PHP OpenSSO 身份验证

发布于 2024-09-14 02:19:14 字数 1532 浏览 4 评论 0原文

我们目前正在实施新的 OpenSSO 服务器。该服务器与 Web 服务器位于不同的服务器上，并且我在 PHP Web 服务器上进行身份验证时遇到问题。

使用 openSSO 令牌设置的 cookie 称为 iPlanetDirectoryPro。这是从 authServer.company.com 设置的。我需要从 webserver.company.com 读取此内容，然后将 HTTPRequest 发送到 authserver.company.com 以检索该 OpenSSO 令牌的属性。

目前我的代码看起来像这样，但它不起作用，我怀疑是由于没有正确读取 cookie。

$url = 'http://authServer.company.com:8080/opensso/identity/attributes';
$r = new HttpRequest();
$r->setURL($url);
$r->setMethod(HTTP_METH_POST);
$valarray = array(
    'Host' => 'authServer.company.com',
    'Content-Type' => 'application/x-www-form-urlencoded',
    'Cookie' => "iPlanetDirectoryPro=$_COOKIE[iPlanetDirectoryPro]"
    );
$r->addHeaders($valarray);
var_dump($r);
var_dump($valarray);
#
# request
#
print "<br/>";
print "<b>what i'm saying to the server</b>";
print "<pre>";
#print "iPlanetDirectoryPro cookie: $_COOKIE[iPlanetDirectoryPro]";
print $r->getRawRequestMessage();
print "</pre>";

print "iPlanetDirectoryPro cookie: $_COOKIE[iPlanetDirectoryPro]";
$r->send();

#
# response
#
print "<b>what the server is telling me</b>";
print "<pre>";
$response_body = $r->getResponseBody();
print $response_body;
print "</pre>";

对此有什么想法吗？我是否以错误的方式处理这件事？

更新 - 所以我发现的底线是服务器根本无法读取 cookie，因为它来自另一台服务器。作为一项工作，我实现了一个 REST API，允许用户从网络服务器提交登录页面。它发送到 AuthServer，后者返回响应。响应通常应该是一个令牌，除非它无效。如果它是令牌，则会创建一个包含令牌的新 cookie，以便应用程序可以使用该令牌与 authserver 进行通信，但 cookie 驻留在 webservers 域下

原文

We are currently implementing a new OpenSSO Server. The server is on a different server from the web server and I am having trouble getting authentication to occur on our PHP Web server.

The cookie set with the openSSO Token is called iPlanetDirectoryPro. This is set from authServer.company.com . I need to read this from webserver.company.com and then send an HTTPRequest to the authserver.company.com to retrieve the attributes for that OpenSSO Token.

Currently my code looks like this but it isn't working, I suspect due to not correctly reading the cookie.

$url = 'http://authServer.company.com:8080/opensso/identity/attributes';
$r = new HttpRequest();
$r->setURL($url);
$r->setMethod(HTTP_METH_POST);
$valarray = array(
    'Host' => 'authServer.company.com',
    'Content-Type' => 'application/x-www-form-urlencoded',
    'Cookie' => "iPlanetDirectoryPro=$_COOKIE[iPlanetDirectoryPro]"
    );
$r->addHeaders($valarray);
var_dump($r);
var_dump($valarray);
#
# request
#
print "<br/>";
print "<b>what i'm saying to the server</b>";
print "<pre>";
#print "iPlanetDirectoryPro cookie: $_COOKIE[iPlanetDirectoryPro]";
print $r->getRawRequestMessage();
print "</pre>";

print "iPlanetDirectoryPro cookie: $_COOKIE[iPlanetDirectoryPro]";
$r->send();

#
# response
#
print "<b>what the server is telling me</b>";
print "<pre>";
$response_body = $r->getResponseBody();
print $response_body;
print "</pre>";

Any ideas about this? Am I going about this in the wrong way?

Update - So the bottom line I found was the server simply couldn't read the cookie as it was coming from another server. As a work aronud I implemented a REST API that allows the user to submit a login page from the webserver. Its send to the AuthServer which gives back a response. The response should typically be a token unless its invalid. If its a token, a new cookie is created with the token in it so that applications can then use that token to communicate with the authserver, but the cookie resides under the webservers domain

分享到QQ

分享到微博