dongmu9253
dongmu9253
2013-05-21 17:28
浏览 71
已采纳

使用PHP处理CAS登录(从JSP迁移)

Background:

We currently have a fully functional CAS implementation using JSP, but want to migrate it to a PHP implementation.

Currently, we have a central CAS server that authenticates the user and redirects them to a landing page(in JSP), which then takes their authentication data and passes it onto a third-party-application.

In this JSP we use the following snippet to retrieve the user's data

String usr = request.getParameter("id");
String nid = session.getAttribute("netid");

Question

How do I retrieve this information using PHP?

I have tried doing:

  • $_GET
  • $_POST
  • $_REQUEST
  • $_SESSION

and more.

I have a feeling that I may need to install phpCAS in order to do this, but do not want to do so unless absolutely necessary.

Thank you for your time.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • doufuhao0566
    doufuhao0566 2013-05-22 02:35
    已采纳

    Every consumer of a CAS service ticket needs to be able to validate a token, parse the response, etc. It seems like you're currently using some JSP-based CAS client which is doing the work for you? (possibly Yale's, as the Jasig one does not deal with JSP). If you want to switch your client to a non-JSP/Java application, but to a PHP one, your best option is to protect that page/client application with phpCAS. phpCAS will intercept the ticket in the url, validate it against the CAS server and set the appropriate session variables.

    Here's a simple example of phpCAS in action: https://github.com/Jasig/phpCAS/blob/master/docs/examples/example_simple.php

    Alternatively, you can write your own interception/validation/parsing code, but since this is a security product, I recommend using one of the well-known/tested clients.

    点赞 评论

相关推荐