PHP Idp Sample :

- form for creating metadata
- sso support
- small README with installation instruction

12 files changed, 613 insertions, 39 deletions

diff --git a/php/Attic/examples/sample-idp/README b/php/Attic/examples/sample-idp/README
index a78f9817..5183812e 100644
--- a/php/Attic/examples/sample-idp/README
+++ b/php/Attic/examples/sample-idp/README
@@ -1 +1,27 @@
-TODO ;0)
+Lasso PHP Identity Provider Exemple
+---------------------------------- 
+
+SOFTWARE
+  This directory include a Liberty Alliance Identity Provider written in PHP
+  with the Lasso extension. 
+
+INSTALLATION
+ You need the fallowing components :
+ - The Apache Web Server with PHP4 version 4.3 with OpenSSL support enabled
+ - The Lasso Extension for PHP
+ - The PostgreSQL database server
+ - PHP Pear modules : DB, HTML_QuickForm
+
+ Under Debian GNU/Linux you can install thoses package with apt-get or aptitude:
+ apache, php4, php4-lasso, postgresql, pear.
+
+ You can download pear modules with the pear commande :
+
+ # pear install DB HTML_Common HTML_Form HTML_QuickForm
+
+CONFIGURATION
+  For the Apache web server you need to add in the httpd.conf file:
+  
+  RewriteEngine on
+  RewriteRule ^/(soapEndpoint|singleSignOn)(.*)$ /$1.php$2
+
diff --git a/php/Attic/examples/sample-idp/admin_user.php b/php/Attic/examples/sample-idp/admin_user.php
index a08d8187..e42b68b6 100644
--- a/php/Attic/examples/sample-idp/admin_user.php
+++ b/php/Attic/examples/sample-idp/admin_user.php
@@ -31,12 +31,16 @@
   if (DB::isError($db)) 
 	  die($db->getMessage());
 
-  if (!empty($_GET['dump'])) 
+  // Show XML dump
+  if (!empty($_GET['dump']) && !empty($_GET['type'])) 
   {
-  	$query = "SELECT identity_dump FROM users WHERE user_id='" . $_GET['dump'] . "'";
+	
+  	$query = "SELECT " . ($_GET['type'] == 'user' ? 'user' : 'session') . 
+	$query .= "_dump FROM users WHERE user_id='" . $_GET['dump'] . "'";
 	$res =& $db->query($query);
 	if (DB::isError($res)) 
-	  print $res->getMessage(). "\n";
+	  die($res->getMessage());
+	  
 	$row = $res->fetchRow();
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
@@ -44,7 +48,7 @@
 <html>
 <body>
 <table>
-<caption>Identity Dump</caption>
+<caption><?php echo ($_GET['type'] == 'user' ? 'Identity' : 'Session'); ?> Dump</caption>
 <tr>
   <td>
   <textarea rows="15" cols="50"><?php echo htmlentities($row[0], ENT_QUOTES); ?></textarea>
@@ -86,6 +90,7 @@
 <html>
 <head>
 <title>Lasso Service Provider Example : Users Management</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15" />
 <script language="JavaScript" type="text/javascript">
 <!-- 
 
