authentication API

authentication API

authenticate Orange customer on your web application

authentication API

print this page

  • access other Personal APIs of the suite by using basic authentication and privacy functions,
  • simplify access to your website by allowing users to use their existing Orange account.
  • access profile information of an Orange France customer

back to developer space

documentation

The Authentication API enables both basic authentication and privacy functionality and simplifies access to your website for Orange users by allowing them to use their existing Orange account credentials. It also allows you - through your website - to access profile information of an Orange France customer..

1 . technical features

The Authentication API is compliant with SAML v2 protocol.

The Security Assertion Markup Language (SAML) is an XML standard for exchanging authentication and authorisation data between security domains, that is, between an identity provider (a producer of assertions) and a service provider (a consumer of assertions).

SAML is a set of specifications produced by OASIS which is a major standardisation body in web services field. The complete SAML v2 is complex but you will not need to fully implement it as the Authentication API is based on the simplest SAML v2 profile (SAML v2 Web SSO profile).

You just need to create the SAML request using existing libraries or directly using XML document creation, and for the SAML response, you just have to parse the XML document to get the information you need.

1 . method

Note that if you are already interfaced with the Authentication API for another purpose (e.g. to retrieve a user token to call PersonalAPIs and/or delegate Orange's user authentication to Orange platform), you just need to add an additional parameter in the authentication requests you send to Orange using the Authentication API.

a. Endpoints and certificates

Replace IDP_SingleSignOnURL in the examples with one of the following endpoints.

Country (MCO) Environment Endpoint
France
Production
Integration
UK
Production
Integration

All countries

(mobile access only)
Production
Integration

Replace IDP_Certificate in the examples with one of the following certificates.

