4

I'm pretty new to the Zend framework, and am attempting to integrate an SSO with an existing Zend site. I have installed SimpleSamlPHP and can connect to the ADFS server and get assertion data in the form of First Name and Last Name using the following script

$lib = "/var/simplesamlphp";
$sp = "wte-sp";

try {
    if(!file_exists("{$lib}/_autoload.php")) {
        throw(new Exception("simpleSAMLphp lib loader file does not exist: ".
            "{$lib}/_autoload.php"));
    }

    include_once("{$lib}/_autoload.php");
    $as = new SimpleSAML_Auth_Simple($sp);

    $as->requireAuth();
    $valid_saml_session = $as->isAuthenticated();

} catch (Exception $e) {
    throw(new Exception("SSO authentication failed: ". $e->getMessage()));
    return;
}

if (!$valid_saml_session) {
    try {
        $as = new SimpleSAML_Auth_Simple($sp);
        $as->requireAuth();
    } catch (Exception $e) {
        throw(new Exception("SSO authentication failed: ". $e->getMessage()));
        return;
    }
}

$attributes = $as->getAttributes();
print_r($attributes);

I am now attempting to move this into a Zend controller, on page load I am redirected to the SSO page for authentication and returned to the correct page with no problems, however, it appears as if the $attributes array is empty. I have confirmed that I have got the SAML cookie set, and I am seeing SAML data when I var_dump($_SESSION); but it looks as if somewhere along the line Zend is doing something unknown to the data as I'm always hitting the if (!$valid_saml_session) { statement and getting stuck in an authentication redirect loop.

As mentioned before, the code works perfectly as a standalone page, but not being too clued up on Zend, I'm drawing a bit of a blank. I have changed the last lines to 

$attributes = $as->getAttributes();
$this->view->attributes = $attributes;

And have sent the results to the view, but the array is empty.

I am able to get the Login and Logout URLs to the view with no problems.

EDIT - 21/12/15

Looks like this is related to the way Zend is setting up sessions. In my Bootstrap.php file I have

 protected function _initSession()
 {
    Zend_Session::setOptions(array(
        'save_path'           => $this->options['resources']['session']['save_path'],
        'use_only_cookies'    => 'on',
        'remember_me_seconds' => 86400
    ));
    Zend_Session::start();
 }

If I comment this out, I get the SSO information back with no problems. I'm concerned about making this change as I'm not sure of the implications across the application, does anyone have a better solution to stop Zend from trashing my SSO session data?

terrorfall
  • 1,121
  • 3
  • 16
  • 33

0 Answers0