This example uses the jumbojett basic OpenID Connect client installed using composer on a linux box. We tested with v0.8.0, but newer versions should work the same way.
It takes users to an attributes page after login and display the claims/values that have been passed.
Goal in this example
Authenticate a user and display all the received claims on a page. In the real world you would read the claims and feed them into your authorization / user-session management process, but here you can experiment with having your OpenAthens account send different attributes, and your Keystone mappings.
Instructions
-
In the path you wish to enable OIDC access for, install the jumbojett component:
> mkdir -p var/www/html/protected > cd var/www/html/protected > /path_to_composer/composer.phar require jumbojett/openid-connect-php:0.8.0 -
Create a php page to handle the login, e.g.
index.php. This one creates a session attribute of an array of the returned claims and then passes the user to anattributes.phppage where they can be displayed.PHP<?php require 'vendor/autoload.php'; $issuer = 'http://connect.openathens.net'; $cid = 'YOUR_OPENATHENS_CLIENT_ID'; $secret = 'YOUR_OPENATHENS_CLIENT_SECRET'; $oidc = new Jumbojett\OpenIDConnectClient($issuer, $cid, $secret); $oidc->authenticate(); $oidc->requestUserInfo('sub'); $session = array(); foreach($oidc as $key=> $value) { if(is_array($value)){ $v = implode(', ', $value); }else{ $v = $value; } $session[$key] = $v; } session_start(); $_SESSION['attributes'] = $session; header("Location: ./attributes.php"); ?> -
Add the
attributes.phppage. E.g:XML<?php session_start(); ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="description" content=""> <meta name="author" content=""> <title>OpenID Connect: Released Attributes</title> </head> <body> <!-- Intro --> <div class="banner"> <div class="container"> <h1 class="section-heading">Claims</h1> <h3> Claims sent back from OpenID Connect </h3> <br/> </div> </div> <!-- Claims --> <div class="content-section-a" id="openAthensClaims"> <div class="container"> <h2>Claims</h2> <br/> <div class="row"> <table class="table" style="width:80%;" border = "1"> <?php foreach ($_SESSION['attributes'] as $key=>$value): ?> <tr> <td data-toggle="tooltip" title=<?php echo $key; ?>><?php echo $key; ?></td> <td data-toggle="tooltip" title=<?php echo $value; ?>><?php echo $value; ?></td> </tr> <?php endforeach; ?> </table> </div> </div> </div> </body> </html> -
Go to
index.phpin a browser. -
Get sent to an OpenAthens login page.
-
Sign in and get sent back and then on to the attributes page.