问题描述

如果有个PHP网站，需要使用AAD授权登录，有没有PHP代码实例 可供参考呢？

参考代码

参考一篇博文（Single sign-on with Azure AD in PHP），学习使用SSO的大体思路。如果对PHP很了解，可以参考Github中的Sample代码。

phpSample/federation.ini

federation.trustedissuers.issuer=https://accounts.accesscontrol.windows.net/v2/wsfederationfederation.trustedissuers.thumbprint=3f5dfcdf4b3d0eab9ba49befb3cfd760da9cccf1federation.trustedissuers.friendlyname=Awesome Computersfederation.audienceuris=spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392federation.realm=spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392@495c4a5e-38b7-49b9-a90f-4c0050b2d7f7federation.reply=https://localhost/phpSample/index.php

phpSample/index.php

/*-----------------------------------------------------------------------Copyright (c) Microsoft Corporation.  All rights reserved.Copyright 2012 Microsoft CorporationAll rights reserved.Licensed under the Apache License, Version 2.0 (the \"License\");you may not use this file except in compliance with the License.You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES ORCONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR NON-INFRINGEMENT.See the Apache Version 2.0 License for specific language governingpermissions and limitations under the License.--------------------------------------------------------------------------- */<?phprequire_once (dirname(__FILE__) . \'/secureResource.php\');?><!DOCTYPE html><html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-1\"><title>Index Page</title></head><body><h2>Index Page</h2><h3>Welcome <strong><?php print_r($loginManager->getPrincipal()->getName()); ?></strong>!</h3><h4>Claim list:</h4><ul><?phpforeach ($loginManager->getClaims() as $claim) {print_r(\'<li>\' . $claim->toString() . \'</li>\');}?></ul></body></html>

phpSample/login.php

/*-----------------------------------------------------------------------Copyright (c) Microsoft Corporation.  All rights reserved.Copyright 2012 Microsoft CorporationAll rights reserved.Licensed under the Apache License, Version 2.0 (the \"License\");you may not use this file except in compliance with the License.You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES ORCONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR NON-INFRINGEMENT.See the Apache Version 2.0 License for specific language governingpermissions and limitations under the License.--------------------------------------------------------------------------- */<?php// uncomment this to display internal server errors.//error_reporting(E_ALL);//ini_set(\'display_errors\', \'On\');ini_set(\'include_path\', ini_get(\'include_path\').\';../../libraries/;\');require_once (\'waad-federation/TrustedIssuersRepository.php\');?><!DOCTYPE html><html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-1\"><title>Login Page</title></head><body><h2>Login Page</h2><ul><?php$repository = new TrustedIssuersRepository();$trustedIssuers = $repository->getTrustedIdentityProviderUrls();foreach ($trustedIssuers as $trustedIssuer) {$returnUrl = $_GET[\'returnUrl\'];print_r(\'<li><a href=\"\' . $trustedIssuer->getLoginUrl($returnUrl) . \'\">\' . $trustedIssuer->displayName . \'</a></li>\');}?></ul></body></html>

phpSample/secureResource.php

/*-----------------------------------------------------------------------Copyright (c) Microsoft Corporation.  All rights reserved.Copyright 2012 Microsoft CorporationAll rights reserved.Licensed under the Apache License, Version 2.0 (the \"License\");you may not use this file except in compliance with the License.You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES ORCONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR NON-INFRINGEMENT.See the Apache Version 2.0 License for specific language governingpermissions and limitations under the License.--------------------------------------------------------------------------- */<?php// uncomment this to display internal server errors.// error_reporting(E_ALL);// ini_set(\'display_errors\', \'On\');ini_set(\'include_path\', ini_get(\'include_path\').\';../../libraries/;\');require_once (\'waad-federation/ConfigurableFederatedLoginManager.php\');session_start();$token = $_POST[\'wresult\'];$loginManager = new ConfigurableFederatedLoginManager();if (!$loginManager->isAuthenticated()) {if (isset ($token)) {try {$loginManager->authenticate($token);} catch (Exception $e) {print_r($e->getMessage());}} else {$returnUrl = \"https://\" . $_SERVER[\'HTTP_HOST\'] . $_SERVER[\'PHP_SELF\'];header(\'Pragma: no-cache\');header(\'Cache-Control: no-cache, must-revalidate\');header(\"Location: https://\" . $_SERVER[\'HTTP_HOST\'] . dirname($_SERVER[\'SCRIPT_NAME\']) . \"/login.php?returnUrl=\" . $returnUrl, true, 302);exit();}}?>

phpSample/trustedIssuers.xml

<?xml version=\"1.0\" encoding=\"UTF-8\"?><issuers><issuer name=\"awesomecomputers.onmicrosoft.com\" displayName=\"Awesome Computers\"realm=\"spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392@495c4a5e-38b7-49b9-a90f-4c0050b2d7f7\" /><issuer name=\"treyresearchinc.onmicrosoft.com\" displayName=\"Trey Research Inc.\"realm=\"spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392@13292593-4861-4847-8441-6da6751cfb86\" /></issuers>

参考资料

Single sign-on with Azure AD in PHP :http://www.lewisroberts.com/2015/09/04/single-sign-on-with-azure-ad-in-php/

Azure/azure-sdk-for-php-samples :https://github.com/Azure/azure-sdk-for-php-samples