处理 SAML 响应 [英] Handling a SAML response
问题描述
我是 SAML 2 的新手,我正在开发一个需要 SSO 的工具,但我不知道如何去做.流程如下:
I'm new to SAML 2 and I'm working on a tool that requires SSO, but I'm clueless on how to go about it. Here's the flow:
1) 用户访问主网站并选择登录.2) 用户输入登录信息并提交3) 系统验证凭据,生成 SAML 响应并将用户与作为 POST 变量的 SAML 响应一起重定向到新工具.4) 新工具解析响应,在数据库中存储/更新信息并为用户创建一个活动会话.
1) User accesses main website and chooses to log in. 2) User enters login information and submits 3) System validates credentials, generates a SAML response and redirects user to the new tool along with the SAML response as a POST variable. 4) The new tool parses the response, stores/updates information in the database and creates an active session for the user.
1,2 和 3 已在主网站上创建.我正在处理的是 4.主要开发人员为我们提供了一个示例 SAML 响应和一个证书.我有 2 个问题:
1,2 and 3 are already created on the main website. What I'm working on is 4. The main developers provided us with a sample SAML response and a certificate. I have 2 issues/questions:
1) 使用测试服务器上的 SSO 表单,我将返回 URL 输入到我服务器上的 php 文件并提交了表单.它让我登录并将我重定向到我服务器上的页面.页面代码如下,输出如下:
1) Using the SSO form on the test server, I entered the return URL to a php file on my server and submitted the form. It logged me in and redirected me to the page on my server. The code of the page is below and the output is further below:
<?php
var_dump($_POST);
?>
输出:
array(0) { }
我这样做对吗?我在 Firefox 上使用 Firebug 进行了检查,我可以在某处找到 samlresponse,但我不确定如何将它准确地带入页面.有什么帮助吗?
Am I doing is right? I checked using Firebug on Firefox and I could find the samlresponse in there somewhere, but I'm not sure how exactly to bring it into the page. Any help?
2) 使用示例 SAML 响应,我们能够编写一个小脚本来解析示例并打印其中的 2-3 个属性.这是正确的做法,还是有更好的开源解决方案?
2) Using the sample SAML response, we were able to code a small script that parses the sample and prints the 2-3 attributes within. Is this the right way to do it, or is there a better open source solutions available out there?
我尝试阅读 SimpleSAMLPHP、OneLogin 和其他几个这样的包,但它们看起来太复杂了,而我觉得我在这里必须实现的目标可以通过更简单的方法/解决方案来完成.此外,这些包似乎具有提供 SAML 的所有功能,而我只是接收和解析响应.
I tried reading up on SimpleSAMLPHP, OneLogin and a couple other such bundles, but they seem too complicated whereas I feel what I have to achieve here can be done with methods/solutions alot more simpler. Also, the bundles appear to have all features of offering SAML, whereas I'm just to receive and parse a response.
感谢您的高级帮助!干杯
Thank you for your help in advanced! Cheers
推荐答案
如果您想手动解析和处理 SAML 消息,OpenSAML 可能是您要走的路.这是一个非常低级的库,涉及大量的体力劳动.
If you want to do manual parsing and handling of SAML messages OpenSAML may be the way to go. It is a very low level library and there is a lot of manual labour involved.
这是 OpenSAML 网页
您需要查看SAML 规范
我的书 OpenSAML 指南SAML 和 OpenSAML 库的介绍和分步介绍.
My book, A Guide to OpenSAML, gives a good introduction and step by step on SAML and the OpenSAML library.
我的博客也有一些关于这方面的例子.http://blog.samlsecurity.com/search/label/OpenSAMLhttp://blog.samlsecurity.com/search/label/SAML
Also my blog has a couple of examples on this. http://blog.samlsecurity.com/search/label/OpenSAML http://blog.samlsecurity.com/search/label/SAML
这篇关于处理 SAML 响应的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
