ComponentSpace

Forums



Building SSO IdP for a PHP site


Building SSO IdP for a PHP site

Author
Message
nasayoo
nasayoo
New Member
New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)

Group: Forum Members
Posts: 3, Visits: 14
Hi, 

Can we build SSO IdP using componentspace API for PHP service provider. Moreover, the PHP service provider will have the login UI and from there it will redirect to ComponentSpace IdP. There won't be another login page at the IdP. Can this be achieved with ComponentSpace?

Thanks.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
We interoperate with SimpleSAMLphp.
However, having the login page at the SP rather than the IdP goes against the SAML specification and is not something we would recommend. The login page should be part of the IdP not the SP and it's the IdP that then authenticates the user.
Why do you want the login page to be part of the SP?

Regards
ComponentSpace Development
nasayoo
nasayoo
New Member
New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)

Group: Forum Members
Posts: 3, Visits: 14
Thanks for the reply. SP is a PHP site and we want to have the Login page at the SP so that PHP developers can easily maintain the page. 

Thanks. 
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Are you comfortable with the SP site having access to your users' passwords? How do you intend to transmit the user name and password to the IdP site for authentication?

Regards
ComponentSpace Development
nasayoo
nasayoo
New Member
New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)

Group: Forum Members
Posts: 3, Visits: 14
Actually one of the SPs will have user data store hosted. So we are authenticating against that data store. Credentials could be POSTed encrypted. Can we have the IdP as a Web API for issuing tokens?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K

You can use a web API to pass the credentials for validation. However, this is a proprietary solution and is not covered by the SAML specification. You could use our component to construct SAML assertion tokens if required but we don't directly support web APIs. Our focus is on the SAML specification and browser based SAML SSO. Your requirements fall outside the SAML specification.



Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search