How to make single sign-on (SSO) AD in PHP?

S

SwoDs2016-11-28 20:21:16

PHP

SwoDs, 2016-11-28 20:21:16

Problem:
Inside the network there are different corporate sites written in PHP, servers on Linux.
All users sit on Windows machines and log in under domain accounts, entering the internal site you have to enter the login password from Windows (authorization occurs via LDAP), it is not convenient for users to enter login and password on each site
Task: It is
necessary to implement login without a login password, but do Windows account login under which the
browser
opens
or something like that =
) do the task and how?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

SwoDs, 2018-05-29
@SwoDs

I asked a question for a long time, but since there was no answer ...
I just made a separate application that did authorization through itself, exchanged tokens with other applications - this is in general terms

S

Sergey, 2017-02-23
@brestows

Yes, this is done quite simply, but pure PHP will not do, you will have to configure the browser on the user's computer once, I do this through group policies. The site must be added to the trust zone, after which, when entering such a site, the server tells the browser that it is necessary to log in with kerberos, the browser logs in and sends a special token to the server, the server, based on this token, goes to AD and checks its validity, if it is valid then in response, it receives a username, and then LDAP is already clear, just as with a correctly configured browser, the parameters transmitted to the browser may contain a REMOTE_USER variable in which there will be a username authorized through transparent authorization. I described it very roughly and superficially, I myself implemented it in perl, but I think that it is not much different in php.