dongzhuo3059
2015-04-30 07:50
浏览 123
已采纳

PHP SAML IdP优先

I'm trying to make a Client portal (IdP) in PHP.

That portal links to several SP's (like Magento, Google Analytics and Wordpress)

Seeing how this needs to works my IdP needs to initiate authentication. when clicked on a link to an SP the authentication needs to start.
So it needs an IdP first application. I try to set it up with SimpleSAML, the only problem is the initial explanation on the simpleSAML website isn't clear enough for me (https://simplesamlphp.org/docs/stable/simplesamlphp-idp) can someone give me some better or in depth explanation about IdP first?


this is a new client portal but the clients already have accounts with the mentioned sites and other sites, sometimes more than 1 account. Is it possible to connect those accounts without doing it myself but let the clients connect them?


If there are better solutions than SAML to this problem please don't hesitate to mention them

图片转代码服务由CSDN问答提供 功能建议

我正在尝试用PHP创建一个客户端门户(IdP)。

\ n门户链接到几个SP(如Magento,Google Analytics和Wordpress)

如果需要这样做,我的IdP需要启动身份验证。 当点击指向SP的链接时,需要启动身份验证。 因此,它需要一个IdP第一个应用程序。 我尝试使用SimpleSAML进行设置,唯一的问题是simpleSAML网站上的初步解释对我来说不够清楚( https://simplesamlphp.org/docs/stable/simplesamlphp-idp )有人可以先给我一些关于IdP的更好或更深入的解释吗?

\ n


这是一个新的客户端门户网站,但客户端已经拥有所提及的网站和其他网站的帐户,有时超过1个帐户。 是否可以自己连接这些帐户但是让客户端连接它们?


如果有比SAML更好的解决方案来解决这个问题,请不要 犹豫提到它们

  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dongyao8698 2015-04-30 10:34
    已采纳

    4.5 IdP initiated login

    If you use a simpleSAMLphp IdP, and you want users to be able to bookmark the login page, you need to test IdP initiated login. To test IdP initiated login from a simpleSAMLphp IdP, you can access:

    https://.../simplesaml/saml2/idp/SSOService.php?spentityid=<entity ID of your SP>&RelayState=<URL the user should be sent to after login>
    

    Note that the RelayState parameter is only supported if the IdP runs version 1.5 of simpleSAMLphp. If it isn't supported by the IdP, you need to configure the RelayStateoption in the authentication source configuration.

    As for account linking, it's my understanding that simple doesn't do this (it's getting out of the simple realm). To use it, you'll have to clean up accounts.

    [edit]Actually, I suppose you could - though you'd have to build a structure to do it. You would need to somehow build a mapping of accounts from the corporate ID to the SP accounts at Wordpress, Google, etc.

    评论
    解决 无用
    打赏 举报

相关推荐 更多相似问题