All geek questions in one place

SAML SSO in cakephp application

I have a cakephp application for which users must authenticate via SAML Sign Sign. To do this, I went to the link " https://github.com/zl4bv/CakePHP-simpleSAMLphp-Plugin ".

According to his documentation, I downloaded fresh copies of cakephp and simpleSAMLphp. Now I have a cakephp folder and a simpleSAMLphp folder in my workspace. I installed simpleSAMLphp as described in the link " https://simplesamlphp.org/docs/stable/ ". I followed these steps: (1) I configured simpleSAML in apache consigmentation, as shown below:

<VirtualHost *>
        ServerName service.local-saml.com
        DocumentRoot /var/www/simplesamlphp/www/

       <Directory "/var/www/simplesamlphp/www/">
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>
</VirtualHost>

(2) , simplesamlphp, "auth.adminpassword", "secretsalt", "technicalcontact_name", "technicalcontact_email" /config/config.php.

(3) SAML: sp, .

(4) SAML .

(5) 'enable.saml20-idp' = > true /config/config.php.

(6) ssl

sudo openssl req -new -x509 -days 3652 -nodes -out /etc/ssl/certs/simplesamlphp.crt -keyout /etc/ssl/certs/simplesamlphp.pem

(7) simplesamlphp/cert. (8) config/authsources.php

'default-sp' => array(
        'saml:SP',
            'privatekey' => 'simplesamlphp.pem',
            'certificate' => 'simplesamlphp.crt',

    )

(9) metadata/saml20-idp-hosting.php.

(10) " /saml 20-sp-remote.php"

$metadata['http://service.local-saml.com'] = array(
        'AssertionConsumerService' => 'http://service.local-saml.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
        'SingleLogoutService' => 'http://service.local-saml.com/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp',
    );

(11) https://openidp.feide.no/simplesaml/module.php/core/loginuserpass.php?AuthState=_36266db92ac88d2d66ae8ede39dd1264a39243f08e%3Ahttps%3A%2F%2Fopenidp.feide.no%2Fsimplesaml%2Fmodule.php%2Fcore%2Fas_login.php%3FAuthId%3Dopenidp-ldap%26ReturnTo%3Dhttps%253A%252F%252Fopenidp.feide.no%252Fsimplesaml%252Fmodule.php%252Fmetaedit%252Findex.php".

(12) url " http://service.local-saml.com/simplesaml " . -sp, .

, simplesamlphp cakephp. (13) , " https://github.com/zl4bv/CakePHP-simpleSAMLphp-Plugin, saml /app/plugin Cakephp

(14) core.php bootstrap.php.

(15) userController , .

(16)

'sp1' => array(
            'saml:SP',
            'privatekey' => 'simplesamlphp.pem',
            'certificate' => 'simplesamlphp.crt',
            'entityID' => 'http://localhost/cakephp1',
    ),

config/authsources.php simplesamlphp.

(17) /saml 20-sp-remote.php

$metadata['http://localhost/cakephp'] = array(
        'AssertionConsumerService' => 'http://localhost/cakephp',
        'SingleLogoutService' => 'http://localhost/cakephp',
);

localhost/cakephp , ​​ " https://openidp.feide.no/simplesaml/module.php/core/loginuserpass.php ", , , " ] " http://service.local-saml.com/simplesaml/module.php/saml/sp/saml2-acs.php/sp1 ", localhost/cakephp. , cakephp, .

, , , ?

+4
3

cookie php.ini?

session.cookie_domain = ".feide.no"

NB! PHP, , , cookie. . .

+1

simplesamlphp cakephp

1- simplesamlphp /Lib 2 - , auth()

    function auth()
{
    $this->layout='ajax';
    $this->autoRender=false;
         require_once(APP . 'Lib/simplesamlphp/www/_include.php');

SimpleSAML_Logger::info('SAML2.0 - IdP.SSOService: Accessing SAML 2.0 IdP endpoint SSOService');

$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idp = SimpleSAML_IdP::getById('saml2:' . $idpEntityId);
sspmod_saml_IdP_SAML2::receiveAuthnRequest($idp);
assert('FALSE');

    }

instead of hitting url simplesamlphp like this http://yoursimplesamlphpurl.com/saml2/idp/SSOService.php?spentityid=spname

Use this url of your cakephp application http://your-cakeappurl.com/CakeControllername/auth?spentityid=spname

0
source

Source: https://habr.com/ru/post/1618237/

More articles:


All Articles