Let say I have a PHP app that maintains some of SoftLayer user information. And I want to present an SSO link that will take the user to SoftLayer portal site. I know that SoftLayer supports IdP initiated SAML SSO. And my PHP app is going to be the IdP.
So I was thinking that this SSO link can trigger invoking one of the functions in my PHP application (since IdP initiated SAML SSO) and that can make few calls to SoftLayer to do some data exchange to do initial set up of SAML SSO for the user account between SoftLayer and my PHP app. And my PHP app knows that this SSO request is from which user and can trust that. So then once this initial setup is done, I was thinking that I just need to generate some SAML token based on the user information that I have and the SP metadata that I got from SoftLayer during the initial setup process. Then just sign the token and make a request to SoftLayer using the token and SoftLayer will validate the token and present my user to the SoftLayer portal site (logged in already).
Is it not as simple as what I am thinking? (do some initial setup and make a call to SoftLayer to do SSO?) I see things like SimpleSAMLphp. Would I really need to use such modules to make things simple?
I am new to SAML and SSO, so maybe I am missing some big complex part. Please advice me if it's simple as what I am thinking or that I am missing something and I will need to use some of these modules.
Thank you.