@@ -146,10 +151,12 @@
 	<?php 
 	  switch ($tableinfo[$i]['name']) 
 	  {
-		case "identity_dump":
-  		  echo "<a href=javascript:openpopup('". $PHP_SELF . '?dump=' . $row[0] . "')>view</a>";
+		case "user_dump":
+  		  echo "<a href=javascript:openpopup('". $PHP_SELF . '?dump=' . $row[0] . "&type=user')>view</a>";
+		  break;
+	    case "session_dump":
+  		  echo "<a href=javascript:openpopup('". $PHP_SELF . '?dump=' . $row[0] . "&type=session')>view</a>";
 		  break;
-		  
 		default:
 		  echo (empty($row[$i])) ? "&nbsp;" : $row[$i];
 	  }
diff --git a/php/Attic/examples/sample-idp/create_metadata.php b/php/Attic/examples/sample-idp/create_metadata.php
new file mode 100644
index 00000000..cef56991
--- /dev/null
+++ b/php/Attic/examples/sample-idp/create_metadata.php
@@ -0,0 +1,134 @@
+<?php
+/*  
+ * Identity Provider Example -- Form for creating Service Provider Metadata
+ *
+ * Copyright (C) 2004 Entr'ouvert
+ * http://lasso.entrouvert.org
+ * 
+ * Authors: Christophe Nowicki <cnowicki@easter-eggs.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+ require_once 'HTML/QuickForm.php';
+
+  $form = new HTML_QuickForm('frm');
+
+  $form->setDefaults(array(
+    'providerID' => 'https://', 
+    'AssertionConsumerService' => 'https://', 
+    'SoapEndpoint' => 'https://', 
+    'SingleLogoutService' => 'https://', 
+    'RegisterNameIdentifierService' => 'https://', 
+	'AuthnRequestsSigned' => 1,
+	'filename' => getcwd().'/metadata.xml'
+  ));
+ 
+  $form->addElement('header', null, 'Create Liberty Alliance Metadata for an Service Provider');
+  $form->addElement('text', 'providerID', 'providerID:', array('size' => 60, 'maxlength' => 255));
+
+  $form->addElement('text', 'AssertionConsumerService', 'AssertionConsumerService:', array('size' => 60, 'maxlength' => 255));
+
+  $form->addElement('text', 'SingleLogoutService', 'SingleLogoutService:', array('size' => 60, 'maxlength' => 255));
+  $form->addElement('select', 'SingleLogoutProtocolProfile', 'SingleLogoutProtocolProfile:', array('http://projectliberty.org/profiles/slo-idp-soap'));
+
+  $form->addElement('text', 'RegisterNameIdentifierService', 'RegisterNameIdentifierService:', array('size' => 60, 'maxlength' => 255));
+  $form->addElement('select', 'RegisterNameIdentifierProtocolProfile', 'RegisterNameIdentifierProtocolProfile:', array('http://projectliberty.org/profiles/rni-sp-soap'));
+
+  $form->addElement('text', 'SoapEndpoint', 'SoapEndpoint:', array('size' => 60, 'maxlength' => 255));
+  $form->addElement('checkbox', 'AuthnRequestsSigned', 'Authn Requests must be signed? :', '');
+
+  $form->addElement('textarea', 'metadata', 'Metadata:', array('cols' => 60, 'rows' => 15));
+  $form->addElement('text', 'filename', 'Filename:', array('size' => 60, 'maxlength' => 255));
+  
+  $button[] = &HTML_QuickForm::createElement('button', null, 'Preview', array('onclick' => "write_metadata_preview();"));
+  $button[] = &HTML_QuickForm::createElement('submit', null, 'Write Metadata');
+  
+  $form->addGroup($button, null, null, '&nbsp;', false);
+  
+  if ($form->validate()) {
+
+	$xml = "<?xml version=\"1.0\"?>
+<EntityDescriptor providerID=\"". $form->exportValue('providerID') ."\" xmlns=\"urn:liberty:metadata:2003-08\">
+<SPDescriptor>
+    <AssertionConsumerServiceURL id=\"AssertionConsumerServiceURL1\" isDefault=\"true\">" . $form->exportValue('AssertionConsumerService') . "</AssertionConsumerServiceURL>\n 
+    <SingleLogoutServiceURL>" . $form->exportValue('SingleLogoutService') . "</SingleLogoutServiceURL>
+    <SingleLogoutProtocolProfile>" . $form->exportValue('SingleLogoutProtocolProfile') . "</SingleLogoutProtocolProfile>\n
+    <RegisterNameIdentifierServiceURL>" . $form->exportValue('RegisterNameIdentifierService')  . "</RegisterNameIdentifierServiceURL>
