单点登录(sso)laravel [英] single sign on (sso) laravel

问题描述

我有三个不同的laravel网站，我想让用户在一个网站上登录，然后他将自动登录到其他两个网站. 例如.如果您在 stackoverflow 登录，然后打开 stackexchange 使用StackOverflow帐户登录. 我尝试了很多软件包，但是它们以无限的异常结尾，或者它们根本无法正常工作. 大多数基于SAML的软件包，我都不知道为什么它对我不起作用? 我不知道我想念什么? 是否有任何配置可以正常工作? 我正在使用laravel 5.6.所有应用程序都在同一服务器上.

I have three different laravel websites, I want to make user sign in at one website then he will be automatically logged in to the other two websites. eg. if you logged in at your stackoverflow then open stackexchange you will be logged in with StackOverflow account. I have tried many packages but they end with infinite exceptions or they simply not working. Most of the packages based on SAML, I have no idea why it did not work with me? I do not know what I miss? Is there any config for this to work? I am using laravel 5.6. All the apps are on the same server.

我已经尝试了许多基于SAML，OpenID和共享会话的解决方案，但是所有解决方案都不适用于我. 我不知道我是否想念什么. 这是最后一个示例我尝试过，但没有成功

I have tried many solutions based on SAML, OpenID and share session, but all of them did not work with me. I do not know if I miss something. this is the last example I tried and it did not work

这是我的代码

站点A

$site_b = 'http://s_sesstion_2.test/';
Route::get('/', function (Request $request) use ($site_b) {
    $session_id = Session::getId();
    try {
        $http = new Client();
        $response = $http->post($site_b . 'api/sessions/server', [
            'form_params' => [
                'session_id' => $session_id,
            ],
            'headers' => [
                'Accept' => 'application/json',
            ]
        ]);
    } catch (Exception $e) {
        dd($e->getMessage());
    }
    return view('welcome');
});

站点B(route/api.php)

SITE B (route/api.php)

    Route::post('/sessions/server', function (Request $request) {
    Storage::disk('local')->put('file.txt', $request->get('session_id'));
});

站点B(route/web.php)

SITE B (route/web.php)

    Route::get('/', function () {
    $session_id = Storage::disk('local')->get('file.txt');
    Session::setId($session_id);
    Session::start();
    //return Session::getId();// will return the same session id
    return \auth()->user();//this should return the auth user but it did not!!
});

我只想在站点A 上登录，然后打开站点B .我将登录.我将接受实现该目的的任何解决方案

All I want is to sign in at site A then open site B I will be signed in. I will accept any solution achieve that purpose

推荐答案

我在不使用SAML的情况下实现了SSO解决方案.我将在这里分享我的解决方案，希望对您有所帮助.

I implemented an SSO solution without using SAML. I'll share my solution here, hope it helps.

一个应用程序在auth.domain作为主身份验证服务器运行.其他应用程序在不同的域app1.domain，app2.domain，...

One application runs as the main authentication server at auth.domain. Other applications run in different domains app1.domain, app2.domain, ...

每个用户都与 SSO令牌相关联.这些令牌的到期时间非常短.所有身份验证过程(登录，重置密码，注册等)仅在auth.domain应用程序中发生.

Every user is linked with SSO tokens. These tokens have very short expiration times. All authentication processes (signing in, resetting passwords, registering, ...) happen only in auth.domain application.

当用户访问任何应用程序时，例如app-1.domain:

When a user visits any applications, for example, app-1.domain:

1. 将用户重定向到auth.domain/login.
2. 如果用户以前登录过我们的系统，请继续执行步骤6 .
3. 显示登录表单，等待有效输入.
4. 生成一个新的 SSO令牌，其有效时间少于3分钟.
5. 将auth.domain记住我的cookie附加到响应中.
6. 将重定向响应返回到app-1.domain/sso/{sso_token}.
7. app-1.domain应用程序读取数据库.如果 SSO令牌有效且没有过期，请找到与该令牌关联的用户.
8. app-1.domain使用Auth::login($user)方法对在上一步中找到的用户进行身份验证.
9. app-1.domain清除从数据库中收到的 SSO令牌.

1. Redirect user to auth.domain/login.
2. If the user logged in our system before, continue at step 6.
3. Show the sign in form, waiting for valid input.
4. Generate a new SSO token with the expiration time less than 3 minutes.
5. Attach the auth.domain remember me cookie to the response.
6. Return a redirection response to the app-1.domain/sso/{sso_token}.
7. app-1.domain application read the database. If the SSO token is valid and does not expire, find the user associated to that token.
8. app-1.domain authenticates the user found in the previous step with Auth::login($user) method.
9. app-1.domain clear the received SSO token from the database.

此步骤之后，用户将通过app-1.domain身份验证.

After this step, the user is authenticated to app-1.domain.

所有共享的会话变量都应保存到数据库中.我实现了一个新的会话驱动程序:

All shared session variables should be saved to databases. I implemented a new session driver:

• 保留共享会话变量名称的列表
• 在读取/写入会话时，请检查会话变量的名称.如果该名称是先前的列表，请从数据库中读取/写入该值.否则，请使用每个应用程序的私有会话.

这篇关于单点登录(sso)laravel的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！