Add Custom extensions to SAML request
258 views
Skip to first unread message
Francisco Almeida
Feb 22, 2016, 10:41:18 AM2/22/16
to SimpleSAMLphp
Hi,
I need to add some extensions to my SAML request, but I haven't found the place to do it.
Example:
--------------------------
<samlp:AuthnRequest>
<saml:Issuer>https://example.org</saml:Issuer>
<ds:Signature>
</ds:Signature>
<Extensions>
<!-- Add attributes here -->
</Extensions>
</samlp:AuthnRequest>
--------------------------
Could anyone give me some help on the best way to achieve this goal? Custom module, configuration, or other?
Best regards,
Francisco
Peter Schober
Feb 22, 2016, 11:02:36 AM2/22/16
to SimpleSAMLphp
* Francisco Almeida <fral...@gmail.com> [2016-02-22 16:41]:
-peter
> I need to add some extensions to my SAML request, but I haven't found the
> place to do it.
https://simplesamlphp.org/docs/stable/saml:sp#section_5_8
> place to do it.
-peter
Francisco Almeida
Feb 22, 2016, 8:01:21 PM2/22/16
to SimpleSAMLphp, peter....@univie.ac.at
Hi Peter,
Thanks for your help. However I'm still a little confused in where to use this.
In my case I have a 'saml:SP' that I would like to extend. Should I create my own custom module? What is the best practice for this issue?
Regards,
Francisco
Jaime Perez Crespo
Feb 23, 2016, 3:20:48 AM2/23/16
to simple...@googlegroups.com
Hola Francisco,
> On 23 Feb 2016, at 02:01 AM, Francisco Almeida <fral...@gmail.com> wrote:
> Hi Peter,
>
> Thanks for your help. However I'm still a little confused in where to use this.
>
> In my case I have a 'saml:SP' that I would like to extend. Should I create my own custom module? What is the best practice for this issue?
https://simplesamlphp.org/docs/stable/simplesamlphp-sp
You have to integrate SimpleSAMLphp with your PHP application. To do that, you will write your own code. There is where you can add custom extensions to your SAML request.
--
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
> On 23 Feb 2016, at 02:01 AM, Francisco Almeida <fral...@gmail.com> wrote:
> Hi Peter,
>
> Thanks for your help. However I'm still a little confused in where to use this.
>
> In my case I have a 'saml:SP' that I would like to extend. Should I create my own custom module? What is the best practice for this issue?
You have to integrate SimpleSAMLphp with your PHP application. To do that, you will write your own code. There is where you can add custom extensions to your SAML request.
--
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
Peter Schober
Feb 23, 2016, 4:48:24 AM2/23/16
to SimpleSAMLphp
* Francisco Almeida <fral...@gmail.com> [2016-02-23 02:01]:
where you initiate sessions using SimpleSAMLphp's PHP API.
It's not something done in SimpleSAMLphp's configuration (though since
that's just PHP code as well that could probably be done, somewhere).
How are you triggering SSO now, if not in your own PHP code?
Are you using some application (e.g. Drupal or Wordpress) plus some
module that integrates that with SimpleSAMLphp's API?
If so, that module/extension has the code where SSO is initiated and
that's where you'd need to add the code from the documentation,
adapting it as needed (authsouce name, actual extension data).
So why not start with the simple case by creating an empty file to
your web server hosting your SimpleSAMLphp SP, then add the required
PHP code to that page as per the SimpleSAMLphp documentation Jaime
pointed you to. Then you'll have a handful of lines of code that will
trigger SSO (and SLO, if you add that, too) and you can test the
effect of your added extensions. Only once that all works as desired
look into how to get that code into the right place for your current
application.
-peter
> In my case I have a 'saml:SP' that I would like to extend. Should I create
> my own custom module? What is the best practice for this issue?
The example code from the documentation goes into the PHP code from
> my own custom module? What is the best practice for this issue?
where you initiate sessions using SimpleSAMLphp's PHP API.
It's not something done in SimpleSAMLphp's configuration (though since
that's just PHP code as well that could probably be done, somewhere).
How are you triggering SSO now, if not in your own PHP code?
Are you using some application (e.g. Drupal or Wordpress) plus some
module that integrates that with SimpleSAMLphp's API?
If so, that module/extension has the code where SSO is initiated and
that's where you'd need to add the code from the documentation,
adapting it as needed (authsouce name, actual extension data).
So why not start with the simple case by creating an empty file to
your web server hosting your SimpleSAMLphp SP, then add the required
PHP code to that page as per the SimpleSAMLphp documentation Jaime
pointed you to. Then you'll have a handful of lines of code that will
trigger SSO (and SLO, if you add that, too) and you can test the
effect of your added extensions. Only once that all works as desired
look into how to get that code into the right place for your current
application.
-peter
Francisco Almeida
Mar 2, 2016, 6:57:25 PM3/2/16
to SimpleSAMLphp, peter....@univie.ac.at
Hi Peter,
Thanks for your reply. I am using SimpleSAML with Drupal. I've made the customization in Drupal.
Regards,
Reply all
Reply to author
Forward
0 new messages