+    <RegisterNameIdentifierProtocolProfile>" . $form->exportValue('RegisterNameIdentifierProtocolProfile') . "</RegisterNameIdentifierProtocolProfile>\n
+    <SoapEndpoint>" . $form->exportValue('SoapEndpoint') . "</SoapEndpoint>\n
+    <AuthnRequestsSigned>" . (($form->exportValue('AuthnRequestsSigned')) ? 'true' : 'false') . "</AuthnRequestsSigned>
+</SPDescriptor>
+</EntityDescriptor>";
+
+
+	if (($fd = fopen($form->exportValue('filename'), "w")))
+	  {
+		  fwrite($fd, $xml);
+		  fclose($fd);
+  	  }
+  	else
+	  die("Could not write metadata file :" . $form->exportValue('filename'));
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html>
+<head>
+<body onLoad="window.close()">
+</body>
+</html>
+<?php
+	exit;
+  }
+?>
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html>
+<head>
+<script language="JavaScript" type="text/javascript">
+<!-- 
+
+  function write_metadata_preview(popurl)
+  {
+	frm = document.frm;
+	
+	frm.metadata.value = 	
+	'<\?xml version=\"1.0\"\?>\n' +
+	'<EntityDescriptor\n' +
+    'providerID="' + frm.providerID.value + '\"\n' +
+    'xmlns=\"urn:liberty:metadata:2003-08\">\n' +
+	'<SPDescriptor>\n' +
+    '<AssertionConsumerServiceURL id=\"AssertionConsumerServiceURL1\" isDefault=\"true\">' +
+	frm.AssertionConsumerService.value + '</AssertionConsumerServiceURL>\n' +
+    '<SingleLogoutServiceURL>' + frm.SingleLogoutService.value + '</SingleLogoutServiceURL>\n' +
+    '<SingleLogoutProtocolProfile>' +  frm.SingleLogoutProtocolProfile.options[frm.SingleLogoutProtocolProfile.value].text + '</SingleLogoutProtocolProfile>\n' +
+    '<RegisterNameIdentifierServiceURL>' + frm.RegisterNameIdentifierService.value + '</RegisterNameIdentifierServiceURL>\n' +
+    '<RegisterNameIdentifierProtocolProfile>' + frm.RegisterNameIdentifierProtocolProfile.options[frm.RegisterNameIdentifierProtocolProfile.value].text + '</RegisterNameIdentifierProtocolProfile>\n' +
+    '<SoapEndpoint>' + frm.SoapEndpoint.value + '</SoapEndpoint>\n' +
+    '<AuthnRequestsSigned>' + ((frm.AuthnRequestsSigned.value) ? 'true' : 'false') + '</AuthnRequestsSigned>\n' +
+	'</SPDescriptor>\n' +
+    '</EntityDescriptor>';
+  }
+//-->
+</script>
+</head>
+<body>
+<?php
+  $form->display();
+?>
+<br>
+<p>Copyright &copy; 2004 Entr'ouvert</p>
+</body>
+</html>
diff --git a/php/Attic/examples/sample-idp/defederate.php b/php/Attic/examples/sample-idp/defederate.php
new file mode 100644
index 00000000..05079268
--- /dev/null
+++ b/php/Attic/examples/sample-idp/defederate.php
@@ -0,0 +1,32 @@
+<?php
+/*  
+ * Identity Provider Example -- Destroy Federation
+ *
+ * Copyright (C) 2004 Entr'ouvert
+ * http://lasso.entrouvert.org
+ * 
+ * Authors: Christophe Nowicki <cnowicki@easter-eggs.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+  session_start();
+
+  if (!isset($_SESSION['user_id']))
+  {
+	die("User is not logged in!\n");
+  }
+
+?>
diff --git a/php/Attic/examples/sample-idp/federate.php b/php/Attic/examples/sample-idp/federate.php
new file mode 100644
index 00000000..fa57d360
--- /dev/null
+++ b/php/Attic/examples/sample-idp/federate.php
@@ -0,0 +1,32 @@
+<?php
+/*  
+ * Identity Provider Example -- Create Federation
+ *
+ * Copyright (C) 2004 Entr'ouvert
+ * http://lasso.entrouvert.org
+ * 
+ * Authors: Christophe Nowicki <cnowicki@easter-eggs.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+  session_start();
+
+  if (!isset($_SESSION['user_id']))
+  {
+	die("User is not logged in!\n");
+  }
+
+?>
diff --git a/php/Attic/examples/sample-idp/index.php b/php/Attic/examples/sample-idp/index.php
index d5fe963d..09939e0a 100644
--- a/php/Attic/examples/sample-idp/index.php
+++ b/php/Attic/examples/sample-idp/index.php
@@ -52,13 +52,9 @@ You can get more informations about <b>Lasso</b> at <br>
 
  require_once 'DB.php';
 
- if (!empty($_GET['SID'])) 
-  session_start($_GET['SID']);
- else
-  session_start();
+ session_start();
 
  lasso_init();
- 
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
@@ -82,12 +78,53 @@ You can get more informations about <b>Lasso</b> at <br>
 <tr>
   <td><b>Identity Provider Fonctionnality</b></td>
 </tr>
+<?php
+  if (!isset($_SESSION["user_id"])) {  
+  ?>
+<tr>
+  <td><a href="login.php">Local Login</a></td>
+</tr>
+<?php } else { ?>
 <tr>
-  <td><a href="login.php">Login</a></td>
+  <td><a href="federate.php">Create federation</a></td>
 </tr>
+<tr>
+  <td><a href="defederate.php">Destroy federation</a></td>
+</tr>
+<tr>
+  <td><a href="logout.php">Local Logout</a></td>
+</tr>
+<?php } ?>
 </table>
 </p>
-<!-- <p>Lasso Version : <?php // echo lasso_version(); ?></p> -->
+
+<p>
+<table border="1" frame="above">
+<caption><b>Status</b></caption>
+<tr>
+  <?php 
+	if (!isset($_SESSION["user_id"]))
+	{
+	  echo "<td>User is <b>not</b> logged in!</td>";
+	}
+	else 
+	{ 
+	  ?>
+	<td colspan='2' align="center">User <b>is</b> logged in!</td>
+</tr>
+<tr>
+	<td><b>UserID:</b></td><td><?php echo $_SESSION["user_id"]; ?></td>
+</tr>
+<tr>
+	<td><b>User Name:</b></td><td><?php echo $_SESSION["username"]; ?></td>
+</tr>
+<tr>
+	<td><b>PHP Session ID:</b></td><td><?php echo session_id(); ?></td>
+</tr>
+<?php
+  }
+?>
+</table>
 
 <br>
 <p>Copyright &copy; 2004 Entr'ouvert</p>
diff --git a/php/Attic/examples/sample-idp/login.php b/php/Attic/examples/sample-idp/login.php
index f8f7fbca..b61a933b 100644
--- a/php/Attic/examples/sample-idp/login.php
+++ b/php/Attic/examples/sample-idp/login.php
@@ -23,18 +23,53 @@
  */
    $config = unserialize(file_get_contents('config.inc'));
 
-  require_once 'DB.php';
   require_once 'HTML/QuickForm.php';
+  require_once 'DB.php';
+
   
   $form = new HTML_QuickForm('frm');
 
   $form->addElement('header', null, 'Login on the Lasso Identity Provider Example');
+  
   $form->addElement('text', 'username', 'Username:', array('size' => 50, 'maxlength' => 255));
   $form->addElement('password', 'password', 'Password:', array('size' => 50, 'maxlength' => 255));
   $form->addElement('submit', null, 'Ok');
 
