Manage Live@edu in PHP – Single Sign-On, Exchange Web Services, Windows Live Admin Center
Official Live@edu provides all necessary SDKs for deployment all titled functionality in .NET platform. In most cases I recommend to use IIS + ASP .NET as more robust in development in support platform. But what if your School is using PHP portal and it is impossible to move to .NET now, but you want to provide all students with E-mails on Live@edu platform?
I’ve combined all 3 technologies in one single PHP library. You must make only several steps to enrich your PHP portal experience with Microsoft Live@edu.
1. Acquiring the certificate
To get certificate visit https://eduadmin.live.com/SSO.aspx and authenticate with your domain administrator Windows Live ID, and press “Request Single Sign-On”.
You’ll get 3 e-mails in a week. First one is a link to cert download, second – password for download and third is the SiteID – 6-digit code for set up SSO.
You can proceed with all features setting, but SSO will be enabled only after you’ll get those 3 emails.
2. Download PHP-code
Download zip-archive from phpsso.codeplex.com .
3. Prepare cert
In ed-desk’s bundle (b.1), you’ll find 2 files .cer и .pfx. For SSO in PHP you’ll need to convert cert from .pfx file. You can do this with openssl.exe utility, included in package:
1. runme.bat does all necessary actions when you run it with your certificate file as a parameter.
2. When password requested press Enter.
3. You’ll get file all.cer upon finish.
4. You must divide all.cer to 2 parts
1. First one with name private.pem must contain first part of all.cer including “-----END RSA PRIVATE KEY-----“ line. Cut this part from all.cer.
2. Rename all.cer with left data to cer.pem .
4. Set up module
All settings are located in settings.php:
• $adminwlid , $adminpass – alias and password of domain’s administrator. This data is required for Windows Live Admin Center class.
• $applicationid, $secretkey – Application ID (visit http://msdn.microsoft.com/en-us/library/bb676626.aspx for instruction). In most cases domain name without www will be taken by SSO functionality, so you can register domain with www. For example, for domain @live.school.edu it would be www.live.school.edu . This data is required for Exchange Web Services class.
• $ewsadmin, $ewspass – alias and password for user with Application Impersonation rights. Check bullet 1 of http://mamichev.spaces.live.com/blog/cns!DAD805F3381EED7B!2753.entry for additional information (in Russian).
• $siteid – SiteID code (b. 1)
• $cer, $private – path to certificate files from bullet 3.
5. Usage
There are 3 classes in sso_class.php. You can refer to index.php to get examples of usage.
Include Class and Settings files in your script:
include("settings.php");
include("sso_class.php");
Windows Live Admin Center (WLAC)
You can create and delete users, change password, E-mail address and a lot of other functionality that is described on WSDL-page https://domains.live.com/service/managedomain2.asmx . Unfortunately, extended management is disabled for Live@edu administrator account.
To inititalize use the following command:
• $wl = new wlac($adminwlid,$adminpass);
Now you can use methods that are shown in index.php:
• $wl->Execute("ResetMemberPassword",Array("memberNameIn"=>$POST'email',"password"=>$POST'password',"resetPassword"=>"false"));
Method Execute gets two parameters. First – command, second – array with parameters. If you need to pass multiline parameters, use nested arrays.
There are some requirements for password in Windows Live. You can check password with method.
• $wl->validate_creds($email,$pass)
Output is array with errors (there are 3 kinds of errors – wrong length, wrong symbols and alias included in password).
Single Sign-On (SSO)
This class lets your portal provide students with access to Live@edu (Outlook Live, Office Live, Windows Live, etc.) after login to your portal without additional authentication in Windows Live.
SSO process basically consists from 3 actions:
1. Getting Short Living Ticket (SLT):
$getSLT = new GetSLT($siteid,$cer,$private);
2. Getting link for redirecting (class supports outlooklive, olw, skydrive, spaces, home, but you can add your own links):
$ssourl = $getSLT->ServiceUrl($POST'service')."&slt=".$getSLT->Request($POST'email',"30");
3. Redirecting
header("location:$ssourl"); die();
Exchange Web Services (EWS)
Schools using Live@edu Organization plan can use Exchange Web Services for getting access to user data in Exchange.
User account (not necessary with domain administrator rights), which is used for operating with EWS, must have Application Impersonation rights. To get those rights proceed with b.1 of manualhttp://mamichev.spaces.live.com/blog/cns!DAD805F3381EED7B!2753.entry .
For initialization do:
• $lews = new LAE_EWS(Array("admin"=>$ewsadmin,"pass"=>$ewspass,"appid"=>$applicationid,"seckey"=>$secretkey));
For using EWS call class’s methods. For example to get e-mails:
• $emails = $lews->GetEMails($_POST'email',10,0);
You can find a lot of additional function for EWS in this class’s prototype at http://www.educationlabs.com/projects/moodleproduct/Pages/default.aspx .
6. Links
Classes were written almost from zero. But principles of managing different services were taken from basic developments:
• Single Sign-On – CURL usage concept was delivered by Adam Bradley in project http://phplivesso.codeplex.com/ .
• Exchange Web Services – EWS technology was taken from Microsoft Education Labs http://www.educationlabs.com/projects/moodleproduct/Pages/default.aspx (don’t lose the chance to explore their code – it is very complicated, but very correct – on high level of abstraction, handles all exceptions, etc.).
• Windows Live Admin Center – class was built on concept in both managedomain.cs form WLAC SDK and Mauricio Cuenca’s blog at http://www.mauriciocuenca.com/blog/2008/07/windows-live-admin-center-php-client/ . Another interesting example: http://social.msdn.microsoft.com/forums/en-US/wlgeneraldev/thread/0720ba9e-85b8-4689-a2b6-20acf3d727fa/ , but I’ve experienced some difficulties with SOAP library, so preferred to build several simple methods on cURL basement.

Last edited Nov 2, 2009 at 6:04 AM by AntonMamichev, version 1

Comments

clutz Feb 7, 2011 at 4:06 AM 
Dear...
I'm using this code and it works well... manage users, etc... now i really need your help how to create a group and manage it... add users into a group, delete it and etc... thx for your help...