需要借助 Windows 身份验证在 PHP 中集成 SSO
[英]Need to integrate SSO in PHP with the help of Windows authentication
问题描述
I am integrating SSO in my PHP project using onelogin/php_saml library.
我正在使用 onelogin/php_saml 库将 SSO 集成到我的 PHP 项目中。 The thing is I am able to login using this library when linked to AD FS.问题是我可以在链接到 AD FS 时使用这个库登录。 But on windows system, it still asks for username and password to enter.但是在windows系统上,它仍然要求输入用户名和密码。
So I need to know how I can skip that login when using IE browser and within intranet.所以我需要知道如何在使用 IE 浏览器和 Intranet 时跳过该登录。 ie. IE。 Windows Authentication. Windows 身份验证。
Thanks in advance.提前致谢。
2 个解决方案
解决方案1
1 2019-03-05 17:54:48
Single sign on requires the adfs page link to be added in intranet zone, also make sure spn is registered for adfs service account.单点登录需要在intranet区域添加adfs页面链接,并确保为adfs服务帐户注册了spn。
From application prospective make sure the authentication is getting redirected to wia endpoint从应用程序的角度确保身份验证被重定向到 wia 端点
解决方案2
1 已采纳 2019-03-08 11:41:35
IE by default provides windows authentication when you are in a local intranet.当您在本地 Intranet 中时,IE 默认提供 Windows 身份验证。 Firstly you need to add the domain URL into Internet Options => Security => Local intranet => Add to sites .首先,您需要将域 URL 添加到Internet Options => Security => Local Intranet => Add to sites 。
Now if you are using onelogin/php_saml library for connecting to AD then make sure your setting 'security' => 'requestedAuthnContext' is set to false .现在,如果您使用 onelogin/php_saml 库连接到 AD,请确保您的设置'security' => 'requestedAuthnContext' 设置为 false 。
Now make sure in AD setup, transform rule is set to "Windows Account name"现在确保在 AD 设置中,转换规则设置为“Windows 帐户名称”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.