Environment Certificate
Production
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBqzELMAkGA1UEBhMCRlIx
DDAKBgNVBAgTA04vQTEQMA4GA1UEBxMHTGFubmlvbjEXMBUGA1UEChMORnJhbmNl
IFRlbGVjb20xFDASBgNVBAsTC09yYW5nZSBMYWJzMRswGQYDVQQDExJBdXRoZW50
aWNhdGlvbiBBUEkxMDAuBgkqhkiG9w0BCQEWIWdhZWwuZ291cm1lbGVuQG9yYW5n
ZS1mdGdyb3VwLmNvbTAeFw0wODAyMjExMjA3MThaFw0xODAyMTgxMjA3MThaMIGr
MQswCQYDVQQGEwJGUjEMMAoGA1UECBMDTi9BMRAwDgYDVQQHEwdMYW5uaW9uMRcw
FQYDVQQKEw5GcmFuY2UgVGVsZWNvbTEUMBIGA1UECxMLT3JhbmdlIExhYnMxGzAZ
BgNVBAMTEkF1dGhlbnRpY2F0aW9uIEFQSTEwMC4GCSqGSIb3DQEJARYhZ2FlbC5n
b3VybWVsZW5Ab3JhbmdlLWZ0Z3JvdXAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA4Qdfv/IlnrAfqr+41ya0WQWsDP6hFgfLNlfdFMQmqBtPrTcs
Jy2gK3D7nSqfQCOOTasjr5XKlL4lBDD/iMZcHt+7MnCpPUMQtIDtUPnstHg8ZGct
I8Bzazw7bnwcf9/itA+eBkI3ujaeUHLn/q139oO9+zt3wTgUR0ONU6hCEzb8igUB
2d/I6rjELU/s1NYIfFbvxHhzd8+qFjlS/0OjxHZXVrZfxKwfK8zLbfh73Mrl+PvH
kXhwy6Tl9qbrJgQsTstRhCjSue8LncclRih7Y52AMepZKr1dkS2VT8sdk+BFwu8X
OIbhEEsZs/uSwCm65g7vLjQqBREdj+goDlAEgQIDAQABo4IBDDCCAQgwHQYDVR0O
BBYEFA8kJ6TLJ/UF+rJ1eWXh8zBuiFLwMIHYBgNVHSMEgdAwgc2AFA8kJ6TLJ/UF
+rJ1eWXh8zBuiFLwoYGxpIGuMIGrMQswCQYDVQQGEwJGUjEMMAoGA1UECBMDTi9B
MRAwDgYDVQQHEwdMYW5uaW9uMRcwFQYDVQQKEw5GcmFuY2UgVGVsZWNvbTEUMBIG
A1UECxMLT3JhbmdlIExhYnMxGzAZBgNVBAMTEkF1dGhlbnRpY2F0aW9uIEFQSTEw
MC4GCSqGSIb3DQEJARYhZ2FlbC5nb3VybWVsZW5Ab3JhbmdlLWZ0Z3JvdXAuY29t
ggECMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADggEBACGAgPnND6en/Ye8
50x6JSMu5d1Sd4EJFtWDoDdoiJGrJGbvrqM1beEFYdbZvafU+NtXf9mdy5dYwgsS
JEY86jhAp63fqGaYXjMenAEsNXQVbhWFd3KEOCLA6mE1LuCbOMbSuwIePETLZjpZ
lPgiBoWu3FTbk0q5/1lqMRllDElfpckOK2n8MsH6j53Hndw7E+M5f0XFRx8edZZU
q6qBOguDFWbfBCY3Eh/odaL0L/mGpVXVGGdgTaX23Jc4yJilYX36nwuaZgGZvyfB
XjFq+ValmkO1qXLHFgk9MKG7RpB4tr5BmmkxXLgL3ucR4L1o5JpFssXxgY7ZGv04
XENoj7o=
-----END CERTIFICATE-----
Integration
-----BEGIN CERTIFICATE-----
MIIDKTCCApKgAwIBAgIGAR9x+wRQMA0GCSqGSIb3DQEBBQUAMGAxFzAVBgNVBAoT
DkZyYW5jZSBUZWxlY29tMRMwEQYDVQQDEwpUZXN0U2l0ZUlEMTAwLgYJKoZIhvcN
AQkBFiFnYWVsLmdvdXJtZWxlbkBvcmFuZ2UtZnRncm91cC5jb20wHhcNMDcxMDA0
MTQ0NzUzWhcNMTcxMDAxMTQ0NzUzWjBgMRcwFQYDVQQKEw5GcmFuY2UgVGVsZWNv
bTETMBEGA1UEAxMKVGVzdFNpdGVJRDEwMC4GCSqGSIb3DQEJARYhZ2FlbC5nb3Vy
bWVsZW5Ab3JhbmdlLWZ0Z3JvdXAuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQDUcgjaY7tqLy+dNQJMUVChHrMjzOpWEi370gOXB2Cy/xiPpSGhfDLbs9sK
Sn9Cpw93mublOhvwQlEWS2SwYpSfqpARiqOyFAoeclyoxCz8JTsjbZD/NsqW4gCw
JfcY3t7buEaO8rwTj2DDuIadbFMZOLr7KmMezHqwd6CNiXXCeQIDAQABo4HtMIHq
MBYGCWCGSAGG+EIBDQQJFgdbR0ddIENBMB0GA1UdDgQWBBT9bZlATmC57VbMjxrl
2hfbna82UDCBjwYDVR0jBIGHMIGEgBT9bZlATmC57VbMjxrl2hfbna82UKFkpGIw
YDEXMBUGA1UEChMORnJhbmNlIFRlbGVjb20xEzARBgNVBAMTClRlc3RTaXRlSUQx
MDAuBgkqhkiG9w0BCQEWIWdhZWwuZ291cm1lbGVuQG9yYW5nZS1mdGdyb3VwLmNv
bYIGAR9x+wRQMBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqG
SIb3DQEBBQUAA4GBAAEKb9PQR9IdSM8XRR9jaZF/FWjY7WDX17TUaehHl8JcfuNA
wmoBDCiUmcc2rutw/bRKUSxGvx4UUSYzVBIONjUzJU8LHVIDotzJxOnIXG7ZQz8y
mv9b9Ywhr7NGRQ8MYy6BIztlniPOr/P7VE0C0azHe+er5slu+FYtJ0qyumT3
-----END CERTIFICATE-----

 

b. SAML request

The authentication request is sent to the Orange Identity provider via the browser, based on an HTTP 302 redirection.

Please note that the SAML request has to be zipped with DEFLATE and then sent as a Base64-encoded URL parameter.

