When PingFederate is configured as an SP, it takes inbound SAML assertions and converts
them to some local format (cookie or otherwise) that can be used by an application to
create a user's session. For an OpenToken, the PingFederate adapter takes
the attributes and values from the SAML assertion and stores them in an
OpenToken cookie or query parameter in the user’s browser. The user is
then redirected to the target application, which can then identify the user from the
included OpenToken. The application can use either the Agent object to do
the decoding explicitly, or include the opentoken.php file to have that processing done
automatically.
To do the processing automatically, include the
pingidentity/opentoken/helpers/opentoken.php file inside the page
responsible for logging the user in. The opentoken.php file will automatically parse
inbound tokens using the agent configuration generated by PingFederate in Step 6 during the PHP Integration Kit
installation process, and provide them as global variables.
These global variables are listed below:
| Variable Name | Description/Contents |
|---|---|
| $opentoken_subject | String representing the authenticated subject in the OpenToken |
| $opentoken_haveValidToken |
Boolean indicating whether the received OpenToken was valid
|
| $opentoken_lastError | String containing the last error message from decoding the
OpenToken
|
| $opentoken_values | Keyed-array of values contained in the OpenToken.
Null if no valid token was received |