When PingFederate is configured as an SP, it takes inbound SAML assertions and converts them to some local format (cookie or otherwise) that can be used by an application to create a user's session. For an OpenToken, the PingFederate adapter takes the attributes and values from the SAML assertion and stores them in an OpenToken cookie or query parameter in the user’s browser. The user is then redirected to the target application, which can then identify the user from the included OpenToken. The application can use either the Agent object to do the decoding explicitly, or include the opentoken.php file to have that processing done automatically.

To do the processing automatically, include the pingidentity/opentoken/helpers/opentoken.php file inside the page responsible for logging the user in. The opentoken.php file will automatically parse inbound tokens using the agent configuration generated by PingFederate in Step 6 during the PHP Integration Kit installation process, and provide them as global variables.

These global variables are listed below:

Variable Name Description/Contents
$opentoken_subject String representing the authenticated subject in the OpenToken
$opentoken_haveValidToken Boolean indicating whether the received OpenToken was valid
$opentoken_lastError String containing the last error message from decoding the OpenToken
$opentoken_values Keyed-array of values contained in the OpenToken. Null if no valid token was received