In the SAML request, you must add a parameter with a value which indicates the data you would like to retrieve (it is a bitmask on a pre-defined list of data). In the example below, the value "AttributeConsumingServiceIndex=18" will return the user's display name and email address.

Each user profile data matches an ACI (AttributeConsumingServiceIndex).
It is possible to add several ACIs to retrieve user profile data.

Below is an example of a SAML authentication request:

HTTP redirection from user's browser to Orange:

[IDP_SingleSignOnURL]?SAMLRequest=jZAxT8MwFIR3foXlPcROo9i1kkgRXSrBQhEDC3 LNa2qpsVO%2FZ1T%2BPRYsjKx3p%2B9O10%2BZzuEZrhmQ2G25BBx4TsFEix5NsAugI WcO09Ojae6FWVOk6OKFs%2F1u4O8b3Wmw7WkDWyWV6JrGuUa59tQdO6u2wNlElPwxEz zEgHnxYT5A%2BvQO9uEDbgOXmrNXSOhjGHhpKGDEXFwkG6hIQuhKNJXQL7IzUplWvnE2 3vU%2FsfSfzRYREpUCPp6JVlPXyxeu1TzHvv6lFFz994nxGw%3D%3D

Decoded SAML request:

  • <AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:protocol" ID="_3868ea4f3e97170622cc27c4f6b6a79e" AttributeConsumingServiceIndex="18" Version="2.0" IssueInstant="2008-02-08T16:17:41Z">
    • <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">[SERVICE_ID]</Issuer>
  • </AuthnRequest>

Mapping between attribute names and user profile data:

corresponding user profile data attribute name ACI generate ACI
gender
gender
1
display name
displayname
2
name
givenname
4
surname
surname
8
email address
emailaddress
16
street address
streetaddress
32
zip code
postalcode
64
locality
locality
128
country
country
256
date of birth
dateofbirth
512
mobile phone number
mobilephone
1024
fixed line phone number
homephone
2048
fax phone number
facsimile
4096
user type (internet, mobile, internet&mobile, non-subscriber registered user)
usertype
8192

You can generate AttributeConsumingServiceIndex by selecting the profile data you want in the table above :

c. SAML response

To retrieve the user's data contained in the SAML response, you simply have to decode the Base64 SAML response received in the HTTP POST request and parse the SAML response (XML document) to find the attributes.

  • <Response xmlns="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_nS4RnQwSEXneSTLMVlq" Version="2.0" IssueInstant="2008-02-08T16:18:22Z" Destination="[SERVICE_RETURN_URL]" InResponseTo="_3868ea4f3e97170622cc27c4f6b6a79e">
    • <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://idp</Issuer>
    • <Status>
      • <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
    • </Status>
    • <Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_B2TAbq1C3KnpSeSO4Yf" Version="2.0" IssueInstant="2008-02-08T16:18:22Z">
      • <Issuer>[IDP_ID]</Issuer>
      • <Subject>
        • <NameID Format="urn:oasis:names:tc:SAML:2.0:nameidformat:transient"> 5kQkvXaqjONx4d70jC5L </NameID>
        • <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
          • <SubjectConfirmationData Recipient="[SERVICE_RETURN_URL]" NotOnOrAfter="2008-02-08T16:33:22Z" InResponseTo="_3868ea4f3e97170622cc27c4f6b6a79e" />
        • </SubjectConfirmation>
      • </Subject>
      • <Conditions>
        • <AudienceRestriction>
          • <Audience>[SERVICE_ID]</Audience>
        • </AudienceRestriction>
      • </Conditions>
      • <AuthnStatement AuthnInstant="2008-02-08T16:18:22Z">
        • <AuthnContext>
          • <AuthnContextClassRef> urn:oasis:names:tc:SAML:2.0:ac:classes:Password </AuthnContextClassRef>
        • </AuthnContext>
      • </AuthnStatement>
      • <AttributeStatement>
        • <Attribute Name="displayname" NameFormat=
        • "urn:oasis:names:tc:SAML:2.0:profiles:attribute:basic">
          • <AttributeValue xsi:type="xs:string">Claude Bertau</AttributeValue>
        • </Attribute>
        • <Attribute Name="emailaddress" NameFormat= "urn:oasis:names:tc:SAML:2.0:profiles:attribute:basic">
          • <AttributeValue xsi:type="xs:string">claude.bertau@orange.fr </AttributeValue>
        • </Attribute>
      • </AttributeStatement>
    • </Assertion>
  • </Response>

