PHP应用程序使用ADFS单点登录
[英]PHP application single sign on with ADFS
问题描述
I am planning to integrate my php application with ADFS for single sign on 
我打算将我的php应用程序与ADFS集成以进行单点登录
So here is the flow 所以这是流程
The user will open the domain of my app if he is not already signed in i will redirect it to sso url provided in the metadata.xml file shared with me by the AD team.
用户将打开我的应用程序的域,如果他尚未登录,我将重定向到AD团队与我共享的metadata.xml文件中提供的sso url。 Once he is redirected to the AD login once the users fills the login page the request would come to my application
一旦用户填写登录页面,他就会被重定向到AD登录,请求将进入我的应用程序
1st Question :- 第一个问题: -
( How is this going to happen ?? ) Do i need to provide to the url to the AD (这将如何发生?)我是否需要向AD提供网址
2nd Question :- 第二个问题: -
What would be the request type, structure going to be 什么是请求类型,结构将是什么
3rd Question :- 第三个问题: -
How is the application going to validate whether the user is authenticated or not. 应用程序如何验证用户是否经过身份验证。 ? ?
1 个解决方案
解决方案1
0 2019-04-26 11:26:39
you should be getting the integration document form AD Team, from this help disk the workflow will be as follows 您应该从AD Team获取集成文档,从该帮助磁盘的工作流程如下
- The user navigates to a URL provided by the ADFS service. 用户导航到ADFS服务提供的URL。
- The ADFS service then authenticates the user via the organization's AD service. 然后,ADFS服务通过组织的AD服务对用户进行身份验证。
- Upon authenticating, the ADFS service then provides the user with an authentication claim. 在进行身份验证后,ADFS服务会向用户提供身份验证声明。
- The user's browser then forwards this claim to the target application, which either grants or denies access based on the Federated Trust service created. 然后,用户的浏览器将此声明转发给目标应用程序,该目标应用程序根据创建的联合信任服务授予或拒绝访问权限。
as per the 4th point, user will be returned with the claim(must be some tokens) to federation, using that you should validate the user again from ADFS,. 根据第4点,用户将返回声明(必须是一些令牌)到联盟,使用它应该再次从ADFS验证用户。
Noe: read-out the documents that you got from ADFS
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.