SSO with simpleSAMLphp

[Nimmi Sasidharan]

I have two php websites X & Z.  And I want a SSO between these two. ie I dont want to login two times. If I am logged into X it should take me logged in to  Z also. Please help me how to go forward for this with simpleSAML.

[Yørn de Jong]

Hi Nimmi

Your question is a bit vague, but I would say that you need a third «website» Y, which will simply be a SimpleSamlPhp installation configured as IdP [1]. Then you install SimpleSamlPhp on both X and Z and configure them as SP [2] in such a way that they authenticate against Y.

In practice, this means that you will need to put the metadata from Y in saml20-idp-remote.php on X and Z, and both metadata from X and Z in saml20-sp-remote.php on Y. Refer to the documentation on how to obtain metadata from SimpleSamlPhp; metadata is generated automatically.

For more advanced configuration, just look at [3], there is a lot documented on the SimpleSamlPhp homepage.

Yørn

[1] https://simplesamlphp.org/docs/stable/simplesamlphp-idp
[2] https://simplesamlphp.org/docs/stable/simplesamlphp-sp
[3] https://simplesamlphp.org/docs/stable/

3. mars 2014 kl. 06:51 skrev Nimmi Sasidharan <ni...@qburst.com>:

I have two php websites X & Z.  And I want a SSO between these two. ie I dont want to login two times. If I am logged into X it should take me logged in to  Z also. Please help me how to go forward for this with simpleSAML.

--
You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
To post to this group, send email to simple...@googlegroups.com.
Visit this group at http://groups.google.com/group/simplesamlphp.
For more options, visit https://groups.google.com/groups/opt_out.

[Nimmi Sasidharan]

Thanks for your advise .

Form my understanding I need to follow the below steps for my requirement .

Set up a new website with SimpleSAML as IDP.
Configure the other two sites as SP.
Authenticate SP's against IDP's.

How can I test if SSO is working after these steps?

Please help

[Bhagwat, Shrikant]

SimpleSAML_Error_Error: UNHANDLEDEXCEPTION

Backtrace:

0 /idm/qa12/htdocs/idmt/simplesamlphp-1.11.0/www/module.php:180 (N/A)

Caused by: Exception: Unable to find the current binding.

Backtrace:

2 /idm/qa12/htdocs/idmt/simplesamlphp-1.11.0/lib/SAML2/Binding.php:95 (SAML2_Binding::getCurrentBinding)

1 /idm/qa12/htdocs/idmt/simplesamlphp-1.11.0/modules/saml/www/sp/saml2-logout.php:23 (require)

0 /idm/qa12/htdocs/idmt/simplesamlphp-1.11.0/www/module.php:135 (N/A)

 

 

I am getting above error while doing diagnostic test.

 

Shrikant Bhagwat

Application Programmer/Analyst Sr.

Identity Management Team

Medical Center Information Technology (MCIT)

University of Michigan Health System, Ann Arbor, MI

Office # 734-615-2391

Cell # 734-276-6563

**********************************************************
Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues

[Yørn de Jong]

Hi Shirkant

Questions on this list are answered by people volunteering their time to help others. Simply sending error messages and expecting others to fix your problems is not how it works when you ask for voluntary help; you are expected to do your own research first and try. If you do that and run into problems, we will gladly help you. Especially mailing the same exception twice in two different threads in two different formats is something that is not appreciated, please don’t do it again.

As for your problem, you didn’t specify, but I expect this error showed up on the SP? In my experience, it is often a redirect problem. Do you force HTTPS but specified HTTP in the metadata maybe? Sorry I don’t have a more precise answer for you but just going on an exception this is all I can come up with. I answered a similar question on Stack Overflow, maybe it applies to you as well? [1]

Yørn

[1] http://stackoverflow.com/questions/19547602/simplesamlphp-unhandled-exception-error-while-using-as-sp/22153768

3. mars 2014 kl. 15:27 skrev Bhagwat, Shrikant <shrb...@med.umich.edu>:

> SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
> Backtrace:
> 0 /idm/qa12/htdocs/idmt/simplesamlphp-1.11.0/www/module.php:180 (N/A)
> Caused by: Exception: Unable to find the current binding.
> Backtrace:
> 2 /idm/qa12/htdocs/idmt/simplesamlphp-1.11.0/lib/SAML2/Binding.php:95 (SAML2_Binding::getCurrentBinding)
> 1 /idm/qa12/htdocs/idmt/simplesamlphp-1.11.0/modules/saml/www/sp/saml2-logout.php:23 (require)
> 0 /idm/qa12/htdocs/idmt/simplesamlphp-1.11.0/www/module.php:135 (N/A)
>
>
> I am getting above error while doing diagnostic test.
>

[Bhagwat, Shrikant]

How do I test whether my SP is configured correctly. It prompt for IDP Login ID & Password. After successful authentication, it show the blank screen

Shrikant Bhagwat
Application Programmer/Analyst Sr.
Identity Management Team
Medical Center Information Technology (MCIT)
University of Michigan Health System, Ann Arbor, MI
Office # 734-615-2391
Cell # 734-276-6563

[Dick Visser]

On 3 March 2014 19:27, Bhagwat, Shrikant <shrb...@med.umich.edu> wrote:
> How do I test whether my SP is configured correctly. It prompt for IDP Login ID & Password. After successful authentication, it show the blank screen

If it is configured correctly, you shouldn't see a blank screen.
So you need to fix that.


