Hi all,
I'm new to php and I need to authenticate to a SSO server. The SSO server is a .Net one, using a SSL certificate.
When I go back from the SSO server, the response is encoded. I have the key of the certificate of course, but how could I decrypt the response ?
This is very vague for me, don't hesitate to detail your answer :)
Many thanks in advance for your help, best regards
You can use the http/ssl stream wrapper to let php transparently handle the ssl part.
Let's start simple:
$c = file_get_contents('file.txt');
No wrapper has been specified, therefore file:// is used by default. The file:// wrapper tries to open the local file file.txt and file_get_contents() reads the data from that stream.
Next step: the http wrapper
$c = file_get_contents('http://docs.php.net/fopen');
Now a wrapper is specified. The http-wrapper makes a request for http://docs.php.net/fopen and returns the result as a stream from which file_get_contents() all its data.
You can also use https if ssl support is enabled in (see also http://docs.php.net/openssl).
$c = file_get_contents('https://developer.mozilla.org/en/gecko_dom_reference');
Optional: server/client authentication
You can attach a context to a php stream allowing you to set options/parameter for the involved stream wrappers.
E.g. the http-wrapper take the http.user_agent parameter into account when sending a http request to a server. So, if you want to make the server "believe" that a specific version of firefox makes a request for a document and you can do something like
$context = stream_context_create(
array(
'http'=>array('user-agent'=>'Mozilla/6.0 (Windows; U; Windows NT 7.0; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.9 (.NET CLR 3.5.30729)')
)
);
$c = file_get_contents('http://docs.php.net/fopen', 0, $context);
When making a https request both the http and the ssl options are used
$context = stream_context_create(
array(
'http'=>array( ...http-wrapper options here ),
'ssl'=>array( ...ssl-wrapper options here )
)
);
The https server might require you to authenticate before allowing access to a resource. A client certificate has to be send with the request and the server decides whether it's acceptable or not. The context parameter ssl.local_cert allows you to specify the client certificate that is used in the request. The cert file may be password protected. In that case you have to provide the password as ssl.passphrase
$context = stream_context_create(
array(
'ssl'=>array(
'local_cert'=>'xyz/VolkerCA/UserVolker.pem',
'passphrase'=>'my secret passphrase'
)
)
);
$c = file_get_contents('https://hermes..../ssl/test.php', 0, $context);
On the other hand you might (also) want to make sure that the server really is what it claims to be. How it's decided whether a (server) certificate is acceptable/valid/trustworthy is a bit beyond this post. http://docs.php.net/book.openssl
Set ssl.verify_peer=true and pass the information where to find the verification data as ssl.cafile
$context = stream_context_create(
array(
'ssl'=>array(
'local_cert'=>'xyz/VolkerCA/UserVolker.pem',
'passphrase'=>'my secret passphrase',
'verify_peer'=>true,
'cafile'=>'xyz/VolkerCA/VolkerCA.pem'
)
)
);
$c = file_get_contents('https://hermes..../ssl/test.php', 0, $context);