// Load functions... require_once "example-lib.php"; // Checking configuration... if ($LIGHTBULB_CONFIG['spi-namemapping'] != "database") { echo "This example requires that you are using the <tt>namemapping/database</tt> plugin. Now your configuration points at the <tt>namemapping/" . $LIGHTBULB_CONFIG['spi-namemapping'] . "</tt>."; exit; } // URL to return user to after authentication. Will be this page :D $return_url = selfURL(); // URL initiating SSO with lighbulb, contains some configuration parameters. $ssoinit_url = $LIGHTBULB_CONFIG['baseurl'] . "spSSOInit.php?" . "metaAlias=/sp&" . "RelayState=" . urlencode($return_url); // Logout URL. Also a openssophp service with some parameters and a return url. $logout_url = $LIGHTBULB_CONFIG['baseurl'] . "spSLOInit.php?" . "metaAlias=/sp&" . "RelayState=" . urlencode($return_url); $prompt_url = "prompt.php?goto=" . urlencode($return_url); $localID = spi_sessionhandling_getUserID(); if (!isset($localID) && !is_null(spi_sessionhandling_getNameID())) { // The user is successfully authenticated, but not mapped to a local user account, so will will ask the user to // perform a local login. header("Location: " . $prompt_url); exit; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Pat's Example</title> </head> <body> <h1>Welcome to Pat's Example to OpenSSO PHP Extension</h1>
// Loading SAML library require_once '../openssophp/config/config.php'; require_once '../openssophp/lib/saml-lib.php'; // Needs a function to get the token from the php session require_once '../openssophp/spi/sessionhandling/' . $LIGHTBULB_CONFIG['spi-sessionhandling'] . '.php'; // Needs a function to get the token from the php session require_once '../openssophp/spi/namemapping/' . $LIGHTBULB_CONFIG['spi-namemapping'] . '.php'; // Load functions... require_once "example-lib.php"; // URL to return user to after authentication. Will be this page :D $return_url = selfURL(); // URL initiating SSO with lighbulb, contains some configuration parameters. $ssoinit_url = $LIGHTBULB_CONFIG['baseurl'] . "spSSOInit.php?" . "metaAlias=/sp&" . "RelayState=" . urlencode($return_url); // Logout URL. Also a openssophp service with some parameters and a return url. $logout_url = $LIGHTBULB_CONFIG['baseurl'] . "spSLOInit.php?" . "metaAlias=/sp&" . "RelayState=" . urlencode($return_url); $userid = $_POST["username"]; $password = $_POST["password"]; $username = authenticateLocalUser($userid, $password); if (is_null($username)) { echo "Error login, probably bad credentials. Sorry."; exit; } else { if (!is_null(spi_sessionhandling_getNameID())) { // The user is already authenticated to an IdP so we federate the accounts.. $nameId = getNameID(spi_sessionhandling_getResponse()); spi_namemapping_mapNameIdToLocalId($nameId["NameQualifier"], $nameId["SPNameQualifier"], spi_sessionhandling_getNameID(), $userid); } spi_sessionhandling_setUserId($userid); header("Location: " . urldecode($_POST["goto"])); exit; }
if (!is_null(spi_sessionhandling_getNameID())) { ?> <p>You are already authenticated to an IdP but your identity does not map to a local identity. Please login using a local account below, and your account will be federated with that from the IdP. The next time you login with your IdP account, you will not need to perform a local login.</p><?php } ?> <form action="login.php" method="post"> <fieldset style="border: 1px solid #999; background: #ffa"><legend>Local authentication</legend> <p>Username: <input name="username"></p> <p>Password: <input type="password" name="password"></p> <input type="hidden" name="goto" value="<?php echo urlencode($_GET["goto"]); ?> "> <p><input type="submit" Value="Login"></p> </fieldset> </form> <?php if (is_null(spi_sessionhandling_getNameID())) { ?> <p><a href="<?php echo $ssoinit_url; ?> ">Login via IDP</a></p><?php } ?> </body> </html>