Integrating Shibboleth with SafeNet Authentication Service as IdP
first of all, sorry if this is a naive question. Unfortunately this is my first experience and I'm stuck. This is my first message here and I hope having landed in the right place.
I need to figure out how to read the UserID of the authenticated User, once the authentication has been verified. I use PHP as development language.
- SP: Apache + Shibboleth
- IdP: SafeNet Authentication Service (known as SAS, it's Cloud service that acts as an IdP using SAML)
I could configure both sides to talk each other. So right now I can force an authentication in a web page of our server, that is redirected to SAS and if the authentication succeeds, I can access to the webpage.
My problem is that I can't figure out how to read the UserID from PHP. I did the typical test page to print-out the server variables and I get things like:
[Shib-Application-ID] => default
[Shib-Session-ID] => _d3ef501c4e6e0b4cdbb12addef457b90
[Shib-Identity-Provider] => https://idp1.cryptocard.com/idp/shibboleth [Shib-Authentication-Instant] => 2015-08-06T13:46:45.390Z
[Shib-Authentication-Method] => urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
[Shib-AuthnContext-Class] => urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
[Shib-Session-Index] => 14a5d8df8979a456a288138f0e40d6c7d5a24b37f6eba6bdc3791682eeeac39a
I just need to read the UserID or e-mail of the user that has been authenticated. Maybe it's something related to attribute mapping, but I don't get the right configuration.
If anyone can help me on solving this, it will be deeply appreciated.