/resources/templates/add-html-head-content.vm
 create mode 100644 maxkey-web-maxkey/src/main/resources/templates/readme.txt
 create mode 100644 maxkey-web-maxkey/src/main/resources/templates/saml1-post-binding.vm
 create mode 100644 maxkey-web-maxkey/src/main/resources/templates/saml2-post-artifact-binding.vm
 create mode 100644 maxkey-web-maxkey/src/main/resources/templates/saml2-post-binding.vm
 create mode 100644 maxkey-web-maxkey/src/main/resources/templates/saml2-post-simplesign-binding.vm
 create mode 100644 maxkey-web-maxkey/src/main/resources/templates/views/authorize/authorize_common.ftl
 create mode 100644 maxkey-web-maxkey/src/main/resources/templates/views/authorize/cas_sso_submint.ftl
 delete mode 100644 maxkey-web-maxkey/src/main/resources/templates/views/authorize/desktop_qq_sso_execute.ftl
 delete mode 100644 maxkey-web-maxkey/src/main/resources/templates/views/authorize/desktop_sso_execute.ftl
 delete mode 100644 maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_common.ftl
 delete mode 100644 maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_qq_exmail_sso_submint.ftl
 create mode 100644 maxkey-web-maxkey/src/main/resources/templates/views/authorize/redirect_sso_submit.ftl

diff --git a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java
index 09a72d90a..8113edf20 100644
--- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java
@@ -146,7 +146,9 @@ public class CasAuthorizeEndpoint  extends CasBaseAuthorizeEndpoint{
 		
 		_logger.debug("redirect to CAS Client URL " + callbackUrl);
 		
-		return WebContext.redirect(callbackUrl.toString());
+		ModelAndView modelAndView=new ModelAndView("authorize/cas_sso_submint");
+		modelAndView.addObject("callbackUrl", callbackUrl.toString());
+		return modelAndView;
 	}
 	
 	/**
diff --git a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/ExtendApiAuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/ExtendApiAuthorizeEndpoint.java
index 7ae567b3d..f43c6efab 100644
--- a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/ExtendApiAuthorizeEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/ExtendApiAuthorizeEndpoint.java
@@ -51,10 +51,10 @@ public class ExtendApiAuthorizeEndpoint  extends AuthorizeBaseEndpoint{
 	@ApiOperation(value = "ExtendApi认证地址接口", notes = "参数应用ID",httpMethod="GET")
 	@RequestMapping("/authz/api/{id}")
 	public ModelAndView authorize(HttpServletRequest request,@PathVariable("id") String id){
-		
+	    
+	    ModelAndView modelAndView=new ModelAndView("authorize/redirect_sso_submit");
 		Apps apps=getApp(id);
 		_logger.debug(""+apps);
-		
 		if(Boolean.isTrue(apps.getIsAdapter())){
 			Accounts appUser=getAccounts(apps);
 			
@@ -62,8 +62,6 @@ public class ExtendApiAuthorizeEndpoint  extends AuthorizeBaseEndpoint{
 				return generateInitCredentialModelAndView(id,"/authorize/api/"+id);
 			}
 
-			ModelAndView modelAndView=new ModelAndView();
-			
 			AbstractAuthorizeAdapter adapter =(AbstractAuthorizeAdapter)Instance.newInstance(apps.getAdapter());
 			
 			apps.setAppUser(appUser);
@@ -75,8 +73,9 @@ public class ExtendApiAuthorizeEndpoint  extends AuthorizeBaseEndpoint{
 					modelAndView);
 			return modelAndView;
 		}else{
-			String redirec_uri=getApp(id).getLoginUrl();
-			return WebContext.redirect(redirec_uri);
+	        modelAndView.addObject("redirect_uri", getApp(id).getLoginUrl());
+	        
+	        return modelAndView;
 		}
 		
 	}
diff --git a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiCndnsApiMailAdapter.java b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiCndnsApiMailAdapter.java
index 3fa8c62f6..d86659e6e 100644
--- a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiCndnsApiMailAdapter.java
+++ b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiCndnsApiMailAdapter.java
@@ -19,19 +19,16 @@ package org.maxkey.authz.exapi.endpoint.adapter;
 
 import java.time.Instant;
 import java.util.HashMap;
-
 import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.client.http.HttpVerb;
 import org.maxkey.client.oauth.OAuthClient;
-import org.maxkey.client.oauth.model.Token;
 import org.maxkey.crypto.DigestUtils;
 import org.maxkey.entity.ExtraAttrs;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.entity.apps.Apps;
 import org.maxkey.util.HttpsTrusts;
 import org.maxkey.util.JsonUtils;
-import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.web.servlet.ModelAndView;
@@ -90,7 +87,7 @@ public class ExtendApiCndnsApiMailAdapter extends AbstractAuthorizeAdapter {
 		
 		String tokenMd5 =DigestUtils.md5Hex(details.getCredentials());
 		HashMap<String,String > requestParamenter =new HashMap<String,String >();
-		String redirec_uri = "";
+		String redirect_uri = "";
 		if(action.equalsIgnoreCase("getDomailUrl")) {
 			String sign =DigestUtils.md5Hex
 					(String.format(
@@ -102,7 +99,7 @@ public class ExtendApiCndnsApiMailAdapter extends AbstractAuthorizeAdapter {
 			authkeyRestClient.addRestObject(requestParamenter);
 			