   $form->addRule('username', 'Please enter the Username', 'required', null, 'client');
   $form->addRule('password', 'Please enter the Password', 'required', null, 'client');
+
+  if ($form->validate())
+  {
+  	$config = unserialize(file_get_contents('config.inc'));
+	
+   	$db = &DB::connect($config['dsn']);
+
+	if (DB::isError($db)) 
+	  die($db->getMessage());
+
+	  $query = "SELECT user_id FROM users WHERE username=" . $db->quoteSmart($form->exportValue('username'));
+	  $query .= " AND password=" . $db->quoteSmart($form->exportValue('password'));;
+
+	  $res =& $db->query($query);
+	  if (DB::isError($res)) 
+		die($res->getMessage());
+
+	  $db->disconnect();
+	
+	  if ($res->numRows()) 
+	  {
+		$row = $res->fetchRow();
+		session_start();
+		$_SESSION['user_id'] = $row[0];
+		$_SESSION['username'] = $form->exportValue('username');
+
+		$url = 'index.php';
+		header("Request-URI: $url");
+		header("Content-Location: $url");
+		header("Location: $url");
+		exit;
+	  }
+  }
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
diff --git a/php/Attic/examples/sample-idp/logout.php b/php/Attic/examples/sample-idp/logout.php
new file mode 100644
index 00000000..7f187cab
--- /dev/null
+++ b/php/Attic/examples/sample-idp/logout.php
@@ -0,0 +1,36 @@
+<?php
+/*  
+ * Identity Provider Example -- Local Logout
+ *
+ * Copyright (C) 2004 Entr'ouvert
+ * http://lasso.entrouvert.org
+ * 
+ * Authors: Christophe Nowicki <cnowicki@easter-eggs.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+  session_start();
+
+  # Destroy The PHP Session
+  $_SESSION = array();
+
+  session_destroy();
+
+  $url = "index.php";
+  header("Request-URI: $url");
+  header("Content-Location: $url");
+  header("Location: $url");
+?>
diff --git a/php/Attic/examples/sample-idp/setup.php b/php/Attic/examples/sample-idp/setup.php
index 306aa854..a7b148af 100644
--- a/php/Attic/examples/sample-idp/setup.php
+++ b/php/Attic/examples/sample-idp/setup.php
@@ -363,6 +363,15 @@
 <head>
 <title>Setup script for Lasso (Liberty Alliance Single Sign On)</title>
 <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15" />
+<script language="JavaScript" type="text/javascript">
+<!-- 
+
+  function openpopup(popurl)
+  {
+	var winpops=window.open(popurl,"","width=600,height=400")
+  }
+//-->
+</script>
 </head>
 <body>
 <form name='frm' action='<?php echo $PHP_SELF ?>' method='POST'>
@@ -447,7 +456,8 @@
 </tr>
 
 <tr>
-  <td>Metadata</td><td><input type='text' name='metadata' size='50'></td><td>&nbsp;</td>
+  <td>Metadata</td><td><input type='text' name='metadata' size='50'></td>
+  <td><a href="javascript:openpopup('create_metadata.php')">Create Metadata</a></td>
 </tr>
 
 <tr>
@@ -471,6 +481,8 @@
   <input type='submit' name='setup' value='setup'>
 </p>
 </form>
+<br>
+<p>Copyright &copy; 2004 Entr'ouvert</p>
 </body>
 </html>
 <?php
diff --git a/php/Attic/examples/sample-idp/singleSignOn.php b/php/Attic/examples/sample-idp/singleSignOn.php
index 5143f9c0..d9d7f10a 100644
--- a/php/Attic/examples/sample-idp/singleSignOn.php
+++ b/php/Attic/examples/sample-idp/singleSignOn.php
@@ -1,7 +1,6 @@
 <?php
 /*  
- *
- * Identity Provider Example -- Setup
+ * Identity Provider Example -- Single Sing On
  *
  * Copyright (C) 2004 Entr'ouvert
  * http://lasso.entrouvert.org
@@ -22,35 +21,191 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
+
+  require_once 'HTML/QuickForm.php';
+  require_once 'DB.php';
  
-  if (empty($_POST) && empty($_GET))
+  $config = unserialize(file_get_contents('config.inc'));
+
+  session_start();
+
+  // Create the form
+  $form = new HTML_QuickForm('frm');
+  
+  $form->addElement('header', null, 'Single Sing On Login');
+  
+  $form->addElement('text', 'username', 'Username:', array('size' => 50, 'maxlength' => 255));
+  $form->addElement('password', 'password', 'Password:', array('size' => 50, 'maxlength' => 255));
+  $form->addElement('submit', null, 'Ok');
+
+  $form->addRule('username', 'Please enter the Username', 'required', null, 'client');
+  $form->addRule('password', 'Please enter the Password', 'required', null, 'client');
+
+  // Login dump is not available, show the login form
+  if (!isset($_SESSION['login_dump']) && !$form->validate())
   {
-	die("Unknow login methode!");
-  }
-  $methode = empty($_POST) ? 'GET' : 'POST'; 
+	// Check for AuthnRequest
+	if (empty($_POST) && empty($_GET))
+	{
+	  die("Unknow login methode!");
+	}
 
-  $config = unserialize(file_get_contents('config.inc'));
+	lasso_init();
+  
+	$server_dump = file_get_contents($config['server_dump_filename']);
 
-  lasso_init();
+	$server = LassoServer::newfromdump($server_dump);
 
