Professional Documents
Culture Documents
35 DaoVanPhong CT1301
35 DaoVanPhong CT1301
TRNG I HC DN LP HI PHNG
-------o0o-------
N TT NGHIP
NGNH CNG NGH THNG TIN
HI PHNG 2013
B GIO DC V O TO
TRNG I HC DN LP HI PHNG
-------o0o-------
TM HIU C CH NG NHP MT LN
(SINGLE SIGN ON) V TH NGHIM DA TRN
TH VIN PHPCAS
HI PHNG - 2013
B GIO DC V O TO
TRNG I HC DN LP HI PHNG
-------o0o-------
TM HIU C CH NG NHP MT LN
(SINGLE SIGN ON) V TH NGHIM DA TRN
TH VIN PHPCAS
HI PHNG - 2013
B GIO DC V O TO
TRNG I HC DN LP HI PHNG
CT1301
M SV: 1351010001
Ngnh: Cng Ngh Thng Tin
NHIM V TI
1. Ni dung v cc yu cu cn gii quyt trong nhim v ti tt nghip
a. Ni dung
- Tm hiu v ng nhp mt ln (Single Sign On).
- Tm hiu v CAS (Central Authentication Service).
- Th nghim, ci t CAS, kim th vi website PHP da trn th vin
phpCAS.
- Nghim tc thc hin cc nhim v v ni dung gio vin hng dn.
b. Cc yu cu cn gii quyt
- L thuyt
Nm c c s l thuyt ca ng nhp mt ln (Single Sign On).
Nm c qu trnh ci t CAS v cc thc trin khai Single Sign On.
- Thc nghim (chng trnh)
Ci t CAS v thc nghim vi website PHP
.
3. a im thc tp.
CN B HNG DN TI TT NGHIP
Ngi hng dn th nht:
H v tn: Bi Huy Hng
Hc hm, hc v: Thc s
C quan cng tc: Trng i Hc Dn Lp Hi Phng
Ni dung hng dn:
- Tm hiu v Single Sign On da trn Central Authentication Service
- Th nghim vi website PHP s dng th vin phpCAS
Ngi hng dn th hai:
H v tn: .
Hc hm, hc v: .
C quan cng tc:
Ni dung hng dn: ..
Sinh vin
Cn b hng dn .T.T.N
o Vn Phong
n tt nghip
Trng H Dn Lp Hi Phng
LI CM N
Trc ht em xin chn thnh cm n cc thy gio, c gio Khoa Cng ngh
thng tin Trng i hc Dn lp Hi Phng, nhng ngi dy d, trang b cho
chng em nhng kin thc c bn, cn thit trong nhng nm hc va qua em c
iu kin hon thnh ti tt nghip ca mnh.
c bit em xin by t lng bit n su sc nht ti thy gio Ths. Bi Huy
Hng, thy hng dn, ch bo tn tnh trong sut thi gian lm ti tt nghip.
Em xin cm n hai thy on Quang Hng v thy Trng Hong Dng bn
trung tm th vin ICT h tr em rt nhiu trong qu trnh lm n.
Con xin gi n cha m li ghi n su sc, nhng ngi sinh ra v dy
bo con trng thnh n ngy hm nay. Cm n ngi ti yu ng vin cho
ti nhng lc ti mt mi. Em l ng lc ti c gng.
Mc d ht sc c gng hon thin bo co tt nghip song do kh
nng cn hn ch nn bi bo co vn cn nhiu thiu st. V vy em rt mong nhn
c nhng ng gp chn tnh ca cc thy c v bn b.
Mt ln na em xin chn thnh cm n!
