Comments (4)
jasny
commented on June 24, 2024
1
Than it would work pretty similar to CAS. The disadvantage is that you can only attach using a redirect and not client side, which is required to work with AJAX.
Note that this SSO implementation was made with the requirement that the use of the SSO server was hidden to end user and with the assumption that each broker can be trusted. However the lib has become more popular and I understand that others have other requirements.
I might add CAS compatibility in the future, since there is obviously a demand for it CAS compatible server in PHP.
from sso.
jasny
commented on June 24, 2024
This should work. It's hard to say why it doesn't without debugging it.
Find out what the $sid and session id are by setting a breakpoint on Server.php line 221.
When the login form is show, check the session cookie to make sure the value matches the earlier session id.
When GetUserInfo is called, check if $sid matches the earlier grabbed value by setting a breakpoint on Server.php line 71.
Check the session file to see if the expected session data is in there.
from sso.
syphernl
commented on June 24, 2024
Server-side logins would be a nice feature! That feels a lot safer than having to provide your login details to (potentially) insecure brokers, plus allows you to enforce a unified login style for all brokers.
from sso.
jasny
commented on June 24, 2024
Related to #69
from sso.
Related Issues (20)
- The broker session id isn't attached to a user session,how to solve this problem? HOT 2
- Attach - security HOT 1
- The Session ID of the Broker and ajax-Broker is different HOT 3
- Does this library protect against session fixation attacks? HOT 1
- 【Single Sign-On Ajax demo】attach sso api return HOT 1
- Is it possible to provide examples of how to use in the framework HOT 5
- Demo not working in Chrome 88.0.4324.146 HOT 4
- v0.4 How to handle multiple redirects HOT 3
- How to setup this project. I am getting errors on windows
- [Broker Ajax] - Broker didn't use bearer authentication HOT 1
- Storage Access API Support HOT 1
- Multiple redirects, results in wrong referer validation HOT 3
- Wrong implementation of setcookie HOT 1
- Need compability with laravel 9 HOT 3
- Session is already started or Session ID cannot be changed when a session is active HOT 1
- error ArrayAccess HOT 3
- Session cookie on SSO server lost HOT 1
- Why can SSO1 obtain user information normally, but SSO2 still needs to log in?
- Since the rules of the browser samesite changed, the ajax broker sso does not working
- Session has expired. Client must attach with new token HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sso.