问题描述

如果有个PHP网站,需要使用AAD授权登录,有没有PHP代码实例 可供参考呢?

 

参考代码

参考一篇博文(Single sign-on with Azure AD in PHP),学习使用SSO的大体思路。如果对PHP很了解,可以参考Github中的Sample代码。

 

 

 

phpSample/federation.ini

federation.trustedissuers.issuer=https://accounts.accesscontrol.windows.net/v2/wsfederation

federation.trustedissuers.thumbprint=3f5dfcdf4b3d0eab9ba49befb3cfd760da9cccf1

federation.trustedissuers.friendlyname=Awesome Computers

federation.audienceuris=spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392

federation.realm=spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392@495c4a5e-38b7-49b9-a90f-4c0050b2d7f7

federation.reply=https://localhost/phpSample/index.php

phpSample/index.php 

/*-----------------------------------------------------------------------

Copyright (c) Microsoft Corporation. All rights reserved.

Copyright 2012 Microsoft Corporation

All rights reserved.

Licensed under the Apache License, Version 2.0 (the "License");

you may not use this file except in compliance with the License.

You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,

EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR

CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR NON-INFRINGEMENT.

See the Apache Version 2.0 License for specific language governing

permissions and limitations under the License.

--------------------------------------------------------------------------- */

require_once (dirname(__FILE__) . '/secureResource.php');

?>

Index Page

Index Page

Welcome getPrincipal()->getName()); ?>!

Claim list:

    foreach ($loginManager->getClaims() as $claim) {

    print_r('

  • ' . $claim->toString() . '
    • ');

    }

    ?>

 

phpSample/login.php

/*-----------------------------------------------------------------------

Copyright (c) Microsoft Corporation. All rights reserved.

Copyright 2012 Microsoft Corporation

All rights reserved.

Licensed under the Apache License, Version 2.0 (the "License");

you may not use this file except in compliance with the License.

You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,

EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR

CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR NON-INFRINGEMENT.

See the Apache Version 2.0 License for specific language governing

permissions and limitations under the License.

--------------------------------------------------------------------------- */

// uncomment this to display internal server errors.

//error_reporting(E_ALL);

//ini_set('display_errors', 'On');

ini_set('include_path', ini_get('include_path').';../../libraries/;');

require_once ('waad-federation/TrustedIssuersRepository.php');

?>

Login Page

Login Page

    $repository = new TrustedIssuersRepository();

    $trustedIssuers = $repository->getTrustedIdentityProviderUrls();

    foreach ($trustedIssuers as $trustedIssuer) {

    $returnUrl = $_GET['returnUrl'];

    print_r('

  • ' . $trustedIssuer->displayName . '
    • ');

    }

    ?>

 

phpSample/secureResource.php 

/*-----------------------------------------------------------------------

Copyright (c) Microsoft Corporation. All rights reserved.

Copyright 2012 Microsoft Corporation

All rights reserved.

Licensed under the Apache License, Version 2.0 (the "License");

you may not use this file except in compliance with the License.

You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,

EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR

CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR NON-INFRINGEMENT.

See the Apache Version 2.0 License for specific language governing

permissions and limitations under the License.

--------------------------------------------------------------------------- */

// uncomment this to display internal server errors.

// error_reporting(E_ALL);

// ini_set('display_errors', 'On');

ini_set('include_path', ini_get('include_path').';../../libraries/;');

require_once ('waad-federation/ConfigurableFederatedLoginManager.php');

session_start();

$token = $_POST['wresult'];

$loginManager = new ConfigurableFederatedLoginManager();

if (!$loginManager->isAuthenticated()) {

if (isset ($token)) {

try {

$loginManager->authenticate($token);

} catch (Exception $e) {

print_r($e->getMessage());

}

} else {

$returnUrl = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];

header('Pragma: no-cache');

header('Cache-Control: no-cache, must-revalidate');

header("Location: https://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']) . "/login.php?returnUrl=" . $returnUrl, true, 302);

exit();

}

}

?>

 

phpSample/trustedIssuers.xml

realm="spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392@495c4a5e-38b7-49b9-a90f-4c0050b2d7f7" />

realm="spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392@13292593-4861-4847-8441-6da6751cfb86" />

 

 

参考资料

Single sign-on with Azure AD in PHP : http://www.lewisroberts.com/2015/09/04/single-sign-on-with-azure-ad-in-php/

Azure/azure-sdk-for-php-samples : https://github.com/Azure/azure-sdk-for-php-samples

文章来源

评论可见,请评论后查看内容,谢谢!!!评论后请刷新页面。