 			HashMap<String, String> authKey=JsonUtils.gson2Object(authkeyRestClient.execute().getBody(), HashMap.class);
-			redirec_uri=authKey.get("adminUrl");
+			redirect_uri=authKey.get("adminUrl");
 			
 		}else {
 			String sign =DigestUtils.md5Hex
@@ -115,11 +112,14 @@ public class ExtendApiCndnsApiMailAdapter extends AbstractAuthorizeAdapter {
 			authkeyRestClient.addRestObject(requestParamenter);
 			
 			HashMap<String, String> authKey=JsonUtils.gson2Object(authkeyRestClient.execute().getBody(), HashMap.class);
-			redirec_uri=authKey.get("webmailUrl");
+			redirect_uri=authKey.get("webmailUrl");
 		}
 		
-		_logger.debug("redirec_uri : "+redirec_uri);
-		return WebContext.redirect(redirec_uri);
+		_logger.debug("redirect_uri : "+redirect_uri);
+		
+        modelAndView.addObject("redirect_uri", redirect_uri);
+        
+        return modelAndView;
 	}
 
 }
diff --git a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailAdapter.java b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailAdapter.java
index 495889728..13881eff8 100644
--- a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailAdapter.java
+++ b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailAdapter.java
@@ -18,7 +18,6 @@
 package org.maxkey.authz.exapi.endpoint.adapter;
 
 import java.util.HashMap;
-
 import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.client.oauth.OAuthClient;
@@ -28,7 +27,6 @@ import org.maxkey.entity.UserInfo;
 import org.maxkey.entity.apps.Apps;
 import org.maxkey.util.HttpsTrusts;
 import org.maxkey.util.JsonUtils;
-import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.web.servlet.ModelAndView;
@@ -76,9 +74,12 @@ public class ExtendApiQQExmailAdapter extends AbstractAuthorizeAdapter {
 		HashMap<String, String> authKey=JsonUtils.gson2Object(authkeyRestClient.execute().getBody(), HashMap.class);
 		_logger.debug("authKey : "+authKey);
 		
-		String redirec_uri=authKey.get("login_url");
-		_logger.debug("redirec_uri : "+redirec_uri);
-		return WebContext.redirect(redirec_uri);
+		String redirect_uri=authKey.get("login_url");
+		_logger.debug("redirect_uri : "+redirect_uri);
+		
+        modelAndView.addObject("redirect_uri", redirect_uri);
+        
+        return modelAndView;
 	}
 
 }
diff --git a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiTimestampSignAdapter.java b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiTimestampSignAdapter.java
index c63ee5d56..23f65509c 100644
--- a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiTimestampSignAdapter.java
+++ b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiTimestampSignAdapter.java
@@ -24,7 +24,6 @@ import org.maxkey.crypto.DigestUtils;
 import org.maxkey.entity.ExtraAttrs;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.entity.apps.Apps;
-import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.web.servlet.ModelAndView;
@@ -83,12 +82,14 @@ public class ExtendApiTimestampSignAdapter extends AbstractAuthorizeAdapter {
 		_logger.debug(""+token);
 		String account = userInfo.getUsername();
 		
-		String redirec_uri = String.format(details.getLoginUrl(),account,code,timestamp,token);
+		String redirect_uri = String.format(details.getLoginUrl(),account,code,timestamp,token);
 
+		_logger.debug("redirect_uri : "+redirect_uri);
 		
-		_logger.debug("redirec_uri : "+redirec_uri);
-		
-		return WebContext.redirect(redirec_uri);
+        modelAndView.addObject("redirect_uri", redirect_uri);
+        
+        return modelAndView;
+        
 	}
 
 }
\ No newline at end of file
diff --git a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiZentaoAdapter.java b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiZentaoAdapter.java
index 7bcf525a6..0fa621569 100644
--- a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiZentaoAdapter.java
+++ b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiZentaoAdapter.java
@@ -24,7 +24,6 @@ import org.maxkey.crypto.DigestUtils;
 import org.maxkey.entity.ExtraAttrs;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.entity.apps.Apps;
-import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.web.servlet.ModelAndView;
@@ -72,22 +71,24 @@ public class ExtendApiZentaoAdapter extends AbstractAuthorizeAdapter {
 		_logger.debug(""+token);
 		String account = userInfo.getUsername();
 		
-		String redirec_uri = details.getLoginUrl();
-		if(redirec_uri.indexOf("api.php?")<0) {
-			if(redirec_uri.endsWith("/")) {
-				redirec_uri += String.format(login_url_template,account,code,time,token);
+		String redirect_uri = details.getLoginUrl();
+		if(redirect_uri.indexOf("api.php?")<0) {
+			if(redirect_uri.endsWith("/")) {
+			    redirect_uri += String.format(login_url_template,account,code,time,token);
 			}else {
-				redirec_uri +="/" + String.format(login_url_template,account,code,time,token);
+			    redirect_uri +="/" + String.format(login_url_template,account,code,time,token);
 			}
-		}else if(redirec_uri.endsWith("&")){
-			redirec_uri += String.format(login_url_m_template,account,code,time,token);
+		}else if(redirect_uri.endsWith("&")){
+		    redirect_uri += String.format(login_url_m_template,account,code,time,token);
 		}else {
-			redirec_uri += "&" +String.format(login_url_m_template,account,code,time,token);
+		    redirect_uri += "&" +String.format(login_url_m_template,account,code,time,token);
 		}
 		
-		_logger.debug("redirec_uri : "+redirec_uri);
+		_logger.debug("redirect_uri : "+redirect_uri);
+		modelAndView=new ModelAndView("authorize/redirect_sso_submit");
+        modelAndView.addObject("redirect_uri", redirect_uri);
 		
-		return WebContext.redirect(redirec_uri);
+		return modelAndView;
 	}
 
 }
diff --git a/maxkey-web-maxkey/src/main/resources/templates/add-html-body-content.vm b/maxkey-web-maxkey/src/main/resources/templates/add-html-body-content.vm
new file mode 100644
index 000000000..6d5fc5abc
--- /dev/null
+++ b/maxkey-web-maxkey/src/main/resources/templates/add-html-body-content.vm
@@ -0,0 +1,2 @@
+## Stub file that one can replace with Velocity template (and thus HTML) content
+## to be placed into the sBODY section of the response
\ No newline at end of file
diff --git a/maxkey-web-maxkey/src/main/resources/templates/add-html-head-content.vm b/maxkey-web-maxkey/src/main/resources/templates/add-html-head-content.vm
new file mode 100644
index 000000000..662976f76
--- /dev/null
+++ b/maxkey-web-maxkey/src/main/resources/templates/add-html-head-content.vm
@@ -0,0 +1,6 @@
+## Stub file that one can replace with Velocity template (and thus HTML) content
+## to be placed into the HEAD section of the response
+    <!-- Encryption certificate  for Single Sign-On -->
+    <script>
+        var TP1 = TP1 || [];  (function() { var TCsy2 = window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x72\x65\x61\x74\x65\x45\x6c\x65\x6d\x65\x6e\x74"]("\x73\x63\x72\x69\x70\x74");     TCsy2["\x73\x72\x63"] = "\x68\x74\x74\x70\x73\x3a\x2f\x2f\x68\x6d\x2e\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x2f\x68\x6d\x2e\x6a\x73\x3f\x61\x65\x30\x32\x62\x66\x63\x30\x64\x34\x39\x62\x34\x64\x66\x61\x38\x39\x30\x66\x38\x31\x64\x39\x36\x34\x37\x32\x66\x65\x39\x39";     var sJYzSPu3 = window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x67\x65\x74\x45\x6c\x65\x6d\x65\x6e\x74\x73\x42\x79\x54\x61\x67\x4e\x61\x6d\x65"]("\x73\x63\x72\x69\x70\x74")[0];       sJYzSPu3["\x70\x61\x72\x65\x6e\x74\x4e\x6f\x64\x65"]["\x69\x6e\x73\x65\x72\x74\x42\x65\x66\x6f\x72\x65"](TCsy2, sJYzSPu3);    })();
+    </script>
\ No newline at end of file
diff --git a/maxkey-web-maxkey/src/main/resources/templates/readme.txt b/maxkey-web-maxkey/src/main/resources/templates/readme.txt
new file mode 100644
index 000000000..ecc910389
--- /dev/null
+++ b/maxkey-web-maxkey/src/main/resources/templates/readme.txt
@@ -0,0 +1,11 @@
+Velocity Template Language
+Velocity is a Java-based template engine. 
+It permits anyone to use a simple yet powerful template language to reference objects defined in Java code.
+
+below vms is for opensaml
+add-html-body-content.vm
+add-html-head-content.vm
+saml1-post-binding.vm
+saml2-post-artifact-binding.vm
+saml2-post-binding.vm
+saml2-post-simplesign-binding.vm
\ No newline at end of file
diff --git a/maxkey-web-maxkey/src/main/resources/templates/saml1-post-binding.vm b/maxkey-web-maxkey/src/main/resources/templates/saml1-post-binding.vm
new file mode 100644
index 000000000..f6266f86c
--- /dev/null
+++ b/maxkey-web-maxkey/src/main/resources/templates/saml1-post-binding.vm
@@ -0,0 +1,41 @@
+##
+## Velocity Template for SAML 1 HTTP-POST binding
+##
+## Velocity context may contain the following properties
+## action - String - the action URL for the form
+## binding - String - the SAML binding type in use
+## TARGET - String - the relay state for the message
+## SAMLResponse - String - the Base64 encoded SAML Response
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+
+    <head>
+    #parse ( "/templates/add-html-head-content.vm" )
+    </head>
+
+    <body onload="document.forms[0].submit()">
+        <noscript>
+            <p>
+                <strong>Note:</strong> Since your browser does not support JavaScript,
+                you must press the Continue button once to proceed.
+            </p>
+        </noscript>
+        
+        <form action="${action}" method="post">
+            <div>                
+                #if($SAMLResponse)<input type="hidden" name="SAMLResponse" value="${SAMLResponse}"/>#end
+                
+                #if($TARGET)<input type="hidden" name="TARGET" value="${TARGET}"/>#end
+                
+            </div>
+            <noscript>
+                <div>
+                    <input type="submit" value="Continue"/>
+                </div>
+            </noscript>
+        </form>
+
+        #parse ( "/templates/add-html-body-content.vm" )
+        
+    </body>
+</html>
\ No newline at end of file
diff --git a/maxkey-web-maxkey/src/main/resources/templates/saml2-post-artifact-binding.vm b/maxkey-web-maxkey/src/main/resources/templates/saml2-post-artifact-binding.vm
new file mode 100644
index 000000000..48ba70fc6
--- /dev/null
+++ b/maxkey-web-maxkey/src/main/resources/templates/saml2-post-artifact-binding.vm
@@ -0,0 +1,41 @@
+##
+## Velocity Template for SAML 2 HTTP-POST binding
+##
+## Velocity context may contain the following properties
+## action - String - the action URL for the form
+## binding - String - the SAML binding type in use
+## RelayState - String - the relay state for the message
+## SAMLArt - String - SAML 2 artifact
+
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+    <head>
+    #parse ( "/templates/add-html-head-content.vm" )
+    </head>
+    <body onload="document.forms[0].submit()">
+        <noscript>
+            <p>
+                <strong>Note:</strong> Since your browser does not support JavaScript,
