.jpg)
一、前提:CAS服務(wù)器搭建完成
這個(gè)不是本次的重點(diǎn),不多講。傳送門(mén):https://blog.csdn.net/u013825231/article/details/79132399
二、下載phpCAS客戶端
php客戶端下載:https://github.com/apereo/phpCAS
立即學(xué)習(xí)“PHP免費(fèi)學(xué)習(xí)筆記(深入)”;
php客戶端配置的注意事項(xiàng)等內(nèi)容:https://apereo.atlassian.net/wiki/spaces/CASC/pages/103252517/phpCAS
php客戶端的要求:https://apereo.atlassian.net/wiki/spaces/CASC/pages/103252625/phpCAS+requirements
注意:php配置文件php.ini需要開(kāi)啟php_curl,找到 ;extension=php_curl.dll ,將該句前面的分號(hào)去掉即可,改為 extension=php_curl.dll
三、thinkphp5引入phpCAS類庫(kù)
1.下載好的phpCAS客戶端文件結(jié)構(gòu)。
相關(guān)推薦:《ThinkPHP教程》
2. 把source文件夾復(fù)制到thinphp5下的extend文件夾下,并重命名為:phpCAS
3. config.php文件的配置
<?php // The purpose of this central config file is configuring all examples // in one place with minimal work for your working environment // Just configure all the items in this config according to your environment // and rename the file to config.php $phpcas_path = 'phpCAS/'; /////////////////////////////////////// // Basic Config of the phpCAS client // /////////////////////////////////////// $client_domain = 'localhost'; // 客戶端 domain $client_path = 'afschool'; $client_secure = false; $client_httpOnly = true; $client_lifetime = 0; // Full Hostname of your CAS Server 服務(wù)器主機(jī) $cas_host = 'cas.example.com'; // Context of the CAS Server $cas_context = '/cas'; // Port of your CAS server. Normally for a https server it's 443 $cas_port = 443; // Path to the ca chain that issued the cas server certificate $cas_server_ca_cert_path = '/path/to/cachain.pem'; ////////////////////////////////////////// // Advanced Config for special purposes // ////////////////////////////////////////// // The "real" hosts of clustered cas server that send SAML logout messages // Assumes the cas server is load balanced across multiple hosts $cas_real_hosts = array ( 'cas-real-1.example.com', 'cas-real-2.example.com' ); // Database config for PGT Storage $db = 'pgsql:host=localhost;dbname=phpcas'; //$db = 'mysql:host=localhost;dbname=phpcas'; $db_user = 'phpcasuser'; $db_password = 'mysupersecretpass'; $db_table = 'phpcastabel'; /////////////////////////////////////////// // End Configuration -- Don't edit below // /////////////////////////////////////////// // Generating the URLS for the local cas example services for proxy testing if ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on'){ $curbase = 'https://'.$_SERVER['SERVER_NAME']; }else{ $curbase = 'http://'.$_SERVER['SERVER_NAME']; } if ($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443) $curbase .= ':'.$_SERVER['SERVER_PORT']; $curdir = dirname($_SERVER['REQUEST_URI'])."/"; // CAS client nodes for rebroadcasting pgtIou/pgtId and logoutRequest $rebroadcast_node_1 = 'http://cas-client-1.example.com'; $rebroadcast_node_2 = 'http://cas-client-2.example.com'; // access to a single service $serviceUrl = $curbase.$curdir.'example_service.php'; // access to a second service $serviceUrl2 = $curbase.$curdir.'example_service_that_proxies.php'; $pgtBase = preg_quote(preg_replace('/^http:/', 'https:', $curbase.$curdir),'/'); $pgtUrlRegexp = '/^'.$pgtBase.'.*$/'; $cas_url = 'https://'.$cas_host; if ($cas_port != '443') { $cas_url = $cas_url.':'.$cas_port; } $cas_url = $cas_url.$cas_context; // Set the session-name to be unique to the current script so that the client script // doesn't share its session with a proxied script. // This is just useful when running the example code, but not normally. session_name('session_for:'.preg_replace('/[^a-z0-9-]/i', '_', basename($_SERVER['SCRIPT_NAME']))); ?>
4. 因?yàn)楸救苏?qǐng)求單點(diǎn)登錄的服務(wù)器是http認(rèn)證的,不是https,需要修改CAS/client.php,將其中的https改為http(剛開(kāi)始沒(méi)有修改client.php這個(gè)文件,總是使用https認(rèn)證,所以請(qǐng)求失敗)
5. 把CAS類庫(kù)文件夾的同級(jí)文件CAS.php,重命名為phpCAS.php
修改成
6. 登錄的控制器方法為:
<?php namespace appindexcontroller; use thinkDb; use thinkLoader; class Index extends thinkController { public function login() { // Example for a simple client // Load the settings from the central config file require './extend/config.php'; // Loader::import('config.php',EXTEND_PATH); // Load the CAS lib //直接引入phpCAS擴(kuò)展庫(kù)下的類文件phpCAS.php Loader::import('phpCASphpCAS',EXTEND_PATH); //直接引入庫(kù)文件需要實(shí)例化類 $phpCAS = new phpCAS(); // Uncomment to enable debugging $phpCAS->setDebug(); ???????? ????????//?Initialize?phpCAS ????????$phpCAS->client(CAS_VERSION_2_0,?$cas_host,?$cas_port,?$cas_context); ? ????????//?For?quick?testing?you?can?disable?SSL?validation?of?the?CAS?server.? ????????//?THIS?SETTING?IS?NOT?RECOMMENDED?FOR?PRODUCTION.? ????????//?VALIDATING?THE?CAS?SERVER?IS?CRUCIAL?TO?THE?SECURITY?OF?THE?CAS?PROTOCOL!? ????????$phpCAS->setNoCasServerValidation(); ? ????????//這里會(huì)檢測(cè)服務(wù)器端的退出的通知,就能實(shí)現(xiàn)php和其他語(yǔ)言平臺(tái)間同步登出了 ????????$phpCAS->handleLogoutRequests(); ? ????????//訪問(wèn)CAS的驗(yàn)證通過(guò)后,跳轉(zhuǎn)到網(wǎng)頁(yè) ????????if($phpCAS->forceAuthentication()){? ? ????????echo?"<script>parent.location.href='http://www.baidu.com';</script>"; ? ????????}; ???????? ?????} }
最后訪問(wèn)這個(gè)登錄的方法,完成單點(diǎn)登錄的頁(yè)面跳轉(zhuǎn)!
? 版權(quán)聲明
文章版權(quán)歸作者所有,未經(jīng)允許請(qǐng)勿轉(zhuǎn)載。
THE END
喜歡就支持一下吧
相關(guān)推薦
.png)
