Connect simpleSAML with my own website form
618 views
Skip to first unread message
Nebu
Nov 5, 2014, 5:13:54 AM11/5/14
to simple...@googlegroups.com
Hi, I need to use simpleSAML for SSO.
I installed simpleSAML and setted all with the website where I like to be logged.
It works good, but now I would like to connect a form of mine to the system (in the server where I installed simpleSAML) to be able to login in my website and be logged also in the external website.
My question is, how can I connect my website (which is in the same server to simpleSAML) with simpleSAML authentication? In my form I ask just username and password as simpleSAML test form.
Any suggestion?
Thanks in advance.
Peter Schober
Nov 5, 2014, 9:19:52 AM11/5/14
to simple...@googlegroups.com
* Nebu <mario.a...@gmail.com> [2014-11-05 11:13]:
all SAML SPs use that IDP for their authentication needs.
I.e., you rewrite the resource/application to not ask for credentials
and make use of SimpleSAMLphp SP API to integrate it with the IDP.
If you don't care about SSO and the resource/application/SP is your
own (same as the IDP) and they're all on the same server anyway, you
could of course keep authentication local to the resource/application
and point it to the same authentication source that your IDP Is using
(e.g. an LDAP directory or a table in an RDBMS).
-peter
> My question is, how can I connect my website (which is in the same
> server to simpleSAML) with simpleSAML authentication? In my form I
> ask just username and password as simpleSAML test form.
The generic answer is that you authenticate at the SAML IDP and make
> server to simpleSAML) with simpleSAML authentication? In my form I
> ask just username and password as simpleSAML test form.
all SAML SPs use that IDP for their authentication needs.
I.e., you rewrite the resource/application to not ask for credentials
and make use of SimpleSAMLphp SP API to integrate it with the IDP.
If you don't care about SSO and the resource/application/SP is your
own (same as the IDP) and they're all on the same server anyway, you
could of course keep authentication local to the resource/application
and point it to the same authentication source that your IDP Is using
(e.g. an LDAP directory or a table in an RDBMS).
-peter
Nebu
Nov 5, 2014, 11:05:19 AM11/5/14
to simple...@googlegroups.com, peter....@univie.ac.at
Hi, thanks for your reply.
I tried to connect my authentication form with as_login.php so
<form name="f" id="vle-registration" method="POST" action="http://www.mywebsite/simplesaml/module.php/core/as_login.php?AuthId=myauthinstance&ReturnTo=https://sitetoconnect.com/Index.aspx">But I have a redirect to the login page
I cannot be autenticated.
I tried also to write my own autentication page
This is my code.
But I have the same problem, instead of to be logged I have a redirect to the simpleSAMLphp login page.
Any idea?
Thanks
Regards
Mario
Dick Visser
Nov 5, 2014, 1:26:34 PM11/5/14
to simplesamlphp
On 5 November 2014 17:05, Nebu <mario.a...@gmail.com> wrote:
> Hi, thanks for your reply.
> I tried to connect my authentication form with as_login.php so
>
> <form name="f" id="vle-registration" method="POST"
> action="http://www.mywebsite/simplesaml/module.php/core/as_login.php?AuthId=myauthinstance&ReturnTo=https://sitetoconnect.com/Index.aspx">
>
>
> But I have a redirect to the login page
>
> http://tinypic.com/r/rs7ryc/8
>
> I cannot be autenticated.
>
>
>
> I tried also to write my own autentication page
>
> This is my code.
>
> http://pastebin.com/9DMMNtDb
>
> But I have the same problem, instead of to be logged I have a redirect to
> the simpleSAMLphp login page.
This is exactly what is supposed to happen.
> Hi, thanks for your reply.
> I tried to connect my authentication form with as_login.php so
>
> <form name="f" id="vle-registration" method="POST"
> action="http://www.mywebsite/simplesaml/module.php/core/as_login.php?AuthId=myauthinstance&ReturnTo=https://sitetoconnect.com/Index.aspx">
>
>
> But I have a redirect to the login page
>
> http://tinypic.com/r/rs7ryc/8
>
> I cannot be autenticated.