-  $server_dump = file_get_contents($config['server_dump_filename']);
+	$login = new LassoLogin($server);
 
-  $server = LassoServer::newfromdump($server_dump);
+	if ($_SERVER['REQUEST_METHOD'] = 'GET')
+	  $login->initFromAuthnRequestMsg($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect);
+	else
+	{
+	  // TODO
+	  exit;
+	}
 
-  $login = new LassoLogin($server);
+	// User must NOT Authenticate with the IdP 
+	if (!$login->mustAuthenticate()) 
+	{
+	  // TODO
+	  exit;
+	}
 
-  if ($methode = 'GET')
-  {
-	print $_SERVER['QUERY_STRING'];
-	$login->initFromAuthnRequestMsg($_SERVER['QUERY_STRING'], lassoHttpMethodRedirect);
-	print "ici";
-  } 
-  else
-  {
-	// TODO
+	$login_dump = $login->dump();
+
+	$_SESSION['login_dump'] = $login->dump();
+
+	lasso_shutdown();
   }
+  
+ 
+
+  if (isset($_SESSION['login_dump']) && $form->validate())
+  {
+	$db = &DB::connect($config['dsn']);
 
+	if (DB::isError($db)) 
+	  die($db->getMessage());
 
-  //echo $methode;
-  //echo $_SERVER['QUERY_STRING'];
+	$query = "SELECT user_id FROM users WHERE username=" . $db->quoteSmart($form->exportValue('username'));
+	$query .= " AND password=" . $db->quoteSmart($form->exportValue('password'));;
+
+	$res =& $db->query($query);
+	if (DB::isError($res)) 
+	  die($res->getMessage());
+
+	if ($res->numRows()) 
+	{
+	  // Get user_id from users
+	  $row = $res->fetchRow();
+	  $user_id = $row[0];
+	
+	  $server_dump = file_get_contents($config['server_dump_filename']);
+
+	  lasso_init();
+	  
+	  $server = LassoServer::newfromdump($server_dump);
+
+	  $login = LassoLogin::newfromdump($server, $_SESSION['login_dump']);
+
+	  $authenticationMethod = (($_SERVER["HTTPS"] == 'on') ? lassoSamlAuthenticationMethodSecureRemotePassword : lassoSamlAuthenticationMethodPassword);
+	  
+      if ($login->protocolProfile == lassoLoginProtocolProfileBrwsArt)
+	  {
+		$login->buildArtifactMsg(
+		  TRUE, // User is authenticated 
+		  $authenticationMethod,
+		  "2005-05-03T16:12:00Z", # FIXME: reauthenticateOnOrAfter
+		  lassoHttpMethodRedirect);
+	  }
+	  else if ($login->protocolProfile == lassoLoginProtocolProfileBrwsPost)
+	  {
+		// TODO
+		print "TODO : Post\n";
+		exit();
+	  }
+	  else
+		die("Unknown protocol profile for login:" . $login->protocolProfile);
+	  
+	  if ($login->isIdentityDirty)
+	  {
+		// TODO 
+		// print "isIdentityDirty yes";
+	  } 
+	  
+	  // Get name identifier
+	  $query = "SELECT name_identifier FROM nameidentifiers WHERE user_id='$user_id'";
+	  $res =& $db->query($query);
+	  if (DB::isError($res)) 
+		die($res->getMessage());
+
+	  // Save name identifier
+	  if (!$res->numRows())
+	  {
+		$query = "INSERT INTO nameidentifiers (name_identifier, user_id) ";
+		$query .= "VALUES ('" . $login->nameIdentifier . "','$user_id')";
+		$res =& $db->query($query);
+		if (DB::isError($res)) 
+  		  die($res->getMessage());
+		$name_identifier = $login->nameIdentifier;
+	  }
+	  else 
+	  {
+		$row = $res->fetchRow();
+		$name_identifier = $row[0];
+	  }
+
+	  // Update identity dump
+	  $identity = $login->identity;
+	  $query = "UPDATE users SET user_dump=".$db->quoteSmart($identity->dump())." WHERE user_id='$user_id'";
+	  
+	  $res =& $db->query($query);
+  	  if (DB::isError($res)) 
+		die($res->getMessage());
+	 
+	  // Update session dump