o Vn Phong
o Vn Phong - CT1301
n tt nghip
Trng H Dn Lp Hi Phng
MC LC
LI CM N....................................................................................................................... 1
MC LC ............................................................................................................................ 2
DANH MC HNH ............................................................................................................. 4
DANH MC BNG............................................................................................................. 6
DANH SCH CH VIT TT ......................................................................................... 7
LI NI U ...................................................................................................................... 8
CHNG I GII THIU V C CH NG NHP 1 LN (SINGLE SIGN ON). 9
n tt nghip
Trng H Dn Lp Hi Phng
o Vn Phong - CT1301
n tt nghip
Trng H Dn Lp Hi Phng
DANH MC HNH
n tt nghip
Trng H Dn Lp Hi Phng
o Vn Phong - CT1301
n tt nghip
Trng H Dn Lp Hi Phng
DANH MC BNG
o Vn Phong - CT1301
n tt nghip
Trng H Dn Lp Hi Phng
Single Sign On
CAS
URI
URL
HTTP
HTTPS
SSL
ST
Service Ticket
PT
Proxy Ticket
LT
Login Ticket
PGT
Proxy-granting ticket
PGTIOU
TGTIOU
TGT
Ticket-granting ticket
TGC
Ticket-granting cookie
CSDL
C s d liu
o Vn Phong - CT1301
n tt nghip
Trng H Dn Lp Hi Phng
LI NI U
Khuynh hng cc dch v cng nhau chia s d liu ngi dng ang l
hng pht trin chung ca cng ngh thng tin,mt ngi dng phi qun l rt
nhiu ti khon, mt khu cho cc dch v h tham gia. iu ny s xy ra nhiu ri
ro do ngi dng phi ghi nh cc ti khon khc nhau. V hn na, cc ng dng
v dch v cng ngh thng tin ngy cng nhiu v a dng. Do vy nhu cu ng
nhp mt ln cho cc ng dng v dch v ny l khng th thiu.ng nhp mt
ln (Single Sign On) c nhiu t chc, cng ty trn th gii nghin cu v
pht trin, tuy nhin ti Vit Nam y vn l lnh vc cn kh mi. Trc vn
, em mong mun c tm hiu v thc nghim h thng ng nhp mt ln. Vi
nhng g nghin cu c, em hy vng s c ng gp mt phn nh vo
cng tc pht trin khoa hc. Mc ch: Tm hiu c ch ng nhp 1 ln v nghin
cu k thut Single Sign On p dng ng nhp mt ln da trn th vin
phpCAS.
Xin chn thnh cm n !
o Vn Phong - CT1301
n tt nghip
Trng H Dn Lp Hi Phng
n tt nghip
Trng H Dn Lp Hi Phng
10
n tt nghip
Trng H Dn Lp Hi Phng
Hai ri ro chnh l:
-
o Vn Phong - CT1301
11
n tt nghip
Trng H Dn Lp Hi Phng
Tn sn
Nh pht
phm
trin
Accounts &
Nokia, Intel,
SSO
Loi hnh
Nn tng
M t
Client-side
implementation
with plugins for
Min ph
various
services/protoc
ols
webSSO to
Novell Access
Manager
NetIQ
browser based
applications
with rules,
Thng mi
policies and
methods to be
complied to
access-event.
Active
Directory
Federation
Services
Microsoft
Claims-based
system and
application
federation
Commercial
Athens access
and identity
management
Eduserv UK Thng mi
CAS / Central
Authenticatio Jasig
n Service
M ngun m
Yes
Protocol and
SSO
server/client
implementation
SSO for
12
n tt nghip
Trng H Dn Lp Hi Phng
Tn sn
Nh pht
phm
trin
sign on
Michigan
Distributed
Access
Distributed
Loi hnh
Nn tng
M t
Michigan
University
Control
System
(DACS)
Systems
Software
Min ph
Enterprise
Sign On
Engine
Queensland
University of Min ph
Technology
Facebook SSO
Facebook
connect
Facebook specific
SSO
Forefront
Identity
Manager
Microsoft
Thng mi
FreeIPA
Red Hat
Min ph
HP IceWall
SSO
HewlettPackard
Development Thng mi
Company,
L.P.
o Vn Phong - CT1301
to third parties
enabled by
Facebook
Yes
State-based
identity lifecycle
management
Web and
Federated
Single Sign-On
Solution
13
n tt nghip
Trng H Dn Lp Hi Phng
Tn sn
Nh pht
phm
trin
LTPA
IBM Tivoli
Identity
Manager
IBM
Loi hnh
Nn tng
M t
Thng mi
Identity life-
IBM
Thng mi
Yes
cycle
management
product
Social and
Janrain Federa
Janrain
te SSO
Thng mi
JBoss SSO
Min ph
Federated
Single Sign-on
Min ph
Open Source
Single Sign-On
Server
JOSSO
Red Hat
JOSSO
Yes
conventional
user SSO
Computer
Kerberos
Microsoft
account
network
authentication
protocol
M.I.T.