You will retrieve an attribute using the following XPATH expression:

/samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute [@Name='Attribute Name']/saml:AttributeValue (using the following namespaces : xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" and xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol")

3 . errors

Decoded SAML response:

  • <Response xmlns="urn:oasis:names:tc:SAML:2.0:protocol"
    • ID="_IOEH=FRlMPFbZ7pZFxlE"
    • Version="2.0"
    • IssueInstant="2008-02-27T13:52:26Z"
    • Destination="http://myspURL/processSSO.php"
    • InResponseTo="_3878f97bbd0fdcee1bf3d794d697b54e"
    • <Issuer xmlns="urn=:oasis:names:tc:SAML:2.0:assertion>[IDP_ID]</Issuer>
    • <Status>
      • <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester"/>
      • <StatusMessage>IssueInstant parameter is out of tolerance</StatusMessage>
    • </Status>
  • </Response>

4 . code examples

Configuration

"idpMetadata.php" configuration file (used in the following code examples): # The partner SP must store the metadata to communicate with Orange identity provider.

  • <?php
    • $idpMetadata = array(
      • "[IDP_ID]" => array(
        • "SingleSignOnUrl"=>"[IDP_SingleSignOnURL]", "certificate"=>"[IDP_Certificate]"
      • );
    • );
  • ?>

Use the API to retrieve a user token to call other Personal APIs

Voir le code >

PHP code to invoke the Authentication API (redirection via the browser):

  • <?php
    • ## Function to generate pseudo-random unique IDs
    • function randomhex($length) {
      • $key = "";
      • for ( $i=0; $i < $length; $i++ ) {
        • $key .= dechex( rand(0,15) );
      • }
      • return $key;
    • }
    • ## Metadata
    • require_once("idpMetadata.php");
    • $issuer = "[SERVICE_ID]";
    • $idpTargetUrl = $idpMetadata['[IDP_ID]']['SingleSignOnUrl'];
    • ## Dynamic data of the SAML request
    • $id = randomhex(32);
    • $issueInstant = gmdate("Y-m-d\TH:i:s\Z");
    • $authnRequest = "<authnrequest id="\"_"" version="\"2.0\"" issueinstant="\""">\n" . "<issuer>" . $issuer . "</issuer>\n" . "</authnrequest>";
    • ## SAML HTTP-Redirect Binding
    • $encodedAuthnRequest = urlencode( base64_encode( gzdeflate( $authnRequest ) ));
    • $redirectUrl = $idpTargetUrl . "?SAMLRequest=" . $encodedAuthnRequest;
    • ## Redirect
    • Header("Location: ".$redirectUrl);
  • ?>

PHP code to process the response (and retrieve the user token):

  • <?php
    • # Decode the Response
    • $authnResponse = base64_decode($_POST['SAMLResponse']);
    • # Get data from XML
    • $xml = simplexml_load_string($authnResponse);
    • #user token
    • $xml->registerXPathNamespace("samlp", "urn:oasis:names:tc:SAML:2.0:protocol");
    • $xml->registerXPathNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
    • $token = $xml> xpath("/samlp:Response/saml:Assertion/saml: AttributeStatement/saml:Attribute[ @Name='OrangeAPIToken']/saml:AttributeValue");
    • # the user token can then be used to call other Personal APIs...
  • ?>

Use the API to simplify access to a website (and thus retrieve an Orange user identifier)

Display code >

PHP code to invoke the Authentication API (redirection via the browser):

