Download the PHP package simplesamlphp/openid without Composer
On this page you can find all versions of the php package simplesamlphp/openid. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package openid
OpenID Tools Library
The library is under development, and you can expect braking changes along the way.
The library provides some common tools that you might find useful when working with OpenID family of specifications.
Installation
Library can be installed by using Composer:
OpenID Federation (draft 43)
The initial functionality of the library revolves around the OpenID Federation specification. To use it, create an
instance of the class \SimpleSAML\OpenID\Federation
Trust chain resolver
Once you have a \SimpleSAML\OpenID\Federation instantiated, you can continue with using available tools. The first
tool we will take a look at is trust chain resolver. This tool can be used to try and resolve the (shortest) trust chain
for given leaf entity (subject) and trusted anchors:
If the trust chain is successfully resolved, this will return an instance of
\SimpleSAML\OpenID\Federation\TrustChainBag. Otherwise, exception will be thrown.
From the TrustChainBag you can get the TrustChain using several methods.
Once you have the Trust Chain, you can try and get the resolved metadata for particular entity type. Resolved metadata means that all metadata policies from all intermediates have been successfully applied. Here is one example for trying to get metadata for OpenID RP, which will return an array (or null if no metadata is available for given entity type):
If getting metadata results in an exception, the metadata is considered invalid and is to be discarded.
Additional verification of signatures
The whole trust chain (each entity statement) has been verified using public keys from JWKS claims in configuration / subordinate statements. As per specification recommendation, you can also validate the signature of the Trust Chain Configuration Statement by using the Trust Anchor public keys (JWKS) that you have acquired in some secure out-of-band way (so to not only rely on TLS protection while fetching Trust Anchor Configuration Statement):
Fetching Trust Marks
Federation tools expose Trust Mark Fetcher which you can use to dynamically fetch or refresh (short-living) Trust Marks.
Validating Trust Marks
Federation tools expose Trust Mark Validator with several methods for validating Trust Marks, with the most common one being the one to validate Trust Mark for some entity simply based on the Trust Mark Type.
If cache is utilized, Trust Mark validation will be cached with cache TTL being the minimum expiration
time of Trust Mark, Leaf Entity Statement or maxCacheDuration, whatever is smaller.
All versions of openid with dependencies
ext-filter Version *
guzzlehttp/guzzle Version ^7.8
psr/http-client Version ^1
psr/http-message Version ^2
psr/log Version ^3
psr/simple-cache Version ^3
web-token/jwt-library Version ^3.4 || ^4.0.2