0) { $db = new PDO("pgsql:host=localhost;port=5432;dbname=oidc_db;user=$dbUser;password=$dbPass"); $siteName = $_POST['siteName']; $redirectURL = $_POST['redirectURL']; $authMethod = $_POST['endpointAuth']; $notes = $_POST['notes']; $clientDN = $_SERVER['SSL_CLIENT_S_DN']; $cn_pos = strpos( $clientDN, ',CN=' ); $clientName = substr( $clientDN, $cn_pos + 4 ); $stmt = $db->query("select created_at from clients where site_name = '$siteName' and owner_id like '%$clientName%' and deleted_at is null"); $res = $stmt->fetch(PDO::FETCH_ASSOC); echo "
"; if ($res) { echo "
"; echo "
"; echo "Error: Found an existing record for that site: '$siteName'"; echo "
"; echo "
"; } else { for ($emailIndex = 0; $emailIndex < 20; $emailIndex++) { $emailSAN = 'SSL_CLIENT_SAN_Email_' . $emailIndex; if (array_key_exists($emailSAN, $_SERVER)) { $clientEMail[] = $_SERVER[$emailSAN]; } else { break; } } switch( $authMethod ) { case 'basic': $endpointAuthMethod = 'client_secret_basic' ; break; case 'post': $endpointAuthMethod = 'client_secret_post' ; break; } $hydra_command = "/srv/hydra/bin/hydra create oauth2-client --endpoint " . $ini_arr[ 'URLs' ][ 'InternalHydraEndpointURL' ] . " --name '$siteName' --owner '$clientDN' --redirect-uri '$redirectURL' --token-endpoint-auth-method '$endpointAuthMethod' --scope openid,offline,offline_access,profile,email"; $retcode = exec($hydra_command, $hydraArray); $outArray = []; foreach ($hydraArray as $hydra) { $keyIDX = strpos($hydra, "\t"); if ($keyIDX === false) { $outArray[$hydra] = ""; } else { $valIDX = strrpos($hydra, "\t", -1); $key = substr($hydra, 0, $keyIDX); $val = substr($hydra, $valIDX + 1); $outArray[$key] = $val; } } if (array_key_exists('CLIENT ID', $outArray)) { echo "

Here are your Client ID and Client Secret

"; echo "
"; echo "Make sure that you copy these two values somewhere safe, because the Client Secret can "; echo "not be retrieved again."; echo "
"; echo "
"; echo "
"; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo "
"; echo "Client ID"; echo " "; echo ""; echo $outArray['CLIENT ID']; echo "
"; echo "Client Secret"; echo " "; echo ""; echo $outArray['CLIENT SECRET']; echo "
"; echo "
"; echo "
"; echo "

"; echo "You will also need the following URLs for your site plugin."; echo "

"; echo "
"; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo "
"; echo "Authorize"; echo " "; echo $ini_arr[ 'URLs' ][ 'AuthURL' ]; echo "
"; echo "Token"; echo " "; echo $ini_arr[ 'URLs' ][ 'TokenURL' ]; echo "
"; echo "User Info"; echo " "; echo $ini_arr[ 'URLs' ][ 'UserInfoURL' ]; echo "
"; echo "
"; ?>

Download a list of relevant URLs here

"; $stmt = $db->prepare("insert into clients ( site_name, site_owner, client_id, owner_id, redirect_url ) values ( ?, ?, ?, ?, ? ) "); $clientID = $outArray['CLIENT ID']; $retcode = $stmt->execute([$siteName, $clientName, $clientID, $clientDN, $redirectURL]); $dbClientID = $db->lastInsertID(); $stmt = $db->prepare("insert into owner_email ( client_id, e_mail ) values ( ?, ? )"); foreach ($clientEMail as $mail) { $retcode = $stmt->execute([$dbClientID, $mail]); } } else { echo "

"; echo "Unable to register new client."; echo "

"; } } } else { ?>

How to Register a New Site

To make use of this system and register a site, you need the following things:
  1. A unique name to identify your site registration

  2. The "Redirect URL" that the OpenID plugin for the site that you are registering requires.

  3. Does your plugin use Post or Basic authentication? The default is POST. If you have requirements other than those two, please contact the CAcert OpenID development team at bmccullough@cacert.org

  4. Optional notes for yourself.

You may download the various URLs provided by the OpenID component here







"; echo file_get_contents("html/footer.html"); echo "
"; echo '

Copyright © CAcert, Inc '; echo date("Y"); echo "

"; echo "
"; echo "
";