SSO single sign-on system Access example

Source: Internet
Author: User
Tags mixed sprintf ticket yii

Simple talk about SSO single sign-on system of the principle of access, the premise is that the system itself has a sound user authentication function, that is, the basic user login function, it is very convenient to do.

SSO Login Request interface is often the interface plus a callback address, access to this address will jump to the callback address and take a ticket parameter, holding this ticket parameter request interface can obtain the user information, if there is a user automatically login, there is no new user and login.


For example, this SSO model implements two methods, one is to get the interface URL, one is to get the user information by ticket:

Php

Interface Ssologin
{
/**
* Get login user Information
* @param $ticket
* @return Mixed
*/
Public Function Getinfofromticket ($ticket);

/**
* Single sign-on authorization address
* @return Mixed
*/
Public function Getauthurl ();
}

Then look at the main method of the controller, such as the callback address is to jump to the controller http://www.example.com/sso/check?ticket=xxxx


/**
* Detect if Single sign-on
* @return bool|string
*/
Public Function ACTIONCheck ()
{
$ticket = Yii:: $app->getrequest ()->get (' ticket ');
if (! $ticket) {
return $this->renderautherror (' Please authorize first ', sprintf (' <a href= '%s ' > click Login Single sign-on system </a> ', Ssologin::getinstance ( )->getauthurl ());
}
$userInfo = Ssologin::getinstance ()->getinfofromticket ($ticket);
if (Empty ($userInfo [' username '])) {
return $this->renderautherror (' Please authorize first ', sprintf (' <a href= '%s ' > click Login Single sign-on system </a> ', Ssologin::getinstance ( )->getauthurl ());
}

$username = $this->getusername ($userInfo [' username ']);
$user = User::find ()->canlogin ()->username ($username)->one ();
if (! $user) {
$newUser = [];
$newUser [' username '] = $userInfo [' username '];
$newUser [' email '] = $this->getusername ($userInfo [' username ']);
$newUser [' role '] = User::role_dev;
$newUser [' is_email_verified '] = 1;
$newUser [' realname '] = $userInfo [' Truename '];
$user = $this->adduser ($newUser);
}
$isLogin = Yii:: $app->user->login ($user, 3600 * 24 * 30);
if ($isLogin) {
$this->redirect ('/task/index ');
}
return true;
}
Probably see the logic of this controller. The SSO interface plays a role in obtaining the user information, comparing the user information with the System User table, the user is logged in, there is no creation user and login.

This is an internal single point system, integrated into the background, perhaps other SSO is not the same as this, but the basic principle process is similar.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.