Anyone who integrated Simplesamlphp with joomla or drupal??
1,414 views
Skip to first unread message
lavi_musiclife
Sep 10, 2009, 4:48:04 AM9/10/09
to simpleSAMLphp
Please let me know any person who has successfully integrated
Simplesamlphp with joomla or drupal??
Please start writing from Yes or No.
thanks
Simplesamlphp with joomla or drupal??
Please start writing from Yes or No.
thanks
Snorre Løvås
Sep 10, 2009, 4:52:32 AM9/10/09
to simple...@googlegroups.com
Solberg Andreas Åkre
Sep 10, 2009, 4:55:39 AM9/10/09
to simple...@googlegroups.com
On 10. sep.2009, at 10:52, Snorre Løvås wrote:
Please start writing from Yes or No.
Yes? http://code.google.com/p/drupalsimplesaml/
There is work on joomla integration as well. Pretty sure it was discussed on this list.
Andreas
lavi_musiclife
Sep 11, 2009, 6:01:35 AM9/11/09
to simpleSAMLphp
Hello Andreas,
thanks for your response. Can i see the website
in which you have integrated simplesamlphp with drupal??. I found
following link from the the above link
https://ow.feide.no/simplesamlphp:drupal
can you tell me how to configure simplesamlphp as a memcache handler
as written here https://ow.feide.no/simplesamlphp:drupal
??
thanks
Harlin
thanks for your response. Can i see the website
in which you have integrated simplesamlphp with drupal??. I found
following link from the the above link
https://ow.feide.no/simplesamlphp:drupal
can you tell me how to configure simplesamlphp as a memcache handler
as written here https://ow.feide.no/simplesamlphp:drupal
??
thanks
Harlin
Snorre Løvås
Sep 11, 2009, 2:46:32 PM9/11/09
to simple...@googlegroups.com
Install memcached. Search for instructions for your os/distro:
http://www.google.com/search?q=install+memcached
Edit your simpleSAMLphp's config.php:
/*
* This configuration option allows you to select which session handler
* SimpleSAMLPHP should use to store the session information. Currently
* we have two session handlers:
* - 'phpsession': The default PHP session handler.
* - 'memcache': Stores the session information in one or more
* memcache servers by using the MemcacheStore class.
*
* The default session handler is 'phpsession'.
*/
'session.handler' => 'phpsession',
Change session.handler to memcache.
As far as I can remember that was all I did to make it work.
Regards,
Stefano Gargiulo
Sep 12, 2009, 5:39:23 PM9/12/09
to simple...@googlegroups.com
i'm finishing to write a Joomla/simpleSAMLphp plugin... i'll post the
source link on this mailing list in this week...
bye,
Stefano.
lavi_musiclife ha scritto:
source link on this mailing list in this week...
bye,
Stefano.
lavi_musiclife ha scritto:
Harleen Singh
Sep 13, 2009, 6:13:43 AM9/13/09
to simple...@googlegroups.com
Hey thanks for your efforts i will wait for your response.
thanks
Lavi
Justin Steward
Sep 13, 2009, 8:49:40 PM9/13/09
to simple...@googlegroups.com
Very interested to see the results of your work on this. We do a lot of work with Joomla, so this would be very beneficial for us.
Regards,
Justin
Regards,
Justin
Harleen Singh
Sep 14, 2009, 1:30:53 AM9/14/09
to simple...@googlegroups.com
Stefano,
It's my pleasure to help you on writing simplesamlphp/joomla plugin.I am ready to work under your guidance. Let me know if you need my help.
thanks
Lavi
It's my pleasure to help you on writing simplesamlphp/joomla plugin.I am ready to work under your guidance. Let me know if you need my help.
thanks
Lavi
Miroslav Milinovic
Sep 14, 2009, 3:48:26 AM9/14/09
to simple...@googlegroups.com
Hi all!
I was following the discussion on integration of SSP with Joomla.
Our work on this has been stopped for now but the current results are
publicly available at
http://developer.aaiedu.hr/faq/joomla-SSO.html
regards
Miroslav Milinovic, Srce
AAI@EduHr
I was following the discussion on integration of SSP with Joomla.
Our work on this has been stopped for now but the current results are
publicly available at
http://developer.aaiedu.hr/faq/joomla-SSO.html
regards
Miroslav Milinovic, Srce
AAI@EduHr
Harleen Singh
Sep 14, 2009, 7:45:24 AM9/14/09
to simple...@googlegroups.com
Miroslav Milinovic
The result you have searched is already tried by me. I was unsucessfull let me know if you get sucess.
thanks
The result you have searched is already tried by me. I was unsucessfull let me know if you get sucess.
thanks
Stefano Gargiulo
Sep 14, 2009, 11:57:31 AM9/14/09
to simple...@googlegroups.com
Sure, the collaboration on project is open to anyone, i'm creating a
project on kenai, i'll insert you in the members..
Anyone can write to me for ask the membership..
Stefano.
Harleen Singh ha scritto:
project on kenai, i'll insert you in the members..
Anyone can write to me for ask the membership..
Stefano.
Harleen Singh ha scritto:
Stefano Gargiulo
Sep 14, 2009, 12:02:29 PM9/14/09
to simple...@googlegroups.com
Yes i read this article before starting...
I had problems with sessions too, but i solved it doing some magics:
static class properties for bridging simplesamlphp session data to
joomla session..
(the goal of my extension is to not require any joomla-base-code
modification: an installation like a normal joomla extension installation)
you'll get a more clear explaination when i publish the first stable
version of the code.. (maybe tomorrow )
bye,
Stefano.
Miroslav Milinovic ha scritto:
I had problems with sessions too, but i solved it doing some magics:
static class properties for bridging simplesamlphp session data to
joomla session..
(the goal of my extension is to not require any joomla-base-code
modification: an installation like a normal joomla extension installation)
you'll get a more clear explaination when i publish the first stable
version of the code.. (maybe tomorrow )
bye,
Stefano.
Miroslav Milinovic ha scritto:
Golu
Sep 15, 2009, 12:57:16 AM9/15/09
to simpleSAMLphp
I am currently working on integrating Joomla with Google apps (SSO).
I will be waiting for the stable version of the code which you gonna
upload soon.
I can also work along with you on this project.
Thanks Stefano for your kind gesture and generosity.
Regards,
Jitendra Morandani
Boudewijn Ector
Sep 15, 2009, 10:12:44 AM9/15/09
to simple...@googlegroups.com
Hi All,
Well, the title says it almost .... I've installed the consent module
and it's DB in a 1.4 install.
I'm asked for consent, and it's being remembered so the consent module
works fine.
My DB works fine on the same host as the IdP:
boudewijn@ucp1:~/SVN/PoC/ucp1/config$ psql -h localhost simplesaml -U
simplesaml
Password for user simplesaml:
Welcome to psql 8.3.7, the PostgreSQL interactive terminal.
<etc>
\d works too and shows a nice table;
And, I've created:
cat config/module_consentAdmin.php
<?php
$config = array(
'consentadmin' => array(
'consent:Database',
'dsn' =>
'pgsql:host=127.0.0.1;dbname=simplesaml',
'username' =>
'simplesaml',
'password' => '*ZIP*',
),
'attributes.hash' => TRUE,
'relaystate' => 'ucp1.prutsnet.nl/simplesamlphp'
);
?>
Easy as pie, and the DB credentials and the db are correct. Furthermore,
I've created the enable file in the module's directory.
