Re: [eid-applet] Obtain data with lightopenid
852 views
Skip to first unread message
Frank Cornelis
Jul 2, 2012, 10:44:53 AM7/2/12
to eid-a...@googlegroups.com
Hi Ben,
I've done some testing with the LightOpenID library. The following test page seems to work (on my local machine that is):
<?php
include "openid.php";
$openid = new LightOpenID('localhost');
if ($openid->mode) {
echo $openid->validate() ? 'Logged in.' : 'Failed';
echo '<pre>';
echo print_r($openid->getAttributes(), true);
echo '</pre>';
} else {
$openid->identity = 'https://www.e-contract.be/eid-idp/endpoints/openid/ident';
$openid->required = array('namePerson/first', 'namePerson/last');
header('Location: ' . $openid->authUrl());
}
?>
Other available eID IdP OpenID attributes are:
namePerson/first
namePerson/last
namePerson
person/gender
contact/postalCode/home
contact/postalAddress/home
contact/city/home
eid/nationality
eid/pob
birthDate
eid/card-number
eid/card-validity/begin
eid/card-validity/end
Kind Regards,
Frank.
On 06/30/2012 08:59 AM, Ben wrote:
I've done some testing with the LightOpenID library. The following test page seems to work (on my local machine that is):
<?php
include "openid.php";
$openid = new LightOpenID('localhost');
if ($openid->mode) {
echo $openid->validate() ? 'Logged in.' : 'Failed';
echo '<pre>';
echo print_r($openid->getAttributes(), true);
echo '</pre>';
} else {
$openid->identity = 'https://www.e-contract.be/eid-idp/endpoints/openid/ident';
$openid->required = array('namePerson/first', 'namePerson/last');
header('Location: ' . $openid->authUrl());
}
?>
Other available eID IdP OpenID attributes are:
namePerson/first
namePerson/last
namePerson
person/gender
contact/postalCode/home
contact/postalAddress/home
contact/city/home
eid/nationality
eid/pob
birthDate
eid/card-number
eid/card-validity/begin
eid/card-validity/end
Kind Regards,
Frank.
On 06/30/2012 08:59 AM, Ben wrote:
Hello,
I use LightOpenID to authenticate an users with eID.
I can to receive the user's name but not other data.
Could you help me please.
I think the problem comes from an array.
I think the variable names do not match with eID.
I did some tests without success.
Could you tell me how to get the other data?
I think we should adapt this array.
static protected $ax_to_sreg = array(
'namePerson/friendly' => 'nickname',
'contact/email' => 'email',
'namePerson' => 'fullname',
'birthDate' => 'dob',
'person/gender' => 'gender',
'contact/postalCode/home' => 'postcode',
'contact/country/home' => 'country',
'pref/language' => 'language',
'pref/timezone' => 'timezone',
);
And perhaps the parameters of this function:
$openid->optional = array('namePerson');
Thanks.
--
You received this message because you are subscribed to the Google Groups "eID Applet" group.
To view this discussion on the web visit https://groups.google.com/d/msg/eid-applet/-/gYvHgSTIddgJ.
To post to this group, send email to eid-a...@googlegroups.com.
To unsubscribe from this group, send email to eid-applet+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/eid-applet?hl=en.
benoit....@gmail.com
Jul 2, 2012, 11:17:13 PM7/2/12
to eid-a...@googlegroups.com
Hi Frank,
I 've testing on my local pc.
it works with 'namePerson', 'namePerson/first', 'namePerson/last'.
But not with other attributes.
I test with gender.
My code is:
<?php
require 'openid.php';
try {
# Change 'localhost' to your domain name.
$openid = new LightOpenID('localhost/test');
if (!$openid->mode) {
$openid->identity = 'https://www.e-contract.be/eid-idp/endpoints/openid/auth';
$openid->optional = array('namePerson', 'namePerson/first','namePerson/last','person/gender');
header('Location: ' . $openid->authUrl());
} elseif ($openid->mode == 'cancel') {
echo 'User has canceled authentication!';
} else {
$nom = $openid->getAttributes();
echo 'Bonjour ' . $nom['namePerson'] . ' vous êtes connecté grâce à votre carte d\'identité</br>';
print_r($nom);
}
} catch (ErrorException $e) {
echo $e->getMessage();
}
And in the openid class:
static protected $ax_to_sreg = array(
'namePerson' => 'fullname',
'person/gender' => 'person/gender',
);
I tried these different syntaxes:
'person' => 'person',
'person' => 'person/gender',
'person' => 'gender',
'gender' => 'person',
'gender' => 'gender',
'gender' => 'person/gender',
'person/gender' => 'person/gender',
'person/gender' => 'person',
'person/gender' => 'gender',
The result:
Bonjour John DOE vous êtes connecté grâce à votre carte d'identité
Array ( [namePerson] => John DOE [namePerson/first] => John [namePerson/last] => DOE )
Thank for your help.