  • <?php
    • function randomhex($length) {
      • $key = "";
      • for ( $i=0; $i < $length; $i++ ) {
        • $key .= dechex( rand(0,15) );
      • }
      • return $key;
    • }
    • ## Metadata
    • require_once("idpMetadata.php");
    • $issuer = "[SERVICE_ID]";
    • $idpTargetUrl = $idpMetadata['[IDP_ID]']['SingleSignOnUrl'];
    • ## Dynamic data of the SAML request
    • $id = randomhex(32);
    • $issueInstant = gmdate("Y-m-d\TH:i:s\Z");
    • ## <AuthnRequest>
    • $authnRequest = "<AuthnRequest xmlns=\"urn:oasis:names:tc:SAML:2.0:protocol\" " . "ID=\"_" . $id . "\" " . "Version=\"2.0\" " . "IssueInstant=\"" . $issueInstant . "\">\n" . "<Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">" . $issuer . "</Issuer>\n" . "<NameIDPolicy " . "Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent\" " . "AllowCreate=\"true\"/>" . "</AuthnRequest>";
    • ## HTTP-Redirect Binding
    • $encodedAuthnRequest = urlencode( base64_encode( gzdeflate( $authnRequest ) ));
    • $redirectUrl = $idpTargetUrl . "?SAMLRequest=" . $encodedAuthnRequest;
    • ## Redirect
    • Header("Location: ".$redirectUrl);
  • ?>

PHP code to process the response:

  • <?php
    • require_once('idpMetadata.php');
    • function checkSimpleSignature($params, $cert) {
      • $samlResponse = @base64_decode( $params['SAMLResponse'] );
      • $signature = @base64_decode($params['Signature']);
      • $sigAlg = $params['SigAlg'];
      • if ((strcmp($sigAlg, "http://www.w3.org/2000/09/xmldsig#dsa-sha1") != 0) && (strcmp($sigAlg, "http://www.w3.org/2000/09/xmldsig#rsa-sha1") != 0)) {
        • throw new Exception("Signature algorithm ".$sigAlg." is not supported");
      • }
      • if ( isset($params['RelayState'] ) ) {
        • $signedData = "SAMLResponse=".$samlResponse. "&RelayState=".$params['RelayState']."&SigAlg=".$sigAlg;
      • } else {
        • $signedData = "SAMLResponse=".$samlResponse."&SigAlg=".$sigAlg;
      • }
      • return (@openssl_verify($signedData, $signature, $cert));
    • }
    • # Decode the Response
    • $encodedAuthnResponse = $_POST['SAMLResponse'];
    • $authnResponse = @base64_decode($encodedAuthnResponse);
    • # Get some useful data from XML
    • $xml = simplexml_load_string($authnResponse);
    • $status = (string)$xml->{'Status'}->{'StatusCode'}['Value'];
    • if ($status != "urn:oasis:names:tc:SAML:2.0:status:Success") {
      • // Can be internal error, authentication failure, …
      • // or the user refused when consent was asked ?
      • throw new Exception("Status is not success : ". (string)$xml->{'Status'}->{'StatusMessage'});
    • }
    • // Technical identifier of the IDP
    • $idpProvider = (string)$xml->{'Assertion'}->{'Issuer'};
    • // Federation NameIdentifier to be used as a key to identify the user on SP side
    • $nameID = (string)$xml->{'Assertion'}->{'Subject'}->{'NameID'};
    • // Authentication context
    • $authnContext = (string)$xml->{'Assertion'}-> {'AuthnStatement'}->{'AuthnContext'}->{'AuthnContextClassRef'};
    • // Validity date of the assertion (to be checked by the SP)
    • $notOnOrAfter = (string)$xml->{'Assertion'}->{'Subject'}->
      {'SubjectConfirmation'}->{'SubjectConfirmationData'}['NotOnOrAfter'];
    • $recipient = (string)$xml->{'Assertion'}->{'Subject'}->{'SubjectConfirmation'}->
    • {'SubjectConfirmationData'}['Recipient'];
    • $audience = (string)$xml->{'Assertion'}->{'Conditions'}-> {'AudienceRestriction'}->{'Audience'};
    • # Verification of signature
    • $ret = checkSimpleSignature($_POST, $idpMetadata[$idpProvider]['certificate']);
    • if ($ret != 1) {
      • throw new Exception("Signature is not valid");
    • }
    • # Verification of validity of the assertion
    • // Check the $notOnOrAfter parameter (date MUST not be passed)
    • if (gmdate('Y-m-d\TH:i:s\Z') > $notOnOrAfter){
      • throw new Exception("Authentication failed: validy period expires");
    • }
    • // Check the $audience parameter (MUST be equal to the [SERVICE_ID])
    • if ($audience != "[SERVICE_ID]"){
      • throw new Exception("Authentication failed: authencation token was not for [SERVICE_ID] but for " . $audience);
    • }
    • // Check the $recipient parameter (MUST be equal to the URL where this response is received)
    • # Profile attributes (only transmitted at first time access and if authorized by Orange)
    • $user_info = array();
    • if ($xml->{'Assertion'}->{'AttributeStatement'} && $xml->{'Assertion'}->{'AttributeStatement'}->{'Attribute'}) {
      • foreach ($xml->{'Assertion'}->{'AttributeStatement'}->{'Attribute'} as $attribute) {
        • $key = $attribute['Name'];
        • $user_info["$key"] = (string)$attribute->{'AttributeValue'};
      • }
    • }
  • ?>
  • <HTML>
    • <BODY>
      • Signature : <?php echo $ret ?>
      • Status : <?php echo $status ?>
      • IDP : <?php echo $idpProvider ?>
      • NameID : <?php echo $nameID ?>
      • AuthnContext : <?php echo $authnContext ?>
      • NotOnOrAfter : <?php echo $notOnOrAfter ?>
      • Recipient : <?php echo $recipient ?>
      • Audience : <?php echo $audience ?>
      • Attributes : <?php var_dump($user_info) ?>
    • </BODY>
  • </HTML>

