Comments on: Simple Single Sign-On for PHP (Ajax compatible) http://www.jasny.net/articles/simple-single-sign-on-for-php/ It's all about me, mysql and Einstein. Fri, 03 Sep 2010 12:03:29 +0100 http://wordpress.org/?v=2.8.4 hourly 1 By: Arnold Daniels http://www.jasny.net/articles/simple-single-sign-on-for-php/comment-page-3/#comment-270119 Arnold Daniels Fri, 03 Sep 2010 12:03:29 +0000 http://blog.adaniels.nl/?p=168#comment-270119 The client sends the login credentials to the broker. The broker sends them to server. It is just the middle man. You should <b>not</b> see the broker as a special kind of server. The broker holds no information. You can see it as a special kind of client. Therefore it needs to request any information from the server using an HTTP request, just like a regular client would. In short: If the broker wants to print the name of the user, it sends an HTTP request to the server asking the name (and perhaps more user details). The client sends the login credentials to the broker. The broker sends them to server. It is just the middle man.

You should not see the broker as a special kind of server. The broker holds no information. You can see it as a special kind of client. Therefore it needs to request any information from the server using an HTTP request, just like a regular client would.

In short: If the broker wants to print the name of the user, it sends an HTTP request to the server asking the name (and perhaps more user details).

]]> By: Katravalli http://www.jasny.net/articles/simple-single-sign-on-for-php/comment-page-3/#comment-269950 Katravalli Fri, 03 Sep 2010 04:48:52 +0000 http://blog.adaniels.nl/?p=168#comment-269950 Hi Arnold Daniels, Thanks for your reply and I understand what you are saying but unable to retrieve and print the user session info from server. Can you please give simple example that how to call and print user data. For example, If login with a username "katravalli" and password "abc123"..... after login I would like to welcome the user something like "Welcome Katravalli".... Here is my problem.... I'm unable to print Username after welcome.... unable to call from server sso... Hope you got my point.... can u pls give simple example how it is.. and how to call...!!!! regards pavan Hi Arnold Daniels,
Thanks for your reply and I understand what you are saying but unable to retrieve and print the user session info from server. Can you please give simple example that how to call and print user data. For example, If login with a username “katravalli” and password “abc123″….. after login I would like to welcome the user something like “Welcome Katravalli”…. Here is my problem…. I’m unable to print Username after welcome…. unable to call from server sso…
Hope you got my point…. can u pls give simple example how it is.. and how to call…!!!!
regards
pavan

]]> By: Arnold Daniels http://www.jasny.net/articles/simple-single-sign-on-for-php/comment-page-3/#comment-269835 Arnold Daniels Thu, 02 Sep 2010 23:41:41 +0000 http://blog.adaniels.nl/?p=168#comment-269835 <b><em>Pavan Katravalli</em></b> Well to be honest, the main article tries to explain just that. There is 1 session, which lives on the SSO server. Let's say that the broker would know the session id of the client, the broker could act like the client. However since the session id is in a cookie a another domain, the broker has no way to fetch that session id. Instead, the broker will tell the client to please tell the server that he (the broker) is privileged to act on behalf of the client. The server will respect that, allow the broker to use the session on the server. That's the basic trick. Any calls that the client would normally make directly to a website regarding a session, like logging in, adding products to a cart, etc, can now be done by the broker instead. Since the broker is a machine and not a human, the server should return XML of JSON instead of HTML. That's all there is to it :) Pavan Katravalli Well to be honest, the main article tries to explain just that.

There is 1 session, which lives on the SSO server. Let’s say that the broker would know the session id of the client, the broker could act like the client. However since the session id is in a cookie a another domain, the broker has no way to fetch that session id.

Instead, the broker will tell the client to please tell the server that he (the broker) is privileged to act on behalf of the client. The server will respect that, allow the broker to use the session on the server. That’s the basic trick.

Any calls that the client would normally make directly to a website regarding a session, like logging in, adding products to a cart, etc, can now be done by the broker instead. Since the broker is a machine and not a human, the server should return XML of JSON instead of HTML.

That’s all there is to it :)

]]> By: Katravalli http://www.jasny.net/articles/simple-single-sign-on-for-php/comment-page-3/#comment-269582 Katravalli Thu, 02 Sep 2010 12:12:08 +0000 http://blog.adaniels.nl/?p=168#comment-269582 Hi Arnold Daniels, Your SSO is very much useful for our site(s). But need a small clarification from you. As in earlier post somebody also asked that how to display/print SESSION Value (Username, though which was used for logged in). You given reply stating that use SSO Sever to call session variable. But i'm unable to retrieve user information from Server SSO. Can you please give a brief note and solution how to call the user details or session from Server SSO. If u can explain it is very much useful for me as well as somany users using this script. Regards Pavan Hi Arnold Daniels,
Your SSO is very much useful for our site(s). But need a small clarification from you. As in earlier post somebody also asked that how to display/print SESSION Value (Username, though which was used for logged in). You given reply stating that use SSO Sever to call session variable.
But i’m unable to retrieve user information from Server SSO. Can you please give a brief note and solution how to call the user details or session from Server SSO.
If u can explain it is very much useful for me as well as somany users using this script.
Regards
Pavan

]]> By: Arnold Daniels http://www.jasny.net/articles/simple-single-sign-on-for-php/comment-page-3/#comment-268777 Arnold Daniels Tue, 31 Aug 2010 23:26:19 +0000 http://blog.adaniels.nl/?p=168#comment-268777 <b><em>raudy</em></b> 1. The SSO server should hold all login credentials. The broker should not hold that information. You can do authentication anyway you are doing it now. Using a MySQL db is most common, but LDAP is possible as well. 2. There is no framework I know that has this (or something similar) implemented. Zend Framework could be easily extended to have this feature. You will need to program that yourself though. Good luck raudy 1. The SSO server should hold all login credentials. The broker should not hold that information. You can do authentication anyway you are doing it now. Using a MySQL db is most common, but LDAP is possible as well.

2. There is no framework I know that has this (or something similar) implemented. Zend Framework could be easily extended to have this feature. You will need to program that yourself though.

Good luck

]]> By: ar_raudy http://www.jasny.net/articles/simple-single-sign-on-for-php/comment-page-3/#comment-268751 ar_raudy Tue, 31 Aug 2010 22:21:12 +0000 http://blog.adaniels.nl/?p=168#comment-268751 @Arnold, thanks for your nice tutorial... I have some question. I hope you can answer them : 1. I get task to build a system that can handle (using SSO) some domain that have some different database server. what must I do to that. must I move all of the user information from all database server to just one database server?can I use LDAP to implement that purpose? (I'm sorry, I'm newbie :)) 2. can you give me some advice about framework in PHP for that purpose ? thanks alot for your answer.. @Arnold, thanks for your nice tutorial…
I have some question. I hope you can answer them :
1. I get task to build a system that can handle (using SSO) some domain that have some different database server. what must I do to that. must I move all of the user information from all database server to just one database server?can I use LDAP to implement that purpose? (I’m sorry, I’m newbie :) )
2. can you give me some advice about framework in PHP for that purpose ?

thanks alot for your answer..

]]> By: Arnold Daniels http://www.jasny.net/articles/simple-single-sign-on-for-php/comment-page-3/#comment-264913 Arnold Daniels Mon, 23 Aug 2010 23:22:04 +0000 http://blog.adaniels.nl/?p=168#comment-264913 <b><em>williamjlp</em></b> Please read the previous comments. There is no session on the brokers. You need to request the username from the SSO server. williamjlp Please read the previous comments. There is no session on the brokers. You need to request the username from the SSO server.

]]> By: williamjlp http://www.jasny.net/articles/simple-single-sign-on-for-php/comment-page-3/#comment-264886 williamjlp Mon, 23 Aug 2010 22:23:17 +0000 http://blog.adaniels.nl/?p=168#comment-264886 On login page, How can access to $_SESSION['username']? On login page, How can access to $_SESSION['username']?

]]> By: Arnold Daniels http://www.jasny.net/articles/simple-single-sign-on-for-php/comment-page-3/#comment-261334 Arnold Daniels Tue, 17 Aug 2010 19:24:33 +0000 http://blog.adaniels.nl/?p=168#comment-261334 <b><em>zapatista</em></b> The broker doesn't has a session, only the server has a session. Any information you store in a session on the broker is *not* shared with other brokers. Also read comment <a href="#comment-254592" rel="nofollow">#129</a> zapatista The broker doesn’t has a session, only the server has a session. Any information you store in a session on the broker is *not* shared with other brokers.

Also read comment #129

]]> By: zapatista http://www.jasny.net/articles/simple-single-sign-on-for-php/comment-page-3/#comment-260867 zapatista Mon, 16 Aug 2010 23:44:57 +0000 http://blog.adaniels.nl/?p=168#comment-260867 Hi Arnold, i've try ur work with different domain, my config broker public $url = "http://mygoogleconnect.tld/jasny/server/sso.php"; and i tested with url http://mytwitterclient.tld/jasny/broker/ why phpsession not generated only session_token, can u pleaz help me thanx Hi Arnold,

i’ve try ur work with different domain, my config broker

public $url = “http://mygoogleconnect.tld/jasny/server/sso.php”;

and i tested with url
http://mytwitterclient.tld/jasny/broker/

why phpsession not generated only session_token, can u pleaz help me

thanx

]]>