----
Ben
I 've testing on my local pc.
it works with 'namePerson', 'namePerson/first', 'namePerson/last'.
But not with other attributes.
I test with gender.
My code is:
<?php
require 'openid.php';
try {
# Change 'localhost' to your domain name.
$openid = new LightOpenID('localhost/test');
if (!$openid->mode) {
$openid->identity = 'https://www.e-contract.be/eid-idp/endpoints/openid/auth';
$openid->optional = array('namePerson', 'namePerson/first','namePerson/last','person/gender');
header('Location: ' . $openid->authUrl());
echo 'User has canceled authentication!';
} else {
$nom = $openid->getAttributes();
echo 'Bonjour ' . $nom['namePerson'] . ' vous êtes connecté grâce à votre carte d\'identité</br>';
print_r($nom);
}
} catch (ErrorException $e) {
echo $e->getMessage();
}
And in the openid class:
static protected $ax_to_sreg = array(
'person/gender' => 'person/gender',
);
I tried these different syntaxes:
'person' => 'person',
'person' => 'person/gender',
'person' => 'gender',
'gender' => 'person',
'gender' => 'gender',
'gender' => 'person/gender',
'person/gender' => 'person/gender',
'person/gender' => 'person',
'person/gender' => 'gender',
The result:
Bonjour John DOE vous êtes connecté grâce à votre carte d'identité
Array ( [namePerson] => John DOE [namePerson/first] => John [namePerson/last] => DOE )
Thank for your help.
----
Ben
2012/7/2 Frank Cornelis <frank.c...@fedict.be>
Frank Cornelis
Jul 3, 2012, 4:18:39 AM7/3/12
to eid-a...@googlegroups.com
Hi Ben,
The eID IdP offers 3 flows:
* identification (gives back all attributes)
* authentication
* authentication + identification (gives back all attributes)
If you want all attributes, you need to use the 'authentication + identification' flow, via:
https://www.e-contract.be/eid-idp/endpoints/openid/auth-ident
The following example performs an authentication and returns all attributes.
Kind Regards,
Frank.
The eID IdP offers 3 flows:
* identification (gives back all attributes)
* authentication
* authentication + identification (gives back all attributes)
If you want all attributes, you need to use the 'authentication + identification' flow, via:
https://www.e-contract.be/eid-idp/endpoints/openid/auth-ident
The following example performs an authentication and returns all attributes.
Kind Regards,
Frank.
<?php
include "openid.php";
$openid = new LightOpenID('localhost');
if ($openid->mode) {
echo $openid->validate() ? 'Logged in.' : 'Failed';
echo '<pre>';
echo print_r($openid->getAttributes(), true);
echo '</pre>';
} else {
$openid->identity =
'https://www.e-contract.be/eid-idp/endpoints/openid/auth-ident';
$openid->required = array('namePerson/first', 'namePerson/last',
'namePerson', 'person/gender', 'contact/postalCode/home',
'contact/postalAddress/home', 'contact/city/home', 'eid/nationality',
'eid/pob', 'birthDate', 'eid/card-number', 'eid/card-validity/begin',
'eid/card-validity/end');
$openid->required = array('namePerson/first', 'namePerson/last',
'namePerson', 'person/gender', 'contact/postalCode/home',
'contact/postalAddress/home', 'contact/city/home', 'eid/nationality',
'eid/pob', 'birthDate', 'eid/card-number', 'eid/card-validity/begin',
'eid/card-validity/end');
header('Location: ' . $openid->authUrl());
}
?>
benoit....@gmail.com
Jul 5, 2012, 1:02:53 PM7/5/12
to eid-a...@googlegroups.com
benoit....@gmail.com
Jul 10, 2012, 11:42:19 AM7/10/12
to eid-a...@googlegroups.com
Hi Frank,
Is it possible to receive the photo with LightOpenID()?
Thank.
----
Benoit Mauroit
2012/7/3 Frank Cornelis <frank.c...@fedict.be>
Frank Cornelis
Jul 11, 2012, 7:41:29 AM7/11/12
to eid-a...@googlegroups.com
Hi Benoit,
The OpenID Attribute Exchange extension as implemented in eID IdP does not support the eID photo attribute (yet). The reason for this is somewhat historical. Initially we implemented the OpenID response via a redirect instead of a browser POST. Since a redirect is limited in size, we had to leave out the eID photo attribute. Recently we switched to browser POST for the OpenID response, so we could add the eID photo attribute now without too much trouble I guess.
Does your application really require the eID photo, or is it more like a nice to have? If really required, I could schedule the OpenID eID photo attribute for the next release of the eID IdP product.
Kind Regards,
Frank.
The OpenID Attribute Exchange extension as implemented in eID IdP does not support the eID photo attribute (yet). The reason for this is somewhat historical. Initially we implemented the OpenID response via a redirect instead of a browser POST. Since a redirect is limited in size, we had to leave out the eID photo attribute. Recently we switched to browser POST for the OpenID response, so we could add the eID photo attribute now without too much trouble I guess.
Does your application really require the eID photo, or is it more like a nice to have? If really required, I could schedule the OpenID eID photo attribute for the next release of the eID IdP product.
Kind Regards,
Frank.
benoit....@gmail.com
Jul 11, 2012, 7:44:15 AM7/11/12
to eid-a...@googlegroups.com
Frank Cornelis
Aug 28, 2012, 4:28:57 AM8/28/12
to Rik Wouters, eid-a...@googlegroups.com
Hi Rik,
The eID IdP reads out the eID photo anyway to be able to verify the integrity of the eID data, even if it eventually is not included in the authentication response.
Kind Regards,
Frank.
On 08/27/2012 05:34 PM, Rik Wouters wrote:
The eID IdP reads out the eID photo anyway to be able to verify the integrity of the eID data, even if it eventually is not included in the authentication response.
Kind Regards,
Frank.
On 08/27/2012 05:34 PM, Rik Wouters wrote:
Hello Frank, Benoit,
regarding PHP, LightOpenID, eID and the Photo attribute
To perform secured data sharing with friends an family, I am considering the setup of a PHP websit, using eID identification and authentication.
Currently, I am playing around with PHP, LightOpenID and eID.
So far, I like the simplicity of such a solution. I really appreciate the efforts by the eID team.
But, I am a bit confused: if the photo attribute is not included in the POST via OpenID, what about the Java privacy warning ...
Allow the web application to use your eID identity information?Identity information: identity, address, photoYes - No
?
In case of OpenID, line 2 would be incorrect, Right? The photo is not (yet) included in the POST?
Looking forward to your answer,
Rik---
Frank Cornelis
Nov 19, 2012, 4:49:38 AM11/19/12
to eid-a...@googlegroups.com
Hi Jo,
Hereby a list of all eID IdP supported AX attributes:
http://axschema.org/namePerson
http://axschema.org/namePerson/first
http://axschema.org/namePerson/last
http://axschema.org/contact/postalAddress/home
http://axschema.org/contact/city/home
http://axschema.org/contact/postalCode/home
http://axschema.org/birthDate
http://axschema.org/person/gender
http://axschema.org/eid/nationality
http://axschema.org/eid/pob
http://axschema.org/eid/card-number
http://axschema.org/eid/card-validity/begin
http://axschema.org/eid/card-validity/end
Kind Regards,
Frank.
On 11/16/2012 12:20 PM, jovd wrote:
Hereby a list of all eID IdP supported AX attributes:
http://axschema.org/namePerson
http://axschema.org/namePerson/first
http://axschema.org/namePerson/last
http://axschema.org/contact/postalAddress/home
http://axschema.org/contact/city/home
http://axschema.org/contact/postalCode/home
http://axschema.org/birthDate
http://axschema.org/person/gender
http://axschema.org/eid/nationality
http://axschema.org/eid/pob
http://axschema.org/eid/card-number
http://axschema.org/eid/card-validity/begin
http://axschema.org/eid/card-validity/end
Kind Regards,
Frank.
On 11/16/2012 12:20 PM, jovd wrote:
Ok for your 13 attributes, Frank.
But what's about the 7 (?) last attributes we can fetch with the previous eID technic like country, title, special status, national number, issuing municipality, chip number (and picture !) ? What are their exact AX names (I could not find), if available ?
Thanks for all,
JoVD.
To view this discussion on the web visit https://groups.google.com/d/msg/eid-applet/-/tYh49y0XOlsJ.
Jo Van Damme
Nov 19, 2012, 6:12:54 AM11/19/12
to eid-a...@googlegroups.com
Hi Frank,
... and no national register number with Lightopenid ? What a catastrophe !