Use the API to retrieve profile attributes

Display code >

PHP code to invoke the Authentication API (redirection via the browser):

  • <?php
    • ## Function to generate pseudo-random unique IDs
    • function randomhex($length)
    • {
      • $key = "";
      • for ( $i=0; $i < $length; $i++ ) {
        • $key .= dechex( rand(0,15) );
      • }
      • return $key;
    • }
    • ## Metadata
    • require_once("idpMetadata.php");
    • $issuer = "[SERVICE_ID]";
    • $idpTargetUrl = $idpMetadata['[IDP_ID]']['SingleSignOnUrl'];
    • ## Dynamic data of the SAML request
    • $id = randomhex(32);
    • $issueInstant = gmdate("Y-m-d\TH:i:s\Z");
    • $attributeConsumingServiceIndex = 18; #this is an example
    • ## <AuthnRequest>
    • $authnRequest = "<AuthnRequest xmlns=\"urn:oasis:names:tc:SAML:2.0:protocol\" " . "ID=\"_" . $id . "\" " . "Version=\"2.0\" " . "IssueInstant=\"" . $issueInstant . "\">\n" . "AttributeConsumingServiceIndex=\"" . $attributeConsumingServiceIndex . "\">\n" . <Issuer xmlns=\"urn:oasis:names:tc:SAML:2.0:assertion\">" . $issuer . "</Issuer>\n" . "</AuthnRequest>";
    • ## SAML HTTP-Redirect Binding
    • $encodedAuthnRequest = urlencode( base64_encode( gzdeflate( $authnRequest ) ));
    • $redirectUrl = $idpTargetUrl . "? SAMLRequest=" . $encodedAuthnRequest;
    • ## Redirect
    • Header("Location: ".$redirectUrl);
  • ?>

PHP code to process the response:

  • <?php
    • # Decode the Response
    • $encodedAuthnResponse = $_POST['SAMLResponse'];
    • $authnResponse = @base64_decode($encodedAuthnResponse);
    • # Get some useful data from XML
    • $xml = simplexml_load_string($authnResponse);
    • # Profile attributes
    • $user_info = array();
    • if ($xml->{'Assertion'}->{'AttributeStatement'} && $xml->{'Assertion'}->{'AttributeStatement'}->{'Attribute'}) {
      • foreach ($xml->{'Assertion'}->{'AttributeStatement'}->{'Attribute'} as $attribute) {
        • $key = $attribute['Name'];
        • $user_info["$key"] = (string)$attribute->{'AttributeValue'};
      • }
    • }
      • >
  • ?>
  • <HTML>
    • <BODY>
      • Attributes : <?php var_dump($user_info) ?>
    • </BODY>
  • </HTML>
http://auth-int.orange.com/sso

 

 

 

 
Loading... Loading...