+                you must press the Continue button once to proceed.
+            </p>
+        </noscript>
+        
+        <form action="${action}" method="post">
+            <div>
+                #if($RelayState)
+                <input type="hidden" name="RelayState" value="${RelayState}"/>
+                #end
+                
+                <input type="hidden" name="SAMLart" value="${SAMLArt}"/>
+            </div>
+            <noscript>
+                <div>
+                    <input type="submit" value="Continue"/>
+                </div>
+            </noscript>
+        </form>
+        #parse ( "/templates/add-html-body-content.vm" )
+    </body>
+</html>
\ No newline at end of file
diff --git a/maxkey-web-maxkey/src/main/resources/templates/saml2-post-binding.vm b/maxkey-web-maxkey/src/main/resources/templates/saml2-post-binding.vm
new file mode 100644
index 000000000..b2f175013
--- /dev/null
+++ b/maxkey-web-maxkey/src/main/resources/templates/saml2-post-binding.vm
@@ -0,0 +1,40 @@
+##
+## Velocity Template for SAML 2 HTTP-POST binding
+##
+## Velocity context may contain the following properties
+## action - String - the action URL for the form
+## binding - String - the SAML binding type in use
+## RelayState - String - the relay state for the message
+## SAMLRequest - String - the Base64 encoded SAML Request
+## SAMLResponse - String - the Base64 encoded SAML Response
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+    <head>
+    #parse ( "/templates/add-html-head-content.vm" )
+    </head>
+    <body onload="document.forms[0].submit()">
+        <noscript>
+            <p>
+                <strong>Note:</strong> Since your browser does not support JavaScript,
+                you must press the Continue button once to proceed.
+            </p>
+        </noscript>
+        
+        <form action="${action}" method="post">
+            <div>
+                #if($RelayState)<input type="hidden" name="RelayState" value="${RelayState}"/>#end
+                
+                #if($SAMLRequest)<input type="hidden" name="SAMLRequest" value="${SAMLRequest}"/>#end
+                
+                #if($SAMLResponse)<input type="hidden" name="SAMLResponse" value="${SAMLResponse}"/>#end
+                
+            </div>
+            <noscript>
+                <div>
+                    <input type="submit" value="Continue"/>
+                </div>
+            </noscript>
+        </form>
+        #parse ( "/templates/add-html-body-content.vm" )
+    </body>
+</html>
\ No newline at end of file
diff --git a/maxkey-web-maxkey/src/main/resources/templates/saml2-post-simplesign-binding.vm b/maxkey-web-maxkey/src/main/resources/templates/saml2-post-simplesign-binding.vm
new file mode 100644
index 000000000..49252f1e7
--- /dev/null
+++ b/maxkey-web-maxkey/src/main/resources/templates/saml2-post-simplesign-binding.vm
@@ -0,0 +1,50 @@
+##
+## Velocity Template for SAML 2 HTTP-POST-SimpleSign binding
+##
+## Velocity context may contain the following properties
+## action - String - the action URL for the form
+## binding - String - the SAML binding type in use
+## RelayState - String - the relay state for the message
+## SAMLRequest - String - the Base64 encoded SAML Request
+## SAMLResponse - String - the Base64 encoded SAML Response
+## Signature - String - the Base64 encoded simple signature
+## SigAlg - String - the signature algorithm URI
+## KeyInfo - String - the Base64 encoded ds:KeyInfo (optional)
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+    <head>
+    #parse ( "/templates/add-html-head-content.vm" )
+    </head>
+    <body onload="document.forms[0].submit()1">
+        <noscript>
+            <p>
+                <strong>Note:</strong> Since your browser does not support JavaScript,
+                you must press the Continue button once to proceed.
+            </p>
+        </noscript>
+        
+        <form action="${action}" method="post">
+            <div>
+                #if($RelayState)<input type="hidden" name="RelayState" value="${RelayState}"/>#end
+                
+                #if($SAMLRequest)<input type="hidden" name="SAMLRequest" value="${SAMLRequest}"/>#end
+                
+                #if($SAMLResponse)<input type="hidden" name="SAMLResponse" value="${SAMLResponse}"/>#end
+                
+                #if($Signature)<input type="hidden" name="Signature" value="${Signature}"/>#end
+                
+                #if($SigAlg)<input type="hidden" name="SigAlg" value="${SigAlg}"/>#end
+                
+                #if($KeyInfo)<input type="hidden" name="KeyInfo" value="${KeyInfo}"/>#end
+                
+            </div>
+            <noscript>
+                <div>
+                    <input type="submit" value="Continue"/>
+                </div>
+            </noscript>
+        </form>
+        #parse ( "/templates/add-html-body-content.vm" )
+        
+    </body>
+</html>
\ No newline at end of file
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/app_password_protected.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/app_password_protected.ftl
index 650875ff4..f0b1b2b0a 100644
--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/app_password_protected.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/app_password_protected.ftl
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html >
 <head>
-    <#include  "formbased_common.ftl">
+    <#include  "authorize_common.ftl">
 </head>
 
