CODEWITHSUNDEEP
phpsingle-sign-on
J.K.A.
J.K.A.

Reputation: 7404

SSO implementation in two virtual host PHP

I have two virtual hosts:

Ex. testproject1.net and
    testproject2.net

I created two simple login script there. I want to implement SSO implementation for it. Once user Authenticate with testproject1.net I want to set session for both virtual hosts (testproject1.net and testproject2.net). Means if I opened the testproject2.net it authenticate automatically by taking the session value.

Please help for dealing with this.

Thanks in advance

Upvotes: 0

Views: 750

Answers (1)

Praveen Kumar Purushothaman
Praveen Kumar Purushothaman

Reputation: 167182

Okay, here it goes. If you want, have another Virtual Host with authproject.net. And post the authentication information to the form there. Let it set in the session.

Now, once you give the credentials to the authproject.net domain and also where to go after auth, it posts the auth data to the respective destination.

Source of testproject1.net/index.php:

<?php
    if (isset($_SESSION["user"]))
        die($_SESSION["user"]["name"] . " is logged in!");
    else
        die('<a href="auth.php">Login</a>');
?>

Source of testproject1.net/auth.php:

<?php
    if (isset($_SESSION["user"]) && !count($_POST))
    {
        header("Location: index.php");
        die();
    }
    elseif (count($_POST))
        if ($_POST["username"] == "admin" && $_POST["password"] == "letmein")
            $_SESSION["user"]["title"] = "Administrator"; # The session is set
        else
            showForm(); # Invalid Password
    else
        showForm(); # Log In Screen
?>

<?php
    session_start();
    if (isset($_SESSION["user"]) && !count($_POST))
    {
        header("Location: index.php");
        die();
    }
    elseif (count($_POST))
        if ($_POST["username"] == "admin" && $_POST["password"] == "letmein")
        {
            $_SESSION["user"]["title"] = "Administrator"; # The session is set
            if (isset($_GET["redirect"]))
            {
                # Start crappy implementation :P
                echo '<form method="post" action="', $_GET["redirect"], '/auth.php" id="authfrm"><input type="hidden" name="username" value="', $username, '"><input type="hidden" name="password" value="', $password, '"></form><script type="text/javascript">document.getElementById("authfrm").submit();</script>';
            }
            else
                header("Location: index.php");
        }
        else
            showForm(); # Invalid Password
    else
        showForm(); # Log In Screen
?>

The same to be carried out in all the sites. Hope you get it.

Upvotes: 2

Related Questions