使用PHP处理CAS登录(从JSP迁移)

背景:</ strong> </ p>

我们目前有一个 使用JSP的全功能CAS实现,但希望将其迁移到PHP实现。</ p>

目前,我们有一个中央CAS服务器,用于对用户进行身份验证并将其重定向到登录页面(在JSP中) 然后,它获取其身份验证数据并将其传递给第三方应用程序。</ p>

在此JSP中,我们使用以下代码段来检索用户的数据</ p>
\ n

 字符串usr = request.getParameter(“id”); 
String nid = session.getAttribute(“netid”);
</ code> </ pre>

< strong>问题</ strong> </ p>

如何使用PHP检索此信息?</ p>

我尝试过:</ p>
\ ñ


  • $ _ GET </ LI>
  • $ _ POST </ LI>
  • $ _ REQUEST </ LI>
  • $ _ SESSION </ LI>
    </ ul>

    以及更多。</ p>

    我觉得我可能需要安装phpCAS才能这样做,但不想这样做,除非 绝对必要。</ p>

    谢谢 你的时间。</ p>
    </ div>

展开原文

原文

Background:

We currently have a fully functional CAS implementation using JSP, but want to migrate it to a PHP implementation.

Currently, we have a central CAS server that authenticates the user and redirects them to a landing page(in JSP), which then takes their authentication data and passes it onto a third-party-application.

In this JSP we use the following snippet to retrieve the user's data

String usr = request.getParameter("id");
String nid = session.getAttribute("netid");

Question

How do I retrieve this information using PHP?

I have tried doing:

  • $_GET
  • $_POST
  • $_REQUEST
  • $_SESSION

and more.

I have a feeling that I may need to install phpCAS in order to do this, but do not want to do so unless absolutely necessary.

Thank you for your time.

1个回答



CAS服务票证的每个消费者都需要能够验证令牌,解析响应等等。看起来你好像是 目前正在使用一些基于JSP的CAS客户端为您做的工作? (可能是耶鲁的,因为Jasig没有处理JSP)。 如果要将客户端切换到非JSP / Java应用程序,而不是PHP应用程序,最好的选择是使用phpCAS保护该页面/客户端应用程序。 phpCAS将截取url中的票证,对CAS服务器进行验证并设置相应的会话变量。</ p>

这是一个简单的phpCAS实例:
https://github.com/Jasig/phpCAS/blob/master/docs/examples/example_simple .php </ p>

或者,您可以编写自己的拦截/验证/解析代码,但由于这是一个安全产品,我建议使用一个众所周知的/测试过的 客户。</ p>
</ div>

展开原文

原文

Every consumer of a CAS service ticket needs to be able to validate a token, parse the response, etc. It seems like you're currently using some JSP-based CAS client which is doing the work for you? (possibly Yale's, as the Jasig one does not deal with JSP). If you want to switch your client to a non-JSP/Java application, but to a PHP one, your best option is to protect that page/client application with phpCAS. phpCAS will intercept the ticket in the url, validate it against the CAS server and set the appropriate session variables.

Here's a simple example of phpCAS in action: https://github.com/Jasig/phpCAS/blob/master/docs/examples/example_simple.php

Alternatively, you can write your own interception/validation/parsing code, but since this is a security product, I recommend using one of the well-known/tested clients.

doormen2014
doormen2014 谢谢! 需要phpCAS。
7 年多之前 回复
Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问
相关内容推荐