cakephp应用程序中的SAML SSO [英] SAML SSO in cakephp application
问题描述
我有一个cakephp应用程序,需要用户通过SAML登录登录进行身份验证。为此,我点击了链接 https://github.com/zl4bv/CakePHP-simpleSAMLphp-Plugin 。
根据其文档,我已经下载了cakephp和simpleSAMLphp的新副本。现在,我的工作区中有一个cakephp文件夹和simpleSAMLphp文件夹。我已按照 https://simplesamlphp.org/docs/stable/ 链接中所述安装了simpleSAMLphp。我按照以下步骤操作:
(1)我在apache配置中配置了simpleSAML,如下所示:
< pre lang =C#>< VirtualHost *:80>
ServerName service.local-saml.com
DocumentRoot / var / www / simplesamlphp / www /
< Directory / var / www / simplesamlphp / www / >
订单允许,拒绝
允许来自所有
要求所有已授予
< / < span class =code-leadattribute>目录 >
< / VirtualHost >
(2)现在,在simplesamlphp应用程序文件夹中,我在 / config中更改了'auth.adminpassword','secretsalt','technicalcontact_name','technicalcontact_email'的值/config.php 文件。
(3)我使用SAML:sp模块默认启用。
(4)首先,我开始使用SAML作为身份提供者。
(5)我启用'enable.saml20-idp' =>是,在 /config/config.php 文件中。
(6)使用终端上的命令创建一个ssl自签名证书
sudo openssl req -new -x509 -days 3652 -nodes -out /etc/ssl/certs/simplesamlphp.crt -keyout / etc / ssl / certs / simplesamlphp.pem
(7)将上述证书移至 simplesamlphp /证书的。
(8)将私钥和证书添加到 config / authsources.php
'default-sp'=>数组(
'saml:SP',
'privlykey'=>'simplesamlphp.pem',
'certificate'=>'simplesamlphp.crt',
)
(9)为 metadata / saml20-idp-hosted.php添加了私钥和证书b>文件也。
(10)更改了 metadata / saml20-sp-remote.php 中的元数据
$ metadata ['http://service.local-saml.com'] =数组(
'AssertionConsumerService'=>' http://service.local-saml.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
'SingleLogoutService'=>'http:// service。 local-saml.com/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp',
);
(11)我在链接上添加了元数据 HTTPS ://openidp.feide.no/simplesaml/module.php/core/loginuserpass.php AuthState = _36266db92ac88d2d66ae8ede39dd1264a39243f08e%3Ahttps%3A%2F%2Fopenidp.feide.no%2Fsimplesaml%2Fmodule.php%2Fcore%2Fas_login.php%3FAuthId %3Dopenidp-ldap%26ReturnTo%3Dhttps%253A%252F%252Fopenidp.feide.no%252Fsimplesaml%252Fmodule.php%252Fmetaedit%252Findex.php 。
(12)我在浏览器上输入了网址http://service.local-saml.com/simplesaml,它运行正常。我尝试使用default-sp选项登录并且它正常工作。
现在,我想在我的cakephp应用程序中使用这个simplesamlphp。 (13)为此,如https://github.com/zl4bv/CakePHP-simpleSAMLphp-Plugin中所述,我将saml文件夹放在Cakephp的/ app / plugin文件夹中
(14)我在core.php和bootstrap.php文件中添加了行。
(15)我创建了一个usersController,并且与给定的相同在链接的示例文件中。
(16)我添加了以下内容
'sp1'=>数组(
'saml:SP',
'privourkey'=>'simplesamlphp.pem',
'certificate'=>'simplesamlphp.crt',
'entualID '=>'http:// localhost / cakephp',
),
config / authsources .sp simplesamlphp。
(17)我在 metadata / saml20-sp-remote.php
$ metadata ['http:// localhost / cakephp'] = array(
'AssertionConsumerService'=>'http:/ / localhost / cakephp',
'SingleLogoutService'=>'http:// localhost / cakephp',
);
当我在浏览器上键入 localhost / cakephp 时,链接重定向到 https://openidp.feide.no/simplesaml/module.php/core/loginuserpass.php ,用户输入他的用户名和密码,但状态信息丢失错误显示在 http://service.local-saml .com / simplesaml / module.php / saml / sp / saml2-acs.php / sp1 并且用户不会返回localhost / cakephp。当用户输入登录凭证时,我希望用户返回到cakephp网址。
请帮助我,我错了,我错过了什么?
