堆栈内存溢出
  简体   繁体   English

PHP SAML IdP优先

[英]PHP SAML IdP First

 原文  2015-04-30 07:50:02       php/ wordpress/ saml/ portal/ simplesamlphp

问题描述

I'm trying to make a Client portal (IdP) in PHP. 我正在尝试使用PHP创建客户端门户(IdP)。

That portal links to several SP's (like Magento, Google Analytics and Wordpress) 该门户网站链接到多个SP(例如Magento,Google Analytics(分析)和Wordpress)

Seeing how this needs to works my IdP needs to initiate authentication. 看到这是如何工作的,我的IdP需要启动身份验证。 when clicked on a link to an SP the authentication needs to start. 单击指向SP的链接时,需要启动身份验证。
So it needs an IdP first application. 因此,它需要一个IdP优先应用程序。 I try to set it up with SimpleSAML, the only problem is the initial explanation on the simpleSAML website isn't clear enough for me ( https://simplesamlphp.org/docs/stable/simplesamlphp-idp ) can someone give me some better or in depth explanation about IdP first? 我尝试使用SimpleSAML进行设置,唯一的问题是simpleSAML网站上的初始解释对我来说还不够清楚( https://simplesamlphp.org/docs/stable/simplesamlphp-idp )有人可以给我一些更好的方法还是先深入了解IdP?

this is a new client portal but the clients already have accounts with the mentioned sites and other sites, sometimes more than 1 account. 这是一个新的客户门户,但是客户已经拥有上述站点和其他站点的帐户,有时有多个帐户。 Is it possible to connect those accounts without doing it myself but let the clients connect them? 是否可以在不自己做的情况下连接这些帐户,而让客户连接它们?

If there are better solutions than SAML to this problem please don't hesitate to mention them 如果有比SAML更好的解决方案,请不要犹豫地提及它们

1 个解决方案

解决方案1
 0 已采纳  2015-04-30 10:34:10

4.5 IdP initiated login 4.5 IdP启动登录

If you use a simpleSAMLphp IdP, and you want users to be able to bookmark the login page, you need to test IdP initiated login. 如果您使用simpleSAMLphp IdP,并且希望用户能够为登录页面添加书签,则需要测试IdP启动的登录。 To test IdP initiated login from a simpleSAMLphp IdP, you can access: 要测试来自simpleSAMLphp IdP的IdP启动的登录,可以访问: 

https://.../simplesaml/saml2/idp/SSOService.php?spentityid=<entity ID of your SP>&RelayState=<URL the user should be sent to after login>

Note that the RelayState parameter is only supported if the IdP runs version 1.5 of simpleSAMLphp. 请注意,仅当IdP运行simpleSAMLphp版本1.5时,才支持RelayState参数。 If it isn't supported by the IdP, you need to configure the RelayStateoption in the authentication source configuration. 如果IdP不支持,则需要在身份验证源配置中配置RelayState选项。

As for account linking, it's my understanding that simple doesn't do this (it's getting out of the simple realm). 至于帐户链接,据我了解,简单并不能做到这一点(它已经脱离了简单领域)。 To use it, you'll have to clean up accounts. 要使用它,您必须清理帐户。

[edit]Actually, I suppose you could - though you'd have to build a structure to do it. [edit]实际上,我想您可以-尽管您必须构建一个结构才能做到这一点。 You would need to somehow build a mapping of accounts from the corporate ID to the SP accounts at Wordpress, Google, etc. 您将需要以某种方式在Wordpress,Google等上建立从公司ID到SP帐户的帐户映射。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用 SimpleSaml.php 将 WordPress 设置为 SAML IDP - Set WordPress as SAML IDP with SimpleSaml.php 如何使用PHP解码来自idP的加密SAML响应? - How to decode encrypted SAML response from idP with PHP? 如何解码SAML响应并获取PHP中Idp发送的属性值 - How to decode SAML Response and get the attribute values sent by Idp in PHP 如何使用PHP从IDP发起的SSO处理SAML? - How to process SAML from idp initiated SSO using PHP? 可以从onelogin的php-saml lib充当IDP? - can php-saml lib from onelogin act as an IDP? SimpleSAMLphp无法检索IdP&#39;http://simpleidp/simplesaml/saml2/idp/metadata.php&#39;的元数据,因为它不是此SP的有效IdP - SimpleSAMLphp Cannot retrieve metadata for IdP 'http://simpleidp/simplesaml/saml2/idp/metadata.php' because it isn't a valid IdP for this SP Laravel 5 与 SAML 2 与现有 IDP 集成 - Laravel 5 integrate with SAML 2 with existing IDP 使用simpleSAMLphp作为SP和OpenAM作为IdP的SAML - SAML with simpleSAMLphp as SP and OpenAM as IdP 我们如何设置应用程序(SP)以在PHP的SAML中使用集中式公司IdP? - How do we set up an application (SP) to use the centralized company IdP in SAML in PHP? 我需要SAML IdP或SP - SAML IdP or SP, which do I need
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM