simpleSAMLphp and OpenID Connect

[Todd Armstrong]

Is it possible to setup an authsource configuration, etc. that will allow my simpleSAMLphp service provider application to function properly as a relying party in an OpenID Connect environment?

We have this service provider application functioning with SAML IdP and OpenID Providers, but not sure were/how to get started with OpenID Connect.

I found the post below in Jan 25th status report post on Fiede R&D, but am not seeing anything that looks like it is related to it in poking around in simpleSAMLphp 1.11 source.

** From Post ***

RedIRIS will perform an implementation of OpenID Connect that will be coordinated with the test fascility. RedIRIS already have experience and a library for Oauth 2.0, and will make use of that. They will also make an simpleSAMLphp module to make it very easy for enabling OpenID Connect support in an existing IdP or SP running SSP.

** End From Post **

Todd

[Ajay Daryanani]

Hi Todd,

On Aug 22, 2013, at 6:56 PM, Todd Armstrong wrote:

I found the post below in Jan 25th status report post on Fiede R&D, but am not seeing anything that looks like it is related to it in poking around in simpleSAMLphp 1.11 source.

** From Post ***

RedIRIS will perform an implementation of OpenID Connect that will be coordinated with the test fascility. RedIRIS already have experience and a library for Oauth 2.0, and will make use of that. They will also make an simpleSAMLphp module to make it very easy for enabling OpenID Connect support in an existing IdP or SP running SSP.

Regarding the post: there was this plan back in January last year, to implement OpenID Connect support for simpleSAMLphp within the GN3 project (http://www.geant.net). Unfortunately, RedIRIS wasn't able to follow the plan for different reasons (nothing technical, mainly due to lack of resources).

Cheers,

Ajay

-- 
=============================================
Ajay Daryanani Arjandas
Area de Middleware
RedIRIS / Red.es

Edificio Bronce
Plaza de Manuel Gómez Moreno, s/n - 2ª planta
28020 Madrid

Tel.: 91 212 76 20 (Ext. 5541)
Fax : 91 212 79 16
e-mail: ajay.da...@rediris.es
jid: ajay.da...@rediris.es

http://www.rediris.es
=============================================

[Todd Armstrong]

[Todd Armstrong]

This has came up again in my company, so I am checking back to see if there has been any movement on building/including support for OpenID Connect in simpleSAMLphp in the near future or if anyone has been down this path outside of the core code and can provide some insight on the complexity of going there on our own?

On Thursday, August 22, 2013 11:56:05 AM UTC-5, Todd Armstrong wrote:

[olivier...@renater.fr]

Hello,

Since Google authentication service is now based on OpenID Connect we are looking for an OpenID Connect module for simpleSAMLphp.

Is anybody currently working on it?

If not, we might consider developing the module.

Thanks.

Le vendredi 23 août 2013 08:30:52 UTC+2, Ajay Daryanani a écrit :

[…]

[MaartenK]

Hi Olivier, all,

I do more or less have the same question: In our case we would like start on OpenID connect module for SSP in which oidc is used towards the Relying Party / Service Provide (and SAML at the IdP side), so it's basically the same use-case as in Todd's original mail on this topic (22 aug 2013). 

The flow Olivier mentions (which is the other way around as i interpret) would be a second step for us. 

So my question is a well: Is anybody already currently working on it? Otherwise we have some plans to start working on the first step.

Cheers & Thanks,

 Maarten 

Op vrijdag 27 juni 2014 14:24:15 UTC+2 schreef olivier...@renater.fr:

[Alex Stuart]

Hi Maarten, Olivier, and all,

A project I'm working on uses the current google openid authentication source and may need to use google OpenID Connect as an IdP in a SAML federation. There's a meeting next week where I'll find out whether this is required & what resources are available for working on it. Has anyone made progress on such a module? Any specific areas that might need assistance?

Regards,
Alex

[Sylvain Medard]

Hi,

I'm a student in informatic development and as part of my internship, I try to develop a simplesamlphp authentification module based on Google specification / OpenID Connect. I also based my work on the Google client library : https://github.com/google/google-api-php-client .

You can find my work on my github fork : https://github.com/sylvainmed/simplesamlphp/tree/master/modules/authgoogle .

Regards,
-sylvain

[Alex Stuart]

Hi Sylvain

Thanks for sharing. Is this code released under the LGPL like the majority of the SSP code? Or the apache 2 license like the google api code. The project I'm working on will release any development as open source & I'm just trying to work out which license this goes under.

Cheers,
Alex

[Hanák Péter]

Hi Sylvain,

In our R&D project, we also need a Google OpenID Connect module for SimpeSAMLphp. Can you tell us a few words about the readiness of your development? What can be used, what is missing?

Further, I would like to download ONLY the content of the folder 'authgoogle' from GitHub. I am not a GitHub user; I have tried, for example,

svn export https://github.com/sylvainmed/simplesamlphp/tree/master/modules/authgoogle

(see http://stackoverflow.com/questions/7106012/download-a-single-folder-or-directory-from-a-github-repo)

but it failed with an error message.

svn: E170000: URL 'https://github.com/sylvainmed/simplesamlphp/tree/master/modules/authgoogle' doesn't exist

Can you or someone else help me?

Thank you,

Peter Hanak

--
You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
To post to this group, send email to simple...@googlegroups.com.
Visit this group at http://groups.google.com/group/simplesamlphp.
For more options, visit https://groups.google.com/d/optout.

[Peter Schober]

* Hanák Péter <peter...@gmail.com> [2014-09-08 17:12]:

> Further, I would like to download ONLY the content of the folder
> 'authgoogle' from GitHub. I am not a GitHub user; I have tried, for
> example,
>
> svn export https://github.com/sylvainmed/simplesamlphp/tree/master/modules/authgoogle
>
> (see http://stackoverflow.com/questions/7106012/download-a-single-folder-or-directory-from-a-github-repo)
>
> but it failed with an error message.
>
> svn: E170000: URL 'https://github.com/sylvainmed/simplesamlphp/tree/master/modules/authgoogle'
> doesn't exist

The very page from stackoverflow you quote above has the answer to
your question (first comment to first answer).
-peter

[Hanák Péter]

Thanks! I did read it but did not understand it. A second look now has
made everything clear: I shoud replace 'tree/master' by 'trunk' in the
'svn export ...' (repeated for others).

Thank you again.

Peter Hanak

[pla...@acipia.com]

A bit old topic !
Just to confirm it works great. Just had to change "include" paths from absolute to relative.

Pierre