SSO and certificate?

Previous topic

Developer

Next topic

Author	Message
Siniša Šehović	Thursday 08 June 2006 2:29:55 am Hi I need to implement logging in with SSO and certificate from smartcard. Certificate is handled by tomcat and servlet. Does anyone here have any experience or some kind of guidance how to do that? Basically servlet verifies certificate from smartcard and send true or false and redirect to url. Best regards, Sinisa --- If at first you don't succeed, look in the trash for the instructions.
Siniša Šehović	Monday 12 June 2006 12:26:53 am Hi all To be more understandable here is a short description how this servlet works. I have to send two parameters sessionID and redirectURI. Servlet then read user certificate from smart card, verify it and return sessionID and username from smartcard with GET method. Then redirect to redirectURI. After that I must verify if sessionIDs mach and with sso handler do loggin. How can I accomplish that inside custom extension? My code example works. <b>login.php</b> <?php session_start(); $sessionID = $_SESSION['sessionId']; $username = $_SESSION['username']; if ($sessionID == null) { $sessionID = session_id(); $_SESSION['sessionId'] = $sessionID; } if ($username !=null) { echo "User ".$username." autenticated"; } else { $hostname = 'tomcat'; $returnHostname = 'test'; $webAuthUrl = 'https://'.$hostname.':443/Auth/Auth'; $appId = 'INTRANET'; $tokenId = $sessionID; $returnParams = 'yes'; $returnUrl = 'http://'.$returnHostname.'/kart/auth.php'; $authUrl = $webAuthUrl.'?appid='.$appId.'&tokenid='.$tokenId.'&return_params='.$returnParams.'&return_url='.$returnUrl; echo "<a href=".$authUrl.">Loggin</a>"; } ?> and <b>auth.php</b> <?php session_start(); $sessionID = $_SESSION['sessionId']; $tokenId = $_GET['tokenid']; $username = $_GET['username']; if ($tokenId == $sessionID) { $_SESSION['username'] = $username; header("Cache-Control: no-cache, must-revalidate"); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Location: http://test/kart/login.php"); exit; } else { echo "Can't let you in :-)"; } ?> Best regards, Sinisa --- If at first you don't succeed, look in the trash for the instructions.

Author

Message

Siniša Šehović

Thursday 08 June 2006 2:29:55 am

I need to implement logging in with SSO and certificate from smartcard.
Certificate is handled by tomcat and servlet.

Does anyone here have any experience or some kind of guidance how to do that?

Basically servlet verifies certificate from smartcard and send true or false and redirect to url.

Best regards,
Sinisa

---
If at first you don't succeed, look in the trash for the instructions.

Siniša Šehović

Monday 12 June 2006 12:26:53 am

Hi all

To be more understandable here is a short description how this servlet works.

I have to send two parameters sessionID and redirectURI.

Servlet then read user certificate from smart card, verify it and return sessionID and username from smartcard with GET method.
Then redirect to redirectURI.

After that I must verify if sessionIDs mach and with sso handler do loggin.

How can I accomplish that inside custom extension?

My code example works.

<b>login.php</b>

<?php

session_start();


$sessionID = $_SESSION['sessionId'];
$username = $_SESSION['username'];

if ($sessionID == null)
{
	$sessionID = session_id();
	$_SESSION['sessionId'] = $sessionID;
}

if ($username !=null)
{
	echo "User ".$username." autenticated";
} else {
	$hostname = 'tomcat';
	$returnHostname = 'test';
	$webAuthUrl = 'https://'.$hostname.':443/Auth/Auth';
	$appId = 'INTRANET';
	$tokenId = $sessionID;
	$returnParams = 'yes';
	$returnUrl = 'http://'.$returnHostname.'/kart/auth.php';
	$authUrl = $webAuthUrl.'?appid='.$appId.'&tokenid='.$tokenId.'&return_params='.$returnParams.'&return_url='.$returnUrl;
	echo "<a href=".$authUrl.">Loggin</a>";
}

?>

and <b>auth.php</b>

<?php
session_start();
$sessionID = $_SESSION['sessionId'];
$tokenId = $_GET['tokenid'];
$username = $_GET['username'];

if ($tokenId == $sessionID) {
	$_SESSION['username'] = $username;
	
	header("Cache-Control: no-cache, must-revalidate");
	header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
	header("Location: http://test/kart/login.php"); 

exit;

} else {
	echo "Can't let you in :-)";
}

?>

Best regards,
Sinisa

---
If at first you don't succeed, look in the trash for the instructions.

eZ debug

Timing:	Jan 21 2025 02:54:35
Script start
Timing:	Jan 21 2025 02:54:35
Module start 'layout'
Timing:	Jan 21 2025 02:54:35
Module start 'content'
Timing:	Jan 21 2025 02:54:35
Module end 'content'
Timing:	Jan 21 2025 02:54:35
Script end

Main resources:

Total runtime	0.0192 sec
Peak memory usage	2,048.0000 KB
Database Queries	3

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0061	587.8125	151.1953
Module start 'layout'	0.0061	0.0033	739.0078	36.6172
Module start 'content'	0.0094	0.0081	775.6250	90.2500
Module end 'content'	0.0175	0.0016	865.8750	33.9922
Script end	0.0191		899.8672

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0028	14.5549	14	0.0002
Check MTime	0.0012	6.1694	14	0.0001
Mysql Total
Database connection	0.0012	6.0774	1	0.0012
Mysqli_queries	0.0031	16.1491	3	0.0010
Looping result	0.0000	0.0945	1	0.0000
Template Total	0.0011	5.6	1	0.0011
Template load	0.0009	4.6585	1	0.0009
Template processing	0.0002	0.9128	1	0.0002
Override
Cache load	0.0007	3.4994	1	0.0007
General
dbfile	0.0030	15.7387	8	0.0004
String conversion	0.0000	0.0473	4	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

Usage	Requested template	Template	Template loaded	Edit	Override
1	print_pagelayout.tpl	<No override>	extension/community/design/community/templates/print_pagelayout.tpl
Number of times templates used: 1 Number of unique templates used: 1

Time used to render debug report: 0.0001 secs