-
Notifications
You must be signed in to change notification settings - Fork 0
/
example.php
81 lines (70 loc) · 2.58 KB
/
example.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?php
/**
* Example application for the A-Select library.
*
* @copyright 2008 SURFnet BV
* @version $Id: example.php 144 2010-03-09 09:38:34Z hansz $
*/
include_once('agent.php');
// NB: this page will be called twice in the authentication process:
// 1. an unauthenticated user will be redirected away from this page
// by the as_process call below; the user will authenticate on an
// external page
// 2. after authentication the user will be redirected back to this page,
// in which case an additional parameter called "aselect_credentials"
// is added to the URL; this parameter is checked by as_process
$cfg = array(
'client' => array(
// application identifier to be used for this application
'app_id' => 'example-application',
// when signing is required (for production):
// 'key' => '<path-to-private-key-pem>'
),
'server' => array(
// A-Select server URL
'url' => 'https://sp.example.org/federate/aselect',
// A-Select server identifier
'server_id' => 'sp.example.org',
),
);
if (array_key_exists('request', $_GET) and ($_GET['request'] == 'logout')) {
as_logout($cfg);
}
// perform the authentication against the A-Select server
// upon return if $result != NULL, authentication was succesful
$result = as_process($cfg, NULL, NULL, NULL, TRUE);
// if the authentication succeeded, $result will now contain an array
// that looks like:
// [uid] => john
// [organization] => Example Organisation
// [attributes] => Array
// (
// [urn:mace:dir:attribute-def:sn] => Array
// (
// [0] => Doe
// )
//
// [urn:mace:dir:attribute-def:mail] => Array
// (
// [0] => [email protected]
// [1] => [email protected]
// )
//
// [urn:mace:dir:attribute-def:givenName] => Array
// (
// [0] => John
// )
//
// [urn:mace:dir:attribute-def:uid] => Array
// (
// [0] => john
// )
// )
// when $result != NULL a session variable should be set that avoids
// calling verify_credentials for each time this file is accessed
// this is dependant on the session management used by your application
// ie. use session_start and set an 'authenticated' variable in $_SESSION
// redirect to "clean" URL!
print '<pre>' . htmlentities(print_r($result, TRUE)) . '</pre>';
print '<a href="' . (array_key_exists('SCRIPTNAME', $_SERVER) ? $_SERVER['SCRIPTNAME'] : '') . '?request=logout">Logout</a>';
?>