Get SAML session from simpleSAMLPHP without trying to authenticate

Question

I'm trying to set up the following workflow:

User logs into app A.

App A bounces off a central simpleSAML instance to create a session.

User accesses app B.

App B bounces to the central simpleSAML instance to check for a session.

If a session exists, the user is returned to app B with their attributes and is authenticated on app B. This bit works.

If a session does not exist, the user should be returned to app B without a login attempt on the central instance. This bit does not work.

Is there a simpleSAML endpoint that could do this? I'm looking for a getSession or similar.

score 0 · Accepted Answer · answered Jan 26 '17 at 15:39

The desired setting is isPassive. Example:

$auth_source = new \SimpleSAML_Auth_Simple('source_name');
$auth_source->requireAuth(array('isPassive' => true));

With the standard SimpleSAML IDP, this request will be authenticated as normal if the user is logged in on the IDP. If the user isn't, a SimpleSAML_Error_NoPassive error will be returned. It's up to the SP to deal with this.

Get SAML session from simpleSAMLPHP without trying to authenticate

1 Answers1