Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
11 lines (6 sloc) 2.14 KB

Porting The SSO Client

The SSO server is written in PHP and likely won't be ported to another language. It is big, complex, and has a lot of PHP-specific stuff in it and is intended to be installed standalone. The SSO client, however, is intended to be lightweight and relatively easy to port to other languages. This section aims to be a guide to porting the SSO client.

The SSO client has four primary responsibilities: Staying out of the way of someone integrating with it (i.e. avoiding naming conflicts), exposing classes and functions to the user that make sense, communicating with the SSO server endpoint and correctly processing replies including dealing with server outages, and managing everything in a secure fashion while being bandwidth-friendly (e.g. encrypting certain cookies while minimizing cookie length).

In theory, the SSO client can be ported by following a similar naming convention to the existing PHP code and doing a one-to-one port. However, each language is different and nice language features like "optional parameters" or "passing arrays/maps as a parameter" may not be possible or behave differently. Try to maintain similarities when naming variables and functions as much as possible.

The most difficult part of porting the SSO client will be communication with the SSO server. The endpoint expects communication to be single or dual encrypted using either the Blowfish or AES-256 cipher all with a specialized packet interface. Both the server and client know the shared secret used to encrypt the underlying data, which contains information on which encryption method is expected. You will either need to use native cipher implementations (rare) or find or write a library with the correct implementation and then write a couple of packet wrapper routines that perform identically to the PHP encrypt/decrypt packet routines. You will also need a JSON encoder and decoder, which any rational, modern, competent language has. You will also need to create a way to obtain secure random bytes of data and may want to port part of the CSPRNG that comes with the SSO client to make life easier for the rest of the port.