Link to home
Create AccountLog in
Avatar of Michael Sole
Michael Sole

asked on

SSL Mutual Auth in PHP

Is it possible to do SSL Mutual Auth at the applicaton level in PHP? If so can you show me a code sample?
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image

This question sounds like it has some context that is not available to us here.

Can you please step back from the technical details and just describe your application in plain language?  What are you transmitting, where does it come from and go to, what are the security levels and risks associated with a breach or damage to the data, etc.  Thanks, ~Ray
Avatar of Michael Sole
Michael Sole

ASKER

The SSL Mutual Auth is just to be used to restrict the two connections. It is used inside the context of an SSO handshake. Server A passes account number to server B, server B responds with a session ID that Server A passes to the client and the logs the user into server B. The passing of the account number is done via a SAML assertion.

I am new to the term "SSL Mutual Auth" but from what I read it is normally done at the server level (like a white list) but honestly I just don't know.
ASKER CERTIFIED SOLUTION
Avatar of Julian Hansen
Julian Hansen
Flag of South Africa image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
We are talking about PHP being used in an HTTP context. I already have code that will accept an encrypted SAML assertion and decrypt it, create the proper session ID and return it. I just need to do this "mutual auth" thing of which I am not sure what it is. So our customer will post to a web service endpoint (https://someurl.com/sso.php) a SAMLAssertion and we return an sid for use in an SSO.
So I think I understand it better than I did yesterday. I believe the option I need for my purposes is to use an htaccess file to require a cert to access a specific path. Would you know how to construct that? I am not the good with apache