Communications Software
plexcel_status
plexcel_find_authorities_by_domain
plexcel_get_authority
plexcel_get_domain
plexcel_log
plexcel_preamble
plexcel_authenticate
plexcel_sso
plexcel_logon
plexcel_logoff
plexcel_accept_token
plexcel_is_member_of
plexcel_set_password
plexcel_change_password
plexcel_gen_service_keytab
plexcel_search_objects
plexcel_get_account
plexcel_add_object
plexcel_modify_object
plexcel_delete_object
plexcel_rename_object
plexcel_set_attrdefs
plexcel_get_attrdefs
plexcel_set_conv_attrdefs
plexcel_accept_token |
Printer Friendly Format |
Synopsis
string plexcel_accept_token(resource $px, string $token)
Description
The plexcel_accept_token function accepts and returns base 64 encoded authentication tokens and authenticates the Plexcel context resource in the process. It is used almost exclusively by the plexcel_sso function, in conjunction with plexcel_status , to implement the 'Negotiate' form of HTTP authentication supported by modern browsers.
Note: If you find that IE is not submitting POST parameters when using this function, please note that you must call this function with every single request . If IE negotiates HTTP SSO authentication, it will pro-actively attempt to re-authenticate SSO authentication before submitting POST parameters.
Returns
The plexcel_accept_token function returns a base 64 encoded token that should be returned to the initiator (e.g. the web client) or FALSE if no reply token should be sent.
Notice that, unlike most other Plexcel functions, a return value of FALSE does not indicate that an error has occurred. The plexcel_status function must be used to check the result of the call.
Example
The following highly simplified version of the plexcel_sso function illustrates how to authenticate web clients with the plexcel_accept_token function. Note that the calling convention of this function is somewhat awkward in that it calls die if there is no Authorization header.
For more complete examples, see the various Plexcel plugins for popular PHP applications.
function plexcel_sso_simple($px, $options=NULL) {
$token = '';
$headers = apache_request_headers();
if (isset($headers["Authorization"])) {
$token = $headers["Authorization"];
$token = plexcel_accept_token($px, $token);
if (plexcel_status($px) != PLEXCEL_CONTINUE_NEEDED) {
if (plexcel_status($px) == PLEXCEL_SUCCESS) {
if ($token) /* mutual auth requires reply token */
header('WWW-Authenticate: Negotiate ' . $token, TRUE, 200);
return TRUE; /* authentication success */
}
/* authentication failed or something unexpected happend */
return FALSE;
}
$token = ' ' . $token;
}
header('WWW-Authenticate: Negotiate' . $token);
header('HTTP/1.1 401 Unauthorized');
die('Kerberos Authentication Required');
}
A simple version of plexcel_sso that uses plexcel_accept_token directly
See also
plexcel_sso, plexcel_preamble, plexcel_authenticate, plexcel_logon