// Load functions...
require_once "example-lib.php";
// Checking configuration...
if ($LIGHTBULB_CONFIG['spi-namemapping'] != "database") {
echo "This example requires that you are using the <tt>namemapping/database</tt> plugin. Now your configuration points at the <tt>namemapping/" . $LIGHTBULB_CONFIG['spi-namemapping'] . "</tt>.";
exit;
}
// URL to return user to after authentication. Will be this page :D
$return_url = selfURL();
// URL initiating SSO with lighbulb, contains some configuration parameters.
$ssoinit_url = $LIGHTBULB_CONFIG['baseurl'] . "spSSOInit.php?" . "metaAlias=/sp&" . "RelayState=" . urlencode($return_url);
// Logout URL. Also a openssophp service with some parameters and a return url.
$logout_url = $LIGHTBULB_CONFIG['baseurl'] . "spSLOInit.php?" . "metaAlias=/sp&" . "RelayState=" . urlencode($return_url);
$prompt_url = "prompt.php?goto=" . urlencode($return_url);
$localID = spi_sessionhandling_getUserID();
if (!isset($localID) && !is_null(spi_sessionhandling_getNameID())) {
// The user is successfully authenticated, but not mapped to a local user account, so will will ask the user to
// perform a local login.
header("Location: " . $prompt_url);
exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Pat's Example</title>
</head>
<body>
<h1>Welcome to Pat's Example to OpenSSO PHP Extension</h1>
// Loading SAML library
require_once '../openssophp/config/config.php';
require_once '../openssophp/lib/saml-lib.php';
// Needs a function to get the token from the php session
require_once '../openssophp/spi/sessionhandling/' . $LIGHTBULB_CONFIG['spi-sessionhandling'] . '.php';
// Needs a function to get the token from the php session
require_once '../openssophp/spi/namemapping/' . $LIGHTBULB_CONFIG['spi-namemapping'] . '.php';
// Load functions...
require_once "example-lib.php";
// URL to return user to after authentication. Will be this page :D
$return_url = selfURL();
// URL initiating SSO with lighbulb, contains some configuration parameters.
$ssoinit_url = $LIGHTBULB_CONFIG['baseurl'] . "spSSOInit.php?" . "metaAlias=/sp&" . "RelayState=" . urlencode($return_url);
// Logout URL. Also a openssophp service with some parameters and a return url.
$logout_url = $LIGHTBULB_CONFIG['baseurl'] . "spSLOInit.php?" . "metaAlias=/sp&" . "RelayState=" . urlencode($return_url);
$userid = $_POST["username"];
$password = $_POST["password"];
$username = authenticateLocalUser($userid, $password);
if (is_null($username)) {
echo "Error login, probably bad credentials. Sorry.";
exit;
} else {
if (!is_null(spi_sessionhandling_getNameID())) {
// The user is already authenticated to an IdP so we federate the accounts..
$nameId = getNameID(spi_sessionhandling_getResponse());
spi_namemapping_mapNameIdToLocalId($nameId["NameQualifier"], $nameId["SPNameQualifier"], spi_sessionhandling_getNameID(), $userid);
}
spi_sessionhandling_setUserId($userid);
header("Location: " . urldecode($_POST["goto"]));
exit;
}
if (!is_null(spi_sessionhandling_getNameID())) {
?>
<p>You are already authenticated to an IdP but your identity does not map to a local identity. Please login using a local account below, and your account will be federated with that from the IdP. The next time you login with your IdP account, you will not need to perform a local login.</p><?php
}
?>
<form action="login.php" method="post">
<fieldset style="border: 1px solid #999; background: #ffa"><legend>Local authentication</legend>
<p>Username: <input name="username"></p>
<p>Password: <input type="password" name="password"></p>
<input type="hidden" name="goto" value="<?php
echo urlencode($_GET["goto"]);
?>
">
<p><input type="submit" Value="Login"></p>
</fieldset>
</form>
<?php
if (is_null(spi_sessionhandling_getNameID())) {
?>
<p><a href="<?php
echo $ssoinit_url;
?>
">Login via IDP</a></p><?php
}
?>
</body>
</html>