问题描述

如果有个PHP网站,需要使用AAD授权登录,有没有PHP代码实例 可供参考呢?

参考代码

参考一篇博文(Single sign-on with Azure AD in PHP),学习使用SSO的大体思路。如果对PHP很了解,可以参考Github中的Sample代码。

phpSample/federation.ini

federation.trustedissuers.issuer=https://accounts.accesscontrol.windows.net/v2/wsfederation

federation.trustedissuers.thumbprint=3f5dfcdf4b3d0eab9ba49befb3cfd760da9cccf1

federation.trustedissuers.friendlyname=Awesome Computers

federation.audienceuris=spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392

federation.realm=spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392@495c4a5e-38b7-49b9-a90f-4c0050b2d7f7

federation.reply=https://localhost/phpSample/index.php

phpSample/index.php

/*-----------------------------------------------------------------------

    Copyright (c) Microsoft Corporation.  All rights reserved.

    Copyright 2012 Microsoft Corporation

    All rights reserved.

    Licensed under the Apache License, Version 2.0 (the "License");

    you may not use this file except in compliance with the License.

    You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

 THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,

 EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR

 CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR NON-INFRINGEMENT.

 See the Apache Version 2.0 License for specific language governing

 permissions and limitations under the License.

--------------------------------------------------------------------------- */

<?php

require_once (dirname(__FILE__) . '/secureResource.php');

?>

<!DOCTYPE html>

<html>

<head>

    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

    <title>Index Page</title>

</head>

<body>

    <h2>Index Page</h2>

    <h3>Welcome <strong><?php print_r($loginManager->getPrincipal()->getName()); ?></strong>!</h3>

    <h4>Claim list:</h4>

    <ul>

<?php

    foreach ($loginManager->getClaims() as $claim) {

        print_r('<li>' . $claim->toString() . '</li>');

    }

?>

    </ul>

</body>

</html>

phpSample/login.php

/*-----------------------------------------------------------------------

    Copyright (c) Microsoft Corporation.  All rights reserved.

    Copyright 2012 Microsoft Corporation

    All rights reserved.

    Licensed under the Apache License, Version 2.0 (the "License");

    you may not use this file except in compliance with the License.

    You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

 THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,

 EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR

 CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR NON-INFRINGEMENT.

 See the Apache Version 2.0 License for specific language governing

 permissions and limitations under the License.

--------------------------------------------------------------------------- */

<?php

// uncomment this to display internal server errors.

//error_reporting(E_ALL);

//ini_set('display_errors', 'On');

ini_set('include_path', ini_get('include_path').';../../libraries/;');

require_once ('waad-federation/TrustedIssuersRepository.php');

?>

<!DOCTYPE html>

<html>

<head>

    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

    <title>Login Page</title>

</head>

<body>

    <h2>Login Page</h2>

    <ul>

<?php

    $repository = new TrustedIssuersRepository();

    $trustedIssuers = $repository->getTrustedIdentityProviderUrls();

    foreach ($trustedIssuers as $trustedIssuer) {

        $returnUrl = $_GET['returnUrl'];

        print_r('<li><a href="' . $trustedIssuer->getLoginUrl($returnUrl) . '">' . $trustedIssuer->displayName . '</a></li>');

    }

?>

    </ul>

</body>

</html>

phpSample/secureResource.php

/*-----------------------------------------------------------------------

    Copyright (c) Microsoft Corporation.  All rights reserved.

    Copyright 2012 Microsoft Corporation

    All rights reserved.

    Licensed under the Apache License, Version 2.0 (the "License");

    you may not use this file except in compliance with the License.

    You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

 THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,

 EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR

 CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR NON-INFRINGEMENT.

 See the Apache Version 2.0 License for specific language governing

 permissions and limitations under the License.

--------------------------------------------------------------------------- */

<?php

// uncomment this to display internal server errors.

// error_reporting(E_ALL);

// ini_set('display_errors', 'On');

ini_set('include_path', ini_get('include_path').';../../libraries/;');

require_once ('waad-federation/ConfigurableFederatedLoginManager.php');

session_start();

$token = $_POST['wresult'];

$loginManager = new ConfigurableFederatedLoginManager();

if (!$loginManager->isAuthenticated()) {

    if (isset ($token)) {

        try {

            $loginManager->authenticate($token);

        } catch (Exception $e) {

            print_r($e->getMessage());

        }

    } else {

        $returnUrl = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];

        header('Pragma: no-cache');

        header('Cache-Control: no-cache, must-revalidate');

        header("Location: https://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']) . "/login.php?returnUrl=" . $returnUrl, true, 302);

        exit();

    }

}

?>

phpSample/trustedIssuers.xml

<?xml version="1.0" encoding="UTF-8"?>

<issuers>

    <issuer name="awesomecomputers.onmicrosoft.com" displayName="Awesome Computers"

        realm="spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392@495c4a5e-38b7-49b9-a90f-4c0050b2d7f7" />

    <issuer name="treyresearchinc.onmicrosoft.com" displayName="Trey Research Inc."

        realm="spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392@13292593-4861-4847-8441-6da6751cfb86" />

</issuers>

参考资料

Single sign-on with Azure AD in PHPhttp://www.lewisroberts.com/2015/09/04/single-sign-on-with-azure-ad-in-php/

Azure/azure-sdk-for-php-sampleshttps://github.com/Azure/azure-sdk-for-php-samples

【Azure Developer】PHP网站使用AAD授权登录的参考示例的更多相关文章

  1. 在自己的网站上实现QQ授权登录

    最近在实现QQ授权登录,现将我的实现过程以及我的理解整理如下.以下所述如有不对之处,请指正. 官方提供的SDK有:JS,PHP,Java.我的网站使用Scala+Play搭建的,所以只能用JS SDk ...