When accessing the consent Administration page
(http://ucp1.prutsnet.nl/simplesaml/module.php/consentAdmin/consentAdmin.php):
No exception available
No exception available
When having a look in the log file for this specific error:
boudewijn@ucp1:~/SVN/PoC/ucp1$ grep 1b711345b9 log/simplesamlphp.log
Sep 15 16:11:28 simplesamlphp DEBUG [1b711345b9] Library - Session:
Check if session is valid. checkauthority:admin thisauthority:null
isauthenticated:no remainingtime:-1252995088
Sep 15 16:11:28 simplesamlphp DEBUG [1b711345b9] Library - Session:
Check if session is valid. checkauthority:login-admin thisauthority:null
isauthenticated:no remainingtime:-1252995088
Sep 15 16:11:28 simplesamlphp DEBUG [1b711345b9] Template: Reading
[/home/boudewijn/SVN/PoC/ucp1/dictionaries/frontpage.php]
Sep 15 16:11:28 simplesamlphp DEBUG [1b711345b9] Template: Reading
[/home/boudewijn/SVN/PoC/ucp1/modules/consentAdmin/dictionaries/consentadmin.php]
Sep 15 16:11:28 simplesamlphp DEBUG [1b711345b9] Template: Reading
[/home/boudewijn/SVN/PoC/ucp1/modules/modinfo/dictionaries/dict.php]
Sep 15 16:11:28 simplesamlphp DEBUG [1b711345b9] Template: Reading
[/home/boudewijn/SVN/PoC/ucp1/dictionaries/admin.php]
Sep 15 16:11:31 simplesamlphp DEBUG [1b711345b9] Library - Session:
Check if session is valid. checkauthority:saml2 thisauthority:null
isauthenticated:no remainingtime:-1252995091
Sep 15 16:11:31 simplesamlphp INFO [1b711345b9] SAML2.0 - SP.initSSO:
Accessing SAML 2.0 SP initSSO script
Sep 15 16:11:31 simplesamlphp ERROR [1b711345b9]
/simplesaml//saml2/sp/initSSO.php - UserError: ErrCode:NOACCESS:
No+exception+available
Sep 15 16:11:31 simplesamlphp DEBUG [1b711345b9] Template: Reading
[/home/boudewijn/SVN/PoC/ucp1/dictionaries/errors.php]
Seems to me like some problem, although I'm not able to deduct what's
causing it actually.
Can anyone give me a hint on that one?
Cheers,
Boudewijn
Stefano Gargiulo
Sep 15, 2009, 12:43:24 PM9/15/09
to simple...@googlegroups.com
code
is online:
http://kenai.com/projects/idemauth/sources/source/show
who want to join the project (for coding but aslo for testing or bug reporting) can make me a request on kenai
(i can add only people that's registereed..)
sorry for the low detail level, but i'm in a hurry right now...
bye,
Stefano
Golu ha scritto:
http://kenai.com/projects/idemauth/sources/source/show
who want to join the project (for coding but aslo for testing or bug reporting) can make me a request on kenai
(i can add only people that's registereed..)
sorry for the low detail level, but i'm in a hurry right now...
bye,
Stefano
Golu ha scritto:
Message has been deleted
Golu
Sep 16, 2009, 1:29:01 AM9/16/09
to simpleSAMLphp
Hey Stefano,
Good to know that the code is online now. I have just registered in
the project members. I will try my level best to contribute in this
project.
Thanks a lot buddy.
Regards,
Jitendra Morandani
Good to know that the code is online now. I have just registered in
the project members. I will try my level best to contribute in this
project.
Thanks a lot buddy.
Regards,
Jitendra Morandani
Golu
Sep 16, 2009, 3:42:41 AM9/16/09
to simpleSAMLphp
Hi Stefano,
The code is online available but I am having a problem. How to
download this whole code. There are component, module, plugin and also
some other things but I am not able to download it. If you can help me
out from this.
Thanks & regards,
Jitendra Morandani
Golu
Sep 17, 2009, 4:59:29 AM9/17/09
to simpleSAMLphp
Hi Stefano,
Greetings !!!
Buddy at what time you will be online. Please let me know. I will try
to come that time and will contribute to this project.
Thanks & Regards,
Jitendra Morandani
Stefano Gargiulo
Sep 17, 2009, 5:29:52 AM9/17/09
to simple...@googlegroups.com
from an unix shell you can do:
mkdir idemauth-files
cd idemauth-files
svn checkout https://svn.kenai.com/svn/idemauth~source
or you can install Netbeans 6.7 IDE and use its kenai plugin to get the
IDE project in an easy way:
Netbeans menu -> Team-> Kenai -> Search -> idemauth
Stefano.
Golu ha scritto:
mkdir idemauth-files
cd idemauth-files
svn checkout https://svn.kenai.com/svn/idemauth~source
or you can install Netbeans 6.7 IDE and use its kenai plugin to get the
IDE project in an easy way:
Netbeans menu -> Team-> Kenai -> Search -> idemauth
Stefano.
Golu ha scritto:
adam
Sep 24, 2009, 12:50:11 AM9/24/09
to simpleSAMLphp
any result of this discussion?
On Sep 17, 2:29 pm, Stefano Gargiulo <stefano.gargi...@garr.it> wrote:
> from an unix shell you can do:
>
> mkdir idemauth-files
> cd idemauth-files
> svn checkouthttps://svn.kenai.com/svn/idemauth~source
On Sep 17, 2:29 pm, Stefano Gargiulo <stefano.gargi...@garr.it> wrote:
> from an unix shell you can do:
>
> mkdir idemauth-files
> cd idemauth-files
Golu
Sep 24, 2009, 1:26:51 AM9/24/09
to simpleSAMLphp
@ Adam,
Currently we are working on it.
I am having just a little bit knowledge of php but the owner of this
project Stefano is going really well.
Join the kenai project team and you can also review the code which is
in progress.
Currently we are working on it.
I am having just a little bit knowledge of php but the owner of this
project Stefano is going really well.
Join the kenai project team and you can also review the code which is
in progress.
Message has been deleted
Stefano Gargiulo
Sep 24, 2009, 10:15:36 AM9/24/09
to simple...@googlegroups.com
A working joomla extension! (beta version but working well...)any result of this discussions?
You can download it at:
http://dev.garr.it/idemauth/
And here you can find a video-tutorial for the installation and the configuration of the extension:
http://dev.garr.it/idemauth/SPin15mins/15mins.html
tutorial is a beta too :D then on minute 0:44 you need to re-click on play button...
I need some testing then if you install it please let me know if it worked on your system.
You can aslo join on the kenai project as an observer (just click on bookmark project) and then commit issues and bug to the JIIRA tracker...
http://kenai.com/projects/idemauth/
Obiouvsly if you think that you can contribute to the project in any way, i'm open to any idea , then please ask me in pvt to add you as a contributor...
@Golu: please ask me these things in private, not in this mailing list: i don't wanna SPAM simpleSAMLphp mailing list!
bye,
Stefano.
adam ha scritto:
adam
Sep 24, 2009, 1:23:00 PM9/24/09
to simpleSAMLphp
Hey Stefano,
great work. i have installed and started its
testing. I want to confirm will it only support Shibboleth IdP??
thanks
On Sep 24, 7:15 pm, Stefano Gargiulo <stefano.gargi...@garr.it> wrote:
> > any result of this discussions?
