|
Monday 12 June 2006 12:26:53 am
Hi all To be more understandable here is a short description how this servlet works. I have to send two parameters sessionID and redirectURI.
Servlet then read user certificate from smart card, verify it and return sessionID and username from smartcard with GET method.
Then redirect to redirectURI. After that I must verify if sessionIDs mach and with sso handler do loggin. How can I accomplish that inside custom extension? My code example works. <b>login.php</b>
<?php
session_start();
$sessionID = $_SESSION['sessionId'];
$username = $_SESSION['username'];
if ($sessionID == null)
{
$sessionID = session_id();
$_SESSION['sessionId'] = $sessionID;
}
if ($username !=null)
{
echo "User ".$username." autenticated";
} else {
$hostname = 'tomcat';
$returnHostname = 'test';
$webAuthUrl = 'https://'.$hostname.':443/Auth/Auth';
$appId = 'INTRANET';
$tokenId = $sessionID;
$returnParams = 'yes';
$returnUrl = 'http://'.$returnHostname.'/kart/auth.php';
$authUrl = $webAuthUrl.'?appid='.$appId.'&tokenid='.$tokenId.'&return_params='.$returnParams.'&return_url='.$returnUrl;
echo "<a href=".$authUrl.">Loggin</a>";
}
?>
and <b>auth.php</b>
<?php
session_start();
$sessionID = $_SESSION['sessionId'];
$tokenId = $_GET['tokenid'];
$username = $_GET['username'];
if ($tokenId == $sessionID) {
$_SESSION['username'] = $username;
header("Cache-Control: no-cache, must-revalidate");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Location: http://test/kart/login.php");
exit;
} else {
echo "Can't let you in :-)";
}
?>
Best regards,
Sinisa
---
If at first you don't succeed, look in the trash for the instructions.
|