  2. wap2app(五)-- 微信授权登录以及踩过的坑

    应用场景是:用Hbuilder打包app,在app中点击微信授权登录或者某一操作,调起微信授权登录,用户授权后拿到用户信息. 一.登录插件配置 先配置微信登录参数 appid和appsecret,在m ...

  3. VUE开发SPA之微信授权登录

    SPA单页应用中微信授权登录的一点思路 单页应用应该如何解决微信授权登录的尴尬跳转?后退无法返回?主要遇到的问题就是 先进入单页应用,一边渲染页面一边判断用户有没有登录,当判断到没有登录时异步数据请求 ...

  4. H5微信授权登录

    这里介绍H5微信授权登录,采用了微信公众号授权原理,是oauth2的登录授权方式,简单的来讲,就是用户通过手机微信确认登录之后,微信方会返回一个授权码code给回第三方(接入方),这个授权码code一 ...

  5. 【Azure Developer】Python代码通过AAD认证访问微软Azure密钥保管库(Azure Key Vault)中机密信息(Secret)

    关键字说明 什么是 Azure Active Directory?Azure Active Directory(Azure AD, AAD) 是 Microsoft 的基于云的标识和访问管理服务,可帮 ...

  6. 【Azure Developer】解决Azure Key Vault管理Storage的示例代码在中国区Azure遇见的各种认证/授权问题 - C# Example Code

    问题描述 使用Azure密钥保管库(Key Vault)来托管存储账号(Storage Account)密钥的示例中,从Github中下载的示例代码在中国区Azure运行时候会遇见各种认证和授权问题, ...

  7. 【Azure 应用服务】NodeJS Express + MSAL 应用实现AAD集成登录并部署在App Service Linux环境中的实现步骤

    问题描述 实现部署NodeJS Express应用在App Service Linux环境中,并且使用Microsoft Authentication  Library(MSAL)来实现登录Azure ...

  8. 微信授权登录-微信公众号和PC端网站

    https://blog.csdn.net/qq_34664239/article/details/79107529 一.微信公众号授权登录——微信公众平台 微信授权登录,并调用后台接口,获取用户信息 ...

  9. 小D课堂-SpringBoot 2.x微信支付在线教育网站项目实战_5-7.授权登录获取微信用户个人信息实战

    笔记 7.授权登录获取微信用户个人信息实战         简介:讲解使用授权码code获取用户个人信息接口 关键点:看微信文档,字段尽量用拷贝 1.通过code获取access_token      ...

  10. 【Azure Developer】使用Microsoft Graph API 批量创建用户,先后遇见的三个错误及解决办法

    问题描述 在先前的一篇博文中,介绍了如何使用Microsoft Graph API来创建Azure AD用户(博文参考:[Azure Developer]使用Microsoft Graph API 如 ...

随机推荐

  1. ABP系列文章收藏

    1.ASP.NET样板开发框架ABP系列之ABP入门教程详解: https://www.php.cn/csharp-article-380181.html 2.官网中文翻译:  https://www ...

  2. 手撕Vue-Router-实现router-view

    前言 在上一篇 [手撕Vue-Router-实现router-link] 中,我们实现了 router-link 组件,这一篇我们来实现 router-view 组件. 实现思路 router-vie ...

  3. Flowable-UI

    Flowable-UI 安装 手把手教大家画了这样一个流程图,虽然说它不是特别好用,但是也不是不能用,也能用.好了,那么接下来的话,我们这个就先告一个段落,接下来我要跟大家说的第二个东西的话,就是另外 ...

  4. C# 使用正则表达式

    在C#中,可以使用正则表达式来处理文本字符串.正则表达式是一种特殊的文本模式,用于匹配和搜索字符串.它可以识别特定模式,如邮箱地址.电话号码.网址等.正则表达式是C#中常用的一种文本处理技术,使用它可 ...

  5. 《Spring 手撸专栏》| 开篇介绍,我要带新人撸 Spring 啦!

    作者:小傅哥 博客:https://bugstack.cn 沉淀.分享.成长,让自己和他人都能有所收获! 一.前言 不正经!写写面经,去撸Spring源码啦? 是的,在写了4篇关于Spring核心源码 ...

  6. (python)每日代码||2024.1.27||类方法与实例方法

    class test(): aaa = 111 bbb = 222 ccc = 333 @classmethod def cm(cls): cls.aaa="***" def im ...

  7. 零基础入门Vue之影分身之术——列表渲染&渲染原理浅析

    听我说 从 条件渲染 那一篇,我学习到了如何用Vue对dom节点根据条件显示 但单单有条件还不够啊,有时候数据是一大坨一大坨的数据,如果Vue不提供咱要么使用"v-html" 要么 ...

  8. 小知识:MySQL配置文件优先级

    今天在RHEL7上,严格按之前的安装规范文档,部署MySQL环境时,发现通过服务的方式启动MySQL失败: 关键错误是: log-error set to '/var/log/mariadb/mari ...

  9. maven 私服 500 错误 nexus

    扩大了硬盘就好了

  10. 如何在Windows端安装scala

    一.首先确保jdk安装成功   首先在安装之前,确保本地已经安装了JDK1.5以上的版本,在此安装的是1.8版本.并且已经设置了JAVA_HOME 环境变量及JDK的bin目录. 1.新建JAVA_H ...