cas 登录之后不跳转_thinkphp如何实现单点登录

一、前提：CAS服务器搭建完成

这个不是本次的重点，不多讲。传送门：https://blog.csdn.net/u013825231/article/details/79132399

二、下载phpCAS客户端

php客户端下载：https://github.com/apereo/phpCAS

php客户端配置的注意事项等内容：https://apereo.atlassian.net/wiki/spaces/CASC/pages/103252517/phpCAS

php客户端的要求：https://apereo.atlassian.net/wiki/spaces/CASC/pages/103252625/phpCAS+requirements

注意:php配置文件php.ini需要开启php_curl，找到 ;extension=php_curl.dll ,将该句前面的分号去掉即可,改为 extension=php_curl.dll

三、thinkphp5引入phpCAS类库

1.下载好的phpCAS客户端文件结构。

相关推荐：《ThinkPHP教程》

2. 把source文件夹复制到thinphp5下的extend文件夹下，并重命名为：phpCAS

3. config.php文件的配置

// The purpose of this central config file is configuring all examples

// in one place with minimal work for your working environment

// Just configure all the items in this config according to your environment

// and rename the file to config.php

$phpcas_path = 'phpCAS/';

///

// Basic Config of the phpCAS client //

///

$client_domain = 'localhost'; // 客户端 domain

$client_path = 'afschool';

$client_secure = false;

$client_httpOnly = true;

$client_lifetime = 0;

// Full Hostname of your CAS Server 服务器主机

$cas_host = 'cas.example.com';

// Context of the CAS Server

$cas_context = '/cas';

// Port of your CAS server. Normally for a https server it's 443

$cas_port = 443;

// Path to the ca chain that issued the cas server certificate

$cas_server_ca_cert_path = '/path/to/cachain.pem';

//

// Advanced Config for special purposes //

//

// The "real" hosts of clustered cas server that send SAML logout messages

// Assumes the cas server is load balanced across multiple hosts

$cas_real_hosts = array (

'cas-real-1.example.com',

'cas-real-2.example.com'

);

// Database config for PGT Storage

$db = 'pgsql:host=localhost;dbname=phpcas';

//$db = 'mysql:host=localhost;dbname=phpcas';

$db_user = 'phpcasuser';

$db_password = 'mysupersecretpass';

$db_table = 'phpcastabel';

///

// End Configuration -- Don't edit below //

///

// Generating the URLS for the local cas example services for proxy testing

if ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on'){

$curbase = 'https://'.$_SERVER['SERVER_NAME'];

}else{

$curbase = 'http://'.$_SERVER['SERVER_NAME'];

}

if ($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443)

$curbase .= ':'.$_SERVER['SERVER_PORT'];

$curdir = dirname($_SERVER['REQUEST_URI'])."/";

// CAS client nodes for rebroadcasting pgtIou/pgtId and logoutRequest

$rebroadcast_node_1 = 'http://cas-client-1.example.com';

$rebroadcast_node_2 = 'http://cas-client-2.example.com';

// access to a single service

$serviceUrl = $curbase.$curdir.'example_service.php';

// access to a second service

$serviceUrl2 = $curbase.$curdir.'example_service_that_proxies.php';

$pgtBase = preg_quote(preg_replace('/^http:/', 'https:', $curbase.$curdir),'/');

$pgtUrlRegexp = '/^'.$pgtBase.'.*$/';

$cas_url = 'https://'.$cas_host;

if ($cas_port != '443')

{

$cas_url = $cas_url.':'.$cas_port;

}

$cas_url = $cas_url.$cas_context;

// Set the session-name to be unique to the current script so that the client script

// doesn't share its session with a proxied script.

// This is just useful when running the example code, but not normally.

session_name('session_for:'.preg_replace('/[^a-z0-9-]/i', '_', basename($_SERVER['SCRIPT_NAME'])));

?>

4. 因为本人请求单点登录的服务器是http认证的，不是https，需要修改CAS/client.php,将其中的https改为http(刚开始没有修改client.php这个文件，总是使用https认证，所以请求失败)

5. 把CAS类库文件夹的同级文件CAS.php，重命名为phpCAS.php

修改成

6. 登录的控制器方法为：

namespace appindexcontroller;

use thinkDb;

use thinkLoader;

class Index extends hinkController

{

public function login()

{

// Example for a simple client

// Load the settings from the central config file

require './extend/config.php';

// Loader::import('config.php',EXTEND_PATH);

// Load the CAS lib

//直接引入phpCAS扩展库下的类文件phpCAS.php

Loader::import('phpCASphpCAS',EXTEND_PATH);

//直接引入库文件需要实例化类

$phpCAS = new phpCAS();

// Uncomment to enable debugging

$phpCAS->setDebug();

// Initialize phpCAS

$phpCAS->client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context);

// For quick testing you can disable SSL validation of the CAS server.

// THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION.

// VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL!

$phpCAS->setNoCasServerValidation();

//这里会检测服务器端的退出的通知，就能实现php和其他语言平台间同步登出了

$phpCAS->handleLogoutRequests();

//访问CAS的验证通过后，跳转到网页

if($phpCAS->forceAuthentication()){

echo "";

};

}

}

最后访问这个登录的方法，完成单点登录的页面跳转！