Sso single sign-on PHP implementation (Laravel framework) my blog address: Luo Zhiqiang's blog is welcome to exchange links and exchange ideas.
Simply put, I don't know whether I understand sso or not.
Assume that the three sites a.baidu.com B .baidu.com c.baidu.com
A.baidu.com.
B and c are used as clients (subsystems ).
B and c jump to a when they need to log on, and contain the source parameter to indicate the link to jump after login.
Site a is a common login method (user password verification). after the verification is successful, perform some processing. You need to generate a ticket. how can you create a ticket. And then stored in the Cache. If you have any questions, we will summarize them later. After successful login, you can directly jump to \ (url is enough. "Php private function getTicketUrl (\) source)
{
\ (Ticket = md5 (time () + key); Cache: put (\) ticket, $ user, 120 );
$ Url = $ source .'? Ticket = '. $ ticket;
Return $ url;
}
Assume that station a has taken ticket to station B (B .baidu.com? Ticket = xxxxxxxxxxxxxxxx ")
Site B makes a global filter, accepts the ticket, and then requests site a to verify whether ticket is generated by site.
The B-site filter App \ Http \ Middleware \ CasAuthenticate code. here, you can determine whether ticket exists and send the request to site a for verification. If the user logs on, the user UID is obtained for login.
public function handle($request, Closure $next) { $ticket = $request->input('ticket'); if ($ticket) { $result = json_decode('http://a.baidu.com' . '/auth/check-ticket?ticket=' . $ticket), true); if ($result['state'] == "SUCCESS") { $request->session()->flush(); Auth::loginUsingId($result['result']['uid']); return redirect(redirect()->getUrlGenerator()->current()); } } return $next($request); }
The logic is complete, but there are several questions.
1. I have no idea whether this is true or not. I wrote it based on the principle.
2. assume that site B is now redirected to Site c. because Site B is active frequently, sessions are always there, and the cache time of site a is likely to have expired. at this time, the site B is redirected to Site c, station c jumps to station a to determine the login, and the result shows that the login has expired. Therefore, this is a problem. We do not consider this problem because our business module has poor relevance and will not jump randomly. But this is indeed a problem for me. I have no idea.