SimpleSAMLphp Implementation Tutorial

posted by admin on Sat, 08/25/2012 - 16:41

SimpleSAMLphp is an open-source application that implements SAML 2.0 and Shibboleth 1.3 Single Sign-On (SSO). Third party applications that require SSO integration with SAML 2.0 or Shibboleth 1.3 may use SimpleSAMLphp to simplify integration process. SimpleSAMLphp offers an administrative interface to convert SAML meta data, and also provides a link to test and integrate with other Identity Providers and Service Providers. SimpleSAMLphp also offers a programming APIs which makes it easier for 3rd party applications to implement Single Sign On. Here is a code snippet that uses SimpleSAMLphp APIs to implement SSO functionality.

$lib = "/var/simplesamlphp";
$sp = "wte-sp";  // Name of SP defined in config/authsources.php

try {
	// Autoload simplesamlphp classes.
	if(!file_exists("{$lib}/_autoload.php")) {
		throw(new Exception("simpleSAMLphp lib loader file does not exist: ".
		"{$lib}/_autoload.php"));
	}

	include_once("{$lib}/_autoload.php");
	$as = new SimpleSAML_Auth_Simple($sp);

	// Take the user to IdP and authenticate.
	$as->requireAuth();
	$valid_saml_session = $as->isAuthenticated();

} catch (Exception $e) {
	// SimpleSAMLphp is not configured correctly.
	throw(new Exception("SSO authentication failed: ". $e->getMessage()));
	return;
}

if (!$valid_saml_session) {
	// Not valid session. Redirect a user to Identity Provider
	try {
		$as = new SimpleSAML_Auth_Simple($sp);
		$as->requireAuth();
	} catch (Exception $e) {
		// SimpleSAMLphp is not configured correctly.
		throw(new Exception("SSO authentication failed: ". $e->getMessage()));
		return;
	}
}

// At this point, the user is authenticated by the Identity Provider, and has access
// to the attributes received with SAML assertion.
$attributes = $as->getAttributes();

// The print_r response of $as->getAttributes() look something like this:
//Array (
//		[first_name] => Array ( [0] => John )
//		[last_name] => Array ( [0] => Doe )
//		[email] => Array ( [0] => [email protected] )
//)
		
$firstname = $attributes['first_name'][0];
$lastName = $attributes['last_name'][0];
$email = $attributes['email'][0];

// Do something with assertion data.
Tags: 
php
saml

Comments

Add new comment

More information about text formats

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.