SAML Login

Updated on 28 Dec 2018

authentication

Logging in is pretty straight forward, and apologies for my terrible graphic.

1 -> make login request

$auth = new OneLogin_Saml2_Auth($settingsInfo); // Constructor of the SP, loads settings.php
$auth->login();   // Method that sent the AuthNRequest

2 -> process login response (this is sent to the url provided in the acs url settings on the web-portal, but we can over-ride it from the settings.php file)

$auth = new OneLogin_Saml2_Auth($settingsInfo); // Constructor of the SP, loads settings.php   
$auth->processResponse($requestID);
$name = $auth->getNameId();

test2.php

The main part of the login process is here:

    session_start();  // IMPORTANT: This is required in order to be able
                      // to store the user data in the session.

    define("TOOLKIT_PATH", '/var/www/html/saml/php-saml/');
    require_once(TOOLKIT_PATH.'_toolkit_loader.php');
    require_once('settings2.php'); 


    //-----
    //--this is how I can authenticate...
    //--login redirect is handled in the settings2.php file
    //-----

    $auth = new OneLogin_Saml2_Auth($settingsInfo); // Constructor of the SP, loads settings.php
    $auth->login();   // Method that sent the AuthNRequest
    //-----

This will pass the request over to the Identity provider. The ACS Url is where the identity credentials will be passed to. We can over-ride that url by modifying the sp values in the settings file.

settings.php

...
'assertionConsumerService' => array (
                'url' => $spBaseUrl.'/mamamia.php',
            ),
...

Now… the credentials will be passed to mamamia.php instead. For now, we’ll leave the acs url at test2-thanks.php.

test2-thanks.php

Here I can process the login response.

The main bit that we are interested here is this part. The identity provider will POST data back to us, and as such we can use processResponse.

The getNameid is the username.

    $auth = new OneLogin_Saml2_Auth($settingsInfo); // Constructor of the SP, loads settings.php   
    $auth->processResponse($requestID);

    $attributes = $auth->getAttributes();
    print_r($attributes);   
    
    $name = $auth->getNameId();

test2-thanks.php

    session_start(); 

    //-----
    //--load some files that I need, especially the settings.php file...
    //-----
    define("TOOLKIT_PATH", '/var/www/html/saml/php-saml/');
    require_once(TOOLKIT_PATH . '_toolkit_loader.php');   // We load the SAML2 lib
    require_once('settings2.php'); 
    //-----

    $auth = new OneLogin_Saml2_Auth($settingsInfo); // Constructor of the SP, loads settings.php   

    if (isset($_SESSION) && isset($_SESSION['AuthNRequestID'])) {
        $requestID = $_SESSION['AuthNRequestID'];
    } else {
        $requestID = null;
    }
    
    $auth->processResponse($requestID);

    $attributes = $auth->getAttributes();
    print_r($attributes);
    
    $name = $auth->getNameId();
    echo "<p>name id: $name</p>";
    echo "<p>Hello there 2</p>";
    echo '<p><a href="http://localhost/saml/test2-logout.php">Logout</a></p>';