堆栈内存溢出
  简体   繁体   English

在PHP中实现单点登录

[英]Implementing Single Sign On in PHP

 原文  2011-03-15 15:43:17       php/ ldap/ single-sign-on

问题描述

Can anyone point out what the obvious flaws with this approach would be, as I am sure there will be some... 谁能指出这种方法的明显缺陷是什么,因为我敢肯定会有一些...

  1. User tries to access restricted area on 'original box' 用户尝试访问“原始框”上的限制区域
  2. User is not logged in, so is redirected to 'secure box' 用户尚未登录,因此被重定向到“安全框”
  3. User logs in via LDAP using SSL & ldaps 用户使用SSL和ldaps通过LDAP登录
  4. Session is created on 'secure box' 会话在“安全框”上创建
  5. User is redirected back to 'original box' 用户被重定向回“原始框”
  6. 'original box' does a file_get_contents to session.php on 'secure box' “原始框”对“安全框”上的session.php执行file_get_contents
  7. 'secure box' checks for valid session, and if present returns username and some extra info as xml (obviously no password info) “安全框”检查有效的会话,如果存在则返回用户名和一些其他信息(如xml)(显然没有密码信息)
  8. 'original box' uses xml to create local session “原始框”使用xml创建本地会话
  9. User is allowed to progress through protected area with each page view checking 'secure box' for valid session 允许用户在每个页面视图中选中“安全框”以进行有效会话时浏览保护区

2 个解决方案

解决方案1
 0  2011-03-15 15:49:36

I don't get why you use file_get_content(); 我不明白为什么你使用file_get_content(); instead of include/require. 而不是包含/要求。

Why do you need to get the content of "session.php" at all? 为什么您需要完全获取“ session.php”的内容? Couldn't you simply use $_SESSION['myVar']; 您不能简单地使用$ _SESSION ['myVar']; to get the session infos you need? 获取您需要的会话信息?

解决方案2
 0  2011-06-21 12:06:32

  1. to pass data serialize object(from session class)? 通过数据序列化对象(从会话类)?
    or alternatively serialize array containing what you need. 或者序列化包含所需内容的数组。

  2. to transfer the data and keep them accurate 传输数据并保持准确性
    memcached (which might get updated by any site ie. expired session, logout) memcached(可能会通过任何站点进行更新,例如会话过期,注销)
    [no]SQL server (can be ReadOnly for services using SSO) [no] SQL服务器(对于使用SSO的服务可以只读)
    text file on 'secure box' (assuming it doesn't contain any sensitive data) “安全框”上的文本文件(假设它不包含任何敏感数据)

btw: SSO system purpose is to only validate the user credentials. 顺便说一句:SSO系统的目的是仅验证用户凭据。 No groups etc. 没有团体等
usually either returns redirect or username(using https check)... 通常返回重定向或用户名(使用https检查)...

make sure you use SSL trust between them to verify if the service is allowed to use sso, or for service if someone is fake-ing the 'secure box'. 确保您在它们之间使用SSL信任来验证是否允许该服务使用sso,或者如果有人在伪造“安全盒”,则用于服务。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Moodle实现单点登录 - Moodle implementing Single Sign On 需要在 PHP 中实现单点登录 - Need to Implement Single Sign On in PHP 在Joomla和Php之间进行单点登录 - Single Sign on between Joomla and Php PHP单一登录Active Directory - PHP Single Sign On Active Directory 使用php单一登录gmail - single sign on with gmail using php 在不同域上单点登录PHP - Single Sign On Different Domains PHP 使用cookie php单点登录 - Single sign on using cookie php PHP应用程序使用ADFS单点登录 - PHP application single sign on with ADFS PHP中的单点登录脚本/库/ API - Single Sign On Script / Library / API in PHP 单一登录ASP.NET和PHP - Single Sign-On ASP.NET and PHP
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM