single sign on (sso) laravel single sign on (sso) laravel php php

single sign on (sso) laravel


php laravel single-sign-on saml

I implemented an SSO solution without using SAML. I'll share my solution here, hope it helps.

Single Sign On

One application runs as the main authentication server at auth.domain. Other applications run in different domains app1.domain, app2.domain, ...

Every user is linked with SSO tokens. These tokens have very short expiration times. All authentication processes (signing in, resetting passwords, registering, ...) happen only in auth.domain application.

When a user visits any applications, for example, app-1.domain:

  1. Redirect user to auth.domain/login.
  2. If the user logged in our system before, continue at step 6.
  3. Show the sign in form, waiting for valid input.
  4. Generate a new SSO token with the expiration time less than 3 minutes.
  5. Attach the auth.domain remember me cookie to the response.
  6. Return a redirection response to the app-1.domain/sso/{sso_token}.
  7. app-1.domain application read the database. If the SSO token is valid and does not expire, find the user associated to that token.
  8. app-1.domain authenticates the user found in the previous step with Auth::login($user) method.
  9. app-1.domain clear the received SSO token from the database.

After this step, the user is authenticated to app-1.domain.

Session sharing

All shared session variables should be saved to databases. I implemented a new session driver:

  • Keep the list of shared session variable names
  • When reading/writing to sessions, check the name of the session variable. If that name is the previous list, read/write the value from the database. Otherwise, use the private session of each own application.

php laravel single-sign-on saml

If your both applications share the same databases then you can follow the approach :

-> In your database , create a default session id that will be marked as false initially

-> Now as soon as user login to any of the site, generate a new hash and replace it with the default value.

optionally

-> You can also save the hash on browser local storage with hash as a key and null as value.

-> Now when user is logging into/switching to any of the site, check that hash-> If the hash matches the default, show the login page else show the profile page.

My answer is valid only if you are using common database for login else you need mapping for this.

Alternatively you can use cookies to store hash and can access them in cross domain.Can find example at Cross-Domain CookiesBy @ludovic

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last