--
Dick Visser
System & Networking Engineer
TERENA Secretariat
Singel 468 D, 1017 AW Amsterdam
The Netherlands

[Bhagwat, Shrikant]

https://simplesamlphp.org/docs/stable/simplesamlphp-sp

Followed above instructions, Step # 5 gives blank screen with following URL

http://p-idmthome-nc1.med.umich.edu/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp


Any advise ???

-----Original Message-----
From: simple...@googlegroups.com [mailto:simple...@googlegroups.com] On Behalf Of Dick Visser
Sent: Tuesday, March 04, 2014 5:21 AM
To: simplesamlphp
Subject: Re: SSO with simpleSAMLphp

--
You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
To post to this group, send email to simple...@googlegroups.com.
Visit this group at http://groups.google.com/group/simplesamlphp.
For more options, visit https://groups.google.com/groups/opt_out.

[Jaime Pérez Crespo]

Hi,

On 04 Mar 2014, at 14:59 pm, Bhagwat, Shrikant <shrb...@med.umich.edu> wrote:
> https://simplesamlphp.org/docs/stable/simplesamlphp-sp
>
> Followed above instructions, Step # 5 gives blank screen with following URL
>
> http://p-idmthome-nc1.med.umich.edu/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp
>
> Any advise ???

Check the logs of your web server. That’s the first thing you should do when you get a blank page when invoking a PHP script.

The most probable reason is a syntax error in your configuration file, but you really need to check your log files in order to know.

--
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no

"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost

[Bhagwat, Shrikant]

Where are logs located

Log folder is empty
Just _placeholder.php file

Shrikant Bhagwat
Application Programmer/Analyst Sr.
Identity Management Team
Medical Center Information Technology (MCIT)
University of Michigan Health System, Ann Arbor, MI
Office # 734-615-2391
Cell # 734-276-6563

-----Original Message-----
From: simple...@googlegroups.com [mailto:simple...@googlegroups.com] On Behalf Of Jaime Pérez Crespo
Sent: Tuesday, March 04, 2014 12:40 PM
To: simple...@googlegroups.com
Subject: Re: SSO with simpleSAMLphp

[Yørn de Jong]

You can configure where SimpleSamlPhp logs its errors. Refer to the config file and the documentation. For a white page, however, I would look in the webserver logs of the webserver presenting the white page. White pages mean PHP error very often.
--
Yørn

4. mars 2014 kl. 19:44 skrev Bhagwat, Shrikant <shrb...@med.umich.edu>:

> Where are logs located
>
> Log folder is empty
> Just _placeholder.php file
>

[Bhagwat, Shrikant]

[Wed Mar 05 08:51:11 2014] [error] [client 10.51.69.245] PHP Parse error: syntax error, unexpected T_FUNCTION in /idm/qa12/htdocs/idmt/simplesamlphp-1.11.0/modules/core/lib/Auth/Process/GenerateGr
oups.php on line 139

Shrikant Bhagwat
Application Programmer/Analyst Sr.
Identity Management Team
Medical Center Information Technology (MCIT)
University of Michigan Health System, Ann Arbor, MI
Office # 734-615-2391
Cell # 734-276-6563

[Thijs Kinkhorst]

Hi,

On Wed, 5 Mar 2014 13:56:55 +0000, "Bhagwat, Shrikant"
<shrb...@med.umich.edu> wrote:
> [Wed Mar 05 08:51:11 2014] [error] [client 10.51.69.245] PHP Parse
error:
> syntax error, unexpected T_FUNCTION in
>
/idm/qa12/htdocs/idmt/simplesamlphp-1.11.0/modules/core/lib/Auth/Process/GenerateGr
> oups.php on line 139

You may be using an old PHP version. You can either upgrade to PHP 5.3 or
higher (useful because newer simpleSAMLphp versions require this anyway) or
comment out the core:GenerateGroups authproc filter in config/config.php if
you're not using that filter.


Cheers,
Thijs

--
Thijs Kinkhorst <th...@uvt.nl> – LIS Unix

Universiteit van Tilburg – Library and IT Services
Bezoekadres > Warandelaan 2 • Tel. 013 466 3035 • G 236

[Bhagwat, Shrikant]

comment out the core:GenerateGroups authproc filter in config/config.php if you're not using that filter.

This fixed it Thank You

--
You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
To post to this group, send email to simple...@googlegroups.com.
Visit this group at http://groups.google.com/group/simplesamlphp.
For more options, visit https://groups.google.com/groups/opt_out.