/** * Verifies a given signed assertion. * @param &Attribute_Verifier &$attributeVerifier - An instance of the class passed for the verification. * @param Auth_OpenID_Response - Response object for extraction. * @return boolean - true if successful, false if verification fails. */ function verifyAssertion(&$attributeVerifier, $response) { $ax_resp = Auth_OpenID_Extension_AX_FetchResponse::fromSuccessResponse($response); if ($ax_resp instanceof Auth_OpenID_Extension_AX_FetchResponse) { $ax_args = $ax_resp->getExtensionArgs(); if ($ax_args) { $value = base64_decode($ax_args['value.ext1.1']); if ($attributeVerifier->verify($value)) { return base64_decode($ax_args['value.ext0.1']); } else { return null; } } else { return null; } } else { return null; } }
<?php require_once "Auth/OpenID/Consumer.php"; require_once "Auth/OpenID/Store/FileStore.php"; require_once "Auth/OpenID/Extension/AX.php"; require_once "Auth/OpenID/Extension/PAPE.php"; session_start(); $store = new Auth_OpenID_Store_FileStore('./tmp'); $consumer = new Auth_OpenID_Consumer($store); $scriptPath = implode("/", explode('/', $_SERVER["REQUEST_URI"], -1)); $response = $consumer->complete('https://' . $_SERVER["SERVER_NAME"] . $scriptPath . '/verify.php'); $authenticated = false; if ($response->status == Auth_OpenID_SUCCESS) { $ax = new Auth_OpenID_Extension_AX_FetchResponse(); $obj = $ax->fromSuccessResponse($response); $_SESSION['openid_ax'] = $obj->data; $pape = Auth_OpenID_PAPE_Response::fromSuccessResponse($response); if ($pape) { $_SESSION['openid_pape'] = $pape; } $msg = "User has been authenticated!"; } elseif ($response->status == Auth_OpenID_CANCEL) { $msg = "User cancelled authentication."; } else { $msg = "User has not been authenticated."; } if (isset($_GET['popup'])) { ?> <h1><?php echo $msg;