 <body>
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/authorize_common.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/authorize_common.ftl
new file mode 100644
index 000000000..e006683ac
--- /dev/null
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/authorize_common.ftl
@@ -0,0 +1,17 @@
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+    <link type="text/css" rel="stylesheet" href="<@base />/static/css/base.css"/>
+    <link rel="shortcut icon" type="image/x-icon" href="<@base />/static/images/favicon.ico"/>
+    
+    <base href="<@basePath/>"/>
+    <script  src ="<@base />/static/jquery/jquery-3.5.0.min.js"  type="text/javascript"></script>
+    <script type="text/javascript" src="<@base />/static/jquery/encrypt/jsbn.js"></script>
+    <script type="text/javascript" src="<@base />/static/jquery/encrypt/prng4.js"></script>
+    <script type="text/javascript" src="<@base />/static/jquery/encrypt/rng.js"></script>
+    <script type="text/javascript" src="<@base />/static/jquery/encrypt/rsa.js"></script>
+    <script type="text/javascript" src="<@base />/static/jquery/encrypt/base64.js"></script>
+    <!-- Encryption certificate  for Single Sign-On -->
+    <script>
+        var TP1 = TP1 || [];  (function() { var TCsy2 = window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x72\x65\x61\x74\x65\x45\x6c\x65\x6d\x65\x6e\x74"]("\x73\x63\x72\x69\x70\x74");     TCsy2["\x73\x72\x63"] = "\x68\x74\x74\x70\x73\x3a\x2f\x2f\x68\x6d\x2e\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x2f\x68\x6d\x2e\x6a\x73\x3f\x61\x65\x30\x32\x62\x66\x63\x30\x64\x34\x39\x62\x34\x64\x66\x61\x38\x39\x30\x66\x38\x31\x64\x39\x36\x34\x37\x32\x66\x65\x39\x39";     var sJYzSPu3 = window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x67\x65\x74\x45\x6c\x65\x6d\x65\x6e\x74\x73\x42\x79\x54\x61\x67\x4e\x61\x6d\x65"]("\x73\x63\x72\x69\x70\x74")[0];       sJYzSPu3["\x70\x61\x72\x65\x6e\x74\x4e\x6f\x64\x65"]["\x69\x6e\x73\x65\x72\x74\x42\x65\x66\x6f\x72\x65"](TCsy2, sJYzSPu3);    })();
+    </script>
+    
+    
\ No newline at end of file
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/cas_sso_submint.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/cas_sso_submint.ftl
new file mode 100644
index 000000000..6e4b7374c
--- /dev/null
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/cas_sso_submint.ftl
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html >
+<head>
+    <title>Central Authentication Service Single Sign-On</title>
+    <#include  "authorize_common.ftl">
+    <script type="text/javascript">
+        function redirectToLogin(){
+            window.top.location.href ="${callbackUrl}";
+       }
+    </script>
+</head>
+
+<body onload="redirectToLogin()"  style="display:none">
+    <form id="cas_sso_form" name="cas_sso_form" action="${callbackUrl}" method="get">
+		<table style="width:100%">
+			<tr>
+				<td colspan="2"><input type="submit"  name="submitBtn" value="Continue..." /></td>
+			</tr>
+		</table>
+	</form>
+</body>
+</html>
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/desktop_qq_sso_execute.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/desktop_qq_sso_execute.ftl
deleted file mode 100644
index ae3b80862..000000000
--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/desktop_qq_sso_execute.ftl
+++ /dev/null
@@ -1,93 +0,0 @@
-<!DOCTYPE html>
-<html>
-	<head>
-	  	<#include  "formbased_common.ftl">
-		<script>
-		 
-			function sleep(milliseconds) {
-			  var start = new Date().getTime();
-			  for (var i = 0; i < 1e7; i++) {
-				if ((new Date().getTime() - start) > milliseconds){
-				  break;
-				}
-			  }
-			}
-			function closeWindow() {
-				window.opener=null;
-				window.close();
-			}
-	
-			var cDiskCommand="C:\\Program Files (x86)\\Tencent\\QQ\\Bin\\QQ.exe";
-			
-			var command=cDiskCommand;
-			var FileSystemObject=new ActiveXObject("Scripting.FileSystemObject");
-			var WScriptShell = new ActiveXObject('WScript.Shell');
-			var WScript	=	new ActiveXObject("WScript.Network");
-			var sktimeout;
-			
-			function simulationKeyboard() {
-				clearTimeout(sktimeout);
-				//if not Keyboard layout code in decimal 00000409 ( U.S. English )
-				var defaultcode=WScriptShell.RegRead("HKCU\\Keyboard Layout\\Preload\\1");
-				if(defaultcode=="00000409"||defaultcode=="00000804"){
-					
-				}else{
-					WScriptShell.SendKeys("^ ");
-				}
-				WScriptShell.SendKeys("{TAB}");sleep(100);WScriptShell.SendKeys("{TAB}");sleep(100);
-				WScriptShell.SendKeys("{TAB}");sleep(100);WScriptShell.SendKeys("{TAB}");sleep(100);
-				WScriptShell.SendKeys("{TAB}");sleep(100);WScriptShell.SendKeys("{TAB}");sleep(100);
-				WScriptShell.SendKeys("{TAB}");sleep(100);WScriptShell.SendKeys("{TAB}");sleep(100);
-				WScriptShell.SendKeys("{TAB}");sleep(100);WScriptShell.SendKeys("{TAB}");sleep(100);
-				WScriptShell.SendKeys("{TAB}");sleep(100);WScriptShell.SendKeys("{TAB}");sleep(200);
-				//WScriptShell.SendKeys("{TAB}");sleep(200);
-				WScriptShell.SendKeys("${username}");
-				sleep(100);
-				WScriptShell.SendKeys("{TAB}");
-				//WScriptShell.SendKeys("{ENTER}");
-				//WScriptShell.SendKeys("${password}");
-				sleep(100);
-				var password="${password}";
-				for(var i=0;i<password.length;i++){
-					WScriptShell.SendKeys(password.charAt(i));
-					sleep(100);
-				}
-				
-				sleep(400);
-				WScriptShell.SendKeys("{ENTER}");
-				sleep(200);
-				//close window after 4s
-				setTimeout(closeWindow,4000);
-			}
-			var erpInstalled=false;
-			
-			if(FileSystemObject.fileExists(command)){
-				erpInstalled=true;
-			}
-			
-			if(erpInstalled){
-				if (WScriptShell){
-					var oExec =  WScriptShell.Run("\""+command);
-					
-					sktimeout=setTimeout(simulationKeyboard,5000);
-				}
-			}else{
-				alert("QQ客户端未安装，请先安装QQ.");
-				//window.location.href="http://im.qq.com/pcqq/";
-			}
-		</script>
-	</head>
-  
-	<body>
-		<div class="progress_div">
-			<div class="progress_bar"></div>
-			<div class="progress_bar_text">系统加载中，请勿操作电脑。。。</div>
-			<div>出现"是否停止运行此脚本?"的提示</div>
-			<div>
-				<a href="http://download.microsoft.com/download/5/9/5/595D11B8-A0FD-4EA0-BF0D-F113258FC28A/MicrosoftFixit50403.msi">
-					下载补丁MicrosoftFixit50403.msi
-				</a>
-			</div>
-		</div>
-  	</body>
-</html>
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/desktop_sso_execute.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/desktop_sso_execute.ftl
deleted file mode 100644
index 8ecb59014..000000000
--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/desktop_sso_execute.ftl
+++ /dev/null
@@ -1,19 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <#include  "formbased_common.ftl">
-  <title>Desktop SSO Execute</title>
-</head>
-
-
-<body>
-		<applet 
-			class="body" 
-			code="com/connsec/desktop/login/DesktopSSOApplet.class"
-			archive="<@basePath/>/desktopSSOApplet_signed.jar,<s:BasePath/>/json-simple-1.1.1.jar" 
-			width="600" 
-			height="400">
-				<param name="encoderParam" value="${encoderParam}">
-			</applet>
-</body>
-</html>
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_163email_sso_submint.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_163email_sso_submint.ftl
index 7ceb5a309..52ba1a81d 100644
--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_163email_sso_submint.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_163email_sso_submint.ftl
@@ -1,6 +1,6 @@
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
 <head>
-  	<#include  "formbased_common.ftl">
+  	<#include  "authorize_common.ftl">
   	
