问题描述

如果有个PHP网站,需要使用AAD授权登录,有没有PHP代码实例 可供参考呢?

参考代码

参考一篇博文(Single sign-on with Azure AD in PHP),学习使用SSO的大体思路。如果对PHP很了解,可以参考Github中的Sample代码。

phpSample/federation.ini

federation.trustedissuers.issuer=https://accounts.accesscontrol.windows.net/v2/wsfederation

federation.trustedissuers.thumbprint=3f5dfcdf4b3d0eab9ba49befb3cfd760da9cccf1

federation.trustedissuers.friendlyname=Awesome Computers

federation.audienceuris=spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392

federation.realm=spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392@495c4a5e-38b7-49b9-a90f-4c0050b2d7f7

federation.reply=https://localhost/phpSample/index.php

phpSample/index.php

/*-----------------------------------------------------------------------

    Copyright (c) Microsoft Corporation.  All rights reserved.

    Copyright 2012 Microsoft Corporation

    All rights reserved.

    Licensed under the Apache License, Version 2.0 (the "License");

    you may not use this file except in compliance with the License.

    You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

 THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,

 EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR

 CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR NON-INFRINGEMENT.

 See the Apache Version 2.0 License for specific language governing

 permissions and limitations under the License.

--------------------------------------------------------------------------- */

<?php

require_once (dirname(__FILE__) . '/secureResource.php');

?>

<!DOCTYPE html>

<html>

<head>

    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

    <title>Index Page</title>

</head>

<body>

    <h2>Index Page</h2>

    <h3>Welcome <strong><?php print_r($loginManager->getPrincipal()->getName()); ?></strong>!</h3>

    <h4>Claim list:</h4>

    <ul>

<?php

    foreach ($loginManager->getClaims() as $claim) {

        print_r('<li>' . $claim->toString() . '</li>');

    }

?>

    </ul>

</body>

</html>

phpSample/login.php

/*-----------------------------------------------------------------------

    Copyright (c) Microsoft Corporation.  All rights reserved.

    Copyright 2012 Microsoft Corporation

    All rights reserved.

    Licensed under the Apache License, Version 2.0 (the "License");

    you may not use this file except in compliance with the License.

    You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

 THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,

 EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR

 CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR NON-INFRINGEMENT.

 See the Apache Version 2.0 License for specific language governing

 permissions and limitations under the License.

--------------------------------------------------------------------------- */

<?php

// uncomment this to display internal server errors.

//error_reporting(E_ALL);

//ini_set('display_errors', 'On');

ini_set('include_path', ini_get('include_path').';../../libraries/;');

require_once ('waad-federation/TrustedIssuersRepository.php');

?>

<!DOCTYPE html>

<html>

<head>

    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

    <title>Login Page</title>

</head>

<body>

    <h2>Login Page</h2>

    <ul>

<?php

    $repository = new TrustedIssuersRepository();

    $trustedIssuers = $repository->getTrustedIdentityProviderUrls();

    foreach ($trustedIssuers as $trustedIssuer) {

        $returnUrl = $_GET['returnUrl'];

        print_r('<li><a href="' . $trustedIssuer->getLoginUrl($returnUrl) . '">' . $trustedIssuer->displayName . '</a></li>');

    }

?>

    </ul>

</body>

</html>

phpSample/secureResource.php

/*-----------------------------------------------------------------------

    Copyright (c) Microsoft Corporation.  All rights reserved.

    Copyright 2012 Microsoft Corporation

    All rights reserved.

    Licensed under the Apache License, Version 2.0 (the "License");

    you may not use this file except in compliance with the License.

    You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

 THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,

 EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR

 CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR NON-INFRINGEMENT.

 See the Apache Version 2.0 License for specific language governing

 permissions and limitations under the License.

--------------------------------------------------------------------------- */

<?php

// uncomment this to display internal server errors.

// error_reporting(E_ALL);

// ini_set('display_errors', 'On');

ini_set('include_path', ini_get('include_path').';../../libraries/;');

require_once ('waad-federation/ConfigurableFederatedLoginManager.php');

session_start();

$token = $_POST['wresult'];

$loginManager = new ConfigurableFederatedLoginManager();

if (!$loginManager->isAuthenticated()) {

    if (isset ($token)) {

        try {

            $loginManager->authenticate($token);

        } catch (Exception $e) {

            print_r($e->getMessage());

        }

    } else {

        $returnUrl = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];

        header('Pragma: no-cache');

        header('Cache-Control: no-cache, must-revalidate');

        header("Location: https://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']) . "/login.php?returnUrl=" . $returnUrl, true, 302);

        exit();

    }

}

?>

phpSample/trustedIssuers.xml

<?xml version="1.0" encoding="UTF-8"?>

<issuers>

    <issuer name="awesomecomputers.onmicrosoft.com" displayName="Awesome Computers"

        realm="spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392@495c4a5e-38b7-49b9-a90f-4c0050b2d7f7" />

    <issuer name="treyresearchinc.onmicrosoft.com" displayName="Trey Research Inc."

        realm="spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392@13292593-4861-4847-8441-6da6751cfb86" />

</issuers>

参考资料

Single sign-on with Azure AD in PHPhttp://www.lewisroberts.com/2015/09/04/single-sign-on-with-azure-ad-in-php/

Azure/azure-sdk-for-php-sampleshttps://github.com/Azure/azure-sdk-for-php-samples

【Azure Developer】PHP网站使用AAD授权登录的参考示例的更多相关文章

  1. 在自己的网站上实现QQ授权登录

    最近在实现QQ授权登录,现将我的实现过程以及我的理解整理如下.以下所述如有不对之处,请指正. 官方提供的SDK有:JS,PHP,Java.我的网站使用Scala+Play搭建的,所以只能用JS SDk ...

