Page created: 24 Jul 2019
|
Page updated: 8 Feb 2022
The PHP Integration Kit consists of two parts:
- The OpenToken Adapter, which runs within the PingFederate server
- The Agent Toolkit for PHP, which resides within the PHP user application
The following figure shows a basic IdP-initiated single sign-on (SSO) scenario in which PingFederate federation servers using the PHP Integration Kit exist on both sides of the identity federation:
Processing Steps
- A user initiates an SSO transaction.
- The IdP application inserts user attributes into the Agent Toolkit for PHP, which encrypts the data internally and generates an
OpenToken
. - A request containing the
OpenToken
is redirected to the PingFederate IdP server. - The server invokes the OpenToken IdP Adapter, which retrieves the
OpenToken
, decrypts, parses, and passes the user attributes to the PingFederate IdP server. The PingFederate IdP server then generates a Security Assertion Markup Language (SAML) assertion. - The SAML assertion is sent to the SP site.
- The PingFederate SP server parses the SAML assertion and passes the user attributes to the OpenToken SP Adapter. The Adapter encrypts the data internally and generates an
OpenToken
. - A request containing the OpenToken is redirected to the SP application.
- The Agent Toolkit for PHP decrypts and parses the OpenToken and makes the user
attributes available to the SP Application. Note: PingFederate can be configured to look up additional attributes from either an IdP or SP data store. For more information, see Datastores in the PingFederate documentation.