2015-04-30 07:50 阅读 89


I'm trying to make a Client portal (IdP) in PHP.

That portal links to several SP's (like Magento, Google Analytics and Wordpress)

Seeing how this needs to works my IdP needs to initiate authentication. when clicked on a link to an SP the authentication needs to start.
So it needs an IdP first application. I try to set it up with SimpleSAML, the only problem is the initial explanation on the simpleSAML website isn't clear enough for me ( can someone give me some better or in depth explanation about IdP first?

this is a new client portal but the clients already have accounts with the mentioned sites and other sites, sometimes more than 1 account. Is it possible to connect those accounts without doing it myself but let the clients connect them?

If there are better solutions than SAML to this problem please don't hesitate to mention them

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

1条回答 默认 最新

  • 已采纳
    dongyao8698 dongyao8698 2015-04-30 10:34

    4.5 IdP initiated login

    If you use a simpleSAMLphp IdP, and you want users to be able to bookmark the login page, you need to test IdP initiated login. To test IdP initiated login from a simpleSAMLphp IdP, you can access:

    https://.../simplesaml/saml2/idp/SSOService.php?spentityid=<entity ID of your SP>&RelayState=<URL the user should be sent to after login>

    Note that the RelayState parameter is only supported if the IdP runs version 1.5 of simpleSAMLphp. If it isn't supported by the IdP, you need to configure the RelayStateoption in the authentication source configuration.

    As for account linking, it's my understanding that simple doesn't do this (it's getting out of the simple realm). To use it, you'll have to clean up accounts.

    [edit]Actually, I suppose you could - though you'd have to build a structure to do it. You would need to somehow build a mapping of accounts from the corporate ID to the SP accounts at Wordpress, Google, etc.

    点赞 评论 复制链接分享