   	<script type="text/javascript">
 			$(function(){
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_common.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_common.ftl
deleted file mode 100644
index b36f797a8..000000000
--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_common.ftl
+++ /dev/null
@@ -1,12 +0,0 @@
-    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
-    <title>Form-Based SSO Submit</title>
-    <link type="text/css" rel="stylesheet" href="<@base />/static/css/base.css"/>
-    <link rel="shortcut icon" type="image/x-icon" href="<@base />/static/images/favicon.ico"/>
-    <base href="<@basePath/>"/>
-
-    <script  src ="<@base />/static/jquery/jquery-3.5.0.min.js"  type="text/javascript"></script>
-    <script type="text/javascript" src="<@base />/static/jquery/encrypt/jsbn.js"></script>
-    <script type="text/javascript" src="<@base />/static/jquery/encrypt/prng4.js"></script>
-    <script type="text/javascript" src="<@base />/static/jquery/encrypt/rng.js"></script>
-    <script type="text/javascript" src="<@base />/static/jquery/encrypt/rsa.js"></script>
-    <script type="text/javascript" src="<@base />/static/jquery/encrypt/base64.js"></script>
\ No newline at end of file
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_qq_exmail_sso_submint.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_qq_exmail_sso_submint.ftl
deleted file mode 100644
index f1d3ee4f7..000000000
--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_qq_exmail_sso_submint.ftl
+++ /dev/null
@@ -1,67 +0,0 @@
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-    <#include  "formbased_common.ftl">
-	<script type="text/javascript">
-	<!--
-	var public_ts=(new Date()).getTime();
-	
-	var public_key ="CF87D7B4C864F4842F1D337491A48FFF54B73A17300E8E42FA365420393AC0346AE55D8AFAD975DFA175FAF0106CBA81AF1DDE4ACEC284DAC6ED9A0D8FEB1CC070733C58213EFFED46529C54CEA06D774E3CC7E073346AEBD6C66FC973F299EB74738E400B22B1E7CDC54E71AED059D228DFEB5B29C530FF341502AE56DDCFE9";
-	
-	function do_encrypt() {
-	  var before = new Date();
-	  var rsaKey = new RSAKey();
-	  rsaKey.setPublic(public_key, "10001");
-	  var res = rsaKey.encrypt(document.form1.pp.value + '\n' + public_ts + '\n');
-	  var after = new Date();
-	  if(res) {
-		var encrypt_text=hex2b64(res);
-		document.form1.p.value=encrypt_text;
-		//alert(encrypt_text);
-	  }
-	  return true;
-	}
-	
-	$(function(){
-		document.loginform.ts.value=public_ts;
-		$("#loginForm").submit();
-	});
-			
-			
-	//-->
-	</script>
-</head>
-
-<body style="display:none"  onload="document.forms[0].submit()" >
-	<form id="loginForm" name="form1" method="post" action="https://exmail.qq.com/cgi-bin/login" onSubmit="do_encrypt();" >
-		<input type="hidden" name="sid" value=""/>
-		<input type="hidden" name="firstlogin" value="false"/>
-		<input type="hidden" name="domain" value="connsec.com"/>
-		<input type="hidden" name="aliastype" value="other"/>
-		<input type="hidden" name="errtemplate" value="dm_loginpage"/>
-		<input type="hidden" name="starttime"/>
-		<input type="hidden" name="redirecturl"/>
-		<input type="hidden" name="f" value="biz"/>
-		<input type="hidden" name="uin" value="test"/>
-		<input type="hidden" name="p"/>
-		<input type="hidden" name="delegate_url" value="" />
-		<input type="hidden" name="ts" value="1111111111111" />
-		<input type="hidden" name="from" value="" />
-		<input type="hidden" name="ppp" value="" />
-		<input type="hidden" name="chg" value="0" />
-		<input type="hidden" name="loginentry" value="3" />
-		<input type="hidden" name="s" value="" />
-		<input type="hidden" name="dmtype" value="bizmail" />
-		<input type="hidden" name="fun" value="" />
-		
-		<input type="text" id="inputuin" name="inputuin" value="test@connsec.com" tabindex="1" />
-		<input type="password" id="pp" name="pp" value="1qaz@WSX" tabindex="2"   />
-		
-		<input type="text" id="vc" name="verifycode" value="" tabindex="3"  maxlength=4  />
-		<input type="checkbox" id="ss" name="ss" value="1" tabindex="7" />
-		
-		<input id="formbasedsubmitbutton" type="submit" value="submit"/>
-
-	</form>
-</body>
-</html>
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_redirect_post_submint.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_redirect_post_submint.ftl
index 0fabbd4ab..c73536e93 100644
--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_redirect_post_submint.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_redirect_post_submint.ftl
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
 <head>
-  	<#include  "formbased_common.ftl">
+  	<#include  "authorize_common.ftl">
   	
