Single-Sign-On-ish

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
apinto
Forum Newbie
Posts: 4
Joined: Tue Nov 25, 2008 10:56 am

Single-Sign-On-ish

Post by apinto »

Hi there,

I'm in the process of building what can be called a single sign-on system, based on PHP. The idea is to store all the necessary systems credentials in an LDAP server and use PHP to retrieve and use them.

Typically, the authentication in the target application is made with an HTTP POST. I already know how to make the POST in PHP, my question is about what happens with cookies, user agent, etc.. The actual client here is the PHP server and not the client web browser. Is there a way to sort this out is PHP, that is, delegating the login process do PHP but make everything run as if it was the client browser making the request?

Thank you very much, cheers,

AP
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: Single-Sign-On-ish

Post by pickle »

I think the only way to do that would be cURL.

If you're still in the development stages of this project, I'd suggest re-thinking it. It doesn't sound very efficient at all to be using a PHP script as an intermediary to another PHP script.

Maybe if you could explain your process & problem a bit more...
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
apinto
Forum Newbie
Posts: 4
Joined: Tue Nov 25, 2008 10:56 am

Re: Single-Sign-On-ish

Post by apinto »

Hello Pickle, thank you for your response.

I don't control the other systems, they are from various software providers. My task is to integrate them under a single login, and when the user browses to them, the "local" login is executed automatically. For example, one of the services is SquirrelMail; it's login procedure is a simple POST with a username and a password attributes. What I want is, when the user selects Webmail from the portal page, to do the POST automatically with PHP and present the user with the mail folder. Is this possible to accomplish with PHP?

Thank you again for your attention, cheers,

AP
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: Single-Sign-On-ish

Post by pickle »

Ugh. I hate gluing together disparate systems. But, I understand why you're stuck with what you're doing.

For SquirrelMail, perhaps an AJAX call would be easiest. The user's client would still be making the request, so any cookies or authentication tokens would be set immediately on the client. You also wouldn't have to worry about making a PHP script interpret between what the user sends, what gets sent to the app, what the app returns, and what the client sees as a result.

The only difficulty (which would still be present if you were using PHP) is how to handle a failed authentication. Does SquirrelMail (or any of the other apps you're contacting) have an API to use, or do you have to parse the output (what the app displays after authentication) to see if authentication was successful or not?

Are you wanting to direct the user to SquirrelMail's display of the mailbox, or somehow retrieve that & display it. Retrieving it could be tricky.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Post Reply