Protocol
Microsoft
Min ph v
thng mi
(Microsoft by
gi thu ht cc
trang web mi
s dng h thng)
Microsoft
single sign-on
web service
Thng mi
Cloud single
myOneLogin VMware
o Vn Phong - CT1301
14
n tt nghip
Trng H Dn Lp Hi Phng
Tn sn
Nh pht
phm
trin
Loi hnh
Nn tng
M t
sign-on
Single sign-on
Numina
Application
Framework
OneLogin
Numina
Solutions
OneLogin
Inc.
Thng mi
Yes
Thng mi v
Yes
Min Ph
system for
Windows
(OpenID RP &
OP, SAML IdP,
and proprietary)
Cloud-based
identity and
access
management
with single
sign-on (SSO)
and active
directory
integration
Okta
Okta,Inc.
Thng mi
On-demand
identity and
access
management
service in the
cloud
OpenAM
ForgeRock
o Vn Phong - CT1301
Min ph
Access
Yes, used in
management,
conjunction
entitlements
withOpenDJ and
and federation
OpenIDM
server platform
15
n tt nghip
Trng H Dn Lp Hi Phng
Tn sn
Nh pht
phm
trin
Persona
Mozilla
Pubcookie
SecureLogin
SAML
University of
Washington
NetIQ
OASIS
Shibboleth
Shibboleth
Loi hnh
Nn tng
M t
Min ph
Protocol
Thng mi
Enterprize
Single-Sign-On
Protocol
XML-based
open standard
protocol
SAML-based
open source
Min ph
access control
OpenID-based
SSO for
Launchpad and
Thng mi v
min ph
Ubuntu services
ZXID
ZXID
Min ph
Yes
Reference
Implementation
of TAS3
security
o Vn Phong - CT1301
16
n tt nghip
Trng H Dn Lp Hi Phng
17
n tt nghip
Trng H Dn Lp Hi Phng
18
n tt nghip
Trng H Dn Lp Hi Phng
L 1 SSO d s dng
CAS 2.0
-
Yu cu chng thc.
Tham s
Theo nh HTTP yu cu cc tham s sau y c th c thng qua vi
/login trong khi n ang hnh ng nh mt ngi yu cu chng thc. Cc tham
s u l nhng trng hp nhy cm, v tt c u phi c x l bi /login.
-
o Vn Phong - CT1301
19
n tt nghip
Trng H Dn Lp Hi Phng
Phn hi
-
o Vn Phong - CT1301
20
n tt nghip
Trng H Dn Lp Hi Phng
2.2.4.2. /logout
Ph hy phin lm vic ca c ch SSO trn my client. TGC s b ph hy
v yu cu tip theo vo /login s khng c c ST cho n khi user thit lp mt
SSO session mi.
Tham s
Tham s url c th c ch nh n /logout v nu c ch nh url s
c hin th trong trang logout cng vi thng bo ng xut.
2.2.4.3. /validate. CAS[1.0]
Kim tra tnh hp l ca ST. CAS phi phn hi 1 ticket validation tht bi
khi c 1 proxy ticket c thng qua URI /validate.
Tham s
Nhng tham s sau c th ch nh n URI /validate.
-
o Vn Phong - CT1301
21
n tt nghip
Trng H Dn Lp Hi Phng
Phn hi
/validate s tr li 1 trong hai phn hi sau.
Ticket validation thnh cng:
yes<LF>
username<LF>
V d ca /validate
L lc xc thc n gin:
https://server/cas/validate?service=http://www.service.com&ticket=ST-1856339aA5Yuvrxzpv8Tau1cYQ7
o Vn Phong - CT1301
22
n tt nghip
Trng H Dn Lp Hi Phng
Phn hi
/serviceValidate s tr v 1 XML-formatted CAS c m t nh trong XML
schema. Di y l v d:
Xc thc Ticket thnh cng:
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>username</cas:user>
<cas:proxyGrantingTicket>PGTIOU-84678-8a9d...
</cas:proxyGrantingTicket>
</cas:authenticationSuccess>
</cas:serviceResponse>
23
n tt nghip
<cas:proxyGrantingTicket>PGTIOU-84678-8a9d...