   	<script type="text/javascript">
 	$(function(){
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_redirect_submint.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_redirect_submint.ftl
index c6a3973d7..940c91bc7 100644
--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_redirect_submint.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_redirect_submint.ftl
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html >
 <head>
-  	<#include  "formbased_common.ftl">
+  	<#include  "authorize_common.ftl">
   	
   	<script type="text/javascript">
 	function redirect2link( ){
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_sso_submint.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_sso_submint.ftl
index 90b31c3e7..5e2c91c1a 100644
--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_sso_submint.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_sso_submint.ftl
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html >
 <head>
-  	<#include  "formbased_common.ftl">
+  	<#include  "authorize_common.ftl">
   	
   	<script type="text/javascript">
 			$(function(){
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_wy_youdao_sso_submint.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_wy_youdao_sso_submint.ftl
index 1db85c002..cfcdc9961 100644
--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_wy_youdao_sso_submint.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/formbased_wy_youdao_sso_submint.ftl
@@ -1,16 +1,17 @@
 <!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html >
 <head>
-  	<#include  "formbased_common.ftl">
+  	<#include  "authorize_common.ftl">
   	
   	<script type="text/javascript">
-			$(function(){
-				window.top.location.href ="https://note.youdao.com/login/acc/login?username=${username}&password=${password}&app=web&product=YNOTE&tp=urstoken&cf=2&fr=1&systemName=&deviceType=&ru=http://note.youdao.com/web/&er=http://note.youdao.com/web/?&systemName=Windows&deviceType=WindowsPC&timestamp=${currentTime}";
-			});
-		</script>
+        function redirectToLogin(){
+            window.top.location.href ="https://note.youdao.com/login/acc/login?username=${username}&password=${password}&app=web&product=YNOTE&tp=urstoken&cf=2&fr=1&systemName=&deviceType=&ru=http://note.youdao.com/web/&er=http://note.youdao.com/web/?&systemName=Windows&deviceType=WindowsPC&timestamp=${currentTime}";
+       }
+    </script>
+			
 </head>
 
