alvin alexander
Home search using google About Alvin Alexander rss feed Alvin Alexander on Twitter Donate to keep Alvin writing!

OpenSSO and PHP - A simple PHP script to retrieve OpenSSO identity information

By Alvin Alexander. Last updated: June 4, 2016

Here's a simple PHP program I wrote to test how PHP works with OpenSSO, specifically how it works with OpenSSO identity information.

I saved this file with the name info.php, then put it in a directory on my Apache web server that is protected by an OpenSSO login policy. To access this page, I enter the URL for the page in my browser and try to access it, with the URL being something like this:

http://server1.acme.com/private/info.php

The OpenSSO web agent configured in the Apache web server on the host server1.acme.com intercepts my request, and redirects me to the OpenSSO login page. After successfully authenticating myself to the OpenSSO server, I am redirected back to this PHP script, which works as expected.

Source code for my PHP script

Here's the source code for my simple PHP script. As you can see from the code, this script sends a POST request to my OpenSSO server on the host server2.acme.com, passing it the parameters shown. (I'm not going to write about these parameters much today, but I will come back and write about them another time.) After I send my POST request to my OpenSSO authentication server, I print the output at the end of my PHP script, as shown near the end of the script.

Here's the source code for my PHP script:

<html>

<body>
<?php
require 'HTTP/Request.php';

$url = 'http://server2.acme.com:8080/opensso/identity/attributes';
$r = new HTTP_Request($url);
$r->setMethod(HTTP_REQUEST_METHOD_POST);
$r->addHeader('Host','server1.acme.com');
$r->addHeader('Content-Type','application/x-www-form-urlencoded');
$r->addHeader('Cookie',"iPlanetDirectoryPro=$_COOKIE[iPlanetDirectoryPro]");

#
# request
#
print "<br/>";
print "<b>what i'm saying to the server</b>";
print "<pre>";
#print "iPlanetDirectoryPro cookie: $_COOKIE[iPlanetDirectoryPro]";
print $r->_buildRequest();
print "</pre>";

$r->sendRequest();

#
# response
#
print "<b>what the server is telling me</b>";
print "<pre>";
$response_body = $r->getResponseBody();
print $response_body;
print "</pre>";
?>

<a href="/">back to main</a>

</body>
</html>

Output from the script

When I access this PHP web page from my browser, and log in as a user named "dave", here's the output I get. For me, the important thing here is that this shows that I can access my OpenSSO server from a PHP script and determine the identity of the currently logged-in user.

Here's the script output:

what i'm saying to the server

POST /opensso/identity/attributes HTTP/1.1
Host: server1.acme.com
User-Agent: PEAR HTTP_Request class ( http://pear.php.net/ )
Connection: close
Cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfcwGeij4cBusE0PvQD4oDaxZ4riNfR2-y4Y.*AAJTSQACMDE.*
Content-Length: 0


what the server is telling me

userdetails.token.id=AQIC5wM2LY4SfcwGeij4cBusE0PvQD4oDaxZ4riNfR2-y4Y.*AAJTSQACMDE.*
userdetails.role=id=employee,ou=group,dc=opensso,dc=java,dc=net
userdetails.role=id=everyone,ou=group,dc=opensso,dc=java,dc=net
userdetails.attribute.name=uid
userdetails.attribute.value=dave
userdetails.attribute.name=userpassword
userdetails.attribute.value={SSHA}GCF55kULCFyDZFqGxmPrYxhuWtAaZq2Fd00hjw==
userdetails.attribute.name=sn
userdetails.attribute.value=duncan
userdetails.attribute.name=cn
userdetails.attribute.value=dave duncan
userdetails.attribute.name=givenname
userdetails.attribute.value=dave
userdetails.attribute.name=inetuserstatus
userdetails.attribute.value=Active
userdetails.attribute.name=objectclass
userdetails.attribute.value=organizationalPerson
userdetails.attribute.value=person
userdetails.attribute.value=sunIdentityServerLibertyPPService
userdetails.attribute.value=inetorgperson
userdetails.attribute.value=sunFederationManagerDataStore
userdetails.attribute.value=iPlanetPreferences
userdetails.attribute.value=iplanet-am-managed-person
userdetails.attribute.value=iplanet-am-user-service
userdetails.attribute.value=sunFMSAML2NameIdentifier
userdetails.attribute.value=inetuser
userdetails.attribute.value=top
userdetails.attribute.name=memberof
userdetails.attribute.value=cn=employee,ou=groups,dc=opensso,dc=java,dc=net
userdetails.attribute.value=cn=everyone,ou=groups,dc=opensso,dc=java,dc=net
php
agent
apache
attributes
identity
opensso
php
program
script
test
web agent

books by alvin
front page photo gallery scala linux/unix alvin on twitter privacy terms & conditions
alvinalexander.com
is owned and operated by
Valley Programming, LLC
 
In regards to links to Amazon.com, As an Amazon Associate
I (Valley Programming, LLC) earn from qualifying purchases
 
This website uses cookies: learn more