SSO and certificate?

Author Message

Siniša Šehović

Thursday 08 June 2006 2:29:55 am

Hi

I need to implement logging in with SSO and certificate from smartcard.
Certificate is handled by tomcat and servlet.

Does anyone here have any experience or some kind of guidance how to do that?

Basically servlet verifies certificate from smartcard and send true or false and redirect to url.

Best regards,
Sinisa

---
If at first you don't succeed, look in the trash for the instructions.

Siniša Šehović

Monday 12 June 2006 12:26:53 am

Hi all

To be more understandable here is a short description how this servlet works.

I have to send two parameters sessionID and redirectURI.

Servlet then read user certificate from smart card, verify it and return sessionID and username from smartcard with GET method.
Then redirect to redirectURI.

After that I must verify if sessionIDs mach and with sso handler do loggin.

How can I accomplish that inside custom extension?

My code example works.

<b>login.php</b>

<?php

session_start();


$sessionID = $_SESSION['sessionId'];
$username = $_SESSION['username'];

if ($sessionID == null)
{
	$sessionID = session_id();
	$_SESSION['sessionId'] = $sessionID;
}

if ($username !=null)
{
	echo "User ".$username." autenticated";
} else {
	$hostname = 'tomcat';
	$returnHostname = 'test';
	$webAuthUrl = 'https://'.$hostname.':443/Auth/Auth';
	$appId = 'INTRANET';
	$tokenId = $sessionID;
	$returnParams = 'yes';
	$returnUrl = 'http://'.$returnHostname.'/kart/auth.php';
	$authUrl = $webAuthUrl.'?appid='.$appId.'&tokenid='.$tokenId.'&return_params='.$returnParams.'&return_url='.$returnUrl;
	echo "<a href=".$authUrl.">Loggin</a>";
}

?>

and <b>auth.php</b>

<?php
session_start();
$sessionID = $_SESSION['sessionId'];
$tokenId = $_GET['tokenid'];
$username = $_GET['username'];

if ($tokenId == $sessionID) {
	$_SESSION['username'] = $username;
	
	header("Cache-Control: no-cache, must-revalidate");
	header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
	header("Location: http://test/kart/login.php"); 

exit;

} else {
	echo "Can't let you in :-)";
}

?>

Best regards,
Sinisa

---
If at first you don't succeed, look in the trash for the instructions.

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.