PhpRiot
Become Zend Certified

Prepare for the ZCE exam using our quizzes (web or iPad/iPhone). More info...


When you're ready get 7.5% off your exam voucher using voucher CJQNOV23 at the Zend Store

Basic Theory of Usage

Usage of Zend_InfoCard can be done one of two ways: either as part of the larger Zend_Auth component via the Zend_InfoCard authentication adapter or as a stand-alone component. In both cases an information card can be requested from a user by using the following HTML block in your HTML login form:

<form action="http://example.com/server" method="POST">
  <input type='image' src='/images/ic.png' align='center'
        width='120px' style='cursor:pointer' />
  <object type="application/x-informationCard"
          name="xmlToken">
   <param name="tokenType"
         value="urn:oasis:names:tc:SAML:1.0:assertion" />
   <param name="requiredClaims"
         value="http://.../claims/privatepersonalidentifier
         http://.../claims/givenname
         http://.../claims/surname" />
 </object>
</form>

In the example above, the requiredClaims <param> tag is used to identify pieces of information known as claims (i.e. person's first name, last name) which the web site (a.k.a "relying party") needs in order a user to authenticate using an information card. For your reference, the full URI (for instance the givenname claim) is as follows: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

When the above HTML is activated by a user (clicks on it), the browser will bring up a card selection program which not only shows them which information cards meet the requirements of the site, but also allows them to select which information card to use if multiple meet the criteria. This information card is transmitted as an XML document to the specified POST URL and is ready to be processed by the Zend_InfoCard component.

Note, Information cards can only be HTTP POSTed to SSL-encrypted URLs. Please consult your web server's documentation on how to set up SSL encryption.

Zend Framework