Trng H Dn Lp Hi Phng
</cas:proxyGrantingTicket>
</cas:authenticationSuccess>
</cas:serviceResponse>
o Vn Phong - CT1301
24
n tt nghip
Trng H Dn Lp Hi Phng
25
n tt nghip
Trng H Dn Lp Hi Phng
</cas:serviceResponse>
URL v d ca /proxyValidate
Tng t nh /serviceValidate
2.2.4.7. /proxy [CAS 2.0]
Cung cp PT cc dch v c PGT v s c xc thc proxy vi cc
dch v back-end.
Tham s
2 tham s bt buc phi c l:
-
Phn hi
/proxy s tr li 1 XML-formatted CAS c m t nh trong XML chema
trong phn Ph lc A. Bn di l 1 v d ca phn hi:
Yu cu thnh cng:
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:proxySuccess>
<cas:proxyTicket>PT-1856392-b98xZrQN4p90ASrw96c8</cas:proxyTicket>
</cas:proxySuccess>
o Vn Phong - CT1301
26
n tt nghip
Trng H Dn Lp Hi Phng
</cas:serviceResponse>
Yu cu tht bi:
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:proxyFailure code="INVALID_REQUEST">
'pgt' and 'targetService' parameters are both required
</cas:proxyFailure>
</cas:serviceResponse>
M li
Cc gi tr sau y c th c s dng nh l thuc tnh "code" ca cc
phn ng tht bi. Sau y l cc thit lp ti thiu ca m li rng tt c cc my
ch CAS phi thc hin.
-
M t
/login
o Vn Phong - CT1301
27
n tt nghip
Trng H Dn Lp Hi Phng
/validate
/serviceValidate
/proxyValidate
/proxy
/samlValidate
o Vn Phong - CT1301
28
n tt nghip
/services/add.html
Trng H Dn Lp Hi Phng
/services/edit.html
/services/manage.html
/services/logout.html
/services/loggedOut.html
/services/deleteRegisteredService.ht
ml
Xa cc tham s dch v da vo ID
/openid/*
29
n tt nghip
Trng H Dn Lp Hi Phng
30
n tt nghip
Trng H Dn Lp Hi Phng
31
n tt nghip
Trng H Dn Lp Hi Phng
o Vn Phong - CT1301
32
n tt nghip
Trng H Dn Lp Hi Phng
Hnh 2.1: Ngi dng truy cp vo ng dng khi chng thc vi CAS.
Ngi dng truy cp vo ng khi khi cha chng thc vi CAS.
-
Xc thc thnh cng, CAS s chuyn cho trnh duyt ng thi TGC v
ST.
o Vn Phong - CT1301
33
n tt nghip
Trng H Dn Lp Hi Phng
Hnh 2.2: Ngi dng truy cp vo ng dng khi cha chng thc vi CAS server.
Di y l phn m t chi tit qu trnh hot ng xc thc ca CAS.
Dch v chng thc trung tm (CAS) c thit k nh 1 ng dng web c
lp. N hin ang c thc hin nh 1 s Java servlets v chy thng qua my ch
HTTP/HTTPS. N c truy cp thng qua 3 URL m t di y. URL login,
URL validation, v cc ty chn URL logout.
s dng dch v chng thc trung tm (CAS), 1 ng dng chuyn hng
ti ngi dng ca n, hoc ch n gin l to ra 1 siu lin kt (hyperlink) n
o Vn Phong - CT1301
34
n tt nghip
Trng H Dn Lp Hi Phng
35
n tt nghip
Trng H Dn Lp Hi Phng
36
n tt nghip
Trng H Dn Lp Hi Phng
yes<LF>
username<LF>
o Vn Phong - CT1301
37
n tt nghip
Trng H Dn Lp Hi Phng
o Vn Phong - CT1301
38
n tt nghip
Trng H Dn Lp Hi Phng
2.2.8.2./proxy flow
o Vn Phong - CT1301
39
n tt nghip
Trng H Dn Lp Hi Phng
40
n tt nghip
Trng H Dn Lp Hi Phng
CURL (7.5+)
o Vn Phong - CT1301
41
n tt nghip
Trng H Dn Lp Hi Phng
--with-gettext: H tr gettext.
--with-mysql: h tr MySQL.
