SAML Login
Updated on 28 Dec 2018
Login
Logging in is pretty straight forward, and apologies for my terrible graphic.
1 -> make login request
$auth = new OneLogin_Saml2_Auth($settingsInfo); // Constructor of the SP, loads settings.php
$auth->login(); // Method that sent the AuthNRequest
2 -> process login response (this is sent to the url provided in the acs url settings on the web-portal, but we can over-ride it from the settings.php file)
$auth = new OneLogin_Saml2_Auth($settingsInfo); // Constructor of the SP, loads settings.php
$auth->processResponse($requestID);
$name = $auth->getNameId();
test2.php
The main part of the login process is here:
session_start(); // IMPORTANT: This is required in order to be able
// to store the user data in the session.
define("TOOLKIT_PATH", '/var/www/html/saml/php-saml/');
require_once(TOOLKIT_PATH.'_toolkit_loader.php');
require_once('settings2.php');
//-----
//--this is how I can authenticate...
//--login redirect is handled in the settings2.php file
//-----
$auth = new OneLogin_Saml2_Auth($settingsInfo); // Constructor of the SP, loads settings.php
$auth->login(); // Method that sent the AuthNRequest
//-----
This will pass the request over to the Identity provider. The ACS Url is where the identity credentials will be passed to. We can over-ride that url by modifying the sp values in the settings file.
settings.php
...
'assertionConsumerService' => array (
'url' => $spBaseUrl.'/mamamia.php',
),
...
Now… the credentials will be passed to mamamia.php instead. For now, we’ll leave the acs url at test2-thanks.php.
test2-thanks.php
Here I can process the login response.
The main bit that we are interested here is this part. The identity provider will POST data back to us, and as such we can use processResponse
.
The getNameid
is the username.
$auth = new OneLogin_Saml2_Auth($settingsInfo); // Constructor of the SP, loads settings.php
$auth->processResponse($requestID);
$attributes = $auth->getAttributes();
print_r($attributes);
$name = $auth->getNameId();
test2-thanks.php
session_start();
//-----
//--load some files that I need, especially the settings.php file...
//-----
define("TOOLKIT_PATH", '/var/www/html/saml/php-saml/');
require_once(TOOLKIT_PATH . '_toolkit_loader.php'); // We load the SAML2 lib
require_once('settings2.php');
//-----
$auth = new OneLogin_Saml2_Auth($settingsInfo); // Constructor of the SP, loads settings.php
if (isset($_SESSION) && isset($_SESSION['AuthNRequestID'])) {
$requestID = $_SESSION['AuthNRequestID'];
} else {
$requestID = null;
}
$auth->processResponse($requestID);
$attributes = $auth->getAttributes();
print_r($attributes);
$name = $auth->getNameId();
echo "<p>name id: $name</p>";
echo "<p>Hello there 2</p>";
echo '<p><a href="http://localhost/saml/test2-logout.php">Logout</a></p>';