SimpleSAMLphp + Selfregister(using MYSQL) and log in automatically
348 views
Skip to first unread message
Tomas Hertus
Mar 21, 2013, 1:49:08 PM3/21/13
to simple...@googlegroups.com
Hi,
I'm working now on the SimpleSAMLphp implementation. We created our own entirely new module.
This module contains authentication and also registration. I took the selfregister module and modified it for our needs.
We have MySQL database of users, so I didn't want the LDAP registration. Its working, its fine the user flow is quite straightforward:
For login it is:
I'm working now on the SimpleSAMLphp implementation. We created our own entirely new module.
This module contains authentication and also registration. I took the selfregister module and modified it for our needs.
We have MySQL database of users, so I didn't want the LDAP registration. Its working, its fine the user flow is quite straightforward:
For login it is:
- User goes to SP
- Hits login button
- User is redirected to IdP login page
- Fills in form
- Send form
- He is redirected back to the SP
This works great. But I have problems now with implementing Automatic login after Sign up.
The user flow is:
- User goes to SP
- Hits sign up button
- User is redirected to the IdP sign up page
- Fills in form
- Send form
- User is created in the database, validate, etc
And now where is the problem, the step 7. should be - User is redirected back as logged in user to the SP. Here is the thing. I can't simply find how to invoke
the authentication. I haven't found the way how to automatically log in user. Do you have any advice? Piece of code, where I can see something like that? How does it work?
Thank you for that.
Peter Schober
Mar 21, 2013, 2:02:34 PM3/21/13
to simple...@googlegroups.com
* Tomas Hertus <hertu...@gmail.com> [2013-03-21 18:49]:
> 2. Hits sign up button
> 3. User is redirected to the IdP sign up page
> 4. Fills in form
> 5. Send form
> 6. User is created in the database, validate, etc
>
> And now where is the problem, the step 7. should be *- User is redirected
> back as logged in user to the SP.* Here is the thing. I can't simply find
thead crecently, no? Cf. my (and others') suggestions there?
In short: After registration the subject should have an SSP session at
your IdP. Then you need to know from which SP the user came (your flow
does not involve the SP sending a SAML2 authnRequest, so you'll need
that info some other way, e.g. the SP sending along an identifier to
the IdP's registration page) and either point the user agent to the
resource (where protection and SP-initiated flow would start) or start
IdP-initiated SAML2 right then and there.
-peter
> This works great. But I have problems now with implementing Automatic login
> after Sign up.
> The user flow is:
>
> 1. User goes to SP
> after Sign up.
> The user flow is:
>
> 2. Hits sign up button
> 3. User is redirected to the IdP sign up page
> 4. Fills in form
> 5. Send form
> 6. User is created in the database, validate, etc
>
> And now where is the problem, the step 7. should be *- User is redirected
> back as logged in user to the SP.* Here is the thing. I can't simply find
> how to invoke
> the authentication. I haven't found the way how to automatically log in
> user. Do you have any advice? Piece of code, where I can see something like
> that? How does it work?
That's what you asked in the "SSO SimpleSAMLphp + User Registration"
> the authentication. I haven't found the way how to automatically log in
> user. Do you have any advice? Piece of code, where I can see something like
> that? How does it work?
thead crecently, no? Cf. my (and others') suggestions there?
In short: After registration the subject should have an SSP session at
your IdP. Then you need to know from which SP the user came (your flow
does not involve the SP sending a SAML2 authnRequest, so you'll need
that info some other way, e.g. the SP sending along an identifier to
the IdP's registration page) and either point the user agent to the
resource (where protection and SP-initiated flow would start) or start
IdP-initiated SAML2 right then and there.
-peter
Tomas Hertus
Mar 21, 2013, 2:06:44 PM3/21/13
to simple...@googlegroups.com, peter....@univie.ac.at
Hi Peter, thank you for your answer. Yes, I have all this information. I have the authState and Relay state. Its enough to invoke the Login in process?
Peter Schober
Mar 21, 2013, 2:18:57 PM3/21/13
to simple...@googlegroups.com
* Tomas Hertus <hertu...@gmail.com> [2013-03-21 19:06]:
identify the resource at the SP the subject tried to access. But in
your flow there is no SAML2 authnRequest from the SP to the IdP (as I
said before), so that's the content of that?
If you can identify the SP you can send an IdP initiated SSO request,
as per the documentation. If the subject could have accessed different
parts of the resource (and you don't want to send them to the SP's
start page after authentiation) you'd need to communitate that to the
IdP as well.
-peter
> Hi Peter, thank you for your answer. Yes, I have all this
> information. I have the authState and Relay state. Its enough to
> invoke the Login in process?
Don't know from memory what these have but RelayState would usually
> information. I have the authState and Relay state. Its enough to
> invoke the Login in process?
identify the resource at the SP the subject tried to access. But in
your flow there is no SAML2 authnRequest from the SP to the IdP (as I
said before), so that's the content of that?
If you can identify the SP you can send an IdP initiated SSO request,
as per the documentation. If the subject could have accessed different
parts of the resource (and you don't want to send them to the SP's
start page after authentiation) you'd need to communitate that to the
IdP as well.
-peter
Reply all
Reply to author
Forward
0 new messages