PHP OpenID Connect example

This example uses the jumbojett basic OpenID Connect client installed using composer on a linux box. We tested with v0.8.0, but newer versions should work the same way.

• jumbojett: https://github.com/jumbojett/OpenID-Connect-PHP
• composer: https://getcomposer.org/

It takes users to an attributes page after login and display the claims/values that have been passed.

Goal in this example

Authenticate a user and display all the received claims on a page. In the real world you would read the claims and feed them into your authorisation / user-session management process, but here you can experiment with having your OpenAthens account send different attributes, and your Keystone mappings.

Instructions

1. In the path you wish to enable OIDC access for, install the jumbojett component:
   
   

   CODE

   > mkdir -p var/www/html/protected
   
   > cd var/www/html/protected
   
   > /path_to_composer/composer.phar require jumbojett/openid-connect-php:0.8.0

2. Create a php page to handle the login, e.g. index.php. This one creates a session attribute of an array of the returned claims and then passes the user to an attributes.php page where they can be displayed.
   
   

   PHP

   <?php
   require 'vendor/autoload.php';
   
   $issuer = 'http://connect.openathens.net';
   $cid = 'YOUR_OPENATHENS_CLIENT_ID';
   $secret = 'YOUR_OPENATHENS_CLIENT_SECRET';
   $oidc = new Jumbojett\OpenIDConnectClient($issuer, $cid, $secret);
   
   $oidc->authenticate();
   $oidc->requestUserInfo('sub');
   
   $session = array();
   foreach($oidc as $key=> $value) {
       if(is_array($value)){
               $v = implode(', ', $value);
       }else{
               $v = $value;
       }
       $session[$key] = $v;
   }
   
   
   session_start();
   $_SESSION['attributes'] = $session;
   
   header("Location: ./attributes.php");
   
   ?>

3. Add the attributes.php page. E.g:
   
   

   XML

   <?php
       session_start();
   ?>
   <!DOCTYPE html>
   <html lang="en">
   
   <head>
   
      <meta charset="utf-8">
      <meta http-equiv="X-UA-Compatible" content="IE=edge">
      <meta name="viewport" content="width=device-width, initial-scale=1">
      <meta name="description" content="">
      <meta name="author" content="">
   
      <title>OpenID Connect: Released Attributes</title>
   
   </head>
   
   <body>
   
      <!-- Intro -->
      <div class="banner">
         <div class="container">
            <h1 class="section-heading">Claims</h1>
   
            <h3>
               Claims sent back from OpenID Connect
            </h3>
            <br/>
         </div>
      </div>
   
      <!-- Claims -->
      <div class="content-section-a" id="openAthensClaims">
         <div class="container">
   
            <h2>Claims</h2>
            <br/>
            <div class="row">
   
                  <table class="table" style="width:80%;" border = "1">
                    <?php foreach ($_SESSION['attributes'] as $key=>$value): ?>
                         <tr>
                             <td data-toggle="tooltip" title=<?php echo $key; ?>><?php echo $key; ?></td>
                             <td data-toggle="tooltip" title=<?php echo $value; ?>><?php echo $value; ?></td>
                         </tr>
                    <?php endforeach; ?>
   
                  </table>
            </div>
         </div>
      </div>
   </body>
   
   </html>

4. Go to index.php in a browser.
   
   
5. Get sent to an OpenAthens sign-in page.
   
   
6. Sign in and get sent back and then on to the attributes page.