The example of this article describes the SSO single sign-on system access function implemented by PHP. Share it with everyone for your reference, the details are as follows:

The full English name of SSO is Single Sign On, single sign-on. SSO is in multiple application systems. Users only need to log in once to access all mutually trusted application systems. It includes mechanisms that can map this primary login to logins for the same user in other applications. It is one of the more popular enterprise business integration solutions at present. Let’s take a look.

Let’s briefly talk about the principle of accessing the SSO single sign-on system. The premise is that the system itself has a complete user authentication function, that is, a basic user login function, which is very convenient.

The SSO login request interface is often the interface plus a callback address. Accessing this address will jump to the callback address and bring a ticket parameter. Using this ticket parameter and then requesting the interface can obtain the user information. If If the user exists, the user will be logged in automatically. If the user does not exist, the user will be added and logged in.

For example, this SSO model implements two methods, one is to obtain the interface url, and the other is to obtain user information based on the ticket:

interface SSOLogin
{
  /**
   * 獲取登錄用戶信息
   * @param $ticket
   * @return mixed
   */
  public function getInfoFromTicket($ticket);
  /**
   * 單點(diǎn)登錄授權(quán)地址
   * @return mixed
   */
  public function getAuthUrl();
}

Let’s take a look at the main methods of the controller. For example, the callback address is Jump to the controller http://www.example.com/sso/check?ticket=xxxx

/**
 * 檢測(cè)是否單點(diǎn)登錄
 * @return bool|string
 */
public function actionCheck()
{
  $ticket = Yii::$app->getRequest()->get('ticket');
  if (!$ticket) {
    return $this->renderAuthError(&#39;請(qǐng)先授權(quán)&#39;, sprintf(&#39;<a href="%s">點(diǎn)擊登錄單點(diǎn)登錄系統(tǒng)</a>&#39;, SSOlogin::getInstance()->getAuthUrl()));
  }
  $userInfo = SSOlogin::getInstance()->getInfoFromTicket($ticket);
  if (empty($userInfo[&#39;username&#39;])) {
    return $this->renderAuthError(&#39;請(qǐng)先授權(quán)&#39;, sprintf(&#39;<a href="%s">點(diǎn)擊登錄單點(diǎn)登錄系統(tǒng)</a>&#39;, SSOlogin::getInstance()->getAuthUrl()));
  }
  $username = $this->getUserName($userInfo[&#39;username&#39;]);
  $user = User::find()->canLogin()->username($username)->one();
  if (!$user) {
    $newUser = [];
    $newUser[&#39;username&#39;] = $userInfo[&#39;username&#39;];
    $newUser[&#39;email&#39;] = $this->getUserName($userInfo[&#39;username&#39;]);
    $newUser[&#39;role&#39;] = User::ROLE_DEV;
    $newUser[&#39;is_email_verified&#39;] = 1;
    $newUser[&#39;realname&#39;] = $userInfo[&#39;truename&#39;];
    $user = $this->addUser($newUser);
  }
  $isLogin = Yii::$app->user->login($user, 3600 * 24 * 30);
  if ($isLogin) {
    $this->redirect(&#39;/task/index&#39;);
  }
  return true;
}

You will understand the logic of this controller. The function of the SSO interface is to obtain user information. Compare this user information with the system user table. If a user exists, log in. If there is no user, create a user and log in.

This is an internal single-point system, integrated into the backend. Other SSOs may be different from this, but the basic principles and processes are similar.

I hope this article will be helpful to everyone in PHP programming.

For more relevant articles on sample analysis of the SSO single sign-on system access function implemented by PHP, please pay attention to the PHP Chinese website!