Added by Sebastian Gonzalez Oyuela, last edited by Dusan Fisic on Dec 06, 2010  (view change)

Labels:

Enter labels to add to this page:
Wait Image 
Looking for a label? Just start typing.

Introduction

This guide will show how to configure the PHP runtime in order to integrate the PHP Single Sign-On Agent.

Prerequisites

  • PHP 4 or 5
  • JOSSO 1.8
  • JOSSO Gateway installed

Unpack PHP Agent distribution

The PHP Agent and a sample PHP application already jossified are distributed with JOSSO. Unzip the file josso-php-agent-1.8.0.zip located in the josso-1.8.0/dist/agents/src folder of JOSSO distribution. You will find the following structure:

JOSSO Distribution

PHP Agent is found in josso-1.8.0.zip distribution only. You can download it here

Configuring PHP

First we have to install the JOSSO PHP Agent. In this guide the PHP 5.2.6-2.fc8 version is used running in a Apache 2.2 server, but JOSSO also works with other PHP releases as well.

To make the integration with PHP as straightforward as possible, you should place the JOSSO files in the PHP include path, and configure the PHP runtime so that JOSSO Agent's files are prepended to every PHP page. Copy the josso-php-inc folder from the php agent distribution to your php include directory and setup the include_path and auto_prepend_file properties in your php.ini file. Take a look at the samples below.

PHP Install Directory

You may have to change the 'include_path' property value if the PHP runtime is installed in a different directory.

For Win32 systems edit the php.ini file as follows :

php.ini
...
; Enable php includes
; Windows: "\path1;\path2"
include_path = ".;c:\php\includes"
...
; Automatically add Josso PHP agent before any PHP document.
auto_prepend_file = "josso-php-inc\josso.php"
auto_append_file =
...

For Unix systems edit the php.ini file as follows :

php.ini
...
; Enable php includes
; UNIX: "/path1:/path2"
include_path = ".:/php/includes"
...
; Automatically add Josso PHP agent before any PHP document.
auto_prepend_file = "josso-php-inc/josso.php"
auto_append_file =
...

Configure the Agent

The JOSSO PHP Agent configuration file is located in the $PHP_INCLUDE/josso-php-inc/josso-cfg.inc directory.

Let's have a look at the josso-cfg.inc configuration file :

josso-cfg.inc
<?php
...

// Josso agent configuration
$josso_gatewayLoginUrl = 'http://localhost/josso/signon/login.do';
$josso_gatewayLogoutUrl = 'http://localhost/josso/signon/logout.do';

...
// This could be also "/", it points to the path where JOSSO code is found, for example for [http://myhost.com/php-partnerapp/josso-security-check.php] use /php-partnerapp.
$josso_agentBasecode = "/josso-php-partnerapp";

// WS client configuration :
$josso_endpoint = 'http://localhost:8080';
...
?>

If you're running Apache in the same host as JOSSO, you should only need to update the josso_gatewayLoginUrl and josso_gatewayLogoutUrl properties, using the PHP server host name instead of 'localhost'. This are the URLs users will access to login and logout.

If JOSSO is located on a different host, you should update the josso_endpoint property as well, setting its value to the JOSSO Gateway host name.

Josso 2

In case you are using josso 2 and atricore console for creating and deploying appliance your josso-cfg.inc should have a bit different configuration. Let's presume you have created appliance named as "TestApp" and your execution environment is named "Apache22". Also files josso-1.2.wsdl and josso-1.2.xsd should be shared on same apache server for example on josso path. If all of these prerequisite are satisfied your configuration should look like:
josso-cfg.inc (when josso2 is used)
<?php
...

// JOSSO 2 aplliance urls
$josso_gatewayLoginUrl = 'http://localhost:8081/IDBUS/TESTAPP/APACHE22/JOSSO/SSO/REDIR';
$josso_gatewayLogoutUrl = 'http://localhost:8081/IDBUS/TESTAPP/APACHE22/JOSSO/SLO/REDIR';

$josso_sessionManagerServicePath = 'IDBUS/TESTAPP/APACHE22/JOSSO/SSOSessionManager/SOAP';
$josso_identityManagerServicePath = 'IDBUS/TESTAPP/APACHE22/SSOIdentityManager/SOAP';
$josso_identityProviderServicePath = 'IDBUS/TESTAPP/APACHE22/JOSSO/SSOIdentityProvider/SOAP';

// WS client configuration :
$josso_endpoint = 'http://localhost:8081';
//if $josso_wsdl_url is defined $josso_endpoint is ignored
//it's used for josso2 only
$josso_wsdl_url = 'http://localhost/josso/josso-1.2.wsdl';
...
// essential for josso2, partner app id must be defined
$josso_partner_app_ids = array('/partnerapp1' => 'partnerapp1');

// This could be also "/", it points to the path where JOSSO code is found, 
// for example for [http://myhost.com/partnerapp1/josso-security-check.php] use /partnerapp1.
$josso_agentBasecode = "/partnerapp1";
...
?>

Using this configuration you can set:

  • The Gateway Login URL, which represents the URL where the user should be redirected to on protected resource access, so that he has a chance to authenticate itself.
  • The Gateway Logout URL, which represents the URL where the user should be redirected on logout request.
  • The Gateway endpoint, which represents where the JOSSO Web Services are listening.
  • The PHP Agent code base : It should point to the JOSSO agent code, for example for http://myhost.com/php-partnerapp/josso-security-check.php use /php-partnerapp.

Next Steps

Now that you installed JOSSO Agent see how to Jossify your PHP Application