I have looked into the PowerSchool's documentation on OpenID implementation. However, I believe it misses out on vital information i.e., how do we pass the required attributes. I have looked into sample implementations in other platforms. But, they seem to be different from what the documentation is talking about.
How do I go about implementing PowerSchool's Open ID in PHP in this case. After much struggle, I have got the 3rd party site to successfully perform the handshake, however, no attribute values are being retrieved and there are no errors, not even in the logs.
PowerSchool's Open ID SSO (Single Sign On) currently only works if the request is initiated from PowerSchool's site. Therefore, start off with creating the Open ID link plugin.
<?xml version="1.0" encoding="UTF-8"?>
<plugin xmlns="http://plugin.powerschool.pearson.com"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation='http://plugin.powerschool.pearson.com plugin.xsd'
name="Insert Your PluginsName"
version="1.0.0"
description="Insert a description here">
<!-- The host name without scheme i.e., https. This is the host with which PowerSchool will perform the handshake -->
<!-- and will pass the attributes to. -->
<!-- NOTE: This host must have a valid SSL for this to work. -->
<openid host="www.myopenid.com">
<links>
<link display-text="Insert links display text here"
title="Insert links title here"
path="/openidlogin">
<!-- The relative path to the hostname Open ID initiation is performed on the host specified above i.e., -->
<!-- www.myopenid.com/openidlogin -->
<ui_contexts>
<!-- You may add other user contexts too i.e., guardian etc -->
<ui_context id="admin.header" />
<ui_context id="admin.left_nav" />
</ui_contexts>
</link>
</links>
</openid>
<publisher name="XYZ">
<contact email="xyzAtmyopenId.com"/>
</publisher>
</plugin>
xyzps.com/admin/home.htmlHead over to LightOpenID and add it to your project.
On the path mentioned in the plugin for openid host i.e., /openidlogin add the required attributes and redirect to the authentication url:
$openid = new LightOpenID("Insert hostname i.e., www.myopenid.com");
$openid->identity = $_GET['openid_identifier'];
$openid->required = array(
'email'=>'http://powerschool.com/entity/email'
);
$openid->returnUrl = 'Insert SSL enabled hostname i.e., https://www.myopenid.com/authenticateopenid';
header('Location: ' . $openid->authUrl());
Before proceeding we will need to modify the LightOpenID because it prefixes the attributes with http://axschema.org/ due to which no attribute value will be returned. To do this:
Navigate to LightOpenID.php -> axParams() and change
$this->aliases[$alias] = 'http://axschema.org/' . $field;
To
$this->aliases[$alias] = $field;
Navigate to LightOpenID.php -> getAxAttributes() and change
$key = substr($this->getItem($prefix . '_type_' . $key), $length);
To
$key = $this->getItem($prefix . '_type_' . $key);
On the path specified in Open ID's return URL i.e., authenticateopenid, verify the user and retrieve their attributes:
$openid = new LightOpenID("Insert hostname i.e., www.myopenid.com");
if ($openid->mode)
{
if ($openid->mode == 'cancel') {
echo "User has canceled authentication !";
} elseif ($openid->validate()) {
$data = $openid->getAttributes();
$email = $data['http://powerschool.com/entity/email'];
echo "</br>Email: " . $email . "</br>";
}
else {
echo "The user has not logged in";
}
}
else {
echo "Go to PowerSchool to log in.";
}