Hello there!

Need Help? We are right here!

support
miniOrange Support

Thanks for your inquiry.
One of our representatives will get in touch with you shortly via email.

Authenticate PHP with JWT
miniOrange provides a ready to use solution for PHP application. Log in to your PHP application with any SAML IDP or any other social or enterprise credential store using JWT.

PHP Single Sign On with SAML IDP using JWT


Follow the Step-by-Step Guide given below to integrate your PHP app with SAML IDP using JWT.

Step 1: Set up an Identity Source in miniOrange

Step 2: Configure miniOrange as relying party in your SAML IDP

Step 3: Creating an external app in miniOrange

Step 4: Fetching the Customer Key and Customer Token Key

Step 5: Adding the request page

request.php
	function pkcs5_pad($text) {
	$size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
	$pad = $size - (strlen($text) % $size);
	return $text . str_repeat(chr($pad), $pad);
	}
	function encrypt_data($data, $key) {
		$strIn = pkcs5_pad($data);	
	$strCrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $strIn, MCRYPT_MODE_ECB);
		return base64_encode($strCrypt);
	}
	
    $customer_id = " <CUSTOMER_KEY>";
    $token_key = " <CUSTOMER_TOKEN>";
    $return_url = "http://<file_path>/callback.php";    //refer step 6
    $app_secret = " <APP_SECRET>";
	
    $timestamp = round( microtime(true) * 1000 );
    $input_string = $timestamp . ":" . $app_secret;
    $cipher_text = encrypt_data($input_string, $token_key);
    
    $redirect_url = "https://auth.miniorange.com/moas/broker/login/jwt/" . $customer_id . '/'  .'?token=' . urlencode($cipher_text) . "&returnUrl=" . urlencode($return_url);
    header('Location: ' . $redirect_url);

Step 6: Adding the response page

callback.php
	if(isset($_GET['id_token'])) {
	  $id_token = $_GET['id_token'];
	  $id_array = explode(".", $id_token);
	  if(sizeof($id_array)==3) {
		$id_body = base64_decode($id_array[1]);
		$user_attributes = json_decode($id_body, true);
		if(isset($user_attributes['NameID'])) {
		  $expiry = $user_attributes['exp'];
		  if($expiry > time()) {
			$username = $email = $user_attributes['NameID'];
			echo $username;
			// Login user with email $email or $username
			}
		  else {
			echo "Response expired. Try login again.";
			}
		}
	  }
	}
	exit;

Creating the Authentication Request token