Ghi ch:
-
SSL
42
n tt nghip
Trng H Dn Lp Hi Phng
o Vn Phong - CT1301
43
n tt nghip
Trng H Dn Lp Hi Phng
Ph hy CAS session
Cch cu hnh
phpCAS::logout()
Sau khi logout, CAS s show trang logout.
phpCAS::logoutWithRedirectService($service)
Sau khi logout, CAS server chuyn hng trnh duyt ti ci URL c a ra.
phpCAS::logoutWithUrl($url)
-
Sau khi logout, CAS server show 1 trang vi ci link URL c a vo.
phpCAS::logoutWithRedirectServiceAndUrl($service, $url)
-
Nu chuyn hng c kch hot. CAS server chuyn hng trnh duyt
n URL c cung cp ($service) v cc tham s $url c b qua.
Nu khng, CAS server cho thy mt trang vi mt lin kt n cc URL c
cung cp.
phpCAS::logout($params)
Service v cc tham s url c th cng vt qua nh trong mng:
Bng 2.2: Danh sch tham s phpCAS.
o Vn Phong - CT1301
44
n tt nghip
Trng H Dn Lp Hi Phng
shortcut
logout(array())
logout()
logout(array('service'=>'www.myser
vicesite.com'))
logoutWithRedirectService('www.myservic
esite.com')
logout(array('url'=>'www.myurlsite.
logoutWithUrl('www.myurlsite.com')
com'))
logout(array('service'=>'www.myser
vicesite.com',
'url'=>'www.myurlsite.com'))
logoutWithRedirectServiceAndUrl('www.m
yservicesite.com', 'www.myurlsite.com')
45
n tt nghip
Trng H Dn Lp Hi Phng
o Vn Phong - CT1301
46
n tt nghip
Trng H Dn Lp Hi Phng
o Vn Phong - CT1301
47
n tt nghip
Trng H Dn Lp Hi Phng
IBM Prefer KYB USB US ENG 103P & IBM 3 Button Optical
Mouse USB
B. Yu cu phn mm.
-
Bundle c ci t
o Vn Phong - CT1301
48
n tt nghip
Trng H Dn Lp Hi Phng
3.1.2.3. Git.
Gi lp mi trng linux trn windows.
3.1.2.4. Bundle.
Bundle c chc nng qun l cc version, n s ti cc th vin cn thit
c khai bo trong file config.yml v.
3.1.2.4. pgAdmin III.
Cung cp Postgresql tool (version 9.31).
3.1.3. Ci dt CAS-server.
Ti RubyInstaller v Development Kitti:
http://rubyinstaller.org/downloads/
o Vn Phong - CT1301
49
n tt nghip
Trng H Dn Lp Hi Phng
o Vn Phong - CT1301
50
n tt nghip
Trng H Dn Lp Hi Phng
o Vn Phong - CT1301
51
n tt nghip
Trng H Dn Lp Hi Phng
o Vn Phong - CT1301
52
n tt nghip
Trng H Dn Lp Hi Phng
53
n tt nghip
Trng H Dn Lp Hi Phng
54
n tt nghip
Trng H Dn Lp Hi Phng
port: 443
ssl_cert: /path/to/your/ssl.pem
Sa thnh:
server: webrick
port: 8082
#: /path/to/your/ssl.pem
55
n tt nghip
Trng H Dn Lp Hi Phng
database: cas
host: 127.0.0.1
port: 5432
username: cas
password: 123456
user_table: users
username_column: username
password_column: password
extra_attributes: username,permission,full_name,actived
encrypt_function: 'require "digest/md5"; user.password ==
Digest::MD5.hexdigest("#{@password}")'
Trong :
adapter: postgresql
database: tn c s d liu.
host: a ch c s d liu.
port: cng kt ni.
username: tn ngi dng c php truy cp vo c s d liu.
password: mt khu truy cp vo c s d liu.
user_table: bng cha thng tin ngi dng.
username_column: tn ca ct cha username
password_column: tn ct cha password.
extra_attributes: ly thm cc thuc tnh khc trong bng user ngoi
username c tr ra. Nh trn ngoi username th ti cn ly c
permission,full_name,actived.
encrypt_function: hm m ha mt khu.
