Fixes needed in case "example" is in a subdirectory of the web path

[deligant]

there are several small fixes in the example directory in order to have all working:

• all absolute paths should be replaced by relative paths (eg "/login" => "./login")
• in file "views/smart-button.php" the extraProviders.entityName should be "testenv" and not "Testenv"

Here are the fixes I made:

.htaccess

• spid.php is my temporary replacement to produce the response to the ajax request of my project
• logo/*.svg are the graphics of the IdP

RewriteCond %{REQUEST_FILENAME} !index.php
RewriteCond %{REQUEST_FILENAME} !spid.php
RewriteCond %{REQUEST_FILENAME} !.*.svg
RewriteRule ^(.+)$ index.php/$1 [QSA,L]

index.php

changing the switch as in

switch (basename($request_uri[0])) {

and removing the initial slash from the cases.

views/spid-smart-button/spid-button.min.js

the function "providers()" returns only 8 official providers, missing the 9th (lepida), as well as not providing the correct entityID (sielte).

Cookie Same Site Policy

There seems to be an issue with the same-site policy: I had to add

ini_set('session.cookie_samesite', 'None');

before any call to session_start() to have successfull logins

Hope this can be helpful

[secursim]

Hi @deligant,
I would to advise there are also mistakes with some logos inside spid-button.min.js (Intesa, Namirial, SpidItalia Register).

Then, I have a question: I am not a php developer and I never used it before, but for the project we are developing in my company, I have to use this library (or https://github.com/italia/spid-php, we are still deciding): so, can you explain me the last issue (Cookie Same Site Policy)? In which file and where in the code I should have to add ini_set('session.cookie_samesite', 'None'); ?
Thanks a lot

[deligant]

Hi @secursim
As said, you need to insert that line before any call to session_start() or, in case you have a global config file that is loaded and executed before any call to session_start(), in that config.file.
Hope this helps
Chris