---
title: SP single sign-on integration
description: When PingFederate is configured as an SP, it takes inbound SAML assertions and converts them to some local format (cookie or otherwise) that can be used by an application to create a user's session. For an OpenToken, the PingFederate adapter takes the attributes and values from the SAML assertion and stores them in an OpenToken cookie or query parameter in the user's browser. The user is then redirected to the target application, which can then identify the user from the included OpenToken. The application can use either the Agent object to do the decoding explicitly, or include the opentoken.php file to have that processing done automatically.
component: php
page_id: php:setup:pf_php_ik_sp_single_sign_on_integration
canonical_url: https://docs.pingidentity.com/integrations/php/setup/pf_php_ik_sp_single_sign_on_integration.html
revdate: June 21, 2024
---

# SP single sign-on integration

When PingFederate is configured as an SP, it takes inbound SAML assertions and converts them to some local format (cookie or otherwise) that can be used by an application to create a user's session. For an `OpenToken`, the PingFederate adapter takes the attributes and values from the SAML assertion and stores them in an `OpenToken` cookie or query parameter in the user's browser. The user is then redirected to the target application, which can then identify the user from the included `OpenToken`. The application can use either the Agent object to do the decoding explicitly, or include the opentoken.php file to have that processing done automatically.

To do the processing automatically, include the `pingidentity/opentoken/helpers/opentoken.php` file inside the page responsible for logging the user in. The opentoken.php file will automatically parse inbound tokens using the agent configuration generated by PingFederate during the [PHP Integration Kit deployment process](pf_php_ik_configuring_pf_and_the_sample_applications.html), and provide them as global variables.

These global variables are listed below:

| Variable Name              | Description/Contents                                                                      |
| -------------------------- | ----------------------------------------------------------------------------------------- |
| $opentoken\_subject        | String representing the authenticated subject in the OpenToken                            |
| $opentoken\_haveValidToken | `Boolean` indicating whether the received OpenToken was valid                             |
| $opentoken\_lastError      | String containing the last error message from decoding the `OpenToken`                    |
| $opentoken\_values         | Keyed-array of values contained in the `OpenToken`. `Null` if no valid token was received |