There are three phases to configure SAML 2.0 for PHP Applications, Dependencies, Configuration, and Integrations. All three phases are required.
Be sure the following software is installed on the web server running the SAML PHP plugin.
Update the okta.config.xml file. Add following xml node to [php_application_root_dir]/okta.config.xml file under root <configuration> section.
<okta>
<authentication>
<issuer> </issuer>
<authenticationUrl> </authenticationUrl>
<logoutUrl> </logoutUrl>
<certificate>
</certificate>
</authentication>
</okta>
Include bootstrap.php at the top of php script that handles SAML authorization.
Navigate to the place in code where you expect SAMLResponse POSTed and add the following line.
PHPSAMLProcessor::self()->getUserIdBySAMLResponse($_POST["SAMLResponse"]);
<?php
require_once(dirname(__FILE__) . "/lib/bootstrap.php");
$SAMLResponse = @$_POST["SAMLResponse"];
if (!empty($SAMLResponse)) {
try {
$userId = PHPSAMLProcessor::self()->getUserIdBySAMLResponse($SAMLResponse);
echo "User id:" . $userId;
} catch (Exception $e) {
echo "ERROR:" . $e->getMessage();
} echo "<br />";
}
?>
Include lib/bootstrap.php at the top of php script that performs SAML requests.
Navigate to the place in code where you plan to perform SAML request to the OKTA and add code modeled after the following example.
Example<?php
$authUrl = Config::getAuthUrl(); //taken from okta.config.xml
$samlRequest = PHPSAMLProcessor::self()->createSAMLRequest();
//or your url where authenticated user will be redirected after successfully logon
$relayState = Config::getBaseUrl() . "/dashboard.php";
$redirUrl = $authUrl . "?SAMLRequest=" . urlencode(base64_encode($samlRequest)) . "&RelayState=" . urlencode($relayState);
header("Location: " . $redirUrl);
?>