使用SAML进行中央登录,并使站点可以用作身份提供者 [英] Central login with SAML and making site to work as identity provider
问题描述
所以我的情况是这样的:
So my scenario goes like :
我有两个站点 a.com 和站点 b.com ,以及一个身份验证服务器 cauth.com .
I have two sites a.com and site b.com and one authentication server cauth.com.
客户想要的是...
当用户登陆a.com或b.com时,用户将填写相应站点上的登录表单,但是表单的操作将在cauth.com(cauth.com/authenticate)上进行.在cauth上对用户进行身份验证时,他在两个站点上均已登录.
When user lands on a.com or b.com user fills in the login form on respective site , but the action of form will be on cauth.com (cauth.com/authenticate). when user is authenticated on cauth he is loggined on the both sites.
我正在考虑实施SAML以实现相同效果,流程就像 验证之后,iDP(cauth.com)将向服务提供商和用户发送SAML响应.
I am thinking to implement SAML to achieve the same and flow is like after authentication iDP(cauth.com) will send SAML response to the both the service providers and user will be given access to both the sites .
我是SAML的新手,无法获得相同的文档和理解.
I am novice in SAML and unable to get proper documentation and comprehension for the same.
我想知道的是:
- Is my solution to the problem worth implementation ?
- Is it possible to make site (cauth.com) as identity provider.I have looked at thread Making your PHP website into SAML Identity Provider but not able to get proper solution.
推荐答案
SimpleSamlPHP 应该很容易设置.您需要复制文件夹modules/exampleauth/,然后更改文件modules/<yournewmodule>/lib/Auth/Source/External.php以适合您的站点.该文档虽然很好,但是绝对是您最轻松,最合适的文档.
SimpleSamlPHP should be pretty easy to set up. You'll want to make a copy of the folder modules/exampleauth/ and then alter the file modules/<yournewmodule>/lib/Auth/Source/External.php to work for your site. The documentation is good though and it's definitely the easiest thing for your need, and the right one.
我应该补充一点,按照说明设置 SimpleSamlPHP 应该可以使您基本了解哪些元数据文件最多重要,他们居住的地方以及事物之间的相互作用.
I should add that following the instructions to set up SimpleSamlPHP should give you a basic understanding of which metadata files are most important and where they live and how things interact.
这篇关于使用SAML进行中央登录,并使站点可以用作身份提供者的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