  2. wap2app(五)-- 微信授权登录以及踩过的坑

    应用场景是:用Hbuilder打包app,在app中点击微信授权登录或者某一操作,调起微信授权登录,用户授权后拿到用户信息. 一.登录插件配置 先配置微信登录参数 appid和appsecret,在m ...

  3. VUE开发SPA之微信授权登录

    SPA单页应用中微信授权登录的一点思路 单页应用应该如何解决微信授权登录的尴尬跳转?后退无法返回?主要遇到的问题就是 先进入单页应用,一边渲染页面一边判断用户有没有登录,当判断到没有登录时异步数据请求 ...

  4. H5微信授权登录

    这里介绍H5微信授权登录,采用了微信公众号授权原理,是oauth2的登录授权方式,简单的来讲,就是用户通过手机微信确认登录之后,微信方会返回一个授权码code给回第三方(接入方),这个授权码code一 ...

  5. 【Azure Developer】Python代码通过AAD认证访问微软Azure密钥保管库(Azure Key Vault)中机密信息(Secret)

    关键字说明 什么是 Azure Active Directory?Azure Active Directory(Azure AD, AAD) 是 Microsoft 的基于云的标识和访问管理服务,可帮 ...

  6. 【Azure Developer】解决Azure Key Vault管理Storage的示例代码在中国区Azure遇见的各种认证/授权问题 - C# Example Code

    问题描述 使用Azure密钥保管库(Key Vault)来托管存储账号(Storage Account)密钥的示例中,从Github中下载的示例代码在中国区Azure运行时候会遇见各种认证和授权问题, ...

  7. 【Azure 应用服务】NodeJS Express + MSAL 应用实现AAD集成登录并部署在App Service Linux环境中的实现步骤

    问题描述 实现部署NodeJS Express应用在App Service Linux环境中,并且使用Microsoft Authentication  Library(MSAL)来实现登录Azure ...

  8. 微信授权登录-微信公众号和PC端网站

    https://blog.csdn.net/qq_34664239/article/details/79107529 一.微信公众号授权登录——微信公众平台 微信授权登录,并调用后台接口,获取用户信息 ...

  9. 小D课堂-SpringBoot 2.x微信支付在线教育网站项目实战_5-7.授权登录获取微信用户个人信息实战

    笔记 7.授权登录获取微信用户个人信息实战         简介:讲解使用授权码code获取用户个人信息接口 关键点:看微信文档,字段尽量用拷贝 1.通过code获取access_token      ...

  10. 【Azure Developer】使用Microsoft Graph API 批量创建用户,先后遇见的三个错误及解决办法

    问题描述 在先前的一篇博文中,介绍了如何使用Microsoft Graph API来创建Azure AD用户(博文参考:[Azure Developer]使用Microsoft Graph API 如 ...

随机推荐

  1. 在K8S中,Pod创建过程包括什么?

    在Kubernetes(K8s)中,Pod的创建过程通常包括以下步骤: 提交Pod定义: 用户通过kubectl命令行工具或者调用API Server接口,提交一个包含Pod配置信息的YAML或JSO ...

  2. 结构体定义及结构体粒度(alignment)

    结构体定义及结构体粒度(alignment) #pragma pack(1) typedef struct _STUDENT_INFORMATION_ { int Age; char v1; int ...

  3. TienChin 渠道管理-配置校验失败信息

    新建 ValidationMessages.properties: channel.name.notnull=渠道名称不能为空 channel.type.notnull=渠道类型不能为空 channe ...

  4. 遇到一个bug,组件不更新内容

    解决办法 当v-if的值发生变化时,组件都会被重新渲染一遍.因此,利用v-if指令的特性,可以达到强制刷新组件的目的. <template> <comp v-if="upd ...

  5. 【四】多智能体强化学习(MARL)近年研究概览 {Learning cooperation(协作学习)、Agents modeling agents(智能体建模)}

    相关文章: [一]最新多智能体强化学习方法[总结] [二]最新多智能体强化学习文章如何查阅{顶会:AAAI. ICML } [三]多智能体强化学习(MARL)近年研究概览 {Analysis of e ...

  6. 5.13 汇编语言:仿写For循环语句

    循环语句(for)是计算机编程中的一种基本控制结构,它允许程序按照指定的次数或范围重复执行一段代码块.for循环在处理需要进行迭代操作的情况下非常有用,它使得程序可以更加方便地控制循环的次数.一般来说 ...

  7. LeetCode刷题日记 2020/8/23

    题目描述 给定范围 [m, n],其中 0 <= m <= n <= 2147483647,返回此范围内所有数字的按位与(包含 m, n 两端点). 示例 1: 输入: [5,7] ...

  8. 零基础入门学习Java课堂笔记 ——day05

    面向对象(上) 面向过程:我打算列个计划表一步一步来 面向对象:我喜欢先分析分类,把复杂的问题简单化 1.什么是面向对象!!? 面向对象的本质就是:以类的方式组织代码,以对象的方式组织数据 封装 继承 ...

  9. 案例:推进GTID解决MySQL主主不同步问题

    之前文章介绍过MySQL修改lower_case_table_names参数,如果之前大写存储的表将无法识别,需要特殊处理. 最近遇到一例应用开发人员在修改这个参数之后,为了清除之前大写存储的表,做了 ...

  10. 蓝鲸:主机频繁提示“You have new mail in /var/spool/mail/root” 定位解决

    前些天安装蓝鲸的测试环境频繁出现You have new mail in /var/spool/mail/root,查看发现是/usr/local/gse/agent/bin/gsectl: line ...