SSO with SAML
45 views
Skip to first unread message
Raju Singh
Nov 8, 2012, 11:57:50 PM11/8/12
to simplesamlphp
Hi Guys,
Can you please assist on some documentation (real implementation) for
setting up the SSO using SAML?
My Scenario is:
I have 3 Applications, 1 Portal (which contains the links to all 3
Apps). Once the user logs into the Portal, he can see the links and
clicks it to open it. These application will not propmt for the
password.
Please assist.
Can you please assist on some documentation (real implementation) for
setting up the SSO using SAML?
My Scenario is:
I have 3 Applications, 1 Portal (which contains the links to all 3
Apps). Once the user logs into the Portal, he can see the links and
clicks it to open it. These application will not propmt for the
password.
Please assist.
Peter Schober
Nov 9, 2012, 2:28:32 AM11/9/12
to simplesamlphp
* Raju Singh <arj...@gmail.com> [2012-11-09 05:57]:
> My Scenario is:
>
> I have 3 Applications, 1 Portal (which contains the links to all 3
> Apps). Once the user logs into the Portal, he can see the links and
> clicks it to open it. These application will not propmt for the
> password.
You'll need to set up SimpleSAMLphp (SSP) as a Service Provider (SP)
for each of your applications.
How to do this depends on your applications. For some applications
there already exist modules or plugins which do the integration work
for you. You'll still need to install and configure SSP for each
application.
As for authentication and the portal: With SAML you commonly
authenticate at the SAML Identity Provider (IdP) and only there. So I
see 2 possible ways to achive what you want:
a. Adapt the portal to defer authentication to a SAML IdP itself
(which could be co-located with the portal and integrated visually, to
it apprears to be part of the portal), so that if effectvely becomes a
SAML SP, like your 3 applications will need to be come.
or
b. Integrate the portal as external authentication method for your
SAML IdP. You'll need to develop some code e.g. based on the examples
provided with SSP.
I'd suggest to proceed as follows:
1. Install and configure SSP for 1 of the 3 applications, using the
openipd.feide.no SAML IdP. Once that works get the other 2 apps done.
2. Install and configure your own SSP IdP and integrate your 3
applications with it.
1 + 2 will keep you busy for a while.
3. Only then decide on a. or b. and implement accordingly.
cheers,
-peter
> Can you please assist on some documentation (real implementation) for
> setting up the SSO using SAML?
Start with the existing documentation.
> setting up the SSO using SAML?
> My Scenario is:
>
> I have 3 Applications, 1 Portal (which contains the links to all 3
> Apps). Once the user logs into the Portal, he can see the links and
> clicks it to open it. These application will not propmt for the
> password.
for each of your applications.
How to do this depends on your applications. For some applications
there already exist modules or plugins which do the integration work
for you. You'll still need to install and configure SSP for each
application.
As for authentication and the portal: With SAML you commonly
authenticate at the SAML Identity Provider (IdP) and only there. So I
see 2 possible ways to achive what you want:
a. Adapt the portal to defer authentication to a SAML IdP itself
(which could be co-located with the portal and integrated visually, to
it apprears to be part of the portal), so that if effectvely becomes a
SAML SP, like your 3 applications will need to be come.
or
b. Integrate the portal as external authentication method for your
SAML IdP. You'll need to develop some code e.g. based on the examples
provided with SSP.
I'd suggest to proceed as follows:
1. Install and configure SSP for 1 of the 3 applications, using the
openipd.feide.no SAML IdP. Once that works get the other 2 apps done.
2. Install and configure your own SSP IdP and integrate your 3
applications with it.
1 + 2 will keep you busy for a while.
3. Only then decide on a. or b. and implement accordingly.
cheers,
-peter
Raju Singh
Nov 9, 2012, 4:35:41 AM11/9/12
to simple...@googlegroups.com
I have Openldap as identity provider.
Do you have any such use case for the integration?
Regards
Do you have any such use case for the integration?
Regards
--To view this discussion on the web visit https://groups.google.com/d/msg/simplesamlphp/-/Mwn4lf8fgvMJ.
You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.
To post to this group, send email to simple...@googlegroups.com.
To unsubscribe from this group, send email to simplesamlph...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/simplesamlphp?hl=en.
Jaime Pérez Crespo
Nov 9, 2012, 4:45:32 AM11/9/12
to simple...@googlegroups.com
Hi,
On Nov 9, 2012, at 10:35 AM, Raju Singh <arj...@gmail.com> wrote:
I have Openldap as identity provider.
Do you have any such use case for the integration?
That's the most usual indeed, I think. OpenLDAP won't be the identity provider, but the backend which stores all the identity data and performs authentication by validating the user's credentials.
You must configure simpleSAMLphp to use the LDAP module, and configure it accordingly. Please check the documentation:
Regards,
--
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
- Robert Frost
Reply all
Reply to author
Forward
0 new messages