JumpForward SSO Bridge

The following is example PHP code for use by academic institutions attempting to bridge their current single sign on authentication system with JumpForward.  This code is meant for example purposes only, and is no way meant to reflect finished code.

<?php
  //Author: Dylan F. Marquis
  //Email: dylan(dot)marquis(at)uconn(dot)edu
  //June 2012

  //API Key stored in a variable named $apiKey within the included file
  include '.apikey.php';

  //Filtered input container
  $clean = array();

  //Pull User ID from SSO -> This may differ based on authentication service
  $ssoId = $_SERVER['REMOTE_USER'];

  //Send a SOAP request to API -> Assign response to a variable and pull hash value by property
  try {$client = new SoapClient("https://api.jumpforward.com/services.asmx?WSDL");}
  catch (Exception $e)
  {
       header( 'Location: https://redirect_to_error_page.php' );
       trigger_error('Connection to the JumpForward API failed',E_ERROR);
  }
  $result = $client->GetStudentAthleteLoginHash(array('APIKey' => $apiKey, 'StudentId' => $ssoId));
  $hash = $result->GetStudentAthleteLoginHashResult;

  //Redirect unauthorized users (302)
  if ($hash=="Student Not Found")
  {
       header( 'Location: https:https://redirect_to_error_page.php' );
       trigger_error('StudentID not found by JumpForward Server',E_ERROR);
  }
  else
  {
       //Clean data sent from JumpForward
       if (preg_match('"^[a-zA-Z0-9_!.:/+-=]+(?!><$)$"', $hash))
       {
            $clean['hash'] = $hash;
       }
  else
  {
       header( 'Location: https://https://redirect_to_error_page.php' );
       trigger_error('Invalid data was received from JumpForward API',E_ERROR);
 }
       //POST hash to JumpForward SSO
       echo '<html><head></head><body><form action="https://college.jumpforward.com/sso.aspx" id="hash_form" method="post"><input type="hidden" id="hash" name="hash" value="'.$clean['hash'].'" /><script language="JavaScript" type="text/javascript">document.getElementById("hash_form").submit();</script></form></body></html>';
  }
?>

The filtered input container array $clean bears some explanation. This is not a functional part of the code, it is merely a means to identifying filtered data. This procedure was developed by Chris Shiflett as a way to prevent XSS.

$clean = array();

Additionally, the regular expression being run to filter the hash response from JumpForward, is also unnecessary to the proper functionality of this code. This has been added as a safeguard in the event that the JumpForward server is compromised and sends tainted data back as a response.  The regular expression is set to exclude any character that are not part of the Base64 character set.

if (preg_match('"^[a-zA-Z0-9_!.:/+-=]+(?!><$)$"', $hash))
{
     $clean['hash'] = $hash;
}

This entry was posted in PHP.