Michael Sole
asked on
SSL Mutual Auth in PHP
Is it possible to do SSL Mutual Auth at the applicaton level in PHP? If so can you show me a code sample?
ASKER
The SSL Mutual Auth is just to be used to restrict the two connections. It is used inside the context of an SSO handshake. Server A passes account number to server B, server B responds with a session ID that Server A passes to the client and the logs the user into server B. The passing of the account number is done via a SAML assertion.
I am new to the term "SSL Mutual Auth" but from what I read it is normally done at the server level (like a white list) but honestly I just don't know.
I am new to the term "SSL Mutual Auth" but from what I read it is normally done at the server level (like a white list) but honestly I just don't know.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
We are talking about PHP being used in an HTTP context. I already have code that will accept an encrypted SAML assertion and decrypt it, create the proper session ID and return it. I just need to do this "mutual auth" thing of which I am not sure what it is. So our customer will post to a web service endpoint (https://someurl.com/sso.php) a SAMLAssertion and we return an sid for use in an SSO.
ASKER
So I think I understand it better than I did yesterday. I believe the option I need for my purposes is to use an htaccess file to require a cert to access a specific path. Would you know how to construct that? I am not the good with apache
Can you please step back from the technical details and just describe your application in plain language? What are you transmitting, where does it come from and go to, what are the security levels and risks associated with a breach or damage to the data, etc. Thanks, ~Ray