Tm n dng 467 v thay:
log:
file: /var/log/casserver.log
level: INFO
thnh:
o Vn Phong - CT1301
56
n tt nghip
Trng H Dn Lp Hi Phng
log:
file: log/casserver.log
level: INFO
o Vn Phong - CT1301
57
n tt nghip
Trng H Dn Lp Hi Phng
o Vn Phong - CT1301
58
n tt nghip
Trng H Dn Lp Hi Phng
o Vn Phong - CT1301
59
n tt nghip
Trng H Dn Lp Hi Phng
Kiu d liu
M t
Id
Serial
Ticket
Lu tr cc LT c CAS to ra.
Create_on
Consumed
o Vn Phong - CT1301
Tn hostname ca client.
60
n tt nghip
Trng H Dn Lp Hi Phng
Kiu d liu
M t
Id
Serial
Ticket
Lu tr cc PGT c CAS to
ra.
Create_on
zone
Client_hostname
Tn hostname ca client.
Iou
Service_ticket_id Interger
Kiu d liu
M t
Id
Serial
Ticket
Lu tr cc ST c CAS to ra.
Service
Text
Create_on
zone
Consumed
Client_hostname
Tn hostname ca client.
Username
o Vn Phong - CT1301
61
n tt nghip
Type
Trng H Dn Lp Hi Phng
Granted_by_pgt_id Integer
Granted_by_tgt_id
Integer
Kiu d liu
M t
Id
Serial
Ticket
Lu tr cc TGT c CAS to
ra.
Create_on
zone
Client_hostname
Tn hostname ca client.
Username
Extra_attributes
Text
Cha cc Extra_attributes.
Bc 14: kim tra chc chn rng CAS hot ng, hy m ng dn sau:
http://localhost:8082/login ng nhp vi thng tin thm vo csdl trc l:
Username: phongdao
Password: 123456
o Vn Phong - CT1301
62
n tt nghip
Trng H Dn Lp Hi Phng
63
n tt nghip
Trng H Dn Lp Hi Phng
o Vn Phong - CT1301
64
n tt nghip
Trng H Dn Lp Hi Phng
o Vn Phong - CT1301
65
n tt nghip
Trng H Dn Lp Hi Phng
o Vn Phong - CT1301
66
n tt nghip
Trng H Dn Lp Hi Phng
o Vn Phong - CT1301
67
n tt nghip
Trng H Dn Lp Hi Phng
o Vn Phong - CT1301
68
n tt nghip
Trng H Dn Lp Hi Phng
69
n tt nghip
Trng H Dn Lp Hi Phng
70
n tt nghip
Trng H Dn Lp Hi Phng
thng. Ti client th vic x l thng tin nhn c t CAS server din ra hon
ton bnh thng. Xem hnh 2.6: Nguyn tc hot ng phpCAS.
Pha 2: user ch tn ti trong 1 trong 2 h thng th qu trnh din ra s nh th no
vi tng h thng, h thng 1 nh th no?H thng 2 nh th no?
Trng hp 1: User ch tn ti trn CAS server.
Khi ngi dngmun xc thc thng tin s dng ng dng, phpCAS s
chuyn hng ngi dng n form ng nhp ca CAS server, ti y ngi dng
nhp thng tin, CAS xc thc thng tin v tr li cho client username v
extra_Attributes(nu c). Ti client ty thuc vo nhu cu ca ng dng m c s
dng thng tin nhn c thm vo CSDL ca ng dng client hay khng? Vi
trng hp h thng ca em tch hp c nhu cu thm phn thng tin nhn c
vo CSDL th cc bc x l s nh sau:
Bc 1: Client s s dng username nhn c t CAS server) lm iu kin
truy vn vo CSDL ca ng dng client.
Bc 2: Kim tra kt qu truy vn vo CSDL th c 2 trng hp:
Trng hp 1: Khng tn ti bn ghi no theo iu kin a vo ->
Tin hnh thm username v cc extra_attributes nh email, address, status...(khng
bao gm password v l do an ton.) vo CSDL. Sau vic x l thng tin xc
thc din ra nh bnh thng.
Trng hp 2: tn ti bn ghi th ta li tip tc so snh cc thng
tin bn ghi va truy vn vi cc extra_attributes nu ging nhau th b qua v tin
hnh x l thng tin xc thc, nu khc nhau th tin hnh cp nht li cc thng tin
theo extra_attributes. Sau khi cp nht xong th li tip tc x l thng tin xc thc.
o Vn Phong - CT1301
71
n tt nghip
Trng H Dn Lp Hi Phng
Hnh 3.36: Lung x l khi client xin xc thc thng tin t CAS server.
