Integrating Shibboleth with SafeNet Authentication Service as IdP

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Integrating Shibboleth with SafeNet Authentication Service as IdP

first of all, sorry if this is a naive question. Unfortunately this is my first experience and I'm stuck. This is my first message here and I hope having landed in the right place.

I need to figure out how to read the UserID of the authenticated User, once the authentication has been verified. I use PHP as development language.

Our scenario:
- SP: Apache + Shibboleth
- IdP: SafeNet Authentication Service (known as SAS, it's Cloud service that acts as an IdP using SAML)

I could configure both sides to talk each other. So right now I can force an authentication in a web page of our server, that is redirected to SAS and if the authentication succeeds, I can access to the webpage.

My problem is that I can't figure out how to read the UserID from PHP. I did the typical test page to print-out the server variables and I get things like:
    [Shib-Application-ID] => default
    [Shib-Session-ID] => _d3ef501c4e6e0b4cdbb12addef457b90
    [Shib-Identity-Provider] =>
    [Shib-Authentication-Instant] => 2015-08-06T13:46:45.390Z
    [Shib-Authentication-Method] => urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
    [Shib-AuthnContext-Class] => urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
    [Shib-Session-Index] => 14a5d8df8979a456a288138f0e40d6c7d5a24b37f6eba6bdc3791682eeeac39a

I just need to read the UserID or e-mail of the user that has been authenticated. Maybe it's something related to attribute mapping, but I don't get the right configuration.

If anyone can help me on solving this, it will be deeply appreciated.