![7ff0c626164575990056efcc774a8cb7.png](https://img-blog.csdnimg.cn/img_convert/7ff0c626164575990056efcc774a8cb7.png)
一、前提:CAS服务器搭建完成
这个不是本次的重点,不多讲。传送门:https://blog.csdn.net/u013825231/article/details/79132399
二、下载phpCAS客户端
php客户端下载:https://github.com/apereo/phpCAS
php客户端配置的注意事项等内容:https://apereo.atlassian.net/wiki/spaces/CASC/pages/103252517/phpCAS
php客户端的要求:https://apereo.atlassian.net/wiki/spaces/CASC/pages/103252625/phpCAS+requirements
注意:php配置文件php.ini需要开启php_curl,找到 ;extension=php_curl.dll ,将该句前面的分号去掉即可,改为 extension=php_curl.dll
三、thinkphp5引入phpCAS类库
1.下载好的phpCAS客户端文件结构。
![15f297cf89764f340ca0dbd12dde030a.png](https://img-blog.csdnimg.cn/img_convert/15f297cf89764f340ca0dbd12dde030a.png)
相关推荐:《ThinkPHP教程》
2. 把source文件夹复制到thinphp5下的extend文件夹下,并重命名为:phpCAS
![960e3882c99f62e6063857d3a4d39f53.png](https://img-blog.csdnimg.cn/img_convert/960e3882c99f62e6063857d3a4d39f53.png)
![2f15597a1517ce8dcfdf13abbf81451d.png](https://img-blog.csdnimg.cn/img_convert/2f15597a1517ce8dcfdf13abbf81451d.png)
3. config.php文件的配置
// The purpose of this central config file is configuring all examples
// in one place with minimal work for your working environment
// Just configure all the items in this config according to your environment
// and rename the file to config.php
$phpcas_path = 'phpCAS/';
///
// Basic Config of the phpCAS client //
///
$client_domain = 'localhost'; // 客户端 domain
$client_path = 'afschool';
$client_secure = false;
$client_httpOnly = true;
$client_lifetime = 0;
// Full Hostname of your CAS Server 服务器主机
$cas_host = 'cas.example.com';
// Context of the CAS Server
$cas_context = '/cas';
// Port of your CAS server. Normally for a https server it's 443
$cas_port = 443;
// Path to the ca chain that issued the cas server certificate
$cas_server_ca_cert_path = '/path/to/cachain.pem';
//
// Advanced Config for special purposes //
//
// The "real" hosts of clustered cas server that send SAML logout messages
// Assumes the cas server is load balanced across multiple hosts
$cas_real_hosts = array (
'cas-real-1.example.com',
'cas-real-2.example.com'
);
// Database config for PGT Storage
$db = 'pgsql:host=localhost;dbname=phpcas';
//$db = 'mysql:host=localhost;dbname=phpcas';
$db_user = 'phpcasuser';
$db_password = 'mysupersecretpass';
$db_table = 'phpcastabel';
///
// End Configuration -- Don't edit below //
///
// Generating the URLS for the local cas example services for proxy testing
if ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on'){
$curbase = 'https://'.$_SERVER['SERVER_NAME'];
}else{
$curbase = 'http://'.$_SERVER['SERVER_NAME'];
}
if ($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443)
$curbase .= ':'.$_SERVER['SERVER_PORT'];
$curdir = dirname($_SERVER['REQUEST_URI'])."/";
// CAS client nodes for rebroadcasting pgtIou/pgtId and logoutRequest
$rebroadcast_node_1 = 'http://cas-client-1.example.com';
$rebroadcast_node_2 = 'http://cas-client-2.example.com';
// access to a single service
$serviceUrl = $curbase.$curdir.'example_service.php';
// access to a second service
$serviceUrl2 = $curbase.$curdir.'example_service_that_proxies.php';
$pgtBase = preg_quote(preg_replace('/^http:/', 'https:', $curbase.$curdir),'/');
$pgtUrlRegexp = '/^'.$pgtBase.'.*$/';
$cas_url = 'https://'.$cas_host;
if ($cas_port != '443')
{
$cas_url = $cas_url.':'.$cas_port;
}
$cas_url = $cas_url.$cas_context;
// Set the session-name to be unique to the current script so that the client script
// doesn't share its session with a proxied script.
// This is just useful when running the example code, but not normally.
session_name('session_for:'.preg_replace('/[^a-z0-9-]/i', '_', basename($_SERVER['SCRIPT_NAME'])));
?>
4. 因为本人请求单点登录的服务器是http认证的,不是https,需要修改CAS/client.php,将其中的https改为http(刚开始没有修改client.php这个文件,总是使用https认证,所以请求失败)
5. 把CAS类库文件夹的同级文件CAS.php,重命名为phpCAS.php
![2aa3be0e0c4c63be2b88c5ef7e332bc7.png](https://img-blog.csdnimg.cn/img_convert/2aa3be0e0c4c63be2b88c5ef7e332bc7.png)
修改成
![f414e55cf70f13d9a14409b1c17dd4b2.png](https://img-blog.csdnimg.cn/img_convert/f414e55cf70f13d9a14409b1c17dd4b2.png)
6. 登录的控制器方法为:
namespace appindexcontroller;
use thinkDb;
use thinkLoader;
class Index extends hinkController
{
public function login()
{
// Example for a simple client
// Load the settings from the central config file
require './extend/config.php';
// Loader::import('config.php',EXTEND_PATH);
// Load the CAS lib
//直接引入phpCAS扩展库下的类文件phpCAS.php
Loader::import('phpCASphpCAS',EXTEND_PATH);
//直接引入库文件需要实例化类
$phpCAS = new phpCAS();
// Uncomment to enable debugging
$phpCAS->setDebug();
// Initialize phpCAS
$phpCAS->client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context);
// For quick testing you can disable SSL validation of the CAS server.
// THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION.
// VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL!
$phpCAS->setNoCasServerValidation();
//这里会检测服务器端的退出的通知,就能实现php和其他语言平台间同步登出了
$phpCAS->handleLogoutRequests();
//访问CAS的验证通过后,跳转到网页
if($phpCAS->forceAuthentication()){
echo "";
};
}
}
最后访问这个登录的方法,完成单点登录的页面跳转!