PHP uses phpCAS docking CAS single sign-on system

Overview

This document explains how to use PHP for docking CAS single sign-on system.

Docking want to use CAS single sign-on, we first need to understand what is the single sign-on. This blog is mainly explained several of the following:

1. CAS Single Sign understand the principle of analytic
2. Build CAS SSOSERVER server;
3. Download phpCASClient
4. phpCAS client configuration
5. PHP development docking

CASSingle sign-on principle

CAS on the principle of a single point of landing, I found a more detailed explanation of the article: https://www.cnblogs.com/lihuidu/p/6495247.html this article explain very easy to understand.

Build CAS SSOSERVER server

View how-to articles on such recommendation: https://www.cnblogs.com/jpeanut/tag/CAS/

Download phpCASClient

1. phpCAS client download: https://github.com/apereo/phpCAS
2. Note phpCAS client configuration instructions: https://apereo.atlassian.net/wiki/spaces/CASC/pages/103252517/phpCAS
3. Requirements phpCAS client Description: https://apereo.atlassian.net/wiki/spaces/CASC/pages/103252625/phpCAS+requirements

Note: PHP configuration file php.ini needs to open php_curl, find; extension = php_curl.dll, remove the semicolon in front of the sentence can be changed to extension = php_curl.dll

phpCAS client configuration

After the download is complete to obtain a compressed file, folder exists after decompression source, sourcefolder contains CASfolders and CAS.phpfiles.

Create your own PHP projects, as to what framework, and development tools, here is not to say, each have their own needs. Synchronization code down sourcecopy of the directory to the project, can be renamed phpCASor the like, to distinguish.

How to use the project as well? Then we began to explain how to develop configuration:

1. The sourcefolder into the root directory of development projects;
2. Under the new project root directory config.phpfile used to configure the CAS;
3. Under the new project root directory index.phpfile, because the home visit;

config.php file code is as follows:

<?php

/**
 * ==============================================
 * Created by SaiJia Technology.
 * Author: ZhiHuaWei <[email protected]>
 * Date: 2019/9/3 11:04
 * Project: PHP对接CAS单点登陆系统
 * Power: CAS配置文件
 * ==============================================
 */


# 1 CAS Server 主机域名
# 此配置是你搭建的CAS SSO SERVER服务的域名
$cas_host = 'www.qingshanfrom.xyz';

# 2 CAS Server 路径
# 此配置是你搭建的CAS SSO SERVER服务的路径
$cas_context = '/cas';

// 3 CAS server 端口
# 此配置是你搭建的CAS SSO SERVER服务的端口
$cas_port = 8443;

// 4 CAS server 证书
# 此配置是你搭建的CAS SSO SERVER服务的证书文件
$cas_server_ca_cert_path = './ssoserver.cer';

PHP Development docking

index.php file code is as follows:

<?php

/**
 * ==============================================
 * Created by SaiJia Technology.
 * Author: ZhiHuaWei <[email protected]>
 * Date: 2019/9/3 11:04
 * Project: PHP对接CAS单点登陆系统
 * Power: 主文件
 * ==============================================
 */

# 1 引入配置文件 | CAS.PHP文件
require_once 'config.php';
require_once 'phpCas/CAS.php';

# 2 开启phpCAS debug
phpCAS::setDebug();

# 3 初始化phpCAS,参数说明：
# a) CAS协议版本号
# b) cas server的域名
# c) cas server的端口号
# d) cas server的项目访问路径
phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context);

# 4 开启设置证书验证。如果是开发环境可将此注释，如果是生产环境为了安全性建议将此开启
// phpCAS::setCasServerCACert($cas_server_ca_cert_path);

# 5 不为CAS服务器设置SSL验证
# 为了快速测试，您可以禁用CAS服务器的SSL验证。此建议不建议用于生产环境。验证CAS服务器对CAS协议的安全性至关重要！
phpCAS::setNoCasServerValidation();

# 6 这里会检测服务器端的退出的通知，就能实现php和其他语言平台间同步登出了
# 处理登出请求。cas服务端会发送请求通知客户端。如果没有同步登出，可能是服务端跟客户端无法通信（比如我的客户端是localhost, 服务端在云上）
phpCAS::handleLogoutRequests();

# 7 进行CAS服务验证，这个方法确保用户是否验证过，如果没有验证则跳转到验证界面
# 这个是强制认证模式，查看 CAS.php 可以找到几种不同的方式：
# a) forceAuthentication - phpCAS::forceAuthentication();
# b) checkAuthentication - phpCAS::checkAuthentication();
# c) renewAuthentication - phpCAS::renewAuthentication();
# 根据自己需要调用即可。
$auth = phpCAS::forceAuthentication();
if ($auth) {
    # 8 验证通过，或者说已经登陆系统，可进行已经登陆之后的逻辑处理...
    # 获得登陆CAS用户的名称
    $user_name = phpCAS::getUser();
    echo $user_name . '已经成功登陆...<br>';

    # 9 你还可打印保存的phpCAS session信息
    print_r($_SESSION);

    # 10 还可获取有关已验证用户的属性,例如：$uid = phpCAS::getAttribute('id');
    # 关于此部分用户属性数据设置说明：https://my.oschina.net/liucao/blog/479755
    $attr = phpCAS::getAttributes();
    print_r($attr);

    # 11 进行退出的相关操作
    # 在你的PHP项目中处理完相应的退出逻辑之后，还需执行phpCAS::logout()进行CAS系统的退出
    # 当我们访问cas服务端的logout的时候，cas服务器会发送post请求到各个已经登录的客户端
    //phpCAS::logout();

    # 登出方法一：登出成功后跳转的地址
    //phpCAS::setServerLoginUrl("https://192.168.1.120:80/cas/logout?embed=true&service=http://localhost/phpCasClient/user.php?a=login");
    //phpCAS::logout();
    # 登出方法二：退出登录后返回地址
    //$param = array("service" => "http://cas.wzh.com");
    //phpCAS::logout($param);

} else {
    # 12 验证未通过，说明未进行登陆
    # 将会跳转回你配置的CAS SSO SERVER服务的域名；
    # 例如：https://www.qingshanfrom.xyz:8443/cas/login?service=http%3A%2F%2Fcas.wzh.com%2F
    # 在你输入正确的用户名和密码之后CAS会自动跳转回service=http%3A%2F%2Fcas.wzh.com%2F此地址
    # 在此你可以处理验证未通过的各种逻辑
    echo '还未登陆，跳转到CAS进行登陆...<br>';
}

note

1. If you can not get Attributes, please CAS_VERSION_2_0change CAS_VERSION_3_0the relevant settings Description: https://my.oschina.net/liucao/blog/479755 ;
2. Settings phpCAS::handleLogoutRequests();can not be synchronized and exit, possibly because cas domain name server can not connect the test environment. When we access the service side of the logout cas, cas server sends a request to post each client has logged in;
3. phpCAS::logout(['service'=>'http://cas.wzh.com']); Log Settings page after the return.