导读:问题描述如果有个PHP网站,需要使用AAD授权登录,有没有PHP代码实例 可供参考呢?参考代码参考一篇博文(Single sign..
问题描述
如果有个PHP网站,需要使用AAD授权登录,有没有PHP代码实例 可供参考呢?
参考代码
参考一篇博文(Single sign-on with Azure AD in PHP),学习使用SSO的大体思路。如果对PHP很了解,可以参考Github中的Sample代码。
phpSample/federation.ini
federation.trustedissuers.issuer=https://accounts.accesscontrol.windows.net/v2/wsfederationfederation.trustedissuers.thumbprint=3f5dfcdf4b3d0eab9ba49befb3cfd760da9cccf1 federation.trustedissuers.friendlyname=Awesome Computers federation.audienceuris=spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392 federation.realm=spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392@495c4a5e-38b7-49b9-a90f-4c0050b2d7f7 federation.reply=https://localhost/phpSample/index.php
phpSample/index.php
/*----------------------------------------------------------------------- Copyright (c) Microsoft Corporation. All rights reserved. Copyright 2012 Microsoft Corporation All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR NON-INFRINGEMENT. See the Apache Version 2.0 License for specific language governing permissions and limitations under the License. --------------------------------------------------------------------------- */<?phprequire_once (dirname(__FILE__) . '/secureResource.php');?> <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Index Page</title> </head> <body> <h2>Index Page</h2> <h3>Welcome <strong><?php print_r($loginManager->getPrincipal()->getName()); ?></strong>!</h3> <h4>Claim list:</h4> <ul> <?php foreach ($loginManager->getClaims() as $claim) {print_r('<li>' . $claim->toString() . '</li>'); }?> </ul> </body> </html>
phpSample/login.php
/*----------------------------------------------------------------------- Copyright (c) Microsoft Corporation. All rights reserved. Copyright 2012 Microsoft Corporation All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR NON-INFRINGEMENT. See the Apache Version 2.0 License for specific language governing permissions and limitations under the License. --------------------------------------------------------------------------- */<?php// uncomment this to display internal server errors. //error_reporting(E_ALL); //ini_set('display_errors', 'On');ini_set('include_path', ini_get('include_path').';../../libraries/;');require_once ('waad-federation/TrustedIssuersRepository.php');?> <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Login Page</title> </head> <body> <h2>Login Page</h2> <ul> <?php $repository = new TrustedIssuersRepository();$trustedIssuers = $repository->getTrustedIdentityProviderUrls();foreach ($trustedIssuers as $trustedIssuer) {$returnUrl = $_GET['returnUrl'];print_r('<li><a href="' . $trustedIssuer->getLoginUrl($returnUrl) . '">' . $trustedIssuer->displayName . '</a></li>'); }?> </ul> </body> </html>
phpSample/secureResource.php
/*----------------------------------------------------------------------- Copyright (c) Microsoft Corporation. All rights reserved. Copyright 2012 Microsoft Corporation All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR NON-INFRINGEMENT. See the Apache Version 2.0 License for specific language governing permissions and limitations under the License. --------------------------------------------------------------------------- */<?php// uncomment this to display internal server errors. // error_reporting(E_ALL); // ini_set('display_errors', 'On');ini_set('include_path', ini_get('include_path').';../../libraries/;');require_once ('waad-federation/ConfigurableFederatedLoginManager.php');session_start();$token = $_POST['wresult'];$loginManager = new ConfigurableFederatedLoginManager();if (!$loginManager->isAuthenticated()) {if (isset ($token)) {try {$loginManager->authenticate($token); } catch (Exception $e) {print_r($e->getMessage()); } } else {$returnUrl = "https://"; . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];header('Pragma: no-cache');header('Cache-Control: no-cache, must-revalidate');header("Location: https://"; . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']) . "/login.php?returnUrl=" . $returnUrl, true, 302);exit(); } }?>
phpSample/trustedIssuers.xml
<?xml version="1.0" encoding="UTF-8"?><issuers><issuer name="awesomecomputers.onmicrosoft.com" displayName="Awesome Computers"realm="spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392@495c4a5e-38b7-49b9-a90f-4c0050b2d7f7" /><issuer name="treyresearchinc.onmicrosoft.com" displayName="Trey Research Inc."realm="spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392@13292593-4861-4847-8441-6da6751cfb86" /></issuers>
参考资料
Single sign-on with Azure AD in PHP : http://www.lewisroberts.com/2015/09/04/single-sign-on-with-azure-ad-in-php/
当在复杂的环境中面临问题,格物之道需:浊而静之徐清,安以动之徐生。 云中,恰是如此!
更多文章请关注《万象专栏》
转载请注明出处:https://www.wanxiangsucai.com/read/cv4760