Add extra parameters to SSOLogin
1,174 views
Skip to first unread message
jakobsg
Apr 12, 2012, 4:59:13 PM4/12/12
to simpleSAMLphp
Hi
We use simpleSAMLphp on both the client and server side. On the server
side we send SAML requests through a handler that can do some context
switching via query params. So when a client sends a authentication
request to the server we need to be able to add extra url query-string
parameters. We haven't been able to identify any way to do this in the
current stable release of simpleSAMLphp, so we decided to propose a
small patch that supports this feature:
Patch: http://pastebin.com/EygqttsB
Usage example:
/*
* Return the user to the frontpage after authentication, don't post
* the current POST data.
*/
$auth->requireAuth(array(
'ReturnTo' => 'https://sp.example.org/',
'KeepPost' => FALSE,
'ExtraParameters' => array(
'param1' => 'user value one',
'param2' => 'user value two',
);
));
print("Hello, authenticated user!");
https://signon.mv-nordic.com/auth/saml2/idp/SSOService.php?SAMLRequest=fVJNb8IwDP0rVe5tSlugi.....1ktDJ2fL%2Fz03%2BAA%3D%3D&RelayState=https%3A%2F%2Fsp-test.limbosoft.com%2Fwww2%2Flogin.php%3Fidp_service%3Dunilogin%26return_to%3D¶m1=user%20value%20one¶m2=user%20value%20two
It would be nice if you would consider either adding this patch to
simpleSAML or use it for inspiration to make a similar feature.
Best regards
Jakob Simon-Gaarde
We use simpleSAMLphp on both the client and server side. On the server
side we send SAML requests through a handler that can do some context
switching via query params. So when a client sends a authentication
request to the server we need to be able to add extra url query-string
parameters. We haven't been able to identify any way to do this in the
current stable release of simpleSAMLphp, so we decided to propose a
small patch that supports this feature:
Patch: http://pastebin.com/EygqttsB
Usage example:
/*
* Return the user to the frontpage after authentication, don't post
* the current POST data.
*/
$auth->requireAuth(array(
'ReturnTo' => 'https://sp.example.org/',
'KeepPost' => FALSE,
'ExtraParameters' => array(
'param1' => 'user value one',
'param2' => 'user value two',
);
));
print("Hello, authenticated user!");
https://signon.mv-nordic.com/auth/saml2/idp/SSOService.php?SAMLRequest=fVJNb8IwDP0rVe5tSlugi.....1ktDJ2fL%2Fz03%2BAA%3D%3D&RelayState=https%3A%2F%2Fsp-test.limbosoft.com%2Fwww2%2Flogin.php%3Fidp_service%3Dunilogin%26return_to%3D¶m1=user%20value%20one¶m2=user%20value%20two
It would be nice if you would consider either adding this patch to
simpleSAML or use it for inspiration to make a similar feature.
Best regards
Jakob Simon-Gaarde
comel
Apr 13, 2012, 2:45:48 AM4/13/12
to simple...@googlegroups.com
Olav Morken
Apr 13, 2012, 2:53:26 AM4/13/12
to simple...@googlegroups.com
On Thu, Apr 12, 2012 at 13:59:13 -0700, jakobsg wrote:
> Hi
>
> We use simpleSAMLphp on both the client and server side. On the server
> side we send SAML requests through a handler that can do some context
> switching via query params. So when a client sends a authentication
> request to the server we need to be able to add extra url query-string
> parameters. We haven't been able to identify any way to do this in the
> current stable release of simpleSAMLphp, so we decided to propose a
> small patch that supports this feature:
[...]> Hi
>
> We use simpleSAMLphp on both the client and server side. On the server
> side we send SAML requests through a handler that can do some context
> switching via query params. So when a client sends a authentication
> request to the server we need to be able to add extra url query-string
> parameters. We haven't been able to identify any way to do this in the
> current stable release of simpleSAMLphp, so we decided to propose a
> small patch that supports this feature:
> It would be nice if you would consider either adding this patch to
> simpleSAML or use it for inspiration to make a similar feature.
I prefer to avoid adding special "protocol extensions" to simpleSAMLphp.
Could you not transport these parameters through SAML 2.0 extensions in
the AuthnRequest element instead? Your extra parameters would still be
non-standard, but at least they will be transported in a standard
way :)
See: https://groups.google.com/group/simplesamlphp/browse_thread/thread/9256e9e7b66a94a7/2dffdb22f9734ec0
Best regards,
Olav Morken
UNINETT / Feide
Reply all
Reply to author
Forward
0 new messages