>
>
>
> I tried also to write my own autentication page
>
> This is my code.
>
> http://pastebin.com/9DMMNtDb
>
> But I have the same problem, instead of to be logged I have a redirect to
> the simpleSAMLphp login page.
You authenticate at the IdP, which is a different site.
If it's not, then Peter's comments apply and you could just use local
logins and don't use SimpleSAMLphp at all.
What you're trying to do in the above code (capturing
username/password and using these to log in) is called phishing.
--
Dick Visser
Sr. System & Networking Engineer
GÉANT Association, Amsterdam Office (formerly TERENA)
Singel 468D, 1017 AW Amsterdam, the Netherlands
Tel: +31 (0) 20 530 4488
GÉANT Association
Networking. Services. People.
Learn more at: http://www.geant.org
Peter Schober
Nov 6, 2014, 5:12:56 AM11/6/14
to simple...@googlegroups.com
* Nebu <mario.a...@gmail.com> [2014-11-05 17:05]:
-peter
> I tried to connect my authentication form with as_login.php so
>
> <form name="f" id="vle-registration" method="POST" action=
Try using the documentation.
>
> <form name="f" id="vle-registration" method="POST" action=
-peter
Nebu
Nov 6, 2014, 5:25:41 AM11/6/14
to simple...@googlegroups.com, peter....@univie.ac.at
Hi thanks for the answer.
I do not know if it is phishing, my goal is just have a login form, where my clients are able to logon, and have access to the second website without need to see the simplesaml frontend.
I am sorry if my question is stupid, but I am not an expert and it is the first time I use simpleSAMLphp. I read official documentation but I did not understand how to proceed.
Any suggestion?
Thanks
Regards
Jaime Pérez Crespo
Nov 6, 2014, 5:49:31 AM11/6/14
to simple...@googlegroups.com
Hi,
Maybe the documentation is not very helpful if you don’t really know what an identity federation is or how single-sign-on works.
What you need is:
- An Identity Provider (IdP). That’s where your users authenticate. This can be a SimpleSAMLphp instance connected to a database or directory. The login form will be there, and you can customize it to your liking.
- A Service Provider (SP) for each of the applications that will delegate authentication to the IdP. Those can also be instances of SimpleSAMLphp. The applications must use PHP if you want to use SimpleSAMLphp, and you just use the PHP API that SimpleSAMLphp providers to ask for authentication. SSP handles the rest of the process. If any of your applications is not written in PHP, then you need to find a SAML library suitable for that language, but since SimpleSAMLphp uses the SAML standard, there should be no interoperability issues.
Now that you know what you need, I suggest you to dive into the documentation and setup the different parts of your system. If you have more specific questions while you are working on it, you can of course ask us.
Regards,
--
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
Maybe the documentation is not very helpful if you don’t really know what an identity federation is or how single-sign-on works.
What you need is:
- An Identity Provider (IdP). That’s where your users authenticate. This can be a SimpleSAMLphp instance connected to a database or directory. The login form will be there, and you can customize it to your liking.
- A Service Provider (SP) for each of the applications that will delegate authentication to the IdP. Those can also be instances of SimpleSAMLphp. The applications must use PHP if you want to use SimpleSAMLphp, and you just use the PHP API that SimpleSAMLphp providers to ask for authentication. SSP handles the rest of the process. If any of your applications is not written in PHP, then you need to find a SAML library suitable for that language, but since SimpleSAMLphp uses the SAML standard, there should be no interoperability issues.
Now that you know what you need, I suggest you to dive into the documentation and setup the different parts of your system. If you have more specific questions while you are working on it, you can of course ask us.