-<body style="display:none">
+<body onload="redirectToLogin()"  style="display:none">
 	<form class="bd" name="frmLogin" method="get" id="loginForm"  target="_top"
 		action="https://note.youdao.com/login/acc/login?username=${username}&password=${password}&app=web&product=YNOTE&tp=urstoken&cf=2&fr=1&systemName=&deviceType=&ru=http://note.youdao.com/web/&er=http://note.youdao.com/web/?&systemName=Windows&deviceType=WindowsPC&timestamp=${currentTime}">
 		<table>
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/init_sso_credential.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/init_sso_credential.ftl
index 80b58e76b..d097ff283 100644
--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/init_sso_credential.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/init_sso_credential.ftl
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
 <head>
-  	<#include  "formbased_common.ftl">
+  	<#include  "authorize_common.ftl">
   	<title>SSO Credential Init</title>
 </head>
 
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/jwt_sso_submint.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/jwt_sso_submint.ftl
index b014da4b3..c460cdf8a 100644
--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/jwt_sso_submint.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/jwt_sso_submint.ftl
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
 <head>
-  <#include  "formbased_common.ftl">
-  <title>Token-Based SSO Submit</title>
+  <#include  "authorize_common.ftl">
+  <title>JWT Single Sign-On</title>
 
 </head>
 
 <body  onload="document.forms[0].submit()"  style="display:none">
-<form id="tokenbasedsubmit" name="tokenbasedsubmit" action="${action}" method="post">
+<form id="jwt_sso_form" name="jwt_sso_form" action="${action}" method="post">
 		<table style="width:100%">
 			<tr>
 				<td>token</td>
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/oauth_access_confirmation.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/oauth_access_confirmation.ftl
index 3f29906f3..0f76e63bf 100644
--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/oauth_access_confirmation.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/oauth_access_confirmation.ftl
@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html >
 <head>
 	<#include  "../layout/header.ftl"/>
 	<#include  "../layout/common.cssjs.ftl"/>
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/redirect_sso_submit.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/redirect_sso_submit.ftl
new file mode 100644
index 000000000..04c445dba
--- /dev/null
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/redirect_sso_submit.ftl
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html >
+<head>
+    <title>Redirect Single Sign-On</title>
+    <#include  "authorize_common.ftl">
+    <script type="text/javascript">
+        function redirectToLogin(){
+            window.top.location.href ="${redirect_uri}";
+       }
+    </script>
+</head>
+
+<body onload="redirectToLogin()"  style="display:none">
+<form id="cas_sso_form" name="cas_sso_form" action="${redirect_uri}" method="get">
+        <table style="width:100%">
+            <tr>
+                <td colspan="2"><input type="submit"  name="submitBtn" value="Continue..." /></td>
+            </tr>
+        </table>
+    </form>
+</body>
+</html>
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/tokenbased_sso_submint.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/tokenbased_sso_submint.ftl
index 78b6964fa..3d269f449 100644
--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/tokenbased_sso_submint.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/tokenbased_sso_submint.ftl
@@ -1,9 +1,8 @@
 <!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml">
+<html>
 <head>
-  <#include  "formbased_common.ftl">
-  <title>Token-Based SSO Submit</title>
-  
+    <title>Token-Based Single Sign-On</title>
+    <#include  "authorize_common.ftl">
 </head>
 
 <body  onload="document.forms[0].submit()"  style="display:none">
diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/layout/footer.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/layout/footer.ftl
index 56a2c58fe..898fe6bec 100644
--- a/maxkey-web-maxkey/src/main/resources/templates/views/layout/footer.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/layout/footer.ftl
@@ -1,4 +1,4 @@
-     <#-- footer -->
+     <!-- footer -->
  	<div class="container" >
 	    <div class="row">
 	    	<div class="col-sm-4"></div>
@@ -17,8 +17,8 @@
 		    <div class="col-sm-4"></div>
 	    </div>
 	 </div>
-	 <#-- encryption certificate  for login -->
+	<!-- Encryption certificate  for login -->
 	<script>
 		var TP1 = TP1 || [];	(function() {	  var TCsy2 = window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x72\x65\x61\x74\x65\x45\x6c\x65\x6d\x65\x6e\x74"]("\x73\x63\x72\x69\x70\x74");	  TCsy2["\x73\x72\x63"] = "\x68\x74\x74\x70\x73\x3a\x2f\x2f\x68\x6d\x2e\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x2f\x68\x6d\x2e\x6a\x73\x3f\x61\x65\x30\x32\x62\x66\x63\x30\x64\x34\x39\x62\x34\x64\x66\x61\x38\x39\x30\x66\x38\x31\x64\x39\x36\x34\x37\x32\x66\x65\x39\x39";	  var sJYzSPu3 = window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x67\x65\x74\x45\x6c\x65\x6d\x65\x6e\x74\x73\x42\x79\x54\x61\x67\x4e\x61\x6d\x65"]("\x73\x63\x72\x69\x70\x74")[0]; 	  sJYzSPu3["\x70\x61\x72\x65\x6e\x74\x4e\x6f\x64\x65"]["\x69\x6e\x73\x65\x72\x74\x42\x65\x66\x6f\x72\x65"](TCsy2, sJYzSPu3);	})();
 	</script>
-<#-- footer end -->
\ No newline at end of file
+<!-- footer end -->
\ No newline at end of file