php 使用saml,php-saml
php-saml 是 PHP 的 SAML 开发包。
配置示例:<?php
$settings = array (
// If 'strict' is True, then the PHP Toolkit will reject unsigned
// or unencrypted messages if it expects them to be signed or encrypted.
// Also it will reject the messages if the SAML standard is not strictly
// followed: Destination, NameId, Conditions ... are validated too.
'strict' => false,
// Enable debug mode (to print errors).
'debug' => false,
// Set a BaseURL to be used instead of try to guess
// the BaseURL of the view that process the SAML Message.
// Ex http://sp.example.com/
// http://example.com/sp/
'baseurl' => null,
// Service Provider Data that we are deploying.
'sp' => array (
// Identifier of the SP entity (must be a URI)
'entityId' => '',
// Specifies info about where and how the message MUST be
// returned to the requester, in this case our SP.
'assertionConsumerService' => array (
// URL Location where the from the IdP will be returned
'url' => '',
// SAML protocol binding to be used when returning the
// message. OneLogin Toolkit supports this endpoint for the
// HTTP-POST binding only.
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
),
// If you need to specify requested attributes, set a
// attributeConsumingService. nameFormat, attributeValue and
// friendlyName can be omitted
"attributeConsumingService"=> array(
"serviceName" => "SP test",
"serviceDescription" => "Test Service",
"requestedAttributes" => array(
array(
"name" => "",
"isRequired" => false,
"nameFormat" => "",
"friendlyName" => "",
"attributeValue" => array()
)
)
),
// Specifies info about where and how the message MUST be
// returned to the requester, in this case our SP.
'singleLogoutService' => array (
// URL Location where the from the IdP will be returned
'url' => '',
// SAML protocol binding to be used when returning the
// message. OneLogin Toolkit supports the HTTP-Redirect binding
// only for this endpoint.
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
),
// Specifies the constraints on the name identifier to be used to
// represent the requested subject.
// Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported.
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
// Usually x509cert and privateKey of the SP are provided by files placed at
// the certs folder. But we can also provide them with the following parameters
'x509cert' => '',
'privateKey' => '',
/*
* Key rollover
* If you plan to update the SP x509cert and privateKey
* you can define here the new x509cert and it will be
* published on the SP metadata so Identity Providers can
* read them and get ready for rollover.
*/
// 'x509certNew' => '',
),
// Identity Provider Data that we want connected with our SP.
'idp' => array (
// Identifier of the IdP entity (must be a URI)
'entityId' => '',
// SSO endpoint info of the IdP. (Authentication Request protocol)
'singleSignOnService' => array (
// URL Target of the IdP where the Authentication Request Message
// will be sent.
'url' => '',
// SAML protocol binding to be used when returning the
// message. OneLogin Toolkit supports the HTTP-Redirect binding
// only for this endpoint.
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
),
// SLO endpoint info of the IdP.
'singleLogoutService' => array (
// URL Location of the IdP where SLO Request will be sent.
'url' => '',
// URL location of the IdP where the SP will send the SLO Response (ResponseLocation)
// if not set, url for the SLO Request will be used
'responseUrl' => '',
// SAML protocol binding to be used when returning the
// message. OneLogin Toolkit supports the HTTP-Redirect binding
// only for this endpoint.
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
),
// Public x509 certificate of the IdP
'x509cert' => '',
/*
* Instead of use the whole x509cert you can use a fingerprint in order to
* validate a SAMLResponse, but we don't recommend to use that
* method on production since is exploitable by a collision attack.
* (openssl x509 -noout -fingerprint -in "idp.crt" to generate it,
* or add for example the -sha256 , -sha384 or -sha512 parameter)
*
* If a fingerprint is provided, then the certFingerprintAlgorithm is required in order to
* let the toolkit know which algorithm was used. Possible values: sha1, sha256, sha384 or sha512
* 'sha1' is the default value.
*
* Notice that if you want to validate any SAML Message sent by the HTTP-Redirect binding, you
* will need to provide the whole x509cert.
*/
// 'certFingerprint' => '',
// 'certFingerprintAlgorithm' => 'sha1',
/* In some scenarios the IdP uses different certificates for
* signing/encryption, or is under key rollover phase and
* more than one certificate is published on IdP metadata.
* In order to handle that the toolkit offers that parameter.
* (when used, 'x509cert' and 'certFingerprint' values are
* ignored).
*/
// 'x509certMulti' => array(
// 'signing' => array(
// 0 => '',
// ),
// 'encryption' => array(
// 0 => '',
// )
// ),
),
);
示例代码:// Initializes toolkit with settings.php & advanced_settings files.
$auth = new OneLogin_Saml2_Auth();
//or
$settings = new OneLogin_Saml2_Settings();
// Initializes toolkit with the array provided.
$auth = new OneLogin_Saml2_Auth($settingsInfo);
//or
$settings = new OneLogin_Saml2_Settings($settingsInfo);
require_once 'custom_settings.php'; // The custom_settings.php contains a
// $settingsInfo array.
$auth = new OneLogin_Saml2_Auth($settingsInfo);
define("TOOLKIT_PATH", '/var/www/php-saml/');
require_once(TOOLKIT_PATH . '_toolkit_loader.php');
php 使用saml,php-saml相关推荐
- 安全性断言标记语言(SAML)介绍
简介 安全是所有Web项目在设计时都要考虑的一个重要因素.无论是选择最短口令,决定何时使用SSL加密HTTP会话,还是通过自动登录cookie来识别用户,都经常要付出重大的设计努力,以保护用户的身份信 ...
- SAML简介:安全地共享数字身份信息
http://baike.baidu.com/view/758527.htm http://netsecurity.51cto.com/art/200712/62057.htm SAML简介:安全地共 ...
- 在wildfly中使用SAML协议连接keycloak
文章目录 简介 OpenID Connect和SAML SAML的工作流程 在keycloak中使用SAML 准备wildfy和应用程序 简介 我们知道SSO的两个常用的协议分别是SAML和OpenI ...
- 利用SAML证书登陆vCenter
模拟环境: 使用CVE-2021-22005获取权限后下载data.mdb文件 vSphere: vSphere是VMware推出的虚拟化平台套件,包含ESXi.vCenter等一系列的软件. 其中v ...
- 009 - CSS预处理器less sass SAML SSO 单点登录 websocket socket.io
009_css预处理器less sass saml sso 单点登录 websocket## less 安装: npm install -g less 命令: lessc style.less sty ...
- SAML 协议-简单的SAML
SURFconext 在一个单一的协作平台中结合了各种技术,当所有这些技术协同工作时,就是 SURFconext 真正闪耀的时候.但这些技术的交织有时也会使 SURFconext 显得复杂和令人生畏. ...
- 将baml 转换为xaml_将XAML实施SAML
将baml 转换为xaml 实施SAML之前 这是XACML请求到达要评估的PDP(策略决策点)时的样子. <Request xmlns='urn:oasis:names:tc:xacml:2. ...
- 基于SAML的单点登录介绍
一.背景知识: SAML即安全断言标记语言,英文全称是Security Assertion Markup Language.它是一个基于XML的标准,用于在不同的安全域(security domain ...
- 联邦身份认证——SAML
转载自:http://blog.csdn.net/peterwanghao/article/details/4271813 1.概述 目前越来越多的系统通过Web服务.门户和集成化应用程序彼此链接,为 ...
- 深入浅出SAML协议
SAML概述 SAML(Security Assertion Markup Language 安全断言标记语言)是一个基于XML的开源标准数据格式,为在安全域间交换身份认证和授权数据,尤其是在IDP( ...
最新文章
- 一文全览,AAAI 2020上的知识图谱
- The server time zone value is unrecognized or repr
- XXE Lab:1题解
- 宝塔面板php日志在哪里,宝塔面板怎么查看网站日志?
- 一位大学教师对学生的建议:如何做好研究
- CCCC L2 007 家庭房产 并查集
- ABAP Smart Help调试截图
- CodeForces	 841B (B) 博弈
- equation在c语言中是什么意思,MathType出现此对象创建于Equation中的问题怎么办
- Ajax提交打开新窗口,浏览器拦截处理;以及跨域问题
- 案例演示按角色的form认证实现过程
- python基础知识培训价格_Python基础知识的学习
- quartus仿真15:全加器和半加器及如何生成符号文件
- poj 3660 Cow Contest floyd 传递闭包!!基础
- Exchange Server 2013安装部署初体验
- CreateProcess()无法启动应用?
- android字体文件制作教程,Android使用自定义字体
- android删除sd卡照片恢复,手机内存清理方法及照片误删恢复方法 手机党必备
- 【​观察】POWER9,一个全面开创AI时代的芯片来了!
- 网络受限_受限人工神经网络对幸福的追求