Trng hp 2: User ch tn ti trn client.
Vi trng hp ny th vic xc thc thng tin s tht bi v trong CSDL ca
CAS server khng tn ti thng tin ca ngi dng dn n khng c thng tin
xc thc.
o Vn Phong - CT1301
72
n tt nghip
Trng H Dn Lp Hi Phng
73
n tt nghip
Trng H Dn Lp Hi Phng
Trc khi client iu ngi dng ti CAS server th s kim tra http Status
code do CAS server tr v. Nu Status Code == 200 hoc 303 th iu hng client
n CAS server cn ngc li gp nhng status code khc th xc thc thng tin ti
CSDL local.
o Vn Phong - CT1301
74
n tt nghip
Trng H Dn Lp Hi Phng
KT LUN
Trong n ny em tm hiu c c ch ng nhp mt ln (single sign on)
v th nghim da trn th vin phpcas. n thc hin c nhim v ra v
t c cc kt qu sau:
-
o Vn Phong - CT1301
75
n tt nghip
Trng H Dn Lp Hi Phng
[1] http://en.wikipedia.org/wiki/Single_sign-on
[2] http://en.wikipedia.org/wiki/List_of_single_sign-on_implementations
[3]http://vi.wikipedia.org/wiki/Phn_mm_ngun_m
[4]http://www.jasig.org/cas/protocol
[5]http://en.wikipedia.org/wiki/Central_Authentication_Service
[6]https://github.com/rubycas/rubycas-server/wiki
[7] https://wiki.jasig.org/display/CASC/phpCAS
o Vn Phong - CT1301
76
n tt nghip
Trng H Dn Lp Hi Phng
PH LC
Ph lc A: CAS phn hi lc XML.
<!-The following is the schema for the Yale Central Authentication
Service (CAS) version 2.0 protocol response. This covers the responses
for the following servlets:
/serviceValidate
/proxyValidate
/proxy
This specification is subject to change.
Author: Drew Mazurek
Version: $Id: cas2.xsd,v 1.1 2005/02/14 16:19:06 dmazurek Exp $-->
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:cas="http://www.yale.edu/tp/cas"
targetNamespace="http://www.yale.edu/tp/cas"
elementFormDefault="qualified" attributeFormDefault="unqualified">
<xs:element name="serviceResponse" type="cas:ServiceResponseType"/>
<xs:complexType name="ServiceResponseType">
<xs:choice>
<xs:element name="authenticationSuccess" type="cas:AuthenticationSuccessType"/>
<xs:element name="authenticationFailure" type="cas:AuthenticationFailureType"/>
<xs:element name="proxySuccess" type="cas:ProxySuccessType"/>
<xs:element name="proxyFailure" type="cas:ProxyFailureType"/>
</xs:choice>
</xs:complexType>
<xs:complexType name="AuthenticationSuccessType">
<xs:sequence>
<xs:element name="user" type="xs:string"/>
o Vn Phong - CT1301
77
n tt nghip
Trng H Dn Lp Hi Phng
78
n tt nghip
Trng H Dn Lp Hi Phng
</xs:schema>
79
n tt nghip
Trng H Dn Lp Hi Phng
<?php if (!defined('BASEPATH'))
exit('No direct script access allowed');
class VerifyLogin extends CI_Controller
{
function __construct()
{
parent::__construct();
$this->load->library("form_validation");
}
public function index()
{
if ($this->my_auth->is_Login()) {
redirect(base_url(). "admin/home");
exit();
}
$this->form_validation->set_rules('username', 'Username',
'trim|required|xss_clean');
$this->form_validation->set_rules('password', 'Password',
'trim|required|xss_clean');
if ($this->form_validation->run() == false) {
//Xac nhan that bai. Nguoi dung bi dieu huong toi trang dang nhap
$this->load->view('admin/login');
} else {
$array = array('username' => $this->input->post('username'), 'password'
=> md5($this->
input->post('password')));
o Vn Phong - CT1301
80
n tt nghip
Trng H Dn Lp Hi Phng
$result = $this->muser->checkLogin($array);
if ($result) {
if (!$this->my_auth->is_Active($result['userid'])) {
$data['error'] = "Ti khon cha c kch hot !";
$this->load->view('admin/login', $data);
} else {
$data = array(
"username" => $result['username'],
"userid" => $result['userid'],
"permission" => $result['permission'],
