PowerSchool's Open ID SSO (Single Sign On) currently only works if the request is initiated from PowerSchool's site. Therefore, start off with creating the Open ID link plugin.
SSO Link Plugin
<?xml version="1.0" encoding="UTF-8"?>
<plugin xmlns="http://plugin.powerschool.pearson.com"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation='http://plugin.powerschool.pearson.com plugin.xsd'
name="Insert Your PluginsName"
version="1.0.0"
description="Insert a description here">
<!-- The host name without scheme i.e., https. This is the host with which PowerSchool will perform the handshake -->
<!-- and will pass the attributes to. -->
<!-- NOTE: This host must have a valid SSL for this to work. -->
<openid host="www.myopenid.com">
<links>
<link display-text="Insert links display text here"
title="Insert links title here"
path="/openidlogin">
<!-- The relative path to the hostname Open ID initiation is performed on the host specified above i.e., -->
<!-- www.myopenid.com/openidlogin -->
<ui_contexts>
<!-- You may add other user contexts too i.e., guardian etc -->
<ui_context id="admin.header" />
<ui_context id="admin.left_nav" />
</ui_contexts>
</link>
</links>
</openid>
<publisher name="XYZ">
<contact email="xyzAtmyopenId.com"/>
</publisher>
</plugin>
- Save the above as a XML file.
- Go to the admin site i.e.,
xyzps.com/admin/home.html
- Navigate to System -> System Settings -> Plugin Management Configuration -> Install -> Install the plugin -> Enable the plugin.
- The plugin should now be visible on the contexts provided in the ui_contexts i.e., Admin header and left navigation.
LightOpenID
Head over to LightOpenID and add it to your project.
Authentication with PowerSchool and Attributes Requests
On the path mentioned in the plugin for openid host i.e., /openidlogin
add the required attributes and redirect to the authentication url:
$openid = new LightOpenID("Insert hostname i.e., www.myopenid.com");
$openid->identity = $_GET['openid_identifier'];
$openid->required = array(
'email'=>'http://powerschool.com/entity/email'
);
$openid->returnUrl = 'Insert SSL enabled hostname i.e., https://www.myopenid.com/authenticateopenid';
header('Location: ' . $openid->authUrl());
Customize LightOpenID
Before proceeding we will need to modify the LightOpenID because it prefixes the attributes with http://axschema.org/
due to which no attribute value will be returned. To do this:
Navigate to LightOpenID.php
-> axParams()
and change
$this->aliases[$alias] = 'http://axschema.org/' . $field;
To
$this->aliases[$alias] = $field;
Navigate to LightOpenID.php
-> getAxAttributes()
and change
$key = substr($this->getItem($prefix . '_type_' . $key), $length);
To
$key = $this->getItem($prefix . '_type_' . $key);
Verify and Retrieve User's Attributes
On the path specified in Open ID's return URL i.e., authenticateopenid
, verify the user and retrieve their attributes:
$openid = new LightOpenID("Insert hostname i.e., www.myopenid.com");
if ($openid->mode)
{
if ($openid->mode == 'cancel') {
echo "User has canceled authentication !";
} elseif ($openid->validate()) {
$data = $openid->getAttributes();
$email = $data['http://powerschool.com/entity/email'];
echo "</br>Email: " . $email . "</br>";
}
else {
echo "The user has not logged in";
}
}
else {
echo "Go to PowerSchool to log in.";
}