Example analysis of SSO single sign-on system access function implemented by PHP

This article mainly introduces the SSO single sign-on system access function implemented by PHP, and briefly analyzes the principles of SSO single sign-on system access and PHP-related implementation techniques. Friends in need can refer to the following

SSO’s full English name is Single Sign On, single sign-on. SSO is in multiple application systems. Users only need to log in once to access all mutually trusted application systems. It includes mechanisms that can map this primary login to logins for the same user in other applications. It is one of the more popular enterprise business integration solutions at present. Let’s take a look.

Let me briefly talk about the principle of accessing the SSO single sign-on system. The premise is that the system itself has a complete user authentication function, that is, a basic user login function, which is very convenient.

The SSO login request interface is often the interface plus a callback address. Accessing this address will jump to the callback address and bring a ticket parameter. Using this ticket parameter and then requesting the interface can obtain the user information. If If the user exists, the user will be logged in automatically. If the user does not exist, the user will be added and logged in.

For example, this SSO model implements two methods, one is to obtain the interface url, and the other is to obtain user information based on the ticket:

interface SSOLogin { /** * 获取登录用户信息 * @param $ticket * @return mixed */ public function getInfoFromTicket($ticket); /** * 单点登录授权地址 * @return mixed */ public function getAuthUrl(); }

Come again Take a look at the main methods of the controller. For example, the callback address is to jump to the controller http://www.example.com/sso/check?ticket=xxxx

/** * 检测是否单点登录 * @return bool|string */ public function actionCheck() { $ticket = Yii::$app->getRequest()->get('ticket'); if (!$ticket) { return $this->renderAuthError('请先授权', sprintf('点击登录单点登录系统', SSOlogin::getInstance()->getAuthUrl())); } $userInfo = SSOlogin::getInstance()->getInfoFromTicket($ticket); if (empty($userInfo['username'])) { return $this->renderAuthError('请先授权', sprintf('点击登录单点登录系统', SSOlogin::getInstance()->getAuthUrl())); } $username = $this->getUserName($userInfo['username']); $user = User::find()->canLogin()->username($username)->one(); if (!$user) { $newUser = []; $newUser['username'] = $userInfo['username']; $newUser['email'] = $this->getUserName($userInfo['username']); $newUser['role'] = User::ROLE_DEV; $newUser['is_email_verified'] = 1; $newUser['realname'] = $userInfo['truename']; $user = $this->addUser($newUser); } $isLogin = Yii::$app->user->login($user, 3600 * 24 * 30); if ($isLogin) { $this->redirect('/task/index'); } return true; }

You can probably understand it by looking at the logic of this controller. The function of the SSO interface is to obtain user information. Compare this user information with the system user table. If a user exists, log in. If there is no user, create a user and log in.

This is an internal single-point system, integrated into the backend. Other SSOs may be different from this, but the basic principles and processes are similar.

Summary: The above is the entire content of this article, I hope it will be helpful to everyone's study.

Related recommendations:

php_imagick’s method of achieving retro effects

JS,phpDetailed explanation of keyword search function usage

phpmysql processing time

The above is the detailed content of Example analysis of SSO single sign-on system access function implemented by PHP. For more information, please follow other related articles on the PHP Chinese website!