PHP implementation method of SSO single sign-on (Laravel framework)-PHP开发-php.cn

PHP implementation method of SSO single sign-on (Laravel framework)

高洛峰

Release： 2016-12-28 16:12:17

Original

2258 people have browsed it

Laravel is a simple and elegant PHP Web development framework (PHP Web Framework). It can free you from messy codes like noodles; it can help you build a perfect network APP, and every line of code can be concise and expressive.

Let me briefly explain my logic. I don’t know if I understand sso correctly.

Suppose there are three sites a.baidu.com b.baidu.com c.baidu.com

a.baidu.com logs in to the account as a verified user.

b and c serve as clients (subsystems).

b and c jump to a when they need to log in, and carry the parameter source to indicate the link to jump after login.

aThe site is a normal login method (verifying user password), and some processing will be done after the verification is successful. A ticket needs to be generated. It doesn't matter how you generate it, as long as it's safe. Then store it in Cache. If you have any questions here, I will summarize them later. After successful login, just jump to \(url.

``` php private function getTicketUrl(\)source)
{
\(ticket = md5(time()+key); Cache::put(\)ticket, $user, 120);
$url = $source . &#39;?ticket=&#39; . $ticket;
return $url;
}

Copy after login

Suppose station a jumps to station b with a ticket (b.baidu.com?ticket=xxxxxxxxxxxxxxxx```)

Site b makes a global filter, accepts the ticket and then requests station a to verify whether the ticket is generated by a.

Site b filter App\Http\Middleware\CasAuthenticate. Code, here determines whether there is a ticket and sends the request to station a for verification. If it is logged in, the user UID is obtained to log in.

public function handle($request, Closure $next)
{
$ticket = $request->input(&#39;ticket&#39;);
if ($ticket) {
$result = json_decode(&#39;http://a.baidu.com&#39; . &#39;/auth/check-ticket?ticket=&#39; . $ticket), true);
if ($result[&#39;state&#39;] == "SUCCESS") {
$request->session()->flush();
Auth::loginUsingId($result[&#39;result&#39;][&#39;uid&#39;]);
return redirect(redirect()->getUrlGenerator()->current());
}
}
return $next($request);

Copy after login

The logic is complete, but there are a few questions.

1. I don’t know if this implementation is correct. I wrote it based on the principle.

2. If station b now jumps to c. Station, because station b is more active, the session is always there, and the cache time of station a has most likely expired. At this time, it jumps from station b to station c, and station c jumps to station a to determine the login. The result It is found that it has failed, and you still have to log in. So this is a problem. Since our business module has poor correlation and will not jump at will, we will not consider this problem for the time being. But this is indeed a problem of mine. .

Regarding the PHP implementation method of SSO single sign-on (Laravel framework), the editor will introduce this to you. I hope it will be helpful to you!

More SSO single sign-on methods For articles related to PHP implementation methods (Laravel framework), please pay attention to the PHP Chinese website