【Azure Developer】PHP网站使用AAD授权登录的参考示例
问题描述
如果有个PHP网站,需要使用AAD授权登录,有没有PHP代码实例 可供参考呢?
参考代码
参考一篇博文(Single sign-on with Azure AD in PHP),学习使用SSO的大体思路。如果对PHP很了解,可以参考Github中的Sample代码。
phpSample/federation.ini
federation.trustedissuers.issuer=https://accounts.accesscontrol.windows.net/v2/wsfederation federation.trustedissuers.thumbprint=3f5dfcdf4b3d0eab9ba49befb3cfd760da9cccf1 federation.trustedissuers.friendlyname=Awesome Computers federation.audienceuris=spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392 federation.realm=spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392@495c4a5e-38b7-49b9-a90f-4c0050b2d7f7 federation.reply=https://localhost/phpSample/index.php
phpSample/index.php
/*----------------------------------------------------------------------- Copyright (c) Microsoft Corporation. All rights reserved. Copyright 2012 Microsoft Corporation All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR NON-INFRINGEMENT. See the Apache Version 2.0 License for specific language governing permissions and limitations under the License. --------------------------------------------------------------------------- */ <?php require_once (dirname(__FILE__) . '/secureResource.php'); ?> <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Index Page</title> </head> <body> <h2>Index Page</h2> <h3>Welcome <strong><?php print_r($loginManager->getPrincipal()->getName()); ?></strong>!</h3> <h4>Claim list:</h4> <ul> <?php foreach ($loginManager->getClaims() as $claim) { print_r('<li>' . $claim->toString() . '</li>'); } ?> </ul> </body> </html>
phpSample/login.php
/*----------------------------------------------------------------------- Copyright (c) Microsoft Corporation. All rights reserved. Copyright 2012 Microsoft Corporation All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR NON-INFRINGEMENT. See the Apache Version 2.0 License for specific language governing permissions and limitations under the License. --------------------------------------------------------------------------- */ <?php // uncomment this to display internal server errors. //error_reporting(E_ALL); //ini_set('display_errors', 'On'); ini_set('include_path', ini_get('include_path').';../../libraries/;'); require_once ('waad-federation/TrustedIssuersRepository.php'); ?> <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Login Page</title> </head> <body> <h2>Login Page</h2> <ul> <?php $repository = new TrustedIssuersRepository(); $trustedIssuers = $repository->getTrustedIdentityProviderUrls(); foreach ($trustedIssuers as $trustedIssuer) { $returnUrl = $_GET['returnUrl']; print_r('<li><a href="' . $trustedIssuer->getLoginUrl($returnUrl) . '">' . $trustedIssuer->displayName . '</a></li>'); } ?> </ul> </body> </html>
phpSample/secureResource.php
/*----------------------------------------------------------------------- Copyright (c) Microsoft Corporation. All rights reserved. Copyright 2012 Microsoft Corporation All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR NON-INFRINGEMENT. See the Apache Version 2.0 License for specific language governing permissions and limitations under the License. --------------------------------------------------------------------------- */ <?php // uncomment this to display internal server errors. // error_reporting(E_ALL); // ini_set('display_errors', 'On'); ini_set('include_path', ini_get('include_path').';../../libraries/;'); require_once ('waad-federation/ConfigurableFederatedLoginManager.php'); session_start(); $token = $_POST['wresult']; $loginManager = new ConfigurableFederatedLoginManager(); if (!$loginManager->isAuthenticated()) { if (isset ($token)) { try { $loginManager->authenticate($token); } catch (Exception $e) { print_r($e->getMessage()); } } else { $returnUrl = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; header('Pragma: no-cache'); header('Cache-Control: no-cache, must-revalidate'); header("Location: https://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']) . "/login.php?returnUrl=" . $returnUrl, true, 302); exit(); } } ?>
phpSample/trustedIssuers.xml
<?xml version="1.0" encoding="UTF-8"?> <issuers> <issuer name="awesomecomputers.onmicrosoft.com" displayName="Awesome Computers" realm="spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392@495c4a5e-38b7-49b9-a90f-4c0050b2d7f7" /> <issuer name="treyresearchinc.onmicrosoft.com" displayName="Trey Research Inc." realm="spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392@13292593-4861-4847-8441-6da6751cfb86" /> </issuers>
参考资料
Single sign-on with Azure AD in PHP : http://www.lewisroberts.com/2015/09/04/single-sign-on-with-azure-ad-in-php/
当在复杂的环境中面临问题,格物之道需:浊而静之徐清,安以动之徐生。 云中,恰是如此!
