Home >php教程 >PHP开发 >PHP implementation method of SSO single sign-on (Laravel framework)

PHP implementation method of SSO single sign-on (Laravel framework)

高洛峰
高洛峰Original
2016-12-28 16:12:172285browse

Laravel is a simple and elegant PHP Web development framework (PHP Web Framework). It can free you from messy codes like noodles; it can help you build a perfect network APP, and every line of code can be concise and expressive.

Let me briefly explain my logic. I don’t know if I understand sso correctly.

Suppose there are three sites a.baidu.com b.baidu.com c.baidu.com

a.baidu.com logs in to the account as a verified user.

b and c serve as clients (subsystems).

b and c jump to a when they need to log in, and carry the parameter source to indicate the link to jump after login.

aThe site is a normal login method (verifying user password), and some processing will be done after the verification is successful. A ticket needs to be generated. It doesn't matter how you generate it, as long as it's safe. Then store it in Cache. If you have any questions here, I will summarize them later. After successful login, just jump to \(url.

``` php private function getTicketUrl(\)source)
{
\(ticket = md5(time()+key); Cache::put(\)ticket, $user, 120);
$url = $source . '?ticket=' . $ticket;
return $url;
}

Suppose station a jumps to station b with a ticket (b.baidu.com?ticket=xxxxxxxxxxxxxxxx```)

Site b makes a global filter, accepts the ticket and then requests station a to verify whether the ticket is generated by a.

Site b filter App\Http\Middleware\CasAuthenticate. Code, here determines whether there is a ticket and sends the request to station a for verification. If it is logged in, the user UID is obtained to log in.

public function handle($request, Closure $next)
{
$ticket = $request->input('ticket');
if ($ticket) {
$result = json_decode('http://a.baidu.com' . '/auth/check-ticket?ticket=' . $ticket), true);
if ($result['state'] == "SUCCESS") {
$request->session()->flush();
Auth::loginUsingId($result['result']['uid']);
return redirect(redirect()->getUrlGenerator()->current());
}
}
return $next($request);

The logic is complete, but there are a few questions.

1. I don’t know if this implementation is correct. I wrote it based on the principle.


2. If station b now jumps to c. Station, because station b is more active, the session is always there, and the cache time of station a has most likely expired. At this time, it jumps from station b to station c, and station c jumps to station a to determine the login. The result It is found that it has failed, and you still have to log in. So this is a problem. Since our business module has poor correlation and will not jump at will, we will not consider this problem for the time being. But this is indeed a problem of mine. .

Regarding the PHP implementation method of SSO single sign-on (Laravel framework), the editor will introduce this to you. I hope it will be helpful to you!

More SSO single sign-on methods For articles related to PHP implementation methods (Laravel framework), please pay attention to the PHP Chinese website

!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn