使用现有的 Idp 和 SP 在 Laravel 中集成 SAML
[英]Integrate SAML in Laravel using existing Idp and SP
问题描述
I don't know if what I would like to do is possible.
我不知道我想做的事情是否可行。 I'm trying to integrate the authentication mechanism of my university in an android application which uses Laravel as backend.我正在尝试将我大学的身份验证机制集成到使用 Laravel 作为后端的 android 应用程序中。 I've decoded the SAMLResponse and in the XML file I found this我已经解码了 SAMLResponse 并在 XML 文件中找到了这个
'SPNameQualifier' = 'https://sp-esse3-unimib-prod.cineca.it/shibboleth',
'NameQualifier' = 'https://idp-idm.unimib.it/idp/shibboleth'
which are the SP and IdP URI I think.我认为这是 SP 和 IdP URI。 In my Android app I want that users login without register because they can use their university account.在我的 Android 应用程序中,我希望用户无需注册即可登录,因为他们可以使用他们的大学帐户。 In the SAMLResponse I've also the SignatureValue , X509Certificate and other data but I can't figure out how to configure everything.在 SAMLResponse 中,我还有SignatureValue 、 X509Certificate和其他数据,但我不知道如何配置所有内容。
Searching on Google, I found those packages laravel-saml2 and php-saml .在 Google 上搜索,我找到了laravel-saml2和php-saml 包。 Are those packages good to fit my problem?这些包适合我的问题吗? Can you help me to understand how to configure everything?你能帮我理解如何配置一切吗?
1 个解决方案
解决方案1
0 已采纳 2019-11-25 14:31:19
I'd look at SimpleSAMLphp .我会看看SimpleSAMLphp 。 You application will be a "service provider" or SP.您的应用程序将成为“服务提供商”或 SP。 You'll need to generate metadata for your application, which you'll need to share with the IdP administrators at your university to enable the integration.您需要为您的应用程序生成元数据,您需要与您大学的 IdP 管理员共享这些元数据以启用集成。 The SSP quickstart link provided above gives details on obtaining metadata for your SP, and how to convert the Identity Provider-supplied XML metadata into a format that's readable by the SSP libraries.上面提供的 SSP 快速入门链接详细介绍了如何为您的 SP 获取元数据,以及如何将身份提供商提供的 XML 元数据转换为 SSP 库可读的格式。
Only after the exchange of metadata occurs and your application is trusted can you being to exchange SAML responses.只有在元数据交换发生并且您的应用程序受到信任之后,您才能交换 SAML 响应。 SSP makes this process easy, as you'll just end up calling a few lines of code any time a resource needs to be protected, ie SSP 使这个过程变得简单,因为只要需要保护资源,您最终只需调用几行代码,即
require_once('../../lib/_autoload.php');
$as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth();
$attributes = $as->getAttributes();
That's all that's needed to make sure the SAML flies back and forth... but integrating is a different story.这就是确保 SAML 来回运行所需的全部内容……但集成是另一回事。 There are surely policies and procedures that your university imposes that you'll need to follow, and you can't just integrate with the University without following their integration procedures, ie a proper IdP isn't going to provide a SAML assertion to just any old application that asks for it.你的大学肯定有一些你需要遵循的政策和程序,你不能不遵循他们的集成程序就与大学集成,即适当的 IdP 不会向任何人提供 SAML 断言要求它的旧应用程序。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.