);
$this->session->set_userdata('logged_in', $data);
redirect(base_url(). "admin/home");
}
} else {
$this->load->view('admin/login', array("error" => "Username hoc
Password sai"));
}
}
}
}
?>
81
n tt nghip
Trng H Dn Lp Hi Phng
$this->load->helper('h2');
}
public function index()
{
if ($this->my_auth->is_Login()) {
redirect(base_url(). "admin/home");
exit();
}
$result = phpCAS::getAttributes();
$data = array(
"username" => $result['username'],
"full_name" => $result['full_name'],
"permission" => $result['permission'],
);
if ($result) {
if ($this->muser->getInfo1($data['username']) != false) {
if (!$this->my_auth->is_Active($result['username'])) {
$data['error'] = "Ti khon cha c kch hot !";
$this->load->view('admin/login', $data);
} else {
$this->session->set_userdata('logged_in', $data);
redirect(base_url(). "admin/home");
}
} else {
$this->muser->AddNewUser1($data);
o Vn Phong - CT1301
82
n tt nghip
Trng H Dn Lp Hi Phng
$this->session->set_userdata('logged_in', $data);
redirect(base_url(). "admin/home");
}
} else {
$this->load->view('admin/login', array("error" => "Username hoc
Password sai"));
}
}
}
?>
Trong :
$this->load->helper('h2') load phn helper tch hp phpCAS
Ph Lc D: Phn code x l ng nhp SSO h thng 2.
Phn x l trc khi tch hp phpCAS
<?php
@Header( "Content-Type: text/html; charset=utf-8" );
@Header( "Content-Language: ". $_POST['lang'] );
session_start();
include ( "config.php" );
if( isset( $_POST['dangky'] ) )
{
$username = $_POST['username'];
$password = $_POST['pass'];
$email = $_POST['email'];
$fullname = $_POST['fullname'];
// Kim tra tn ti ca user v email.
$sql = "select * from users where username='". $username. "'";
$query = mysql_query( $sql );
if( mysql_num_rows( $query ) == 0 )
{
o Vn Phong - CT1301
83
n tt nghip
Trng H Dn Lp Hi Phng
84
n tt nghip
Trng H Dn Lp Hi Phng
$username = $_POST['username'];
$password = $_POST['pass'];
$sql = "select * from users where username='". $username. "' and
password = '". $password. "'";
$query = mysql_query( $sql );
if( mysql_num_rows( $query ) != 0 )
{
$_SESSION['username'] = $username;
$_SESSION['pass'] = $password;
echo '<script>alert("ng nhp thnh cng. Nhn ok tr v
trang ch.")</script>';
echo
'<script>window.location.assign("http://localhost/doan2/")</script>';
}
else
{
echo '<script>alert("Ti khon hoc mt khu khng chnh xc, vui
lng kim tra li.")</script>';
echo
'<script>window.location.assign("http://localhost/doan2/")</script>';
}
}
else
{
echo '<script>alert("C li xy ra. Vui lng lin lc ti ngi qun
tr.")</script>';
echo '<script>window.location.assign("http://localhost/doan2/")</script>';
}
?>
85
n tt nghip
Trng H Dn Lp Hi Phng
86
n tt nghip
Trng H Dn Lp Hi Phng
{
// Kim tra tn ti ca user
$sql = "select * from users where username='". $_SESSION['username'].
"'";
$query = mysql_query( $sql );
if( mysql_num_rows( $query ) != 0 )
{
// echo '<script>alert("ng nhp thnh cng. Bn c th tip
tc.")</script>';
echo '<script>window.location.assign("http://localhost/doan2/")</script>';
}else
{
$sql = "INSERT INTO users (fullname, username, email, password,
permission)
VALUES ('". $fullname. "','". $_SESSION['username']. "','". $email. "','".
$password. "','1')";
$query = mysql_query( $sql );
if( $query )
{
echo '<script>alert("ng nhp. Bn c th tip
tc.")</script>';
echo
'<script>window.location.assign("http://localhost/doan2/")</script>';
}else{
echo '<script>alert("C li. Vui lng kim tra li h
thng.")</script>';
echo
'<script>window.location.assign("http://localhost/doan2/")</script>';
}
}
}
?>
o Vn Phong - CT1301
87