Hello there!

Need Help? Write to us!

support
miniOrange Email Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Authenticate PHP with JWT
miniOrange provides a ready to use solution for PHP application. Log in to your PHP application with any SAML IDP or any other social or enterprise credential store using JWT.

PHP Single Sign On with SAML IDP using JWT


Follow the Step-by-Step Guide given below to integrate your PHP app with SAML IDP using JWT.

Step 1: Set up an Identity Source in miniOrange

Step 2: Configure miniOrange as relying party in your SAML IDP

Step 3: Creating an external app in miniOrange

Step 4: Fetching the Customer Key and Customer Token Key

Step 5: Adding the request page

request.php
	function pkcs5_pad($text) {
	$size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
	$pad = $size - (strlen($text) % $size);
	return $text . str_repeat(chr($pad), $pad);
	}
	function encrypt_data($data, $key) {
		$strIn = pkcs5_pad($data);	
	$strCrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $strIn, MCRYPT_MODE_ECB);
		return base64_encode($strCrypt);
	}
	
    $customer_id = " <CUSTOMER_KEY>";
    $token_key = " <CUSTOMER_TOKEN>";
    $return_url = "http://<file_path>/callback.php";    //refer step 6
    $app_secret = " <APP_SECRET>";
	
    $timestamp = round( microtime(true) * 1000 );
    $input_string = $timestamp . ":" . $app_secret;
    $cipher_text = encrypt_data($input_string, $token_key);
    
    $redirect_url = "https://login.xecurify.com/moas/broker/login/jwt/" . $customer_id . '/'  .'?token=' . urlencode($cipher_text) . "&returnUrl=" . urlencode($return_url);
    header('Location: ' . $redirect_url);

Step 6: Adding the response page

callback.php
	if(isset($_GET['id_token'])) {
	  $id_token = $_GET['id_token'];
	  $id_array = explode(".", $id_token);
	  if(sizeof($id_array)==3) {
		$id_body = base64_decode($id_array[1]);
		$user_attributes = json_decode($id_body, true);
		if(isset($user_attributes['NameID'])) {
		  $expiry = $user_attributes['exp'];
		  if($expiry > time()) {
			$username = $email = $user_attributes['NameID'];
			echo $username;
			// Login user with email $email or $username
			}
		  else {
			echo "Response expired. Try login again.";
			}
		}
	  }
	}
	exit;

Creating the Authentication Request token

We offer Security Solutions of Single Sign-On, Two Factor Authentication, Fraud Prevention and much more.

Please call us at +1978 658 9387 (US), +91 77966 99612 (India) or email us at info@xecurify.com