>
> A working joomla extension! (beta version but working well...)
>
> You can download it at:http://dev.garr.it/idemauth/
>
> And here you can find a video-tutorial for the installation and the
> configuration of the extension:http://dev.garr.it/idemauth/SPin15mins/15mins.html
> play button.../
>
> I need some testing then if you install it please let me know if it
> worked on your system.
>
> You can aslo join on the kenai project as an observer (just click on
> bookmark project) and then commit issues and bug to the JIIRA tracker...http://kenai.com/projects/idemauth/
> I need some testing then if you install it please let me know if it
> worked on your system.
>
> You can aslo join on the kenai project as an observer (just click on
>
> Obiouvsly if you think that you can contribute to the project in any
> way, i'm open to any idea , then please ask me in pvt to add you as a
> contributor...
> *@Golu:* please ask me these things in private, not in this mailing
> Obiouvsly if you think that you can contribute to the project in any
> way, i'm open to any idea , then please ask me in pvt to add you as a
> contributor...
Stefano Gargiulo
Sep 25, 2009, 4:26:16 AM9/25/09
to simple...@googlegroups.com
> I want to confirm will it only support Shibboleth IdP??
No, it supports the Interoperable SAML 2.0 Profile
<http://saml2int.org/partners> and all simpleSAMLphp SP profiles.
(the extension is simply an integration of simpleSAMLphp into a joomla
extension and some session bridging code)
Then teorically it support all the simpleSAMLphp SP profiles, but, for
now, i developed UI and bridge code to only support the Interoperable
SAML 2.0 Profile <http://saml2int.org/partners> subset. (But we can
easly add support to other profiles if needed)
Harleen Singh
Sep 26, 2009, 2:46:41 AM9/26/09
to simple...@googlegroups.com
Stefano,
i am running your extension. I am using Google apps as a service provider where my domain is registered. So tell me can i use your extension with google apps to authenticate my joomla users to access their emails?if yes then tell me how to configure your extension with google apps.
if no tell me what code needs to be changed in your extension to configure with google apps.
thanks
Harleen Singh
Sep 26, 2009, 4:30:20 AM9/26/09
to simple...@googlegroups.com
to inform you i have found simplesamlphp and www folder inside the com_idemauth. I want to know is it already configured?
thanks
Peter Schober
Sep 26, 2009, 6:27:44 AM9/26/09
to simple...@googlegroups.com
* Harleen Singh <harlinsi...@gmail.com> [2009-09-26 08:46]:
> Stefano, i am running your extension. I am using Google apps as a
> service provider where my domain is registered. So tell me can i use
> your extension with google apps to authenticate my joomla users to
> access their emails?
> Stefano, i am running your extension. I am using Google apps as a
> service provider where my domain is registered. So tell me can i use
> your extension with google apps to authenticate my joomla users to
> access their emails?
Google Apps and Joomla are Service Providers (or Relying Parties) to
the simpleSAMLphp IdP. Only the latter does the
identification/authenticationf users.
In order to allow your Joomla users access to Google apps you need to
configure the simpleSAMLphp IdP to use the Joomla database for
authentication (see the simpleSAMlphp docs).
Only if you want to enable SSO from Joomla to Google apps will you
need to even install the Joomla SAML extension.
-peter
Stefano Gargiulo
Sep 27, 2009, 10:17:26 AM9/27/09
to simple...@googlegroups.com
Only the simpleSAMLphp SP is configured by the extension, then actually
the extension can't be used for what you want to do: you need to
configure a simpleSAMLphp IdP as Peter suggested.
I dont't know GoogleApps Auth APIs but this sounds me like an
interesting new feature for the extension (useful for intranet joomla
installations)... then I'll study the possibility to write a wizard for
helping in this kind of configuration...
bye,
> <stefano.gargi...@garr.it <mailto:stefano.gargi...@garr.it>>
> <stefano.gargi...@garr.it <mailto:stefano.gargi...@garr.it>>
the extension can't be used for what you want to do: you need to
configure a simpleSAMLphp IdP as Peter suggested.
I dont't know GoogleApps Auth APIs but this sounds me like an
interesting new feature for the extension (useful for intranet joomla
installations)... then I'll study the possibility to write a wizard for
helping in this kind of configuration...
bye,
Stefano.
Harleen Singh ha scritto:
>
Harleen Singh ha scritto:
>
> wrote:
> >>>
> >>>> from an unix shell you can do:
> >>>>
> >>>> mkdir idemauth-files
> >>>> cd idemauth-files
> >>>> svn checkouthttps://svn.kenai.com/svn/idemauth~source
> <http://svn.kenai.com/svn/idemauth%7Esource>
> >>>
> >>>> from an unix shell you can do:
> >>>>
> >>>> mkdir idemauth-files
> >>>> cd idemauth-files
> >>>> svn checkouthttps://svn.kenai.com/svn/idemauth~source
Solberg Andreas Åkre
Sep 28, 2009, 1:29:03 AM9/28/09
to simple...@googlegroups.com
On 15. sep.2009, at 18:43, Stefano Gargiulo wrote:
code is online:
http://kenai.com/projects/idemauth/sources/source/show
Excellent news.
I've put up a link at rnd.feide.no:
From the 'Federated Software' section:
Hope this is ok.
Stefano Gargiulo
Sep 28, 2009, 4:59:26 AM9/28/09
to simple...@googlegroups.com
Solberg Andreas Åkre ha scritto:
Sure, Thank you.
Regards,
Stefano.
Regards,
Stefano.
adam
Sep 30, 2009, 5:33:36 AM9/30/09
to simpleSAMLphp
Peter,
can you suggest me any joomla SAML extension?
Harlin
On Sep 28, 1:59 pm, Stefano Gargiulo <stefano.gargi...@garr.it> wrote:
> Solberg Andreas Åkre ha scritto:
>
>
>
>
>
> > On 15. sep.2009, at 18:43, Stefano Gargiulo wrote:
>
> >> code
> >> is online:
> >>http://kenai.com/projects/idemauth/sources/source/show
>
> > Excellent news.
>
> > I've put up a link at rnd.feide.no <http://rnd.feide.no>:
can you suggest me any joomla SAML extension?
Harlin
On Sep 28, 1:59 pm, Stefano Gargiulo <stefano.gargi...@garr.it> wrote:
> Solberg Andreas Åkre ha scritto:
>
>
>
>
>
> > On 15. sep.2009, at 18:43, Stefano Gargiulo wrote:
>
> >> code
> >> is online:
> >>http://kenai.com/projects/idemauth/sources/source/show
>
> > Excellent news.
>
Harleen Singh
Sep 30, 2009, 6:55:34 AM9/30/09
to simpleSAMLphp
Stefano,
can i make changes as described here in your extension
idemauth??
http://rnd.feide.no/content/simplesamlphp-idp-google-apps-education
thanks
can i make changes as described here in your extension
idemauth??
http://rnd.feide.no/content/simplesamlphp-idp-google-apps-education
thanks
Peter Schober
Sep 30, 2009, 11:23:35 AM9/30/09
to simple...@googlegroups.com
* adam <harlinsi...@gmail.com> [2009-09-30 11:33]:
> Peter,
> can you suggest me any joomla SAML extension?
