php-saml | Simple SAML toolkit for PHP | Authentication library
kandi X-RAY | php-saml Summary
kandi X-RAY | php-saml Summary
OneLogin's SAML PHP toolkit let you build a SP (Service Provider) over your PHP application and connect it to any IdP (Identity Provider). Integrate your PHP toolkit at OneLogin using this guide:
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Validate the SAML response .
- Builds a single Logout .
- Adds default values
- Parse an XML document .
- Decrypt an XML element .
- Process the SLO response .
- Build the SAML response .
- Returns an associative array of all form values .
- Get LogoutRequest ID .
- Returns the redirect URL for this Authn .
php-saml Key Features
php-saml Examples and Code Snippets
Community Discussions
Trending Discussions on php-saml
QUESTION
I can't understand, how to generate
for the metadata file block in the Laravel application. The app uses aacotroneo/laravel-saml2 and onelogin/php-saml packages. In settings I tried to set 'wantNameIdEncrypted' => true and/or 'wantAssertionsEncrypted' => true. But in the /saml2/idpName/metadata I see only . Maybe it is because I am on the local environment?
I am stuck with this problem for many hours and will be grateful for any explanation about how this blocks are generated and how to use both of them.
ANSWER
Answered 2020-Nov-10 at 07:33My problem was that I just didn't add 'security' key to the mentioned parameters. They were in the end of example file without any keys and I thought, that it is enough to just uncomment right lines, but no, they are a part of security config.
QUESTION
I don't know if what I would like to do is possible. I'm trying to integrate the authentication mechanism of my university in an android application which uses Laravel as backend. I've decoded the SAMLResponse and in the XML file I found this
...ANSWER
Answered 2019-Nov-25 at 14:31I'd look at SimpleSAMLphp. You application will be a "service provider" or SP. You'll need to generate metadata for your application, which you'll need to share with the IdP administrators at your university to enable the integration. The SSP quickstart link provided above gives details on obtaining metadata for your SP, and how to convert the Identity Provider-supplied XML metadata into a format that's readable by the SSP libraries.
Only after the exchange of metadata occurs and your application is trusted can you being to exchange SAML responses. SSP makes this process easy, as you'll just end up calling a few lines of code any time a resource needs to be protected, i.e.
QUESTION
I am using the php-saml toolkit https://github.com/onelogin/php-saml to implement an SSO in a web application. The authentication in itself works but when i check with an intercepting proxy https://portswigger.net/burp/communitydownload the saml token appears in clear (as xml, with the username along with all information passed for authentication). In the connector and the setting https://github.com/onelogin/php-saml/blob/master/settings_example.php i have set the certificate (in idp/x509cert)
I am not sure if the presence of the certFingerprint makes a difference, i tried with and without and the saml token is in clear in both cases.
Is it possible to have this saml response encrypted ? it is still signed so it cannot be changed but having this data in clear is still a problem for me
...ANSWER
Answered 2019-Apr-15 at 11:27You can indeed have the SAML response encrypted, and it will need to be setup by your Onelogin administrator for your application. Encrypting the Response ( or the Assertion ) is mitigated by using TLS as you're already encrypted at the transport layer, and most applications I see don't encrypt Response or Assertion, but it's available in Onelogin if needed.
QUESTION
I am trying to install LightSAML https://packagist.org/packages/lightsaml/lightsaml, into a Laravel app, to do some very basic deserialization of a HTTP POST request, but getting errors:
...ANSWER
Answered 2018-Apr-08 at 22:16If the idea is just to decode the SAMLResponse data that's being POST'ed to your endpoint, then you can achieve that easily (as long as it's not encrypted).
The SAMLResponse is base64 encoded, so you just have to decode it. In the controller method where you're receiving the data, you'll do something like:
QUESTION
My application needs to provide IDP like service using which I like to generate a saml response to the registered SP. So that users of my application can login to the registered SP's applications. But I think php-saml(provided by OneLogin) lib is SP side library which would process IdP response. Can I use it to generate saml response (like an IdP) so that SP can allow users to login?
...ANSWER
Answered 2018-Feb-22 at 17:44The OneLogin php-saml library is the SP side, only. However, there is another tool available, SimpleSAMLphp, that can do the IdP side:
QUESTION
I am having quite a time setting up SAML integration with a client using our platform. We're using OneLogin's php sdk on our end to act as a service provider. Not sure what they're using as an identity provider or if it is something custom.
It seems no matter what we do, the AuthN Response we receive from them has the status: urn:oasis:names:tc:SAML:2.0:status:Responder
As I read it here, all that means is that there was an issue (we don't know what) on their side. Sort of the equivalent of a 500 status in php.
The guy I'm working with on their end is sure that this is an issue of a configuration mismatch. Either that they're not providing the right claims, or not signing the part we're asking them to sign, etc.
But if that were the case... wouldn't they still send us a response with a success status? And maybe we'd get an error on our side if they didn't sign it right. But I wouldn't expect to receive the 'Responder' status from them.
Can anyone either confirm that I'm making the right assumption or set me straight it I'm wrong?
...ANSWER
Answered 2017-Sep-29 at 05:02Yes you are correct. Those two errors would not be noticed before the message reaches your side. It something else and it should not be that impossible to find looking at the logs at their side.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install php-saml
Use a settings.php file that we should locate at the base folder of the toolkit.
Use an array with the setting data.
Once the SP is configured, the metadata of the SP is published at the metadata.php file. Configure the IdP based on that information.
The Onelogin's PHP Toolkit allows you to provide the settings info in two ways:. The first is the case of the demo2 app. The setting.php file and the setting_extended.php file should be defined at the base folder of the toolkit. Review the setting_example.php and the advanced_settings_example.php to learn how to build them. In this case as Attribute Consume Service and Single Logout Service we are going to use the files located in the endpoint folder (acs.php and sls.php).
Use a settings.php file that we should locate at the base folder of the toolkit.
Use an array with the setting data.
Once the SP is configured, the metadata of the SP is published at the metadata.php file. Based on that info, configure the IdP.
This demo uses the old style of the version 1 of the toolkit. An object of the class OneLogin_Saml_Settings must be provided to the constructor of the AuthRequest. You will find an example_settings.php file at the demo-old's folder that could be used as a template for your settings.php file. In that template, SAML settings are divided into two parts, the application specific (const_assertion_consumer_service_url, const_issuer, const_name_identifier_format) and the user/account specific idp_sso_target_url, x509certificate). You'll need to add your own code here to identify the user or user origin (e.g. by subdomain, ip_address etc.).
Once the SP is configured, the metadata of the SP is published at the metadata.php file. After that, configure the IdP based on that information.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
