We are currently implementing a new OpenSSO Server. The server is on a different server from the web server and I am having trouble getting authentication to occur on our PHP Web server.
The cookie set with the openSSO Token is called iPlanetDirectoryPro. This is set from authServer.company.com . I need to read this from webserver.company.com and then send an HTTPRequest to the authserver.company.com to retrieve the attributes for that OpenSSO Token.
Currently my code looks like this but it isn't working, I suspect due to not correctly reading the cookie.
$url = 'http://authServer.company.com:8080/opensso/identity/attributes';
$r = new HttpRequest();
$r->setURL($url);
$r->setMethod(HTTP_METH_POST);
$valarray = array(
'Host' => 'authServer.company.com',
'Content-Type' => 'application/x-www-form-urlencoded',
'Cookie' => "iPlanetDirectoryPro=$_COOKIE[iPlanetDirectoryPro]"
);
$r->addHeaders($valarray);
var_dump($r);
var_dump($valarray);
#
# request
#
print "<br/>";
print "<b>what i'm saying to the server</b>";
print "<pre>";
#print "iPlanetDirectoryPro cookie: $_COOKIE[iPlanetDirectoryPro]";
print $r->getRawRequestMessage();
print "</pre>";
print "iPlanetDirectoryPro cookie: $_COOKIE[iPlanetDirectoryPro]";
$r->send();
#
# response
#
print "<b>what the server is telling me</b>";
print "<pre>";
$response_body = $r->getResponseBody();
print $response_body;
print "</pre>";
Any ideas about this? Am I going about this in the wrong way?
Update - So the bottom line I found was the server simply couldn't read the cookie as it was coming from another server. As a work aronud I implemented a REST API that allows the user to submit a login page from the webserver. Its send to the AuthServer which gives back a response. The response should typically be a token unless its invalid. If its a token, a new cookie is created with the token in it so that applications can then use that token to communicate with the authserver, but the cookie resides under the webservers domain