How does one implement PHP single sign-on?

How does one implement PHP single sign-on? Is there a general solution? How does one implement PHP single sign-on? Is there a general solution?

Reply content:

How does one implement PHP single sign-on? Is there a general solution?

Learn Weibo, the simplest and easiest single-point logon

Create an sso site and log on to the site. assume that the site S is used, the business site is a B C D, and the four business sites are used to determine whether to log on. if not, skip S to determine, s. if you determine that you have logged on, return the token to a B C D. The business site then obtains the user information based on the token. Generally, the user information is stored in mc or redis. you can store DB in A wonderful way .... Of course, https is recommended for S.

• The general solution is session.

• The session is a long string of codes generated after logon, such as '232ff23423ceb23123331eefaab312bbc '. at the same time, it corresponds to the user's logon information, such as the user ID...

• You can log on to the system to generate a session that exists in redid or memcached. then, all subsystems can go to memcached/redis to query and verify the session. If yes, they are considered to be logged on and trusted.

• By the way: using secure connection protocols such as HTTPS also requires a relatively short expiration time for the session to be renewed. after all, session hijacking is terrible.

Save the logon information to the cookie/session.
The specific implementation is free to look at the framework login module.

It depends on the level at which the session transformation will be more difficult if it is distributed, and the token method is better.

Method 1: user authentication is implemented through Web Service. after authentication is passed, the authentication ticket is automatically generated randomly and sent to the user. when the user accesses other applications, you only need to verify the validity of the identity authentication ticket.
Method 2: Use the CAS server for user authentication.

The following are the main steps in this authentication protocol. The user tries to use the application URL to access the application. The user is redirected to the CAS logon URL using an HTTPS connection. the name of the requested service is passed as a parameter. A user name/password dialog box is displayed. The user enters the ID and password, and CAS authenticates the user. If the authentication fails, the target application does not know that the user tried to access it-the user was stopped on the CAS server. If the authentication succeeds, CAS redirects the user back to the target application and adds a parameter called ticket to the URL. CAS then tries to create a memory cookie called the ticket-granting cookie. This is for automatic re-verification in the future. if this cookie exists, it indicates that the user has successfully logged on, and the user does not need to enter the user name and password again. Then, the application needs to check whether the ticket is correct and whether it represents a valid user. the check method is to open an HTTPS connection to call the CAS servicidate URL, and pass the ticket and service names as parameters. CAS checks whether the ticket is valid and whether it is associated with the requested service. If the check succeeds, CAS returns the user name to the application.

Method 3: use an open-source single sign-on framework...