myOneLogin | Sample Source Code

PHP Example

Below is a short example of a PHP page that takes an incoming SAML package, then uses the validation web service from myOneLogin to validate and extract the username from the package.

Note that proper error handling have been removed from the code below, and this code should only be used for training purposes.

Click here to download this example in text format.

validateSaml.php

<?php
   /**
    * Note that this is just a proof-of-concept.
    * Be sure to test and cleanup for deployment.
    *
    * This example expects a POST of a base64 SAML assertion.
    * The SAML is validated using the myOneLogin web service.
    * Validation is done against page itself (see $self below)
    * and displays the username on success, and error message
    * on failure.
    */

    // Build our own URL, to be used for validating SAML destination
    $self = 'http';
    if ($_SERVER['HTTPS']) {
     $self = $self.'s';
    }
    $self = $self.'://'.$_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF'];

    // PHP has to be configured with SSL
    $wsdl = 'https://developer.myonelogin.com/SAAS/API/1.0/SOA/validateSaml?wsdl';

    // Extract SAML response to validate
    try {
       $saml = $_POST["SAMLResponse"];
       $target = $_POST["TARGET"];
    } catch ( Exception $e ) {
       //log_error "Missing parameters";
       exit;
    }

    // Do PHP5 SOAP call to myOneLogin web service
    $client=new SoapClient( $wsdl );
    $param = array (
        "samlResponse" => $saml,
        "recipientName" => $self
    );

    // Call validate method, send SAML and successRedirect
    try {
        $response = $client->validate( $param );
    } catch ( Exception $e ) {
       echo 'web service call failed, add error handling here';
       exit;
    }

    /**
     * The response is an object containing a result object with the following members:
     * valid - bool whether or not the saml response was valid
     * message - String useful for determining why a saml response was found invalid
     * username - String for whom the saml response was issued for (if valid)
     */
    if ($response->return->valid == true) {
       // At this point session can be setup as authenticated,
       // and request forwarded to actual protected target.
       echo $response->return->username;
    } else {
       // At this point, an error message should be displayed.
       echo $response->return->message;
    }

    exit;
?>

Source Code Examples

Downloads

Documentation (HTML)

Documentation (PDF)

PHP Example

validateSaml.php