元数据['http://service.local-saml.com'] =数组(
'AssertionConsumerService'=>'http://service.local- saml.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
'SingleLogoutService'=>'http://service.local-saml.com/simplesaml/ module.php / saml / sp / saml2-logout.php / default-sp',
);
(11 )我在链接 https://开头openidp.feide。没有/ simplesaml / module.php /型芯/ loginuserpass.php?AuthState = _36266db92ac88d2d66ae8ede39dd1264a39243f08e%3Ahttps%3A%2F%2Fopenidp.feide.no%2Fsimplesaml%2Fmodule.php%2Fcore%2Fas_login.php%3FAuthId%3Dopenidp-LDAP%26ReturnTo% 3Dhttps%253A%252F%252Fopenidp.feide.no%252Fsimplesaml%252Fmodule.php%252Fmetaedit%252Findex.php 。
(12)我打字浏览器上的URLhttp://service.local-saml.com/simplesaml,它正常工作。我尝试使用default-sp选项登录并且它正常工作。
现在,我想在我的cakephp应用程序中使用这个simplesamlphp。 (13)为此,如https://github.com/zl4bv/CakePHP-simpleSAMLphp-Plugin中所述,我将saml文件夹放在Cakephp的/ app / plugin文件夹中
(14)我在core.php和bootstrap.php文件中添加了行。
(15)我创建了一个usersController,并且与给定的相同在链接的示例文件中。
(16)我添加了以下内容
'sp1'=>数组(
'saml:SP',
'privourkey'=>'simplesamlphp.pem',
'certificate'=>'simplesamlphp.crt',
'entualID '=>'http:// localhost / cakephp',
),
config / authsources .sp simplesamlphp。
(17)我在 metadata / saml20-sp-remote.php
metadata ['http:// localhost / cakephp'] = array(
'AssertionConsumerService'=>'http:// localhost / cakephp',
'SingleLogoutService'=>'http:// localhost / cakephp',
);
当我在浏览器上输入 localhost / cakephp 时,链接重定向到https://openidp.feide.no/simplesaml/module.php/core/loginuserpass.php ,用户,输入他的用户名和密码,但< b>状态信息丢失错误显示在 http://service.local-saml.com/simplesaml/module.php/saml/sp/saml2-acs.php/sp1 并且用户不会返回localhost / cakephp。当用户输入登录凭证时,我希望用户返回到cakephp网址。
请帮助我,我错了,我错过了什么?
I have a cakephp application which needs users to be authenticated via SAML Sign Sign on. For this, I have followed the link "https://github.com/zl4bv/CakePHP-simpleSAMLphp-Plugin".
According to its documentation, I have downloaded fresh copies of cakephp and simpleSAMLphp. Now, I have a cakephp folder and simpleSAMLphp folder in my workspace. I have imstalled simpleSAMLphp as described in link "https://simplesamlphp.org/docs/stable/". I followed these steps:
(1) I configured simpleSAML in apache configuration as below:
<VirtualHost *:80>
ServerName service.local-saml.com
DocumentRoot /var/www/simplesamlphp/www/
<Directory "/var/www/simplesamlphp/www/">
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>
(2) Now, in simplesamlphp application folder, I changed values for 'auth.adminpassword', 'secretsalt', 'technicalcontact_name', 'technicalcontact_email' in /config/config.php file.
(3) I used SAML:sp module which is by default enabled.
(4) First, I started with SAML as a Identity Provider.
(5) I enabled 'enable.saml20-idp' => true, in /config/config.php file.
(6) Created a ssl self-signed certificate by using command on terminal
sudo openssl req -new -x509 -days 3652 -nodes -out /etc/ssl/certs/simplesamlphp.crt -keyout /etc/ssl/certs/simplesamlphp.pem
(7) Moved the above certificates to simplesamlphp/cert.
(8) Added private key and certificate to config/authsources.php
'default-sp' => array(
'saml:SP',
'privatekey' => 'simplesamlphp.pem',
'certificate' => 'simplesamlphp.crt',
)
(9) Added private key and certicates to "metadata/saml20-idp-hosted.php" file also.
