SSO single sign-on system Access example

Simple talk about SSO single sign-on system of the principle of access, the premise is that the system itself has a sound user authentication function, that is, the basic user login function, it is very convenient to do.

SSO Login Request interface is often the interface plus a callback address, access to this address will jump to the callback address and take a ticket parameter, holding this ticket parameter request interface can obtain the user information, if there is a user automatically login, there is no new user and login.

For example, this SSO model implements two methods, one is to get the interface URL, one is to get the user information by ticket:

Php

Interface Ssologin
{
/**
* Get login user Information
* @param $ticket
* @return Mixed
*/
Public Function Getinfofromticket ($ticket);

/**
* Single sign-on authorization address
* @return Mixed
*/
Public function Getauthurl ();
}

Then look at the main method of the controller, such as the callback address is to jump to the controller http://www.example.com/sso/check?ticket=xxxx

/**
* Detect if Single sign-on
* @return bool|string
*/
Public Function ACTIONCheck ()
{
$ticket = Yii:: $app->getrequest ()->get (' ticket ');
if (! $ticket) {
return $this->renderautherror (' Please authorize first ', sprintf (' <a href= '%s ' > click Login Single sign-on system </a> ', Ssologin::getinstance ( )->getauthurl ());
}
$userInfo = Ssologin::getinstance ()->getinfofromticket ($ticket);
if (Empty ($userInfo [' username '])) {
return $this->renderautherror (' Please authorize first ', sprintf (' <a href= '%s ' > click Login Single sign-on system </a> ', Ssologin::getinstance ( )->getauthurl ());
}

$username = $this->getusername ($userInfo [' username ']);
$user = User::find ()->canlogin ()->username ($username)->one ();
if (! $user) {
$newUser = [];
$newUser [' username '] = $userInfo [' username '];
$newUser [' email '] = $this->getusername ($userInfo [' username ']);
$newUser [' role '] = User::role_dev;
$newUser [' is_email_verified '] = 1;
$newUser [' realname '] = $userInfo [' Truename '];
$user = $this->adduser ($newUser);
}
$isLogin = Yii:: $app->user->login ($user, 3600 * 24 * 30);
if ($isLogin) {
$this->redirect ('/task/index ');
}
return true;
}
Probably see the logic of this controller. The SSO interface plays a role in obtaining the user information, comparing the user information with the System User table, the user is logged in, there is no creation user and login.

This is an internal single point system, integrated into the background, perhaps other SSO is not the same as this, but the basic principle process is similar.