> Peter,
> can you suggest me any joomla SAML extension?
I have no idea what you are refering to, but have a look at those
mentioned in this very thread.
-peter
David Patricola
Sep 30, 2009, 11:56:13 AM9/30/09
to simple...@googlegroups.com
I know it's not 100% foolproof, but what's the best way to minimize the saml
session so if User A leaves his account open and User B tries to back
browse? Can I minimize the session.duration, session.requestcache and
session.datastore.timeout to be, say 10 minutes each? Will this affect
their session while logged into gmail?
session so if User A leaves his account open and User B tries to back
browse? Can I minimize the session.duration, session.requestcache and
session.datastore.timeout to be, say 10 minutes each? Will this affect
their session while logged into gmail?
Olav Morken
Oct 1, 2009, 4:24:34 AM10/1/09
to simple...@googlegroups.com
If you reduce 'session.duration' option, they will have to
reauthenticate once that time is up. This option also affects the
session lifetime communicated to SPs, such as gmail, but I do not know
what gmail does with the value it receives.
Generally, you should not change the values of session.requestcache or
session.datastore.timeout, as those are used for internal data, and
does not affect the "authentication" session directly.
--
Olav Morken
Stefano Gargiulo
Oct 2, 2009, 3:52:27 AM10/2/09
to simple...@googlegroups.com
if you want to try, I created a new branch on the svn repository (
https://svn.kenai.com/svn/idemauth~source/googleapps-idp-tests/ ) you
can work on it.
but I don't thing that the guide suites your needs: in the example you
have an IdP based on flat php config files, instead we need to modify
simplesamlphp IdP to use the joomla database, or better, the joomla
pluggable auth system on the fly to support bridging of external
federated user to googleapps (i don't know if this is possible, but i'll
take a look)
bye,
Stefano.
Harleen Singh ha scritto:
https://svn.kenai.com/svn/idemauth~source/googleapps-idp-tests/ ) you
can work on it.
but I don't thing that the guide suites your needs: in the example you
have an IdP based on flat php config files, instead we need to modify
simplesamlphp IdP to use the joomla database, or better, the joomla
pluggable auth system on the fly to support bridging of external
federated user to googleapps (i don't know if this is possible, but i'll
take a look)
bye,
Stefano.
Harleen Singh ha scritto:
adam
Oct 24, 2009, 2:55:56 AM10/24/09
to simpleSAMLphp
Hello stefano,
i have downloaded the your component from here
http://kenai.com/projects/idemauth/ But i am not able to install it
on localhost. The error is
"Unable to find install package"
but xml file is present in the package.
can u suggest what should the problem?
thanks
i have downloaded the your component from here
http://kenai.com/projects/idemauth/ But i am not able to install it
on localhost. The error is
"Unable to find install package"
but xml file is present in the package.
can u suggest what should the problem?
thanks
Stefano Gargiulo
Oct 26, 2009, 7:07:34 AM10/26/09
to simple...@googlegroups.com
Which installation method are you using? the "upload" and the "remote
url" may not work because in most php.ini there is a default 2MB file
upload limit and the remote url fopen is disabled.
try to extract manually the archive in a directory of your server, and
then use the local installation in joomla.
Let me know if worked, otherwise give me the Joomla and PHP version
number that you are using.
url" may not work because in most php.ini there is a default 2MB file
upload limit and the remote url fopen is disabled.
try to extract manually the archive in a directory of your server, and
then use the local installation in joomla.
Let me know if worked, otherwise give me the Joomla and PHP version
number that you are using.
adam
Oct 29, 2009, 5:26:20 AM10/29/09
to simpleSAMLphp
Thanks Stefano,
now i have successfully installed your
component, its login module and its plugin.
Now i want to use your authentication plugin(authentication Source)
rather than simpesamlphp's example-userpass or sql-auth. This is
because to map joomla session variable with simplesamlphp session. how
can i tell simplesamlphp that the simplesamlphp session is same as
joomla session.
one more thing do i need to change this url from backend?
https://www.idem.garr.it/docs/conf/idem-metadata.xml
what this url actually does?
thanks
Harlin
now i have successfully installed your
component, its login module and its plugin.
Now i want to use your authentication plugin(authentication Source)
rather than simpesamlphp's example-userpass or sql-auth. This is
because to map joomla session variable with simplesamlphp session. how
can i tell simplesamlphp that the simplesamlphp session is same as
joomla session.
one more thing do i need to change this url from backend?
https://www.idem.garr.it/docs/conf/idem-metadata.xml
what this url actually does?
thanks
Harlin
Stefano Gargiulo
Oct 28, 2009, 6:12:52 AM10/28/09
to simple...@googlegroups.com
This is because to map joomla session variable with simplesamlphp session. how can i tell simplesamlphp that the simplesamlphp session is same as joomla session.
this is the main feature of my plugin: the session bridging, then you
have nothing to do, it's yet implemented.
see following code for the attributes required form the IdP e.g.
http://kenai.com/projects/idemauth/sources/source/content/idemauth/plugins/authentication/idemauth/idemauth.php
PS. i have to make required attributes configurable, but you can edit them in the code if you need something different..
see following code for the attributes required form the IdP e.g.
$IDEMAttrs['urn:oid:1.3.6.1.4.1.5923.1.1.1.9'] http://kenai.com/projects/idemauth/sources/source/content/idemauth/plugins/authentication/idemauth/idemauth.php
PS. i have to make required attributes configurable, but you can edit them in the code if you need something different..
one more thing do i need to change this url from backend? https://www.idem.garr.it/docs/conf/idem-metadata.xml what this url actually does?
this is the federation metadata xml file, if you have a single IdP, you
can put here his xml metadata url, for example:
https://your.idp.org/simplesamlphp/www/saml2/idp/metadata.php?output=xml
or if you have a federation you can manually aggregate the xml metadata pieces of one or more idp and then put the resultant xml file in a local url and reference it.
(i have aslo to implement multiple metadata uris)
regards,
Stefano.
https://your.idp.org/simplesamlphp/www/saml2/idp/metadata.php?output=xml
or if you have a federation you can manually aggregate the xml metadata pieces of one or more idp and then put the resultant xml file in a local url and reference it.
(i have aslo to implement multiple metadata uris)
regards,
Stefano.
adam
Oct 29, 2009, 6:56:59 AM10/29/09
to simpleSAMLphp
ok again thanks
i have enabled plugin from the backend and uses joomla.php for the
plugin file. is it ok?
i have found this code at idemauth.php but i couldn't understood this
code
e.g.|$IDEMAttrs||[||'urn:oid:1.3.6.1.4.1.5923.1.1.1.9'||] |
how it is mapped with simplesamlphp's session?
can i chat with you if you can ur email id?
thanks
On Oct 28, 3:12 pm, Stefano Gargiulo <stefano.gargi...@garr.it> wrote:
> > This is because to map joomla session variable with simplesamlphp session. how
> > can i tell simplesamlphp that the simplesamlphp session is same as
> > joomla session.
>
> this is the main feature of my plugin: the session bridging, then you
> have nothing to do, it's yet implemented.
