stackoom
  简体   繁体   中英

How to automatically log into another site if CSRF-Token is required (PHP, SSO, LDAP)

 原文  2020-02-20 08:15:18       php/ ldap/ content-management-system/ single-sign-on

Question

I'm trying to create an intranet site where, if possible, all parts of it should be SSO in a way that a user who is logged into his Active Directory account in Windows would immediately be signed on with that same account in all pages of my site through LDAP. Now the main component of this site is built with a CMS and from there the user should be able to click the links on this site to get to the other tools we're using, like for example the ticket system. The CMS and the ticket-system software both are able to connect through LDAP themselves but I want a SSO solution for this.

So I searched and found this for the apache server: mod_authnz_sspi This apparently lets you use $_SERVER['REMOTE_USER'] in PHP to get the windows user signed on right now. Now I'm stuck since I'm not really sure how to use this to automatically log the user into the sites. What do I have to do with this to get the SSO solution that I want?

I thought about creating a simple HTML form with the same fields like the one from the ticket-system form I'm trying to log into. I would then try to send the POST-data to the form of the ticket-system and log the user in automatically. For the username I would send $_SERVER['PHP_AUTH_USER'] and for the password $_SERVER['PHP_AUTH_PW'] . However, the ticket system is protected with a CSRF-Token which I would have to include into the sent POST-data but can't know in advance since it is generated in the moment of accessing the page.

So it would be really helpful if someone could tell me how to get a SSO working with the mod_authnz_sspi tool (or another). If there isn't any other way than through using a HTML-form that sends the POST data like I tried, then it would be helpful if someone knew a workaround to the CSRF-Token problem!

1 answers

solution1
 0  2020-02-20 08:34:39

You can create an AUTH application that administrate your users (details, permissions, etc.). When an user access other application if it are not logged in redirect it to the AUTH application. AUTH application check user credentials, generate an access_token and redirect user back to the application that try to access. More info you find here https://www.mutuallyhuman.com/blog/choosing-an-sso-strategy-saml-vs-oauth2/

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Using PHP cURL to get CSRF-Token from URL and post it to another URL within the same session generate dynamic csrf-token for laravel SPA Ajax call returning CSRF-token on success and not returning messages Symfony - Random generator for the CSRF-token creates error How to properly add cross-site request forgery (CSRF) token using PHP php symfony 1.4: how to redirect with csrf token When calling the MediaWiki-API I only get '+\' as an csrf-token SSO - how to automatically log into an external website from an intranet (SAML 2.0)? Php csrf token attack CSRF Token : unable to use the same token to log in
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM