Php implements SSO single-point login and logout using CAS

Php uses CAS to implement SSO single-point login and logout .. CAS Server setup cas server: downloads.jasig.orgcasdecompress cas-server-4.0.0-release.zip rename the cas-server-webapp-4.0.0.war under the modules directory as cas. copy war to tomcat's webapps, start tomcat, and access:

Php uses CAS to implement SSO single-point login and logout .. CAS Server setup cas server: http://downloads.jasig.org/cas/ decompressing cas-server-4.0.0-release.zip rename the cas-server-webapp-4.0.0.war under the modules directory cas. copy war to tomcat's webapps, start tomcat, and access:

Php implements SSO single-point login and logout using CAS

1. CAS server Construction

CAS server: http://downloads.jasig.org/cas/

Decompress cas-server-4.0.0-release.zip and rename the cas-server-webapp-4.0.0.war under the modules directory as cas. copy war to tomcat's webapps and start tomcat. visit http: // localhost: 8080/cas/login to see the logon interface:

By default, the cas server uses user name = password verification and https verification. You must configure a certificate for tomact. The system does not use https verification. for https verification, see:

Http://blog.csdn.net/haydenwang8287/archive/2010/07/26/5765941.aspx

1. If http authentication is not used, the server must be configured as follows:

Find the following content for the cas/WEB-INF/deployerConfigContext. xml file:

Add the parameter p: requireSecure = "false", whether security verification is required, that is, HTTPS. If false is not used, add the parameter as follows:

Find the following file: cas/WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator. xml:

Parameter p: cookieSecure = "true". Similarly, it is related to HTTPS verification. TRUE indicates HTTPS verification and FALSE indicates that https verification is not used.
Parameter p: cookieMaxAge = "-1", which is simply the maximum life cycle of a COOKIE.-1 indicates no life cycle, which is valid only in the currently opened IE window, IE closes or re-opens other windows, verification is still required. You can change it to a number greater than 0 as needed, such as 3600. This means that any IE window opened within 3600 seconds does not require verification.

Server exit address: http: // localhost: 8080/cas/logout ,:

If you want to return after exiting, You need to configure the server cas-servlet.xml Configuration

Add property p: followServiceRedirects = "true"

The exit link is http: // localhost: 8080/cas/logout? Service = http: // localhost: 8080/Casclient/index. jsp

2. Change the server verification method and adopt database verification.

Modify the configuration file deployerConfigContext. xml and add the dbcp connection pool: (oracle is used as an example)

        
              
   
    oracle.jdbc.driver.OracleDriver
          
         
              
   
    jdbc:oracle:thin:@192.168.18.26:1521:orcl
          
         
              
   
    test
          
         
              
   
    test
          
       
 

The required jar packages are: (cas-server-support-jdbc-3.4.4.jar, commons-dbcp-1.2.1.jar, commons-pool-1.3.jar, ojdbc14_g.jar)

Configure the encryption method. cas has built-in MD5 encryption. You can also write your own encryption class to implement the org. jasig. cas. authentication. handler. PasswordEncoder interface:

Comment out the default verification method and use database query Verification:

Server configuration complete

2. Configure the PHP Client

PHP client: http://downloads.jasig.org/cas-clients/php/. the latest version is cas-1.2.0.orc2.

Create a project: phpCasClient. set the CAS folder and CAS. copy php to the project and modify CAS/client. php, change https to http, and create the php file: user. php. This file is used to process single-point login. The content is as follows:

  "Http: // localhost/phpCasClient/user. php? A = login "); phpCAS: logout ($ param);}/*** @ desc LoginCas () single-point logon */public function loginCas () {Header ('p3p: CP = "idc dsp cor adm DEVi TAIi psa psd IVAi IVDi CONi his our ind cnt" '); // casinclude 'cas-1.2.0/CAS. php '; // initialize phpCAS // phpCAS: client (CAS_VERSION_2_0, 'service address', port number, 'cas address'); phpCAS: client (CAS_VERSION_2_0, "192.168.142.1", "80", "/cas", true); // This parameter can be used for debugging. You can use cas on the server. log to see the verification process. // PhpCAS: setDebug (); // address to jump to after successful login -- add the phpCAS: setServerLoginUrl ("https: // 192.168.142.1: 80/cas/login? Embed = true & cssUrl = http: // localhost/phpCasClient/style/login.css & service = http: // localhost/phpCasClient/user. php? A = loginCas "); // no SSL validation for the CAS server does not use the SSL Service to verify phpCAS: setNoCasServerValidation (); // This will detect the server exit notification, php and other language platforms can log out of phpCAS: handleLogoutRequests (); if (phpCAS: checkAuthentication () {// get the login username $ username = phpCAS:: getUser (); // After the user logs in successfully, use js to redirect the page to echo"