PHP implementation method of SSO single sign-on (Laravel framework)

Laravel is a simple and elegant PHP Web development framework (PHP Web Framework). It can free you from messy codes like noodles; it can help you build a perfect network APP, and every line of code can be concise and expressive.

Let me briefly explain my logic. I don’t know if I understand sso correctly.

Suppose there are three sites a.baidu.com b.baidu.com c.baidu.com

a.baidu.com logs in to the account as a verified user.

b and c serve as clients (subsystems).

b and c jump to a when they need to log in, and carry the parameter source to indicate the link to jump after login.

aThe site is a normal login method (verifying user password), and some processing will be done after the verification is successful. A ticket needs to be generated. It doesn't matter how you generate it, as long as it's safe. Then store it in Cache. If you have any questions here, I will summarize them later. After successful login, just jump to \(url.

``` php private function getTicketUrl(\)source)
{
\(ticket = md5(time()+key); Cache::put(\)ticket, $user, 120);
$url = $source . '?ticket=' . $ticket;
return $url;
}

Suppose station a jumps to station b with a ticket (b.baidu.com?ticket=xxxxxxxxxxxxxxxx```)

Site b makes a global filter, accepts the ticket and then requests station a to verify whether the ticket is generated by a.

Site b filter App\Http\Middleware\CasAuthenticate. Code, here determines whether there is a ticket and sends the request to station a for verification. If it is logged in, the user UID is obtained to log in.

public function handle($request, Closure $next)
{
$ticket = $request->input('ticket');
if ($ticket) {
$result = json_decode('http://a.baidu.com' . '/auth/check-ticket?ticket=' . $ticket), true);
if ($result['state'] == "SUCCESS") {
$request->session()->flush();
Auth::loginUsingId($result['result']['uid']);
return redirect(redirect()->getUrlGenerator()->current());
}
}
return $next($request);

The logic is complete, but there are a few questions.

1. I don’t know if this implementation is correct. I wrote it based on the principle.

2. If station b now jumps to c. Station, because station b is more active, the session is always there, and the cache time of station a has most likely expired. At this time, it jumps from station b to station c, and station c jumps to station a to determine the login. The result It is found that it has failed, and you still have to log in. So this is a problem. Since our business module has poor correlation and will not jump at will, we will not consider this problem for the time being. But this is indeed a problem of mine. .

Regarding the PHP implementation method of SSO single sign-on (Laravel framework), the editor will introduce this to you. I hope it will be helpful to you!

More SSO single sign-on methods For articles related to PHP implementation methods (Laravel framework), please pay attention to the PHP Chinese website

!