spkitlasso/README

Lasso SPKit PHP v0.3

This library contains code to ease the usage of the PHP bindings of the lasso
library inside a service provider, usually an existing web application where
you wish to handle some of the profile of the Liberty Alliance or SAML 2.0
protocols.

The API is procedural, minimal and easy to understand.

Depending upong the configuration there is two functionning mode:
 - liberty state is reported through the function lassospkit_nameid() and
   lassospkit_federation(), your application MUST persist them by its own way.
 - liberty state is stored using one of the automatic storage mode, you just
   have to associate a user id with the liberty state. After any liberty event
   you can retrieve this user id.

= Description of the API =

General idea: Initiation of SAML request is done via redirection to a local
page and transmission of parameters to this pages are done via PHP sessions.
The $relay parameters are the url where user should be redirected at the end of
the SAML request whatever the result is.

function lassospkit_nameid()

 * return the nameid found during the last SSO request in the current session.
   If it is non-null, it usually means that we are logged to an SAML IdP.

function lassospkit_set_nameid($nameid)
 * Set the nameid that the next SAML profile should use. Use it before
   presenting link for defederation or single logout. It has no effect if
   redirecting toward SSO.

function lassospkit_userid()
 * When automated storage of the federation is activated this parameter will
   contain the last userID associated with the current nameID. The association
   is done by calling setUserID then making a successul SSO request (via a
   redirection to lassospki_websso_redirect).  When automated storage is
   inactivated, it always returns null and set_userid is ignored by the backend
   code.

function lassospkit_error()
 * When non-null gives a human readable explaination of the last unsucessful
   SAML request. Can be an error or a normal event like the user refusing to
   federate is identity in the context of an SSO request.

function lassospkit_federation()
 * Return an opaque blob containing informations on the federation created with
  an IdP afer a succesful request. If you intend to handle yourself storage of
  the federation, you must save this together with local user account/sessions
  informations and restores it before any future redirection to a
  logout/defederation request. If you user automated persistence you can ignore
  it.

function lassospkit_set_federation($federation)
 * Restore the opaque blob needed to initalize SAML requests. See previous
   function.

function lassospkit_websso_redirect($relay)
 * URL to the local page intiating SSO exchanges with the IdP. Use the baseUrl
   configuration option to construct this URL.

function lassospkit_set_userid($userID)
 * Set the userID (can be any string) to persist together
   with the nameId when using automatized persistence of federations.

function lassospkit_defederation_redirect($relay)
 * Return the URL to the local page initiating defederation exchanges with the
   IdP. It appends the endpoint suffix to the baseUrl configuration option to
   build this URL.

function lassospkit_logout_redirect($relay)
 * Return the URL to the local page initiating logout exchanges with the
   IdP. It appends the endpoint suffix to the baseUrl configuration option to
   build this URL.
Update of the documentation 2009-08-13 10:52:48 +02:00			`Lasso SPKit PHP v0.3`
premier commit 0001-01-01 00:09:21 +00:09
			`This library contains code to ease the usage of the PHP bindings of the lasso`
			`library inside a service provider, usually an existing web application where`
			`you wish to handle some of the profile of the Liberty Alliance or SAML 2.0`
			`protocols.`

Update of the documentation 2009-08-13 10:52:48 +02:00			`The API is procedural, minimal and easy to understand.`

			`Depending upong the configuration there is two functionning mode:`
			`- liberty state is reported through the function lassospkit_nameid() and`
			`lassospkit_federation(), your application MUST persist them by its own way.`
			`- liberty state is stored using one of the automatic storage mode, you just`
			`have to associate a user id with the liberty state. After any liberty event`
			`you can retrieve this user id.`
premier commit 0001-01-01 00:09:21 +00:09
			`= Description of the API =`

			`General idea: Initiation of SAML request is done via redirection to a local`
			`page and transmission of parameters to this pages are done via PHP sessions.`
			`The $relay parameters are the url where user should be redirected at the end of`
			`the SAML request whatever the result is.`

			`function lassospkit_nameid()`

			`* return the nameid found during the last SSO request in the current session.`
			`If it is non-null, it usually means that we are logged to an SAML IdP.`

			`function lassospkit_set_nameid($nameid)`
			`* Set the nameid that the next SAML profile should use. Use it before`
Update of the documentation 2009-08-13 10:52:48 +02:00			`presenting link for defederation or single logout. It has no effect if`
			`redirecting toward SSO.`
premier commit 0001-01-01 00:09:21 +00:09
			`function lassospkit_userid()`
			`* When automated storage of the federation is activated this parameter will`
			`contain the last userID associated with the current nameID. The association`
			`is done by calling setUserID then making a successul SSO request (via a`
Update of the documentation 2009-08-13 10:52:48 +02:00			`redirection to lassospki_websso_redirect). When automated storage is`
			`inactivated, it always returns null and set_userid is ignored by the backend`
			`code.`
premier commit 0001-01-01 00:09:21 +00:09
			`function lassospkit_error()`
			`* When non-null gives a human readable explaination of the last unsucessful`
			`SAML request. Can be an error or a normal event like the user refusing to`
			`federate is identity in the context of an SSO request.`

			`function lassospkit_federation()`
Update of the documentation 2009-08-13 10:52:48 +02:00			`* Return an opaque blob containing informations on the federation created with`
			`an IdP afer a succesful request. If you intend to handle yourself storage of`
			`the federation, you must save this together with local user account/sessions`
			`informations and restores it before any future redirection to a`
			`logout/defederation request. If you user automated persistence you can ignore`
			`it.`
premier commit 0001-01-01 00:09:21 +00:09
			`function lassospkit_set_federation($federation)`
Update of the documentation 2009-08-13 10:52:48 +02:00			`* Restore the opaque blob needed to initalize SAML requests. See previous`
			`function.`
premier commit 0001-01-01 00:09:21 +00:09
			`function lassospkit_websso_redirect($relay)`
			`* URL to the local page intiating SSO exchanges with the IdP. Use the baseUrl`
			`configuration option to construct this URL.`

* add parameter to set_user_id 0001-01-01 00:09:21 +00:09			`function lassospkit_set_userid($userID)`
premier commit 0001-01-01 00:09:21 +00:09			`* Set the userID (can be any string) to persist together`
			`with the nameId when using automatized persistence of federations.`

			`function lassospkit_defederation_redirect($relay)`
			`* Return the URL to the local page initiating defederation exchanges with the`
			`IdP. It appends the endpoint suffix to the baseUrl configuration option to`
			`build this URL.`

			`function lassospkit_logout_redirect($relay)`
			`* Return the URL to the local page initiating logout exchanges with the`
			`IdP. It appends the endpoint suffix to the baseUrl configuration option to`
			`build this URL.`