Sample analysis of SSO single sign-on system access function implemented in PHP
- 高洛峰Original
- 2016-12-28 16:07:012375browse
The example of this article describes the SSO single sign-on system access function implemented by PHP. Share it with everyone for your reference, the details are as follows:
The full English name of SSO is Single Sign On, single sign-on. SSO is in multiple application systems. Users only need to log in once to access all mutually trusted application systems. It includes mechanisms that can map this primary login to logins for the same user in other applications. It is one of the more popular enterprise business integration solutions at present. Let’s take a look.
Let’s briefly talk about the principle of accessing the SSO single sign-on system. The premise is that the system itself has a complete user authentication function, that is, a basic user login function, which is very convenient.
The SSO login request interface is often the interface plus a callback address. Accessing this address will jump to the callback address and bring a ticket parameter. Using this ticket parameter and then requesting the interface can obtain the user information. If If the user exists, the user will be logged in automatically. If the user does not exist, the user will be added and logged in.
For example, this SSO model implements two methods, one is to obtain the interface url, and the other is to obtain user information based on the ticket:
interface SSOLogin
{
/**
* 获取登录用户信息
* @param $ticket
* @return mixed
*/
public function getInfoFromTicket($ticket);
/**
* 单点登录授权地址
* @return mixed
*/
public function getAuthUrl();
}Let’s take a look at the main methods of the controller. For example, the callback address is Jump to the controller http://www.example.com/sso/check?ticket=xxxx
/**
* 检测是否单点登录
* @return bool|string
*/
public function actionCheck()
{
$ticket = Yii::$app->getRequest()->get('ticket');
if (!$ticket) {
return $this->renderAuthError('请先授权', sprintf('<a href="%s">点击登录单点登录系统</a>', SSOlogin::getInstance()->getAuthUrl()));
}
$userInfo = SSOlogin::getInstance()->getInfoFromTicket($ticket);
if (empty($userInfo['username'])) {
return $this->renderAuthError('请先授权', sprintf('<a href="%s">点击登录单点登录系统</a>', SSOlogin::getInstance()->getAuthUrl()));
}
$username = $this->getUserName($userInfo['username']);
$user = User::find()->canLogin()->username($username)->one();
if (!$user) {
$newUser = [];
$newUser['username'] = $userInfo['username'];
$newUser['email'] = $this->getUserName($userInfo['username']);
$newUser['role'] = User::ROLE_DEV;
$newUser['is_email_verified'] = 1;
$newUser['realname'] = $userInfo['truename'];
$user = $this->addUser($newUser);
}
$isLogin = Yii::$app->user->login($user, 3600 * 24 * 30);
if ($isLogin) {
$this->redirect('/task/index');
}
return true;
}You will understand the logic of this controller. The function of the SSO interface is to obtain user information. Compare this user information with the system user table. If a user exists, log in. If there is no user, create a user and log in.
This is an internal single-point system, integrated into the backend. Other SSOs may be different from this, but the basic principles and processes are similar.
I hope this article will be helpful to everyone in PHP programming.
For more relevant articles on sample analysis of the SSO single sign-on system access function implemented by PHP, please pay attention to the PHP Chinese website!