php单点登录SSO-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

php单点登录SSO

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 23, 2016 pm 01:23 PM

单点登录步骤:

用户访问应用程序a.com
应用程序a.com重定向到login.com(认证中心)并带上对应的应用程序地址
login.com进行数据认证
login.com返回到a.com后面加上一个ticket(令牌)
a.com服务器得到ticket与login.com进行交互得到用户的信息
显示用户信息

主要:

得到用户信息要控制服务器的来源
对ticket进行加密

下面技术两种单点登录的形式:

同域下面SSO登录

如果我有一个站点一级域名为：58kankan.cn我要求http://a.58kankan.cn和http://b.58kankan.cn只要其中一个站点登录了我就可以访问另外一个站点.实现方式如下：将登录的Cookie保存到58kankan.cn下面就可以了

[php] view plaincopy

setcookie("userName",$uname,time()+3600,'','58kankan.cn');

不同域下面的SSO

原理是在任意一个域名下登录以后，登录系统使用获得的用户登录数据分别去请求其他的域的登录接口（具体应用的时候可以通过iframe等方式隐藏的向其他域提交），相应接口返回对应域的cookies信息,这样当用户访问站群内其他站点的时候，因已经提前获取了认证cookies因此实现了单点登录

比如sohu的单点登录系统就是采用的此方法，当用户在sohu旗下的任意网站登录时，首先统一登录到域passport.sohu.com下，登录成功后再使用iframe去请求其域下的passport.sohu.com/sso/crossdomain_all.jsp?action=login文件，此文件里面是一些js的文件请求，同样是请求passport.sohu.com域下文件，而此文件会读取cookies信息，并附加其身份信息重定向到其他的域上,其他的域根据附加过来的信息写cookies，实现多域的单点登录。退出的时候也是同样的机制。虽然原理简单，但涉及到了浏览器的隐私机制，ie需要设置特殊的文件头才可以正常设置跨域的cookies信息，详情可以看下设置P3P头实现跨域访问COOKIE，具体就是在重定向后的url页面设置cookies的时候，首先输出:

[php] view plaincopy

下面我来看看代码实现过程:

Success.php代码如下：

[php] view plaincopy

Croeedomain_all.php代码如下:

[php] view plaincopy

Crossdomain.php代码如下:

[php] view plaincopy

58gou站点的setcookie.php代码如下:

[php] view plaincopy

其实在crossdomain_all.php中的就可以直接向你要发送的站点去设置cookie信息了,我这边只是将javascript和iframe弄到了一起呵呵

header('P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"');
$username = $_GET['userName'];
$action = $_GET['action'];
switch ($action){
case 'login':
setcookie("userName",$username,time()+3600,"/","58kankan.cn");
break;
default :
setcookie("userName",'',0,"/","58kankan.cn");
break;
}

if( $_COOKIE['userName'] ){
$username = $_COOKIE['userName'];
$action = $_GET['action'];
$domain = $_GET['domain'];
switch ( $action ){
case 'login':
header("Location:http://".$domain.'/setcookie.php?userName='.$username.'&action='.$action);
break;
case 'logout':
default :
header("Location:http://".$domain.'/setcookie.php?userName='.$username.'&action='.$action);
break;
}
?>
header("Location:/");
}?>

if( $_COOKIE['userName'] ){
$username = $_COOKIE['userName'];
$action = $_GET['action'];
?>
<script>"></script>
<script>"></script>
header("Location:/");
}?>

if( $_COOKIE['userName'] ){
$username = $_COOKIE['userName'];
?>
<script>var _frm = document.createElement("iframe"); </script>
_frm.style.display="none";
_frm.src = "crossdomain_all.php?action=login";
document.head.appendChild(_frm);
欢迎登录
退出
header("Location:/");
}?>

header('P3P: CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"');

跨域设置cookie设置cookie的时候可以分别用到iframe和javascript两种形式来实行

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

4 weeks ago By DDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

3 weeks ago By DDD

Where to find the Crane Control Keycard in Atomfall

4 weeks ago By DDD

Roblox: Dead Rails - How To Complete Every Challenge

1 months ago By DDD

How to fix KB5055523 fails to install in Windows 11?

2 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7716

Java Tutorial

1641

CakePHP Tutorial

1395

Laravel Tutorial

1289

PHP Tutorial

1232

Related knowledge

Alipay PHP SDK transfer error: How to solve the problem of 'Cannot declare class SignData'? Apr 01, 2025 am 07:21 AM

Alipay PHP...

Explain JSON Web Tokens (JWT) and their use case in PHP APIs. Apr 05, 2025 am 12:04 AM

JWT is an open standard based on JSON, used to securely transmit information between parties, mainly for identity authentication and information exchange. 1. JWT consists of three parts: Header, Payload and Signature. 2. The working principle of JWT includes three steps: generating JWT, verifying JWT and parsing Payload. 3. When using JWT for authentication in PHP, JWT can be generated and verified, and user role and permission information can be included in advanced usage. 4. Common errors include signature verification failure, token expiration, and payload oversized. Debugging skills include using debugging tools and logging. 5. Performance optimization and best practices include using appropriate signature algorithms, setting validity periods reasonably,

How does session hijacking work and how can you mitigate it in PHP? Apr 06, 2025 am 12:02 AM

Session hijacking can be achieved through the following steps: 1. Obtain the session ID, 2. Use the session ID, 3. Keep the session active. The methods to prevent session hijacking in PHP include: 1. Use the session_regenerate_id() function to regenerate the session ID, 2. Store session data through the database, 3. Ensure that all session data is transmitted through HTTPS.

Describe the SOLID principles and how they apply to PHP development. Apr 03, 2025 am 12:04 AM

The application of SOLID principle in PHP development includes: 1. Single responsibility principle (SRP): Each class is responsible for only one function. 2. Open and close principle (OCP): Changes are achieved through extension rather than modification. 3. Lisch's Substitution Principle (LSP): Subclasses can replace base classes without affecting program accuracy. 4. Interface isolation principle (ISP): Use fine-grained interfaces to avoid dependencies and unused methods. 5. Dependency inversion principle (DIP): High and low-level modules rely on abstraction and are implemented through dependency injection.

How to debug CLI mode in PHPStorm? Apr 01, 2025 pm 02:57 PM

How to debug CLI mode in PHPStorm? When developing with PHPStorm, sometimes we need to debug PHP in command line interface (CLI) mode...

How to automatically set permissions of unixsocket after system restart? Mar 31, 2025 pm 11:54 PM

How to automatically set the permissions of unixsocket after the system restarts. Every time the system restarts, we need to execute the following command to modify the permissions of unixsocket: sudo...

Explain late static binding in PHP (static::). Apr 03, 2025 am 12:04 AM

Static binding (static::) implements late static binding (LSB) in PHP, allowing calling classes to be referenced in static contexts rather than defining classes. 1) The parsing process is performed at runtime, 2) Look up the call class in the inheritance relationship, 3) It may bring performance overhead.

How to send a POST request containing JSON data using PHP's cURL library? Apr 01, 2025 pm 03:12 PM

Sending JSON data using PHP's cURL library In PHP development, it is often necessary to interact with external APIs. One of the common ways is to use cURL library to send POST�...

See all articles