Skip to content

Instantly share code, notes, and snippets.

@AsaAyers
Created July 31, 2011 00:17
Show Gist options
  • Save AsaAyers/1116177 to your computer and use it in GitHub Desktop.
Save AsaAyers/1116177 to your computer and use it in GitHub Desktop.
PHP Crowd Authentication
<?php
/**
* This file demonstrates using Atlassian Crowd for Single Sign On.
*/
$crowd_app_name = 'REMOVED';
$crowd_app_password = 'REMOVED';
$crowd_url = 'http://crowd.REMOVED.com/crowd/services/SecurityServer?wsdl';
// http://pear.php.net/package/Services_Atlassian_Crowd
require_once('Services/Atlassian/Crowd.php');
$username = NULL;
$crowd = new Services_Atlassian_Crowd(array(
'app_name' => $crowd_app_name,
'app_credential' => $crowd_app_password,
'service_url' => $crowd_url,
));
$crowd->authenticateApplication();
$is_authenticated = FALSE;
if (!empty($_COOKIE['crowd_token_key']))
{
// If the user already had a crowd token, we need to verify that it's still valid
$is_authenticated = $crowd->isValidPrincipalToken(
$_COOKIE['crowd_token_key'],
$_SERVER['HTTP_USER_AGENT'],
$_SERVER['REMOTE_ADDR']
);
}
if (!$is_authenticated)
{
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="Crowd Login"');
header('HTTP/1.0 401 Unauthorized');
echo 'Forbidden.';
exit;
}
try
{
$_COOKIE['crowd_token_key'] = $crowd->authenticatePrincipal(
$_SERVER['PHP_AUTH_USER'],
$_SERVER['PHP_AUTH_PW'],
$_SERVER['HTTP_USER_AGENT'],
$_SERVER['REMOTE_ADDR']
);
setcookie('crowd_token_key', $_COOKIE['crowd_token_key'], time() + 3600);
$is_authenticated = TRUE;
}
catch (Services_Atlassian_Crowd_Exception $e)
{
// I have no idea why, but instead of throwing an
// invalid username or password exception, we get
// an exception with the username provided if either is wrong.
if ($e->getMessage() == $_SERVER['PHP_AUTH_USER'])
{
// todo: prompt for login again
}
throw $e;
}
}
if ($is_authenticated)
{
$principal = $crowd->findPrincipalByToken($_COOKIE['crowd_token_key']);
// Even though the user may have supplied a username, it's not case sensitive
// and this will make sure the username is always consistent whether they signed
// in using another application or they used http authentication.
$username = $principal->name;
}
if (empty($username))
{
header('HTTP/1.0 401 Unauthorized');
echo 'Forbidden.';
exit;
}
echo "Welcome $username, you do have access to this application.";
echo "<pre>";
var_dump($principal);
echo "</pre>";
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment