本文主要是介绍CAS4.2.7 的 php 客户端1.3.5 的简单实践,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
CAS作为开源的sso项目,很多人都在使用,网上也很多教程,但是普遍都比较老的版本,时间也很久了,目前我的项目需要用到单点登录,我找了cas比较新的版本来做部署,经过一周的折腾,终于调试成功,现将经验说明如下。
CAS Server需单独部署,我部署的是4.2.7的版本,环境windows7 x64 + jdk8 + tomcat8,网上下载CAS server的war包,解压后修改配置,放到tomcat的webapps下运行即可。此处不详述,以后有空再写cas sever的配置过程。
CAS client的java版本,我本机也已经配置,大概步骤就是maven的pom.xml添加cas的依赖包,web.xml配置5个过滤器和1个监听器,然后把原系统的登录页去掉,原登录验证的过滤器或者拦截器改一下就ok了,具体不详述,本文的重点是php。
php cas 配置步骤:
1、先新建一个php项目phpproj,我用的PhpStorm.
2、从官网下载php的client, https://wiki.jasig.org/display/CASC/phpCAS
选择 download 下面的 Current Version,我目前的是1.3.5.
解压后把CAS-1.3.5下的CAS目录拷贝到工程目录phpproj下,把CAS-1.3.5\CAS.php拷贝到工程目录下,把CAS-1.3.5\docs\examples\config.example.php、script_info.php拷贝到工程目录下,config.example.php改名config.php。我的项目结构如下:
3、修改配置config.php
$cas_host = ‘localhost’, $cas_context = '/cas',$cas_port = 8443然后同一个浏览器内关掉这个页,再重新打开,或者直接刷新,不会再出现登录页面。 我访问java的cas客户端项目登录后,再打开这个php项目,也无需登录直接可进入,并显示登录用户$cas_real_hosts = array('localhost', 'localhost');$client_domain = 'localhost';$client_path = 'phpproj';$rebroadcast_node_1 = 'http://localhost:81'; $rebroadcast_node_2 = 'http://localhost:81';我的config.php如下:<?php/*** The purpose of this central config file is configuring all examples* in one place with minimal work for your working environment* Just configure all the items in this config according to your environment* and rename the file to config.php** PHP Version 5** @file config.php* @category Authentication* @package PhpCAS* @author Joachim Fritschi <jfritschi@freenet.de>* @author Adam Franco <afranco@middlebury.edu>* @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0* @link https://wiki.jasig.org/display/CASC/phpCAS*/$phpcas_path = '../../source/';/// // Basic Config of the phpCAS client // ///// Full Hostname of your CAS Server $cas_host = 'localhost';// Context of the CAS Server $cas_context = '/cas';// Port of your CAS server. Normally for a https server it's 443 $cas_port = 8443;// Path to the ca chain that issued the cas server certificate $cas_server_ca_cert_path = '/path/to/cachain.pem';// // Advanced Config for special purposes // //// The "real" hosts of clustered cas server that send SAML logout messages // Assumes the cas server is load balanced across multiple hosts $cas_real_hosts = array('localhost', 'localhost');// Client config for cookie hardening $client_domain = 'localhost'; $client_path = 'phpproj'; $client_secure = true; $client_httpOnly = true; $client_lifetime = 0;// Database config for PGT Storage $db = 'pgsql:host=localhost;dbname=phpcas'; //$db = 'mysql:host=localhost;dbname=phpcas'; $db_user = 'phpcasuser'; $db_password = 'mysupersecretpass'; $db_table = 'phpcastabel'; $driver_options = '';/// // End Configuration -- Don't edit below // ///// Generating the URLS for the local cas example services for proxy testing if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {$curbase = 'https://' . $_SERVER['SERVER_NAME']; } else {$curbase = 'http://' . $_SERVER['SERVER_NAME']; } if ($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443) {$curbase .= ':' . $_SERVER['SERVER_PORT']; }$curdir = dirname($_SERVER['REQUEST_URI']) . "/";// CAS client nodes for rebroadcasting pgtIou/pgtId and logoutRequest $rebroadcast_node_1 = 'http://localhost:81'; $rebroadcast_node_2 = 'http://localhost:81';// access to a single service $serviceUrl = $curbase . $curdir . 'example_service.php'; // access to a second service $serviceUrl2 = $curbase . $curdir . 'example_service_that_proxies.php';$pgtBase = preg_quote(preg_replace('/^http:/', 'https:', $curbase . $curdir), '/'); $pgtUrlRegexp = '/^' . $pgtBase . '.*$/';$cas_url = 'https://' . $cas_host; if ($cas_port != '443') {$cas_url = $cas_url . ':' . $cas_port; } $cas_url = $cas_url . $cas_context;// Set the session-name to be unique to the current script so that the client script // doesn't share its session with a proxied script. // This is just useful when running the example code, but not normally. session_name('session_for:'. preg_replace('/[^a-z0-9-]/i', '_', basename($_SERVER['SCRIPT_NAME'])) ); // Set an UTF-8 encoding header for internation characters (User attributes) header('Content-Type: text/html; charset=utf-8'); ?>
4、用个简单页面做测试,把CAS-1.3.5\docs\examples\example_simple.php拷贝到工程目录,
修改require_once $phpcas_path . '/CAS.php'; 为require_once 'CAS.php';添加phpCAS::setLang(PHPCAS_LANG_CHINESE_SIMPLIFIED);支持中文。
这样配置就做好了。
5、现在重启apache,注意php需要添加curl库,php用ticket到认证服务器校验票据时会用到,不知道怎么加的亲们看我的上一篇文章。
访问 http://localhost:81/phpproj/example_simple.php ,就会出现cas server的登录页:
输入用户密码登录成功后即跳转回本页面:
这样php的客户端就配置完成!CAS Sever还可以携带除登录名外的其他用户信息给客户端,php接收用户信息的代码如下:当然这只是最简单的配置,实际项目中,还有许多细节要处理,比如登录成功后 添加session属性值等。效果图:<?php $attr_array = phpCAS::getAttributes(); foreach($attr_array as $x=>$x_value) {echo "cas server返回的用户属性 $x = $x_value";echo "<br>"; } ?>
这篇关于CAS4.2.7 的 php 客户端1.3.5 的简单实践的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
