Simple SSO implementation

Implementation of single-point Logon (SSO) based on phprpc [updated]

What is phprpc:
Phprpc is a lightweight, secure, cross-Internet, cross-language, cross-platform, cross-environment, cross-domain, support for transmission of complex objects, support for parameter reference, and support high-performance remote process call protocol that supports content output redirection, hierarchical error processing, session-oriented, and service-oriented.

Because phprpc has many of the above features, our SSO can also be secure, fast, and cross-origin.

Therefore, Single Sign-On means that you only need to log on to the central authentication server once, and then the browser polls the information returned by the central authentication server to access the application system for simulated login, then, you can access the application system without logging in.

 

The implementation principle is that the browser (using phprpc for Javascript) Request center authentication server (phprpc for PHP), usually at this time the browser is a login page, the browser passes the user name and password to the central authentication server. After the central authentication server successfully verifies the user name and password, it searches for the information corresponding to the user name and password in the database and generates a token based on the information) return to the browser. The browser uses the token to access the application system. After the application system receives the token, it uses the token to access the central authentication server. The central authentication server uses the token to search for the database, in this way, you can find the user name and password of the corresponding application system, and then return the user name and password to the application system, the application system then receives the username and password for Logon (usually a session or cookie writing process)

With the help of the database design diagram, we should better understand

 

As shown in the design diagram, the unified authentication server retrieves the "authenticated Server user table" from the user name and password passed by the browser through JavaScript to obtain the "user ID ", search for "Application System User table" based on the "user ID", and then obtain one or more records. Each result is generated in the "temporary session table, the "session ID" here is the primary key of the table, that is, our token, and the second field ID is the primary key of the corresponding "Application System User table", which is also important, it is to retrieve "Application System Table" based on "Application System ID" to obtain the address of the application system.

Then the unified authentication server combines the token with the access address of the application system into a new array and returns it to the browser.

Then, the browser runs JS and uses the passed token as the parameter to access the application system server.

The application system uses the token to access the unified authentication server to obtain the user name and password. After obtaining the user name and password, the login is complete.

See the code for more information.
For more information, visit http://www.phprpc.org
Download Code:
Http://bitctw.cn/hl/sso.rar
Updated