[Switch] Implementation of Single Sign-On (SSO) Based on PHPRPC

What is PHPRPC:
PHPRPC is a lightweight, secure, cross-internet, cross-language, cross-platform, cross-environment, cross-domain, supports complex object transfer, supports reference parameter passing, supports content output redirection A high-performance, service-oriented, high-performance remote procedure call protocol that supports hierarchical error handling and supports sessions.

Because PHPRPC has many of the above features, our SSO can also be secure, fast, and cross-domain.

Therefore, single sign-on means that the user only needs to log in to the central authentication server once, and then the browser accesses the application system through the information returned by the central authentication server to perform simulated login, and then the user can access the application system without logging in. .

The implementation principle is that the browser (using phprpc for javascript) requests the central authentication server (phprpc for php). Usually, the browser at this time is a login page, and the browser passes the user name and password to the central authentication server. The authentication of the central authentication server is successful. After that, look up the information corresponding to the username and password in the database, and generate a token (token) based on the information and return it to the browser. The browser uses the token to access the application system. After the application system receives the token, it uses the received token. Access the central authentication server, the central authentication server searches the database through this token, so as to find the user name and password of the corresponding application system, and then returns the user name and password to the application system, and the application system receives the user name and password to log in (usually The process of writing SESSION or COOKIE at a time)

with the help of the database design diagram, it should be better understood

As shown in the design diagram, the unified authentication server receives the user name and password passed by the browser through javascript and retrieves the "authentication server user table" to obtain the "user ID", and then retrieves the "application system" according to the "user ID" User table", then you will get one or more records, and generate a record for each result in the "temporary session table", where the "session ID" is the primary key of the table, which is our token, and the second The field id is the primary key of the corresponding "application system user table". Another important point is to retrieve the "application system table" according to the "application system ID" to obtain the address of the application system.

Then the unified authentication server will form a new array of token and the access address of the application system and return it to the browser,

and then browser will run JS and use the returned token as a parameter to access the application system server.

The application system uses the token to access the unified authentication server to obtain the user name and password. After obtaining the user name and password, the login is completed.