>
> see following code for the attributes required form the IdP
> e.g.|$IDEMAttrs||[||'urn:oid:1.3.6.1.4.1.5923.1.1.1.9'||] |
>
> http://kenai.com/projects/idemauth/sources/source/content/idemauth/pl...
i have enabled plugin from the backend and uses joomla.php for the
plugin file. is it ok?
i have found this code at idemauth.php but i couldn't understood this
code
e.g.|$IDEMAttrs||[||'urn:oid:1.3.6.1.4.1.5923.1.1.1.9'||] |
how it is mapped with simplesamlphp's session?
can i chat with you if you can ur email id?
thanks
On Oct 28, 3:12 pm, Stefano Gargiulo <stefano.gargi...@garr.it> wrote:
> > This is because to map joomla session variable with simplesamlphp session. how
> > can i tell simplesamlphp that the simplesamlphp session is same as
> > joomla session.
>
> this is the main feature of my plugin: the session bridging, then you
> have nothing to do, it's yet implemented.
>
> see following code for the attributes required form the IdP
> e.g.|$IDEMAttrs||[||'urn:oid:1.3.6.1.4.1.5923.1.1.1.9'||] |
>
Stefano Gargiulo
Nov 12, 2009, 4:43:23 AM11/12/09
to Hernan Matute, simple...@googlegroups.com
Hi Hernan,
Il 12/11/2009 3.40, Hernan Matute ha scritto:
Yes, you're right there is anything in this thread concerning this argument. It's my bad: I don't have documented the required attribute set... this because I want to make these mappings fully customizable via the idemauth admin panel. anyway you found the right piece of code, actually the attributes required from the IdP are the following:Am I to assume that I need to pass username, email and perhaps fullname from the IdP to Joomla? I couldn't find anywhere in this thread the answer, unless it is somewhere on the discussion and I haven't seen it.required: joomla username: urn:oid:1.3.6.1.4.1.5923.1.1.1.6(eduPersonPrincipalName)e.g. uid@domain (I suggest you this scoped form to support multiple IdPs) joomla email: urn:oid:0.9.2342.19200300.100.1.3(mail) joomla fullname:urn:oid:2.5.4.42(givenName) urn:oid:2.5.4.4 (sn) optional: authZ filters: eduPersonScopedAffiliation eduPersonEntitlement. language: preferredLanguage country: schacMotherTongue Note: the attribute naming must always be in the standard saml2 "urn:oid" form but for simplicity I wrote the latter set only by the firendlyName I never configured the simpleSAMLphp IdP (i used only the Shibboleth2 IdP, where you have an attribute-resolver.xml file to specify datasource->saml name mappings ) then i don't know where to specify attribute naming for the SS IdP LDAP module... but reading here http://rnd.feide.no/content/configuring-simplesamlphp-ldap-authentication-source it seems that the attribute name used to build SAML assertion is the same that the LDAP schema one, in this case i think you have to modify my code in this way: $IDEMAttrs['uid'] etc.. @simpleSAMLphp team: is there any way, in the SS IdP, to specify datasource to saml attribute name mappings? regards, Stefano.
Il 12/11/2009 3.40, Hernan Matute ha scritto:
Hello Stefano,
I have followed this thread closely over the last couple of days and I
have managed to install Joomla and idemauth successfully, using the
idemauth video! that was great.
I have also installed a simplesamlphp IdP to be my identity provider
successfully. So far so good.
This is the list of things that are working well:
- Joomla installed
- Idemauth installed and configured as an component in Joomla. Also
installed successfully the Idemauth plugin
- Installed certs as described in video, and created xml data which I
parsed it with my simplesaml IDP to create the simplesaml metadata for
my sp-remote file in the IdP
- Created a protected area in Joomla as per idemauth video to test
installation and configuration
- Created a user in both Joomla and my IdP (my IdP uses MS Active
Directory for attribute storage) with the same username: "hmatute" in
both Joomla and AD
- Configured my IdP to send the username attribute from AD (I use the
uid attribute element from AD) and that part works successfully in my
google apps implementation of my simplesaml IdP, and expect it to be
consumed by Joomla as the authentication assertion
- Checked that both SAML 2 and Shibboleth SPs are "ON" in my idemauth
simplesamlphp SP configuration. My IdP only works as a SAML 2 IdP
- Tested the "Login to Private Area" on the Joomla fromtpage and it
pops with the idemauth Login and the drop-down list shows my IdP URL
- Click on "Login" button, and bingo, I am presented with my IdP login
prompt for authentication - i.e. I'm re-direcetd successfully from
Joomla SP to my IdP
- Autrhenticate successfully with my IdP and when the browser returns
to the Joomla SP frontpage, I get the error: "Please enter your name"
I think I am close but it is obvious that I need to provide other or
more attributes / assertions to Joomla to successfully be logged-in to
the portal, right?
What I deduct from the code that you quote above, namely:
$response->username = $IDEMAttrs['urn:oid:1.3.6.1.4.1.5923.1.1.1.6']
[0]; 128.
$response->email = $IDEMAttrs['urn:oid:0.9.2342.19200300.100.1.3'][0];
129.
try{ 130.
$response->fullname = $IDEMAttrs['urn:oid:2.5.4.42'][0]." ".$IDEMAttrs
['urn:oid:2.5.4.4'][0]; }
Am I to assume that I need to pass username, email and perhaps
fullname from the IdP to Joomla? I couldn't find anywhere in this
thread the answer, unless it is somewhere on the discussion and I
haven't seen it.
Grazie,
Hernan M
On Oct 28, 5:12 am, Stefano Gargiulo <stefano.gargi...@garr.it> wrote:
This is because to map joomla session variable with simplesamlphp session. how can i tell simplesamlphp that the simplesamlphp session is same as joomla session.
this is the main feature of my plugin: the session bridging, then you have nothing to do, it's yet implemented. see following code for the attributes required form the IdP e.g.|$IDEMAttrs||[||'urn:oid:1.3.6.1.4.1.5923.1.1.1.9'||] | http://kenai.com/projects/idemauth/sources/source/content/idemauth/pl... PS. i have to make required attributes configurable, but you can edit them in the code if you need something different..
Thanks& regards, Jitendra Morandani- Hide quoted text -- Show quoted text -
Hernan Matute
Nov 13, 2009, 12:15:22 AM11/13/09
to simpleSAMLphp, stefano....@garr.it, hma...@gmail.com, andreas...@uninett.no
Thank you Stefano for your prompt answer,
I tried your suggested change in the idemauth.php file:
$IDEMAttrs['uid']
and it didn't work either. This time it asked me for my email!
So, I decided to do what you have done in your original test, enable
my IdP as a Shibboleth IdP, and re-install IDEMAUTH and its plugin.I
also placed the metadata in the shib13-sp-remote file in my IdP.
However, when I try to access the protected page, the drop-down list
does not show my IdP. This is what I place in the Federation Metadata
URL entry in the idemauth component:
http://my.idp..org/simplesaml/shib13/idp/metadata.php
But, if instead I place the SAML IdP url version:
http://my.idp.org/simplesaml/saml2/idp/metadata.php
the drop-down list shows my IdP, but it does not authenticate me as
before.
One more thing. To ensure that the Shibboleth IdP works, I go directly
to the simplesamlphp installation test page in the idemauth sp
install, and I manage to retrieve correctly all my attributes from MS
AD as mentioned in my previous message.
Finally, in your video you show that when a user "federates" from a
Shibboleth IdP into Joomla, the Idemauth plugin creates the user
proflle in Joomla database? Is that correct? So I don't need to create
a similar user profile like done in Google apps, right?
Your comments and feedback will be appreciated. (Maybe you could place
an option in the idemauth configuration to choose beetwen Shibboleth
and SAML for your next release?)
Grazie,
Hernan M
If I place instead the
On Nov 12, 4:43 am, Stefano Gargiulo <stefano.gargi...@garr.it> wrote:
> Hi Hernan,
>
> > Am I to assume that I need to pass username, email and perhaps
> > fullname from the IdP to Joomla? I couldn't find anywhere in this
> > thread the answer, unless it is somewhere on the discussion and I
> > haven't seen it.
>
> Yes, you're right there is anything in this thread concerning this argument.
>
> It's my bad: I don't have documented the required attribute set...
> this because I want to make these mappings fully customizable via the idemauth admin panel.
>
> anyway you found the right piece of code,
> actually the attributes required from the IdP are the following:|
>
> *required:*
> joomla username:
> urn:oid:1.3.6.1.4.1.5923.1.1.1.6(eduPersonPrincipalName)||e.g. uid@domain (I suggest you this scoped form to support multiple IdPs)
> **the attribute naming must always be inthe standard saml2 "urn:oid" <http://middleware.internet2.edu/dir/docs/internet2-mace-dir-saml-attr...> form <http://middleware.internet2.edu/dir/docs/internet2-mace-dir-saml-attr...> but for simplicity I wrote the latter set only by the firendlyName**
>
> I never configured the simpleSAMLphp IdP (i used only the Shibboleth2 IdP, where you have an attribute-resolver.xml file to specify datasource->saml name mappings ) then i don't know where to specify attribute naming for the SS IdP LDAP module... but reading herehttp://rnd.feide.no/content/configuring-simplesamlphp-ldap-authentica... it seems that the attribute name used to build SAML assertion is the same that the LDAP schema one, in this case i think you have to modify my code in this way:
> $IDEMAttrs['uid'] etc..
> *
> @simpleSAMLphp team:* is there any way, in the SS IdP, to specify datasource to saml attribute name mappings?
> >>>>>http://kenai.com/projects/idemauth/But i am not able to install it
> ...
>
> read more »- Hide quoted text -
I tried your suggested change in the idemauth.php file:
$IDEMAttrs['uid']
and it didn't work either. This time it asked me for my email!
So, I decided to do what you have done in your original test, enable
my IdP as a Shibboleth IdP, and re-install IDEMAUTH and its plugin.I
also placed the metadata in the shib13-sp-remote file in my IdP.
However, when I try to access the protected page, the drop-down list
does not show my IdP. This is what I place in the Federation Metadata
URL entry in the idemauth component:
http://my.idp..org/simplesaml/shib13/idp/metadata.php
But, if instead I place the SAML IdP url version:
http://my.idp.org/simplesaml/saml2/idp/metadata.php
the drop-down list shows my IdP, but it does not authenticate me as
before.
One more thing. To ensure that the Shibboleth IdP works, I go directly
to the simplesamlphp installation test page in the idemauth sp
install, and I manage to retrieve correctly all my attributes from MS
AD as mentioned in my previous message.
Finally, in your video you show that when a user "federates" from a
Shibboleth IdP into Joomla, the Idemauth plugin creates the user
proflle in Joomla database? Is that correct? So I don't need to create
a similar user profile like done in Google apps, right?
Your comments and feedback will be appreciated. (Maybe you could place
an option in the idemauth configuration to choose beetwen Shibboleth
and SAML for your next release?)
Grazie,
Hernan M
If I place instead the
On Nov 12, 4:43 am, Stefano Gargiulo <stefano.gargi...@garr.it> wrote:
> Hi Hernan,
>
> > Am I to assume that I need to pass username, email and perhaps
> > fullname from the IdP to Joomla? I couldn't find anywhere in this
> > thread the answer, unless it is somewhere on the discussion and I
> > haven't seen it.
>
> Yes, you're right there is anything in this thread concerning this argument.
>
> It's my bad: I don't have documented the required attribute set...
> this because I want to make these mappings fully customizable via the idemauth admin panel.
>
> anyway you found the right piece of code,
> actually the attributes required from the IdP are the following:|
>
> joomla username:
> urn:oid:1.3.6.1.4.1.5923.1.1.1.6(eduPersonPrincipalName)||e.g. uid@domain (I suggest you this scoped form to support multiple IdPs)
> joomla email:
> urn:oid:0.9.2342.19200300.100.1.3(mail)
> joomla fullname:
> | urn:oid:2.5.4.42(givenName) urn:oid:2.5.4.4 (sn)
>
> *optional:*
> urn:oid:0.9.2342.19200300.100.1.3(mail)
> joomla fullname:
> | urn:oid:2.5.4.42(givenName) urn:oid:2.5.4.4 (sn)
>
> authZ filters:
> eduPersonScopedAffiliation
> eduPersonEntitlement.
> language:
> preferredLanguage
> country:
> schacMotherTongue
>
> *Note:*
> eduPersonScopedAffiliation
> eduPersonEntitlement.
> language:
> preferredLanguage
> country:
> schacMotherTongue
>
> **the attribute naming must always be inthe standard saml2 "urn:oid" <http://middleware.internet2.edu/dir/docs/internet2-mace-dir-saml-attr...> form <http://middleware.internet2.edu/dir/docs/internet2-mace-dir-saml-attr...> but for simplicity I wrote the latter set only by the firendlyName**
>
> I never configured the simpleSAMLphp IdP (i used only the Shibboleth2 IdP, where you have an attribute-resolver.xml file to specify datasource->saml name mappings ) then i don't know where to specify attribute naming for the SS IdP LDAP module... but reading herehttp://rnd.feide.no/content/configuring-simplesamlphp-ldap-authentica... it seems that the attribute name used to build SAML assertion is the same that the LDAP schema one, in this case i think you have to modify my code in this way:
> $IDEMAttrs['uid'] etc..
> *
> @simpleSAMLphp team:* is there any way, in the SS IdP, to specify datasource to saml attribute name mappings?
>
> read more »- Hide quoted text -
Stefano Gargiulo
Nov 13, 2009, 3:52:33 AM11/13/09
to Hernan Matute, simpleSAMLphp, andreas...@uninett.no
Il 11/13/2009 6:15 AM, Hernan Matute ha scritto:
Thank you Stefano for your prompt answer, I tried your suggested change in the idemauth.php file: $IDEMAttrs['uid'] and it didn't work either. This time it asked me for my email!
you was in the right direction: it asked you for email because the
mandatory attributes are:
- uid
- givenName ." ". sn
then just add these attributes to your LDAP user and configure SSphp ldap auth source to fetch these:http://rnd.feide.no/content/configuring-simplesamlphp-ldap-authentication-source/* Which attributes should be retrieved from the LDAP server. * This can be an array of attribute names, or NULL, in which case * all attributes are fetched. */ 'attributes' => NULL,
So, I decided to do what you have done in your original test, enable my IdP as a Shibboleth IdP, and re-install IDEMAUTH and its plugin.I also placed the metadata in the shib13-sp-remote file in my IdP.
No, i'm sorry for the time you spent on this but: idemauth is a SAML2
only extension, in the video i tested it whit Shibboleth2 that's a
SAML2 IdP like simpleSAMLphp IdP, the SS "Shibboleth IdP" instead is
Shibboleth1.3 emulation, but Shiboleth1.3. is another protocol, a died
protocol in my opinion.
Then you don't have to enable Shibboleth1.3 IdP on SSIdP.
I mentioned Shibboleth IdP just because i know how to configure attribute mappings ( for instance configuring "urn:oid:2.5.4.42" to be the name to bind at the LDAP "givenName" attribute in a SAML assertions)
Then you don't have to enable Shibboleth1.3 IdP on SSIdP.
I mentioned Shibboleth IdP just because i know how to configure attribute mappings ( for instance configuring "urn:oid:2.5.4.42" to be the name to bind at the LDAP "givenName" attribute in a SAML assertions)
Finally, in your video you show that when a user "federates" from a Shibboleth IdP into Joomla, the Idemauth plugin creates the user proflle in Joomla database? Is that correct? So I don't need to create a similar user profile like done in Google apps, right?
yes the user is created automatically, you don't have to create
profiles before.
then, summarizing:
regards,
Stefano.
then, summarizing:
- re-enable SS normal IdP
- re-install idemauth component
- modify all $IDEMAttrs['xxx'] to match your ldap attribute names (ensuring that email is a valid email, joomla checks it!)
- to debug all $IDEMAttrs names try to enable debug mode in the
idemauth plugin configuration:
regards,
Stefano.
Hernan Matute
Nov 13, 2009, 11:46:54 AM11/13/09
to simpleSAMLphp, stefano....@garr.it, hma...@gmail.com
Stefano,
IT WORKS!!
Thank you for your feedback. It did help to pinpoint the problem.
Sorry as well for not being that clear in my previous message: I did
place all the attributes changes in idemauth.php as you suggested
before, namely:
$response->username = $IDEMAttrs['uid'];
$response->email = $IDEMAttrs['mail']; .
try{
$response->fullname = $IDEMAttrs['displayName'];
and commented out you roriginal code, like:
//$response->username = $IDEMAttrs['urn:oid:1.3.6.1.4.1.5923.1.1.1.6']
[0]; .
//$response->email = $IDEMAttrs['urn:oid:0.9.2342.19200300.100.1.3']
[0]; .
//try{ 130.
//$response->fullname = $IDEMAttrs['urn:oid:2.5.4.42'][0]." ".
in my MS AD, so I don't concatenate givenname and sn attributes
However, your suggestion to put the idemauth plugin in debug mode
uncovered the problem. The attributes were elements of an array, like
your original attributes, so when I changed the code to:
$response->username = $IDEMAttrs['uid'][0];
$response->email = $IDEMAttrs['mail'][0]; .
try{
$response->fullname = $IDEMAttrs['displayName'][0];
I managed to login in Joomla (creating the user in the process) and
access the protected page. That was great!!!
The Joomla logout however, although presents the logout button and
takes me out of the protected area, doesn't unset the simplesaml
cookie, so the user can go back to the protected area without SS
login. Is that done on purpose? This could be a risk if the user
leaves his/her session unattended and somebody can access the portal
protected area.
In summary:
- Installed Joomla and idemauth as per the video in
http://dev.garr.it/idemauth/SPin15mins/15mins.html
- Configured idemauth as per video instructions (certs, metadata URL,
and idemauth SP metadata to share with IdP)
- Installed plugin as per video instructions
- Placed idemauth SP metadata in SS IdP's saml20-sp-remote-php as per
simplesaml standard configuration procedures
- Changed code in "Joomla folder"/plugins/authentication/idemauth.php
as per above:
$response->username = $IDEMAttrs['uid'][0];
$response->email = $IDEMAttrs['mail'][0]; .
try{
$response->fullname = $IDEMAttrs['displayName'][0];
and commented out roriginal code, like:
//$response->username = $IDEMAttrs['urn:oid:1.3.6.1.4.1.5923.1.1.1.6']
[0]; .
//$response->email = $IDEMAttrs['urn:oid:0.9.2342.19200300.100.1.3']
[0]; .
//try{ 130.
//$response->fullname = $IDEMAttrs['urn:oid:2.5.4.42'][0]." ".
directories must check precise attributes.
Grazie Stefano.
Hernan M
On Nov 13, 3:52 am, Stefano Gargiulo <stefano.gargi...@garr.it> wrote:
> Il 11/13/2009 6:15 AM, Hernan Matute ha scritto:
>
> > Thank you Stefano for your prompt answer,
>
> > I tried your suggested change in the idemauth.php file:
>
> > $IDEMAttrs['uid']
>
> > and it didn't work either. This time it asked me for my email!
>
> you was in the right direction: it asked you for email because the
> mandatory attributes are:
>
> * uid
> * mail
> * givenName ." ". sn
> * re-install idemauth component
> * modify all $IDEMAttrs['xxx'] to match your ldap attribute names
> idemauth plugin configuration:
>
IT WORKS!!
Thank you for your feedback. It did help to pinpoint the problem.
Sorry as well for not being that clear in my previous message: I did
place all the attributes changes in idemauth.php as you suggested
before, namely:
$response->username = $IDEMAttrs['uid'];
$response->email = $IDEMAttrs['mail']; .
try{
$response->fullname = $IDEMAttrs['displayName'];
and commented out you roriginal code, like:
//$response->username = $IDEMAttrs['urn:oid:1.3.6.1.4.1.5923.1.1.1.6']
[0]; .
//$response->email = $IDEMAttrs['urn:oid:0.9.2342.19200300.100.1.3']
[0]; .
//try{ 130.
//$response->fullname = $IDEMAttrs['urn:oid:2.5.4.42'][0]." ".
$IDEMAttrs['urn:oid:2.5.4.4'][0];
**Note: I do store the full name of my users in dislayName attribute
in my MS AD, so I don't concatenate givenname and sn attributes
However, your suggestion to put the idemauth plugin in debug mode
uncovered the problem. The attributes were elements of an array, like
your original attributes, so when I changed the code to:
$response->username = $IDEMAttrs['uid'][0];
$response->email = $IDEMAttrs['mail'][0]; .
try{
$response->fullname = $IDEMAttrs['displayName'][0];
I managed to login in Joomla (creating the user in the process) and
access the protected page. That was great!!!
The Joomla logout however, although presents the logout button and
takes me out of the protected area, doesn't unset the simplesaml
cookie, so the user can go back to the protected area without SS
login. Is that done on purpose? This could be a risk if the user
leaves his/her session unattended and somebody can access the portal
protected area.
In summary:
- Installed Joomla and idemauth as per the video in
http://dev.garr.it/idemauth/SPin15mins/15mins.html
- Configured idemauth as per video instructions (certs, metadata URL,
and idemauth SP metadata to share with IdP)
- Installed plugin as per video instructions
- Placed idemauth SP metadata in SS IdP's saml20-sp-remote-php as per
simplesaml standard configuration procedures
- Changed code in "Joomla folder"/plugins/authentication/idemauth.php
as per above:
$response->username = $IDEMAttrs['uid'][0];
$response->email = $IDEMAttrs['mail'][0]; .
try{
$response->fullname = $IDEMAttrs['displayName'][0];
and commented out roriginal code, like:
//$response->username = $IDEMAttrs['urn:oid:1.3.6.1.4.1.5923.1.1.1.6']
[0]; .
//$response->email = $IDEMAttrs['urn:oid:0.9.2342.19200300.100.1.3']
[0]; .
//try{ 130.
//$response->fullname = $IDEMAttrs['urn:oid:2.5.4.42'][0]." ".
$IDEMAttrs['urn:oid:2.5.4.4'][0];
***Note: These attributes work for MS AD. Users of other LDAP
directories must check precise attributes.
Grazie Stefano.
Hernan M
On Nov 13, 3:52 am, Stefano Gargiulo <stefano.gargi...@garr.it> wrote:
> Il 11/13/2009 6:15 AM, Hernan Matute ha scritto:
>
> > Thank you Stefano for your prompt answer,
>
> > I tried your suggested change in the idemauth.php file:
>
> > $IDEMAttrs['uid']
>
> > and it didn't work either. This time it asked me for my email!
>
> you was in the right direction: it asked you for email because the
> mandatory attributes are:
>
> * givenName ." ". sn
>
> then just add these attributes to your LDAP user and configure SSphp ldap auth source to fetch these:
>
> > | /* Which attributes should be retrieved from the LDAP server.
> > * This can be an array of attribute names, or NULL, in which case
> > * all attributes are fetched.
> > */
> > 'attributes' => NULL,
> > |
>
> http://rnd.feide.no/content/configuring-simplesamlphp-ldap-authentica...
> then just add these attributes to your LDAP user and configure SSphp ldap auth source to fetch these:
>
> > | /* Which attributes should be retrieved from the LDAP server.
> > * This can be an array of attribute names, or NULL, in which case
> > * all attributes are fetched.
> > */
> > 'attributes' => NULL,
> > |
>
>
> > So, I decided to do what you have done in your original test, enable
> > my IdP as a Shibboleth IdP, and re-install IDEMAUTH and its plugin.I
> > also placed the metadata in the shib13-sp-remote file in my IdP.
>
> No, i'm sorry for the time you spent on this but: idemauth is a SAML2
> only extension, in the video i tested it whit Shibboleth2 that's a SAML2
> IdP like simpleSAMLphp IdP, the SS "Shibboleth IdP" instead is
> Shibboleth1.3 emulation, but Shiboleth1.3. is another protocol, a died
> protocol in my opinion.
>
> Then you don't have to enable Shibboleth1.3 IdP on SSIdP.
>
> I mentioned Shibboleth IdP just because i know how to configure
> attribute mappings ( for instance configuring "urn:oid:2.5.4.42" to be
> the name to bind at the LDAP "givenName" attribute in a SAML assertions)
>
> > Finally, in your video you show that when a user "federates" from a
> > Shibboleth IdP into Joomla, the Idemauth plugin creates the user
> > proflle in Joomla database? Is that correct? So I don't need to create
> > a similar user profile like done in Google apps, right?
>
> yes the user is created automatically, you don't have to create profiles
> before.
>
> then, summarizing:
>
> * re-enable SS normal IdP
> > So, I decided to do what you have done in your original test, enable
> > my IdP as a Shibboleth IdP, and re-install IDEMAUTH and its plugin.I
> > also placed the metadata in the shib13-sp-remote file in my IdP.
>
> No, i'm sorry for the time you spent on this but: idemauth is a SAML2
> only extension, in the video i tested it whit Shibboleth2 that's a SAML2
> IdP like simpleSAMLphp IdP, the SS "Shibboleth IdP" instead is
> Shibboleth1.3 emulation, but Shiboleth1.3. is another protocol, a died
> protocol in my opinion.
>
> Then you don't have to enable Shibboleth1.3 IdP on SSIdP.
>
> I mentioned Shibboleth IdP just because i know how to configure
> attribute mappings ( for instance configuring "urn:oid:2.5.4.42" to be
> the name to bind at the LDAP "givenName" attribute in a SAML assertions)
>
> > Finally, in your video you show that when a user "federates" from a
> > Shibboleth IdP into Joomla, the Idemauth plugin creates the user
> > proflle in Joomla database? Is that correct? So I don't need to create
> > a similar user profile like done in Google apps, right?
>
> yes the user is created automatically, you don't have to create profiles
> before.
>
> then, summarizing:
>
> * re-install idemauth component
> * modify all $IDEMAttrs['xxx'] to match your ldap attribute names
> (ensuring that email is a valid email, joomla checks it!)
> * to debug all $IDEMAttrs names try to enable debug mode in the
> idemauth plugin configuration:
>
Stefano Gargiulo
Nov 18, 2009, 8:44:25 AM11/18/09
to Hernan Matute, simpleSAMLphp
Hi Hernan,
I'll advise you when a new version implementing the feature will be
available.
best regards,
Stefano.
> The Joomla logout however, although presents the logout button and
> takes me out of the protected area, doesn't unset the simplesaml
> cookie, so the user can go back to the protected area without SS
> login. Is that done on purpose? This could be a risk if the user
> leaves his/her session unattended and somebody can access the portal
> protected area.
Yes i know, I've to implement an hook for the SingleLogout call...
> takes me out of the protected area, doesn't unset the simplesaml
> cookie, so the user can go back to the protected area without SS
> login. Is that done on purpose? This could be a risk if the user
> leaves his/her session unattended and somebody can access the portal
> protected area.
I'll advise you when a new version implementing the feature will be
available.
best regards,
Stefano.
Hernan Matute
Nov 18, 2009, 5:03:27 PM11/18/09
to Stefano Gargiulo, simpleSAMLphp
Thank you fo ryour reply Stefano - I look forward to your new idemauth version. I will also attempt to check the simple saml logout and if I make it work I will post it on the ss group.
Grazie,
Hernan M
Grazie,
Hernan M
On Wed, Nov 18, 2009 at 8:44 AM, Stefano Gargiulo <stefano....@garr.it> wrote
mabde...@cacapps.net
Oct 2, 2013, 6:02:30 AM10/2/13
to simple...@googlegroups.com, Stefano Gargiulo
The idemauth component is not available any longer, right? Any chance I can still find the installer and will it work with Joomla 2? if not what would be the alternative to integrate Joomla and simplesaml?
Thanks,
Mona
ram sengar
Nov 21, 2014, 2:32:21 AM11/21/14
to simple...@googlegroups.com
simpleSAMLphp integration with Joomla:
On Thursday, 10 September 2009 14:18:04 UTC+5:30, lavi_musiclife wrote:
Please let me know any person who has successfully integrated
Simplesamlphp with joomla or drupal??
Please start writing from Yes or No.
thanks
richardson...@gmail.com
Jul 23, 2020, 1:49:18 AM7/23/20
to SimpleSAMLphp
Joomla and SimpleSAML:
- Option: Set the SimpleSAMLphp authetication source and the behaviour of the plugin
- Attribute Mapping: set the mapping between IdP fields and Joomla fields for usename,name and email
- Synchronise Groups: If your IdP is configured to pass group details the then the IdP group names can be mapped to Joomla Groups
- User Provisioning: Automatically provision authenticated users
- Frontend and Backend login
- Single Sign Out
Somshekhar Karle
Feb 5, 2021, 2:08:57 AM2/5/21
to SimpleSAMLphp
I have successfully done this by using the following setup guide.
If anyone wants help for the same please reach out to me, I'll help for the same.
Reply all
Reply to author
Forward
0 new messages