5

I have worked with PHP a lot before but I have never used SAML because I never had to connect to a remote server. I have been reading various tutorials, posts, and examples for days now I still am getting no where. I have read up on :

But still no success. I think when I was reading up on Onelogin, SimpleSAMLphp, and Shibboleth I felt like I was in the wrong place because I feel downloading and unpacking huge files as stacks would be for a service provider... In this case I am the Identity Provider and I thought it would be as simple as just making some xml and sending it off; and looking for a response. Not needing these huge amounts of code but maybe I am mistaken.

When I look at the xml most of it makes sense. For example:

<saml:Assertion
Version="2.0"
ID=“_34234se72”
IssueInstant="2005-04-01T16:58:33.173Z">
 <saml:Issuer>http://authority.example.com/</saml:Issuer>
 <ds:Signature>...</ds:Signature>
 <saml:Subject>
     <saml:NameID format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
        jygH5F90l
    </saml:NameID>
 </saml:Subject>
  <saml:AuthnStatement
      AuthnInstant="2005-04-01T16:57:30.000Z">
        <saml:AuthnContext>
          <saml:AuthnContextClassRef>
            urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
          </saml:AuthnContextClassRef>
        </saml:AuthnContext>
   </saml:AuthnStatement>
</saml:Assertion>

I think I understand the process of sending 'jygH5F901' as the 'NameID' but lines line urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport make little to no sense to me. Could someone please point me to a good guide on how to get started or at least in the right direction.

All I need to do is:

  1. Get an Authorization Token
  2. Exchange the Authorization Token for an Access Token.
  3. Use that Access token to GET information from the service providers database.

Any help would be greatly appreciated; I am completely new to SAML so I probably sound dumb; but if just anyone could link me to a thorough guide or example that explains the structure and has more copy-paste friendly work. I just need to get that connection, import data then once I can get a hold of those returned variables all the PHP stuff after is easy. Thanks for your time; and any effort will be greatly appreciated.

Community
  • 1
  • 1
Devon Bernard
  • 2,250
  • 5
  • 19
  • 32
  • Hey @Devon. I've exactly the same problem now. Did you manage how to solve your problem with PHP? After two days of researching and trial&error I was able to get an Authorization Token by manually providing a correct XML-structure to the SAML-Service. Now I'm stuck with the exchange of the token :D and I don't know whether to keep on doing it manually or to use a library. Unfortunatelly I have no clue which library to use. – ad_on_is Apr 26 '18 at 20:54

2 Answers2

1

SAML is quite complicated and if you are going to generate the XML manually I would strongly recommend that you read up on SAML and review the specs. I would recommend looking at the technical overview in the specs first.

Specs: http://saml.xml.org/saml-specifications
Technical overview: https://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf

I warn you it can be a lot of work doing this manually and doing it right. I would recommend using a application design for this purpose like shibboleth

Stefan Rasmusson
  • 5,445
  • 3
  • 21
  • 48
0

If your going to IDP then please refer this doc, i had completed the establishment of connection with LIGHTSAML library.

Library referances-

  1. https://www.lightsaml.com/LightSAML-Core/Cookbook/
  2. https://www.lightsaml.com/LightSAML-Core/Cookbook/How-to-send-SAML-message/
  3. https://www.lightsaml.com/LightSAML-Core/Cookbook/How-to-make-Response/

NOTE:- please just refer this docs, make sure u shared the your public key with sp for the identification.

Aishwarya m k
  • 36
  • 3