+	  $session = $login->session;
+	  $query = "UPDATE users SET session_dump=".$db->quoteSmart($session->dump())." WHERE user_id='$user_id'";
+	  
+	  $res =& $db->query($query);
+  	  if (DB::isError($res)) 
+		die($res->getMessage());
+
+	  // Save assertion 
+	  $query = 	"INSERT INTO assertions (assertion, response_dump) VALUES ('" . $login->assertionArtifact;
+	  $query .= "', '" . $login->responseDump . "')";
+
+	  $res =& $db->query($query);
+  	  if (DB::isError($res)) 
+		die($res->getMessage());
+
+	  if ($login->protocolProfile == lassoLoginProtocolProfileBrwsArt)
+	  {
+		$artifact = $login->assertionArtifact;
+		$response_msg = $login->responseDump;
+		$url = $login->msgUrl;
+
+		header("Request-URI: $url");
+		header("Content-Location: $url");
+		header("Location: $url");
+	  }
+	  else if ($login->protocolProfile == lassoLoginProtocolProfileBrwsPost)
+	  {
+	  }
+
+	  lasso_shutdown();
+	  exit();
+	}
+  }
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html>
+<body>
+<?php
+  $form->display();
 ?>
+</body>
+</html>
diff --git a/php/Attic/examples/sample-idp/soapEndpoint.php b/php/Attic/examples/sample-idp/soapEndpoint.php
index 11cfd52b..84b60bf7 100644
--- a/php/Attic/examples/sample-idp/soapEndpoint.php
+++ b/php/Attic/examples/sample-idp/soapEndpoint.php
@@ -22,4 +22,70 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
+  require_once 'DB.php';
+
+  header("Content-Type: text/xml\r\n");
+
+  if (empty($HTTP_RAW_POST_DATA))
+   die("HTTP_RAW_POST_DATA is empty!"); 
+
+  $config = unserialize(file_get_contents('config.inc'));
+   
+  $server_dump = file_get_contents($config['server_dump_filename']);
+
+  lasso_init();
+
+  $requestype = lasso_getRequestTypeFromSoapMsg($HTTP_RAW_POST_DATA);
+  $server = LassoServer::newfromdump($server_dump);
+
+  $db = &DB::connect($config['dsn']);
+
+  if (DB::isError($db)) 
+  	die($db->getMessage());
+
+  switch ($requestype) 
+  {
+	// Login
+	case lassoRequestTypeLogin:
+	  $login = new LassoLogin($server);
+	  $login->processRequestMsg($HTTP_RAW_POST_DATA);
+	  $artifact = $login->assertionArtifact;
+	
+	  $query = "SELECT response_dump FROM assertions WHERE assertion='";
+	  $query .= $artifact ."'";
+
+	  $res =& $db->query($query);
+	  if (DB::isError($res)) 
+		die($res->getMessage());
+
+	  // Good Artifact, send reponse_dump
+	  if ($res->numRows()) 
+	  {
+		$row = $res->fetchRow();
+		
+		$query = "DELETE FROM assertions WHERE assertion='" . $artifact . "'";
+		
+		$res =& $db->query($query);
+		if (DB::isError($res)) 
+		  die($res->getMessage()); 
+		header("Content-Length: " . strlen($row[0]) . "\r\n");
+		echo $row[0];
+	  }
+	  else
+	  {
+		// Wrong Artifact
+		header("HTTP/1.0 403 Forbidden");
+		header("Content-Length: 0\r\n");
+		exit;
+	  }
+	  break;
+	case lassoRequestTypeLogout:
+	  break;
+	case lassoRequestTypeDefederation:
+	  break;
+	default:
+	  die("Unkown request type!");
+  }
+  
+  lasso_shutdown();
 ?>
diff --git a/php/Attic/examples/sample-idp/user_add.php b/php/Attic/examples/sample-idp/user_add.php
index 1ef3cdb3..ff363f28 100644
--- a/php/Attic/examples/sample-idp/user_add.php
+++ b/php/Attic/examples/sample-idp/user_add.php
@@ -73,5 +73,7 @@
 <?php
   $form->display();
 ?>
+<br>
+<p>Copyright &copy; 2004 Entr'ouvert</p>
 </body>
 </html>