spkitlasso

Archived

This repository has been archived on 2023-02-21. You can view files and clone it, but cannot push or open issues or pull requests.

Go to file

<bdauvergne@entrouvert.com> 1210078007 +0200 149dc25cdb add federate function		0001-01-01 00:00:00 +00:00
debian	fix packaging problems	0001-01-01 00:00:00 +00:00
doc	premier commit	0001-01-01 00:00:00 +00:00
endpoints	call the good parent method in the overloading of sloBrws	0001-01-01 00:00:00 +00:00
exemples	add federate function	0001-01-01 00:00:00 +00:00
include	change the comment path line for the zip build	0001-01-01 00:00:00 +00:00
INSTALL	premier commit	0001-01-01 00:00:00 +00:00
Makefile	make a standalone zip with just a datadir and a spkitlasso include dir	0001-01-01 00:00:00 +00:00
README	* add parameter to set_user_id	0001-01-01 00:00:00 +00:00
TODO	update of todos	0001-01-01 00:00:00 +00:00
oldChangelog	ajout des anciens logs	0001-01-01 00:00:00 +00:00

README

Lasso SPKit PHP v0.1

This library contains code to ease the usage of the PHP bindings of the lasso
library inside a service provider, usually an existing web application where
you wish to handle some of the profile of the Liberty Alliance or SAML 2.0
protocols.

The API is procedural, minimal and easy to comprehend. Depending
upon the configuration 

= Description of the API =

General idea: Initiation of SAML request is done via redirection to a local
page and transmission of parameters to this pages are done via PHP sessions.
The $relay parameters are the url where user should be redirected at the end of
the SAML request whatever the result is.

function lassospkit_nameid()

 * return the nameid found during the last SSO request in the current session.
   If it is non-null, it usually means that we are logged to an SAML IdP.

function lassospkit_set_nameid($nameid)
 * Set the nameid that the next SAML profile should use. Use it before
   presenting link for defederation or single logout. It has no effect if redirecting toward SSO.

function lassospkit_userid()
 * When automated storage of the federation is activated this parameter will
   contain the last userID associated with the current nameID. The association
   is done by calling setUserID then making a successul SSO request (via a
   redirection to lassospki_websso_redirect).
   When automated storage is inactivated, it always returns null and set_userid
   is ignored by the backend code.

function lassospkit_error()
 * When non-null gives a human readable explaination of the last unsucessful
   SAML request. Can be an error or a normal event like the user refusing to
   federate is identity in the context of an SSO request.

function lassospkit_federation()
 * Return an opaque blob containing informations on the federation created with an IdP
   afer a succesful request. If you intend to handle yourself storage of the federation, 
   you must save this together with local user account/sessions informations and restores
   it before any future redirection to a logout/defederation request. If you user automated
   persistence you can ignore it.

function lassospkit_set_federation($federation)
 * Restore the opaque blob needed to initalize SAML requests. See previous function.

function lassospkit_websso_redirect($relay)
 * URL to the local page intiating SSO exchanges with the IdP. Use the baseUrl
   configuration option to construct this URL.

function lassospkit_set_userid($userID)
 * Set the userID (can be any string) to persist together
   with the nameId when using automatized persistence of federations.

function lassospkit_defederation_redirect($relay)
 * Return the URL to the local page initiating defederation exchanges with the
   IdP. It appends the endpoint suffix to the baseUrl configuration option to
   build this URL.

function lassospkit_logout_redirect($relay)
 * Return the URL to the local page initiating logout exchanges with the
   IdP. It appends the endpoint suffix to the baseUrl configuration option to
   build this URL.