PHP Single Sign On with SAML IDP using JWT

Follow the Step-by-Step Guide given below to integrate your PHP app with SAML IDP using JWT.

Step 1: Set up an Identity Source in miniOrange

Login as a customer from Admin Console of miniOrange's Administrator Console, now go to Identity Sources Tab from menu and click Add Identity Source. Make sure SAML tab is selected.

Enter the following:

IDP Name	<Your IDP Display Name>
IDP Identifier	<Your IDP App Name>
IdP Entity ID	https://<YOUR_SAML_IDP_DOMAIN>
SAML SSO Login URL	https://<YOUR_SAML_IDP_DOMAIN>
X.509 Certificate	Provide the SAML IDP signing certificate
Override Return URL	Yes
Return URL	Leave blank

Click on Save

Step 2: Configure miniOrange as relying party in your SAML IDP

In your IDP enter the following URL in the Relying Party URL textbox: https://login.xecurify.com/moas/broker/login/saml/acs/{YOUR_CUSTOMER_KEY}
Enter the following in Relying Party trust identifier textbox: https://login.xecurify.com/moas/

Step 3: Creating an external app in miniOrange

Login to miniOrange Admin console and go to Apps > Manage Apps
Click on the Add Applications button on the right upper corner.
Choose Application type as a JWT and click on Create App button. Select External App.
Enter the Custom Application Name and Description. Enter Redirect-URL as this: http://<file-path>/callback.php.
For details regarding the callback.php file refer to Step 4.
Click on Save.
Select Certificate dropdown option against the application you just added.You will need the content of this to validate the JWT Token signature later.
Select Edit option from dropdown against the App you just created. Save/Note down the App Secret. This will be required for generating the Encrypted Token.

Step 4: Adding the response page

Now, create a new file named callback.php with the following code given below. This file will act as an endpoint i.e response to the jwt token which is received.

callback.php

	if(isset($_GET['id_token'])) {
	  $id_token = $_GET['id_token'];
	  $id_array = explode(".", $id_token);
	  if(sizeof($id_array)==3) {
		$id_body = base64_decode($id_array[1]);
		$user_attributes = json_decode($id_body, true);
		if(isset($user_attributes['NameID'])) {
		  $expiry = $user_attributes['exp'];
		  if($expiry > time()) {
			$username = $email = $user_attributes['NameID'];
			echo $username;
			// Login user with email $email or $username
			}
		  else {
			echo "Response expired. Try login again.";
			}
		}
	  }
	}
	exit;

For generating authentication request token hit the Single Sign On URL .

Receiving and Verifying the JWT token

http://jwt.io/

https://bitbucket.org/b_c/jose4j/wiki/Home

https://bitbucket.org/b_c/jose4j/wiki/JWT%20Examples

Why Our Customers choose miniOrange Secure Identity Solutions ?

24/7 Support

miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.

Try Now

Affordable Pricing

miniorange provides most affordable Secure Identity Solutions for all type of use cases and offers different packages based on customer's requirement.

Request A Quote

We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at -

+1 978 658 9387 (US) , +91 97178 45846 (India) | info@xecurify.com