lysice / laravel-sso
Simple PHP SSO integration for Laravel
Requires
- php: >=7.1.3
- guzzlehttp/guzzle: >=6.3
- laravel/framework: >=5.5
- lysice/php-simple-sso: ^1.2
README
This package based on Simple PHP SSO skeleton package and made suitable for Laravel framework.
Requirements
- Laravel 5.5+
- PHP 7.1+
Words meanings
- SSO - Single Sign-On.
- Server - page which works as SSO server, handles authentications, stores all sessions data.
- Broker - your page which is used visited by clients/users.
- Client/User - your every visitor.
How it works?
Client visits Broker and unique token is generated. When new token is generated we need to attach Client session to his session in Broker so he will be redirected to Server and back to Broker at this moment new session in Server will be created and associated with Client session in Broker's page. When Client visits other Broker same steps will be done except that when Client will be redirected to Server he already use his old session and same session id which associated with Broker#1.
Some tips before
- sometimes 429 occurs when you send more requests
The answer is that
api
middleware group useThrottleRequests
middleware aliased bythrottle
. You need to remove it or increase the number of throttle like'throttle:600,1
. - 405 exceptions occurs when POST or other METHOD execute before attach.
Version1.7.6 Now You can set the methods what the
attach
route supports. You can doing this just like it inlaravel-sso.php
below:'supports' => [ 'attach' => [ 'GET' ], 'logout' => [ 'POST' ] ],
Installation
Server
Install this package using composer.
$ composer require Lysice/laravel-sso
Copy config file to Laravel project config/
folder.
$ php artisan vendor:publish --provider="Lysice\LaravelSSO\SSOServiceProvider"
Create table where all brokers will be saved.
$ php artisan migrate --path=vendor/Lysice/laravel-sso/database/migrations
Edit your app/Http/Kernel.php
by removing throttle middleware and adding sessions middleware to api
middlewares array.
This is necessary because we need sessions to work in API routes and throttle middleware can block connections which we need.
'api' => [ 'bindings', \Illuminate\Session\Middleware\StartSession::class, ],
Now you should create brokers. You can create new broker using following Artisan CLI command:
$ php artisan sso:broker:create {name}
Broker
Install this package using composer.
$ composer require Lysice/laravel-sso
Copy config file to Laravel project config/
folder.
$ php artisan vendor:publish --provider="Lysice\LaravelSSO\SSOServiceProvider"
Change type
value in config/laravel-sso.php
file from server
to broker
.
Set 3 new options in your .env
file:
SSO_SERVER_URL= SSO_BROKER_NAME= SSO_BROKER_SECRET=
SSO_SERVER_URL
is your server's http url without trailing slash. SSO_BROKER_NAME
and SSO_BROKER_SECRET
must be data which exists in your server's brokers
table.
Edit your app/Http/Kernel.php
by adding \Lysice\LaravelSSO\Middleware\SSOAutoLogin::class
middleware to web
middleware group. It should look like this:
protected $middlewareGroups = [ 'web' => [ ... \Lysice\LaravelSSO\Middleware\SSOAutoLogin::class, ], 'api' => [ ... ], ];
Last but not least, you need to edit app/Http/Controllers/Auth/LoginController.php
. You should add two functions into LoginController
class which will authenticate your client through SSO server but not your Broker page.
protected function attemptLogin(Request $request) { $broker = new \Lysice\LaravelSSO\LaravelSSOBroker; $credentials = $this->credentials($request); return $broker->login($credentials[$this->username()], $credentials['password']); } public function logout(Request $request) { $broker = new \Lysice\LaravelSSO\LaravelSSOBroker; $broker->logout(); $this->guard()->logout(); $request->session()->invalidate(); return redirect('/'); }
That's all. For other Broker pages you should repeat everything from the beginning just changing your Broker name and secret in configuration file.
Example .env
options:
SSO_SERVER_URL=https://server.test SSO_BROKER_NAME=site1 SSO_BROKER_SECRET=892asjdajsdksja74jh38kljk2929023
Multiple mode
you can use the multiple mode by using like this:
you must use the newest version to use this feature.
- In
server
andclient
's config filelaravel-sso.php
multi_enabled
option must be true:
'multi_enabled' => env('SSO_MULTI_ENABLED', false),
in .env file:
SSO_MULTI_ENABLED=true
when multi_enabled
is true you can use the multi mode.
- In
LoginController.php
you need rewrite the functionattemptLogin
protected function attemptLogin(Request $request)
{
$broker = new LaravelSSOBroker();
$credentials = $this->credentials($request);
// this is your own field.
$loginKey = $request->input('login_key', '');
return $broker->handleLogin($credentials[$this->username()], $credentials['password'], $loginKey);
}
- your blade/js send the request with params:
login_key //your login key
username //your login key value
password // your login key password
or you can change the name of login_key
to other key name like login_name
then you need to change the loginKey
's name in attemptLogin
function like this:
protected function attemptLogin(Request $request)
{
$broker = new LaravelSSOBroker();
$credentials = $this->credentials($request);
// this is your own field.
$loginKey = $request->input('login_name', '');
return $broker->handleLogin($credentials[$this->username()], $credentials['password'], $loginKey);
}
In laravel-sso
it will send a request like this:
$this->userInfo = $this->makeRequest('POST', 'loginMulti', [
$key => $keyValue,
'password' => $password,
'key' => $key
]);
And your own key login_key
's value will be used for authentication.