doutan6286 2014-08-24 08:19 采纳率: 100%
浏览 1228
已采纳

在iFrame中自动登录

I have a website that I'm working on, It's something like a car sharing system, user-based. In some pages I'm using a iframe in the middle of the page to link to another website which is not in PHP (Liferay actually), so I found out it was the easiest way to include it. The problem is, everytime a user logs in, it doesn't auto login inside the iFrame as well. It's then necessary to do a second authentication which is a bit frustrating.

Here is the example pic:

https://www.diigo.com/item/image/4sr25/9ct1?size=o

As you can see, I'm logged in (check upper right corner), but the iframe still shows an authentication box instead of what's supposed to.

I thought about using javascript to auto login inside the iFrame, but I'm not sure what's the most secure way to do it, since we're talking about critical data.

Any idea?

Thank you in advance!

  • 写回答

2条回答 默认 最新

  • dt2002 2014-08-24 17:27
    关注

    Liferay supports external user databases (e.g. LDAP) and Single Sign On (SSO) systems. Thus, a good way to support a single log in for many different applications, is to embed an SSO system. Out of the box Liferay supports a lot of them and it's easy to implement support for more.

    One way to solve this is to use an external SSO system for your PHP application as well as for Liferay: In future you'd always sign on to that system and PHP as well as Liferay would need to interface with it.

    Another way, if your PHP system can't do this is to mimic an SSO system with your PHP application - e.g. have your application forward the user identity to Liferay the way any SSO system would do. Typically this can be through cookies if both servers share a domain. Also, you could do some redirects to known URLs (e.g. encrypt the user's identity in a URL) or have a server-side system that identifies the user and sets some HTTP headers for the following appservers (Liferay/PHP)

    How do you do this exactly? Is there anything already available? I fear that this is too complex an answer for this question - especially as I don't know how easy it would be to embed an existing SSO into your PHP application. That's an aspect that is quite important for the choice of strategy.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 画出的分类图不对,求解答一下
  • ¥20 springboot和springcloud版本问题
  • ¥15 ps2手柄控制树莓派小车
  • ¥30 C#:vsto powerpoint的外接程序
  • ¥30 stata将do文件代码转化为ado文件
  • ¥15 两个同维数组相比,不同位置、出现重复比无意义,而不同位置、不出现重复比,则有意义。把有意义的两个数组放入新的集合MK中。
  • ¥15 可以远程电脑安装nvm
  • ¥15 写一个可直接调用的函数,将32位有符号数转成另一个无符号的数
  • ¥15 CMAKE+VS2019+QT5.15.2组合进行二次编译
  • ¥15 nginx 配置静态html访问 ,后台登录时页面始终被重定向到登录页,无法访问到后台的静态html页