Forums / Developer / SSO and certificate?

"Please Note:

At the specific request of Ibexa we are changing this projects name to "Exponential" or "Exponential (CMS)" effective as of August, 11th 2025.
This project is not associated with the original eZ Publish software or its original developer, eZ Systems or Ibexa".

SSO and certificate?

Previous topic

Developer

Next topic

Author	Message
Siniša Šehović	Thursday 08 June 2006 2:29:55 am Hi I need to implement logging in with SSO and certificate from smartcard. Certificate is handled by tomcat and servlet. Does anyone here have any experience or some kind of guidance how to do that? Basically servlet verifies certificate from smartcard and send true or false and redirect to url. Best regards, Sinisa --- If at first you don't succeed, look in the trash for the instructions.
Siniša Šehović	Monday 12 June 2006 12:26:53 am Hi all To be more understandable here is a short description how this servlet works. I have to send two parameters sessionID and redirectURI. Servlet then read user certificate from smart card, verify it and return sessionID and username from smartcard with GET method. Then redirect to redirectURI. After that I must verify if sessionIDs mach and with sso handler do loggin. How can I accomplish that inside custom extension? My code example works. <b>login.php</b> <?php session_start(); $sessionID = $_SESSION['sessionId']; $username = $_SESSION['username']; if ($sessionID == null) { $sessionID = session_id(); $_SESSION['sessionId'] = $sessionID; } if ($username !=null) { echo "User ".$username." autenticated"; } else { $hostname = 'tomcat'; $returnHostname = 'test'; $webAuthUrl = 'https://'.$hostname.':443/Auth/Auth'; $appId = 'INTRANET'; $tokenId = $sessionID; $returnParams = 'yes'; $returnUrl = 'http://'.$returnHostname.'/kart/auth.php'; $authUrl = $webAuthUrl.'?appid='.$appId.'&tokenid='.$tokenId.'&return_params='.$returnParams.'&return_url='.$returnUrl; echo "<a href=".$authUrl.">Loggin</a>"; } ?> and <b>auth.php</b> <?php session_start(); $sessionID = $_SESSION['sessionId']; $tokenId = $_GET['tokenid']; $username = $_GET['username']; if ($tokenId == $sessionID) { $_SESSION['username'] = $username; header("Cache-Control: no-cache, must-revalidate"); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Location: http://test/kart/login.php"); exit; } else { echo "Can't let you in :-)"; } ?> Best regards, Sinisa --- If at first you don't succeed, look in the trash for the instructions.

Author

Message

Siniša Šehović

Thursday 08 June 2006 2:29:55 am

I need to implement logging in with SSO and certificate from smartcard.
Certificate is handled by tomcat and servlet.

Does anyone here have any experience or some kind of guidance how to do that?

Basically servlet verifies certificate from smartcard and send true or false and redirect to url.

Best regards,
Sinisa

---
If at first you don't succeed, look in the trash for the instructions.

Siniša Šehović

Monday 12 June 2006 12:26:53 am

Hi all

To be more understandable here is a short description how this servlet works.

I have to send two parameters sessionID and redirectURI.

Servlet then read user certificate from smart card, verify it and return sessionID and username from smartcard with GET method.
Then redirect to redirectURI.

After that I must verify if sessionIDs mach and with sso handler do loggin.

How can I accomplish that inside custom extension?

My code example works.

<b>login.php</b>

<?php

session_start();


$sessionID = $_SESSION['sessionId'];
$username = $_SESSION['username'];

if ($sessionID == null)
{
	$sessionID = session_id();
	$_SESSION['sessionId'] = $sessionID;
}

if ($username !=null)
{
	echo "User ".$username." autenticated";
} else {
	$hostname = 'tomcat';
	$returnHostname = 'test';
	$webAuthUrl = 'https://'.$hostname.':443/Auth/Auth';
	$appId = 'INTRANET';
	$tokenId = $sessionID;
	$returnParams = 'yes';
	$returnUrl = 'http://'.$returnHostname.'/kart/auth.php';
	$authUrl = $webAuthUrl.'?appid='.$appId.'&tokenid='.$tokenId.'&return_params='.$returnParams.'&return_url='.$returnUrl;
	echo "<a href=".$authUrl.">Loggin</a>";
}

?>

and <b>auth.php</b>

<?php
session_start();
$sessionID = $_SESSION['sessionId'];
$tokenId = $_GET['tokenid'];
$username = $_GET['username'];

if ($tokenId == $sessionID) {
	$_SESSION['username'] = $username;
	
	header("Cache-Control: no-cache, must-revalidate");
	header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
	header("Location: http://test/kart/login.php"); 

exit;

} else {
	echo "Can't let you in :-)";
}

?>

Best regards,
Sinisa

---
If at first you don't succeed, look in the trash for the instructions.