forked from looker/looker_embed_sso_examples
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sso_embed.php
78 lines (69 loc) · 2.83 KB
/
sso_embed.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
<?php
date_default_timezone_set('America/Los_Angeles');
$secret = "<your_secret_here>";
$embedpath= "/embed/dashboards/3";
$host = "<your_looker_endpoint>";
$path = "/login/embed/" . urlencode($embedpath);
$json_nonce = json_encode(md5(uniqid()));
$json_current_time = json_encode(time());
$json_session_length = json_encode(3600);
$json_external_user_id = json_encode("<db_user_id>");
$json_first_name = json_encode("<first_name>");
$json_last_name = json_encode("<last_name>");
$json_permissions = json_encode( array ( "see_user_dashboards", "see_lookml_dashboards", "access_data", "see_looks" ) );
$json_models = json_encode( array ( "<your_model_name>" ) );
$json_group_ids = json_encode( array ( 4, 2 ) ); // just some example group ids
$json_external_group_id = json_encode("awesome_engineers");
$json_user_attributes = json_encode( array ( "an_attribute_name" => "my_value", "my_number_attribute" => "0.231" ) ); // just some example attributes
// NOTE: accessfilters must be present and be a json hash. If you don't need access filters then the php
// way to make an empty json hash as an alternative to the below seems to be:
// $accessfilters = new stdClass()
$accessfilters = array (
"<your_model_name>" => array ( "view_name.dimension_name" => "<value>" )
);
$json_accessfilters = json_encode($accessfilters);
$stringtosign = "";
$stringtosign .= $host . "\n";
$stringtosign .= $path . "\n";
$stringtosign .= $json_nonce . "\n";
$stringtosign .= $json_current_time . "\n";
$stringtosign .= $json_session_length . "\n";
$stringtosign .= $json_external_user_id . "\n";
$stringtosign .= $json_permissions . "\n";
$stringtosign .= $json_models . "\n";
$stringtosign .= $json_group_ids . "\n";
$stringtosign .= $json_external_group_id . "\n";
$stringtosign .= $json_user_attributes . "\n";
$stringtosign .= $json_accessfilters;
$signature = trim(base64_encode(hash_hmac("sha1", utf8_encode($stringtosign), $secret, $raw_output = true)));
// , $raw_output = true
$queryparams = array (
'nonce' => $json_nonce,
'time' => $json_current_time,
'session_length' => $json_session_length,
'external_user_id' => $json_external_user_id,
'permissions' => $json_permissions,
'models' => $json_models,
'group_ids' => $json_group_ids,
'external_group_id' => $json_external_group_id,
'user_attributes' => $json_user_attributes,
'access_filters' => $json_accessfilters,
'first_name' => $json_first_name,
'last_name' => $json_last_name,
'force_logout_login' => false,
'signature' => $signature
);
$querystring = "";
foreach ($queryparams as $key => $value) {
if (strlen($querystring) > 0) {
$querystring .= "&";
}
if ($key == "force_logout_login") {
$value = "true";
}
$querystring .= "$key=" . urlencode($value);
}
$final = "https://" . $host . $path . "?" . $querystring;
echo $final;
echo "\n";
?>