No need for client plug-ins PHP can also be single sign-on

Analyze CAs principle, build PHP Single Sign-on

Single Sign-on, or SSO, is one of the most popular solutions for enterprise business integration, and SSO enables users to access all trusted applications in multiple application systems with only one login. CAS (central authentication Service) is a good single sign-on framework for WEB applications, in this paper, based on the principle of CAs, PHP implementation of single-sign-on method.

Suppose there are now two ordinary Web servers, a, b

Then assume that a, B resources on both servers need to be authenticated users to access (of course, user registration, user login and other pages not counted)

User login to one of the servers, assuming that a, with the permissions of a server, he would like to access the resources on the B server, and do not need to log in again, because he has just logged into a server, and did not log out, how to implement it.

In fact, we only need another server C to do the login, logoff and other operational verification services

To access the A server login page, server a redirects the page to authorization Server C, enters the user name and password to complete the authentication, and writes the authorization information to the session on Server C, Server C redirects the page, and passes the SessionID to server a via the URL parameter form. At this point, server A again through SessionID to server C to verify that the authorization information and stored in Server A local, so that server A and server C have both authorization information, the user access server B, Server B redirects the page to server C, because the browser saved the server C Cookie information, so, Server C can detect that the user has logged in, so do not need to log in again, directly through the form of URL parameters to SessionID in page rewrite to server B, Server B with the SessionID connection server C for authentication, After success, save the authorization information to Server B locally, so that Server B also has the same authorization information as Server C and does not need to log on

Server A,b,c These three servers, need to share the authorization information, can be the way of the database, memory cache tool or other file-type database mode to share the authorization information, when the user in the service, a, one of the other two (a,c or B,C) server authorization information is destroyed simultaneously

This completes the single sign-on,

Implementation principle Reference diagram: