I recently had the pleasure, if you would like to call it that, to implement JOSSO with PHP at my work. I quickly learned a few things about the process of setting up Josso with PHP, that aren't well documented, and as such I am going to share my findings.
Let's start with downloading the PHP library for Josso. Most people will head straight to the SF.net repository for Josso and look for the PHP link. Well, let me save you the headache, it ain't there. The PHP library is stored inside of the josso main package (currently josso-1.7.zip as of this writing). The main package by-the-way is 80+ MB. You are looking for roughly 30Kb of files inside that zip.
Inside the zip you will find tons of files, and folders . Let me guide you to where the PHP files are: (after unzipping)
No, the double php is not a typo. Inside of that directory you will find three class files, a config file, a couple of login/logout views, the security check, and the josso file. Be forewarned there is also a nusoap directory, and this thing will cause some headache if you are not prepared.
Unless you have full control of your server that you are installing the JOSSO + PHP interface on, you will not have access to add Josso to the php.ini file to make is autoload on every single page. For this I really suggest using a MVC with Front Controller setup. This allows you to force the user through a single point to access any part of your site, and thus eliminates the need to make Josso autoload for every single php file on your site.
Finally I want to talk about Josso's implementation of SOAP. On their PHP site they write:
In case of using PHP5 be sure of disabling the native SOAP support in order to avoid conflicts with the SOAP API used by JOSSO.
That is 100% completely not needed. Here is why. The SOAP class they do use doesn't touch the SOAP class from PHP, and as such it can simply have all references changed. I simply loaded all the files from Josso into Eclipse and did a find and replace on soapclient (the actual class that conflicts) and renamed it to josso_soapclient. There were only a handful of places to change this, maybe 10. Once they were renamed the Josso + PHP experience was quite simple.
Lastly I want to quickly mention that when you load the sample scripts provided by Josso, you will get errors. Apparently some of the methods have changed since they wrote the Josso examples. I have submitted my changes to the Josso project, and I hope that they will be included as they only make sense. So if you get errors, just go into the code and look to see if 1) the method exists anywhere, and 2) find a similar method and call it.
I don't want to sound as though I am bagging on Josso at all, instead I am just letting people know the problems I had, and how I fixed them. The rest of the setup was really quite simple. For Single Sign-on, Josso is great.
So another small annoyance I found while using Josso was that when you send a bad login to Josso, Josso will hijack your user experience. I was passing the "jossobackto" string, and I couldn't think why it wouldn't send the user back. It turns out that Josso only uses the "jossobackto" string when there is a valid login, and a second parameter of "jossoonerror" is required for bad logins (or errors).