Kind regards, Jo.
Date: Mon, 19 Nov 2012 10:49:38 +0100
From: frank.c...@fedict.be
To: eid-a...@googlegroups.com
Subject: Re: [eid-applet] Obtain data with lightopenid
... and no national register number with Lightopenid ? What a catastrophe !
Kind regards, Jo.
Date: Mon, 19 Nov 2012 10:49:38 +0100
From: frank.c...@fedict.be
To: eid-a...@googlegroups.com
Subject: Re: [eid-applet] Obtain data with lightopenid
Frank Cornelis
Nov 19, 2012, 6:51:46 AM11/19/12
to eid-a...@googlegroups.com
Hi Jo,
You can use the OpenID identity URL as unique identifier.
Kind Regards,
Frank.
You can use the OpenID identity URL as unique identifier.
Kind Regards,
Frank.
Jo Van Damme
Dec 13, 2012, 8:01:19 AM12/13/12
to eid-a...@googlegroups.com
Hello Frank,
The problem is that I really need the national register number (and the picture) in my app.
Whom exactly should I ask for help there ? Yourself, LightOpenID, OpenID, ... ?
Thanks & regards, Jo.
Date: Mon, 19 Nov 2012 12:51:46 +0100
The problem is that I really need the national register number (and the picture) in my app.
Whom exactly should I ask for help there ? Yourself, LightOpenID, OpenID, ... ?
Thanks & regards, Jo.
Date: Mon, 19 Nov 2012 12:51:46 +0100
tph...@gmail.com
Mar 24, 2015, 4:45:02 AM3/24/15
to eid-a...@googlegroups.com, frank.c...@fedict.be
Hello Frank,
With the code you mentioned I get all card data, but also the message "Failed". So I have two questions about that :
1. Does that mean data were red on the card but not validated by the server ?
2. What can explain the same code works fine with some ID cards but still gives "Failed" for some others ?
Thank you for your help.
With the code you mentioned I get all card data, but also the message "Failed". So I have two questions about that :
1. Does that mean data were red on the card but not validated by the server ?
2. What can explain the same code works fine with some ID cards but still gives "Failed" for some others ?
Thank you for your help.
Frank Cornelis
Mar 24, 2015, 5:34:03 AM3/24/15
to eid-a...@googlegroups.com
Hi Ben,
Could you post the eID Applet "Details" when it fails?
Kind Regards,
Frank.
Could you post the eID Applet "Details" when it fails?
Kind Regards,
Frank.
To unsubscribe from this group and stop receiving emails from it, send an email to eid-applet+...@googlegroups.com.
To post to this group, send email to eid-a...@googlegroups.com.
Visit this group at http://groups.google.com/group/eid-applet.
For more options, visit https://groups.google.com/d/optout.
Angel De Arriba Rodero
Jun 16, 2015, 2:39:10 PM6/16/15
to eid-a...@googlegroups.com, frank.c...@fedict.be
Hi,
I'm using the eID and it is working fine on IE for both data and photo.
But I have a security issue with, I suppose, the java plugin when using other browsers :
I'm using the eID and it is working fine on IE for both data and photo.
But I have a security issue with, I suppose, the java plugin when using other browsers :
- Firefox (v38.0.5) : the plugin is bloqued (reason : vulnerable plugin). I may by-pass it, but people won't on the Internet ;
- Opera (v12.17) : doesn't react/work ;
- Chrome : doesn't react/work ;
Am I doing something wrong ?
Frank Cornelis
Jun 16, 2015, 2:41:38 PM6/16/15
to eid-a...@googlegroups.com
Hi Angel,
For information on the eID Applet behavior within different web browsers, check out:
https://www.e-contract.be/faq/
Kind Regards,
Frank.
For information on the eID Applet behavior within different web browsers, check out:
https://www.e-contract.be/faq/
Kind Regards,
Frank.
--
You received this message because you are subscribed to the Google Groups "eID Applet" group.
To unsubscribe from this group and stop receiving emails from it, send an email to eid-applet+...@googlegroups.com.
To post to this group, send email to eid-a...@googlegroups.com.
Angel De Arriba Rodero
Jun 16, 2015, 3:08:20 PM6/16/15
to eid-a...@googlegroups.com
Hi Frank,
Thanks for the quick answer.
This will help me out.
Best regards,
Angel.
Thanks for the quick answer.
This will help me out.
Best regards,
Angel.
Reply all
Reply to author
Forward
0 new messages