The PHP Integration Kit consists of two parts:
- The OpenToken Adapter, which runs within the PingFederate server
- The Agent Toolkit for PHP, which resides within the PHP user application
The following figure shows a basic IdP-initiated single sign-on (SSO) scenario in which PingFederate federation servers using the PHP Integration Kit exist on both sides of the identity federation:
- A user initiates an SSO transaction.
- The IdP application inserts user attributes into the Agent Toolkit for PHP, which encrypts the data internally and generates an
- A request containing the
OpenTokenis redirected to the PingFederate IdP server.
- The server invokes the OpenToken IdP Adapter, which retrieves the
OpenToken, decrypts, parses, and passes the user attributes to the PingFederate IdP server. The PingFederate IdP server then generates a Security Assertion Markup Language (SAML) assertion.
- The SAML assertion is sent to the SP site.
- The PingFederate SP server parses the SAML assertion and passes the user attributes to the OpenToken SP Adapter. The Adapter encrypts the data internally and generates an
- A request containing the OpenToken is redirected to the SP application.
- The Agent Toolkit for PHP decrypts and parses the OpenToken and makes the user
attributes available to the SP Application. Note: PingFederate can be configured to look up additional attributes from either an IdP or SP data store. For more information, see Datastores in the PingFederate documentation.