public static function RegisterDevice() { //Create the credentials $credentials = DeviceIdManager::GenerateCredentials(); $v_createregistrationenvelope = DeviceIdManager::CreateRegistrationEnvelope($credentials->getDeviceName(), $credentials->getPassword()); $puid = DeviceIdManager::ExecuteRegistrationRequest('/DeviceAddCredential.srf', 'login.microsoftonline.com', LiveIdConstants::$RegistrationEndpointUri, $v_createregistrationenvelope); return $credentials; }
public function authenticateWithLiveID($CRMUrl, $liveIDUsername, $liveIDPassword) { $deviceCredentials = DeviceIdManager::RegisterDevice(); // Register Device Credentials and get binaryDAToken $deviceCredentialsSoapTemplate = '<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <a:Action s:mustUnderstand="1"> http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action> <a:MessageID>urn:uuid:%s</a:MessageID> <a:ReplyTo> <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address> </a:ReplyTo> <a:To s:mustUnderstand="1"> https://login.microsoftonline.com/extSTS.srf</a:To> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <u:Timestamp u:Id="_0"> <u:Created>%sZ</u:Created> <u:Expires>%sZ</u:Expires> </u:Timestamp> <o:UsernameToken u:Id="devicesoftware"> <o:Username>%s</o:Username> <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">%s</o:Password> </o:UsernameToken> </o:Security> </s:Header> <s:Body> <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"> <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <a:EndpointReference> <a:Address>http://passport.net/tb</a:Address> </a:EndpointReference> </wsp:AppliesTo> <t:RequestType> http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType> </t:RequestSecurityToken> </s:Body> </s:Envelope>'; $soapTemplate = sprintf($deviceCredentialsSoapTemplate, LiveIDManager::gen_uuid(), LiveIDManager::getCurrentTime(), LiveIDManager::getNextDayTime(), $deviceCredentials->getDeviceName(), $deviceCredentials->getPassword()); $binaryDATokenXML = LiveIDManager::GetSOAPResponse("/liveidSTS.srf", "login.live.com", "https://login.live.com/liveidSTS.srf", $soapTemplate); preg_match('/<CipherValue>(.*)<\\/CipherValue>/', $binaryDATokenXML, $matches); $cipherValue = $matches[1]; // Step 3: Get Security Token by sending WLID username, password and device binaryDAToken $securityTokenSoapTemplate = '<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <a:Action s:mustUnderstand="1"> http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action> <a:MessageID>urn:uuid:%s</a:MessageID> <a:ReplyTo> <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address> </a:ReplyTo> <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink"> uIDPozBEz+P/wJdOhoN2XNauvYcAAAAAK0Y6fOjvMEqbgs9ivCmFPaZlxcAnCJ1GiX+Rpi09nSYACQAA</VsDebuggerCausalityData> <a:To s:mustUnderstand="1"> https://login.microsoftonline.com/extSTS.srf</a:To> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <u:Timestamp u:Id="_0"> <u:Created>%s</u:Created> <u:Expires>%s</u:Expires> </u:Timestamp> <o:UsernameToken u:Id="user"> <o:Username>%s</o:Username> <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">%s</o:Password> </o:UsernameToken> <wsse:BinarySecurityToken ValueType="urn:liveid:device" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <EncryptedData Id="BinaryDAToken0" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"> </EncryptionMethod> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:KeyName>http://Passport.NET/STS</ds:KeyName> </ds:KeyInfo> <CipherData> <CipherValue> %s" </CipherValue> </CipherData> </EncryptedData> </wsse:BinarySecurityToken> </o:Security> </s:Header> <s:Body> <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"> <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <a:EndpointReference> <a:Address>%s</a:Address> </a:EndpointReference> </wsp:AppliesTo> <wsp:PolicyReference URI="MBI_FED_SSL" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" /> <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType> </t:RequestSecurityToken> </s:Body> </s:Envelope>'; // Create the URN address of the format urn:crm:dynamics.com. // Replace crm with crm4 for Europe & crm5 for Asia. $URNAddress = "urn:crmemea:dynamics.com"; if (strpos($CRMUrl, "crm4.dynamics.com")) { $URNAddress = "urn:crmemea:dynamics.com"; } if (strpos($CRMUrl, "crm5.dynamics.com")) { $URNAddress = "urn:crmapac:dynamics.com"; } $securityTemplate = sprintf($securityTokenSoapTemplate, LiveIDManager::gen_uuid(), LiveIDManager::getCurrentTime(), LiveIDManager::getNextDayTime(), $liveIDUsername, $liveIDPassword, $cipherValue, $URNAddress); $securityTokenXML = LiveIDManager::GetSOAPResponse("/extSTS.srf", "login.microsoftonline.com", "https://login.microsoftonline.com/extSTS.srf", $securityTemplate); $responsedom = new DomDocument(); $responsedom->loadXML($securityTokenXML); $cipherValues = $responsedom->getElementsbyTagName("CipherValue"); if (isset($cipherValues) && $cipherValues->length > 0) { $securityToken0 = $cipherValues->item(0)->textContent; $securityToken1 = $cipherValues->item(1)->textContent; $keyIdentifier = $responsedom->getElementsbyTagName("KeyIdentifier")->item(0)->textContent; } else { return null; } $newSecurityData = new SecurityData($keyIdentifier, $securityToken0, $securityToken1); return $newSecurityData; }