Regards,
--
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
Nebu
Nov 6, 2014, 5:59:58 AM11/6/14
to simple...@googlegroups.com
Hi, thanks a lot for your help, I really appreciate.
I think to already done what you wrote. When I test my work on silmpleSAML Test authentication sources, it works good.
If I log on, using that login form I am able to enter in the second website with no problem.
What I am not able to do is how to customize my login form.
I wrote a easy login form and I am sending my $_POST data to this page
But instead of be logged I have just a redirect to the simpleSAML default login form.
If I create my own page to log in
as i read in the documentation
step 6, I have the same problem, not logged but just a redirect to the silmpleSAML Test authentication login.
Can you help me please?
Thanks
Regards
Nebu
Nov 6, 2014, 6:05:55 AM11/6/14
to simple...@googlegroups.com
I wrote a custom authentication
https://simplesamlphp.org/docs/stable/simplesamlphp-customauth
https://simplesamlphp.org/docs/stable/simplesamlphp-customauth
and it is connected to a database, it works good on silmpleSAML Test authentication sources.
Sorry, I forgot to say it, maybe it is important to understand what I am trying to do.
Sorry, I forgot to say it, maybe it is important to understand what I am trying to do.
Thanks
Regards
Jaime Pérez Crespo
Nov 6, 2014, 6:39:28 AM11/6/14
to simple...@googlegroups.com
Hi again,
> On 06 Nov 2014, at 11:59 am, Nebu <mario.a...@gmail.com> wrote:
> I think to already done what you wrote. When I test my work on silmpleSAML Test authentication sources, it works good.
>
> If I log on, using that login form I am able to enter in the second website with no problem.
> What I am not able to do is how to customize my login form.
>
> I wrote a easy login form and I am sending my $_POST data to this page
>
> http://www.mywebsite/simplesaml/module.php/core/as_login.php?AuthId=myauthinstance&ReturnTo=https://sitetoconnect.com/Index.aspx
>
> But instead of be logged I have just a redirect to the simpleSAML default login form.
Which is completely normal. You are not supposed to create your own form and post it to the login form, but to create your own theme and use it in SimpleSAMLphp.
That’s just wrong. You are not supposed to handle credentials in any way, you just call the library when you want to authenticate the user. And you should not need to use the login() function.
I really hope you are not using the documentation of version 1.5, that’s really, really old. Use stable instead.
> step 6, I have the same problem, not logged but just a redirect to the silmpleSAML Test authentication login.
Step 6 explains how to integrate SimpleSAMLphp in your own PHP application, not how to customize the login form. For customization, see
https://simplesamlphp.org/docs/stable/simplesamlphp-theming
> On 06 Nov 2014, at 11:59 am, Nebu <mario.a...@gmail.com> wrote:
> I think to already done what you wrote. When I test my work on silmpleSAML Test authentication sources, it works good.
>
> If I log on, using that login form I am able to enter in the second website with no problem.
> What I am not able to do is how to customize my login form.
>
> I wrote a easy login form and I am sending my $_POST data to this page
>
> http://www.mywebsite/simplesaml/module.php/core/as_login.php?AuthId=myauthinstance&ReturnTo=https://sitetoconnect.com/Index.aspx
>
> But instead of be logged I have just a redirect to the simpleSAML default login form.
That’s just wrong. You are not supposed to handle credentials in any way, you just call the library when you want to authenticate the user. And you should not need to use the login() function.
I really hope you are not using the documentation of version 1.5, that’s really, really old. Use stable instead.
> step 6, I have the same problem, not logged but just a redirect to the silmpleSAML Test authentication login.
https://simplesamlphp.org/docs/stable/simplesamlphp-theming
Nebu
Nov 6, 2014, 6:58:48 AM11/6/14
to simple...@googlegroups.com
Thank you very much, then what I need to do is just customize with a new theme the login form, I do not need to write a new login page.
Great, now I try.
Thank again
Regards
Reply all
Reply to author
Forward
0 new messages