PHP single-point login problem

I made a single sign-on the problem is: for example, A, B, C three system, when no login will jump to the s system to log in, login success will generate a token, and the token will be sent back, while the token is stored in Redis. But how does the B and C system get that token?

Reply content:

I made a single sign-on the problem is: for example, A, B, C three system, when no login will jump to the s system to log in, login success will generate a token, and the token will be sent back, while the token is stored in Redis. But how does the B and C system get that token?

After getting this token , use curl or header to send the values to the other two B, C system interface, the interface or send and GET POST receive the token parameters, and then processing the token value. such as storing the token value in Redis, session, etc.

Pro, you have now deposited redis , B, C link redis and then directly from the redis inside to take it?

Against the current best answer, for example, if a single sign-on to the 100 system to be responsible for the login, each system has a user to log on after the request 99 times? What is it called? Single Sign-on.

Other people who read tokens directly from Redis, do you know which user to read which key?

The so-called single sign-on, not the user logged in a on behalf of also can log in B and C, but log in S can log on A, B, C.

So it takes two things:

The cookie/session of the 1.S system itself, as long as the user is logged into the S system (either directly accessing s or accessing s as a result of logging in to a), generates the user's cookie/session under the S system, and does not need to do any cross-domain processing.
2.login ticket, the user from a system, s system to determine whether the user is logged on the S system, if not logged in, the requirement to log in, after logging in or itself is logged in, will generate a unique ticket, the user and ticket into the database, The ticket is then returned to the a system via the user's browser, and the S system lets the user's browser jump to http://AAA.com/login/callback?ticket=xxxxx . This time a system got the ticket, in the internal to request the S-System check interface, s system to take this ticket and database of the comparison, find the corresponding user information back to a system, a system will know who to log on who the user.

Suggest master to look at the CAS protocol https://apereo.github.io/cas/...

There are n many reasons to oppose the adoption of the answer.
The process of issuing notes and verifying notes first is not correct (this system usually has to do two-machine hot standby, such as anti-single-point failure, or distributed, etc.)
As others have said, 100 systems say push 100? What's wrong with the timeout?
If one system is logged out, the other system should also be logged out?
If the permission has been modified, only allow login A, do not allow login B, how to do?

There are no cross-domain issues.

1. When entering the a system, jump to s system.

2. s system to verify the account, let the browser with the ticket (in the URL parameter) jump back to a system.

3. A system at this time is passed the bill, the system with curl and other methods to the S system to verify the ticket (also with the key of its own system to prove the legitimacy of this verification of a system), if it is an authorized ticket (even if the s system is logged on, it does not mean that you can log on a system, Specifically by the S system to determine the issuance of ticket login rights), then let enter, or then jump back to the S system login interface.

Landlord can deploy a Java version of the open source single sign-on system, to understand the specific usage and process. You can also get an authorization system like OAUTH2.0.

B,C provides an interface to get tokens, login successfully brush down the line

You can consider using cookies to store, transfer

After the main station is completed, the login server after the jump back to the page after the cross-domain code, and sent to the slave (or other sites) can, the code is as follows