(10) Changed the metadata in "metadata/saml20-sp-remote.php"
$metadata['http://service.local-saml.com'] = array(
'AssertionConsumerService' => 'http://service.local-saml.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
'SingleLogoutService' => 'http://service.local-saml.com/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp',
);
(11) I added the metadata on link "https://openidp.feide.no/simplesaml/module.php/core/loginuserpass.php?AuthState=_36266db92ac88d2d66ae8ede39dd1264a39243f08e%3Ahttps%3A%2F%2Fopenidp.feide.no%2Fsimplesaml%2Fmodule.php%2Fcore%2Fas_login.php%3FAuthId%3Dopenidp-ldap%26ReturnTo%3Dhttps%253A%252F%252Fopenidp.feide.no%252Fsimplesaml%252Fmodule.php%252Fmetaedit%252Findex.php".
(12) I typed the url "http://service.local-saml.com/simplesaml" on browser and it is working correctly. I tried to login with default-sp option and it is working correctly.
Now, I want to use this simplesamlphp with my cakephp application. (13) For this, as mentioned in "https://github.com/zl4bv/CakePHP-simpleSAMLphp-Plugin", I put the saml folder in /app/plugin folder of Cakephp
(14) I added lines on core.php and bootstrap.php files.
(15) I made a usersController and made same as given in example files of the link.
(16) I added folllowing
'sp1' => array(
'saml:SP',
'privatekey' => 'simplesamlphp.pem',
'certificate' => 'simplesamlphp.crt',
'entityID' => 'http://localhost/cakephp',
),
in config/authsources.php of simplesamlphp.
(17) I added metadata in metadata/saml20-sp-remote.php
$metadata['http://localhost/cakephp'] = array(
'AssertionConsumerService' => 'http://localhost/cakephp',
'SingleLogoutService' => 'http://localhost/cakephp',
);
When I typed localhost/cakephp on browser, the link redirected to "https://openidp.feide.no/simplesaml/module.php/core/loginuserpass.php", user, enters his username and password, but "State information lost" error is displaying at "http://service.local-saml.com/simplesaml/module.php/saml/sp/saml2-acs.php/sp1" and user is not returned to "localhost/cakephp". I want user to be returned to cakephp url when user enters login credentials.
Please help me where I am wrong and what something I have missed?
metadata['http://service.local-saml.com'] = array( 'AssertionConsumerService' => 'http://service.local-saml.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp', 'SingleLogoutService' => 'http://service.local-saml.com/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp', );
(11) I added the metadata on link "https://openidp.feide.no/simplesaml/module.php/core/loginuserpass.php?AuthState=_36266db92ac88d2d66ae8ede39dd1264a39243f08e%3Ahttps%3A%2F%2Fopenidp.feide.no%2Fsimplesaml%2Fmodule.php%2Fcore%2Fas_login.php%3FAuthId%3Dopenidp-ldap%26ReturnTo%3Dhttps%253A%252F%252Fopenidp.feide.no%252Fsimplesaml%252Fmodule.php%252Fmetaedit%252Findex.php".
(12) I typed the url "http://service.local-saml.com/simplesaml" on browser and it is working correctly. I tried to login with default-sp option and it is working correctly.
Now, I want to use this simplesamlphp with my cakephp application. (13) For this, as mentioned in "https://github.com/zl4bv/CakePHP-simpleSAMLphp-Plugin", I put the saml folder in /app/plugin folder of Cakephp
(14) I added lines on core.php and bootstrap.php files.
(15) I made a usersController and made same as given in example files of the link.
(16) I added folllowing
'sp1' => array( 'saml:SP', 'privatekey' => 'simplesamlphp.pem', 'certificate' => 'simplesamlphp.crt', 'entityID' => 'http://localhost/cakephp', ),
in config/authsources.php of simplesamlphp.
(17) I added metadata in metadata/saml20-sp-remote.php
metadata['http://localhost/cakephp'] = array( 'AssertionConsumerService' => 'http://localhost/cakephp', 'SingleLogoutService' => 'http://localhost/cakephp', );
When I typed localhost/cakephp on browser, the link redirected to "https://openidp.feide.no/simplesaml/module.php/core/loginuserpass.php", user, enters his username and password, but "State information lost" error is displaying at "http://service.local-saml.com/simplesaml/module.php/saml/sp/saml2-acs.php/sp1" and user is not returned to "localhost/cakephp". I want user to be returned to cakephp url when user enters login credentials.
Please help me where I am wrong and what something I have missed?
这篇关于cakephp应用程序中的SAML SSO的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
