PingOne for Enterprise

PHP Token Exchange Sample

<?php

/
 * Requires libcurl to be installed. For more info, see:
 * http://us.php.net/manual/en/book.curl.php
 /

/
 * Create a new user session for this user, identified by "$username",
 * by the identity provider identified by "$idpId"
 *
 * Implement me!! Must validate that subject belongs to this idpId
 */

 /*
 * The restAuthUsername value is the REST API Client ID (a GUID) automatically assigned to your account in the PingOne admin portal
 * on the Account > Integration page.
 * You will need to replace the restAuthUsername value in "${restAuthUsername}" in the sample below with your REST API Client ID.
 * For example: $restAuthUsername = '5f6ce45e-1a00-488e-8519-7c9946cb6379';
 *
 * The restApiKey value is the REST API Client Secret (the password/secret associated with your REST API Client ID). You will need
 * to uncomment the $restApiKey statement and replace 'Specify me at https://admin.pingidentity.com/' in the sample below with
 * your REST API Client Secret.
 * For example:  $restApiKey = 'mySecretApiPassword';
 */

function createUserSession($username, $idpid)
{
   echo "<p>Welcome, ".strip_tags($username)."</p>";
}

$tokenid = $_GET['tokenid'];
$agentid = $_GET['agentid'];

$restAuthUsername = '${restAuthUsername}';
//$restApiKey = 'Specify me at https://admin.pingidentity.com/';

$sso_service = "https://sso.connect.pingidentity.com/sso/TXS/2.0/1/$tokenid";
$c = curl_init($sso_service);
curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
curl_setopt($c, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($c, CURLOPT_COOKIE, "agentid=$agentid;");
curl_setopt($c, CURLOPT_USERPWD, "$restAuthUsername:$restApiKey");
$response = curl_exec($c);
curl_close($c);
$responseData = json_decode($response, true);

createUserSession($responseData['pingone.subject'],
        $responseData['pingone.idp.id']);
?>