Login with SAML2 SSO

cantika · October 25, 2021, 8:38am

hi allI created a project by logging in via the users table:
table : users
users : v 25
password : v25
name : v 100
I am very interested in logging in with sso. please let me know how to make login with SAML2 SSO.
thanks

cantika · November 7, 2021, 10:17am

I’m sorry, I don’t understand about connecting with sso, but I was asked to integrate my application phpmaker with sso. from my office I was given a configuration like this

<?php

$baseUrl = 'http://localhost:8000/';

return [
    'sp' => [
        'entityId' => 'testing', // silakan diganti dengan nama aplikasi anda
        'assertionConsumerService' => [
            'url' => $baseUrl.'saml-acs.php',
            'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
        ],
        'singleLogoutService' => [
            'url' => $baseUrl.'saml-sls.php',
            'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
        ],
        'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified',
    ],
    'idp' => [
        'entityId' => 'https://sso.xxx.ac.id/saml2/idp/metadata.php',
        'singleSignOnService' => [
            'url' => 'https://sso.uns.ac.id/saml2/idp/SSOService.php',
            'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
        ],
        'singleLogoutService' => [
            'url' => 'https://sso.xxx.ac.id/saml2/idp/SingleLogoutService.php',
            'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',

        ],
        'x509cert' => 'MxxFSDCCBDCgAwIBAgIRAOmg/xuJyTxxWdMbbVJL69NEwDQYJKoZIhvcNAQELBQAwgZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYDVQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTUwOTAzMDAwMDAwWhcNMTcwOTAyMjM1OTU5WjBXMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxHDAaBgNVBAsTE0NPTU9ETyBTU0wgV2lsZGNhcmQxFDASBgNVBAMMCyoudW5zLmFjLmlkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynydR1LT33PRsOXj+BYzIUi+8w808zT1hrUjWDvAFXXu/oJUNUcSjyaXNj3K+W72FmNVrSNQzhEsirmalCRnebKqkW7HjPyRHSpV/jfMvNHIK4KxDlbC/Gi8wd9+UtYufcbDIZvAO6HettjHmCs2i72AtQ924QysYPfrLyicTwFcWhOHAyYA93/NblpgYtgScE+MngdHPwG182gYfw3F4gSKlfD7nwokK7zWWaApGsyh7Br6dYXic4ipU7R9S97/DBai/AAQKLYg+FZDbx7u0XphwxAxVLHB4RDSbfGceNRIrex2BnQW3SFDorOHetVH4Oy4gm+BykWJankk6VyLZQIDAQABo4IB0zCCAc8wHwYDVR0jBBgwFoAUkK9qOpRaC9iQ6hJWc99DtDoo2ucwHQYDVR0OBBYEFHYOb+DJJFyOpjR0sd6G9WL47m9FMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBPBgNVHSAESDBGMDoGCysGAQQBsjEBAgIHMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMAgGBmeBDAECATBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGFBggrBgEFBQcBAQR5MHcwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAhBgNVHREEGjAYggsqLnVucy5hYy5pZIIJdW5zLmFjLmlkMA0GCSqGSIb3DQEBCwUAA4IBAQBuyEh0ZpADN7lYVCOSd9NiBZWX9OCfQYwjHC0UZVIAg8qoOMVC/2gumhx8E5qbrAjPgALhn3kGP7D53zU6Xvi0uM32KUVa+Qqgwkm1VTOQWZwxm0CR14sPXBvc3m7Fgz9u3I5G5KFkhNuZkTEV7GK+kCYHV6y2QHS4Qoh8+lVXlznvxmm/tEFmZsqQj/bQBGAi/07jfBbFkAxbqan2aINzTQLU9z/1T09bBHrUsa8JJbUYDUT3nOQ50DYmUDbHJGKyyAAFInoYbGhRWOoa+rzQWnA/ud3qO85pzAVv23umhOGQM8CuxCJpogrx7QZT3wmTB6gMJFKeMoSVncEf1efl',
    ],
];

what should I do next? then to get the username xxx and passw yyy is it obtained through the User_CustomValidate server event?
please guide.
thanks

arbei · November 8, 2021, 2:35am

You may need a PHP package for SAML 2.0, you better google “php saml 2.0” for more information.

cantika · November 9, 2021, 4:21pm

hi allI’ve managed to connect the login form with sso without User_CustomValidate server event
but when I press logout in the application but I haven’t logged out from sso, and I will log in with sso, it turns out that sso is still logged in, so logout must open the url sso.instansi.com/logout.php

how to do if pressing the logout button automatically also logout sso / automatically run sso.instansi.com/logout
logout sso (sso.instansi.com/logout.php) but don’t log out of the system, can still open the menu in the application. what if after sso logout, the system should automatically detect sso login again?
thanks

mobhar · November 10, 2021, 12:09am

You may write your PHP code in User_LoggedOut server event that belongs to the Logout page in order to logout from your sso.

alliance8791 · January 14, 2022, 2:47pm

cantika wrote:

I’ve managed to connect the login form with sso without User_CustomValidate server event

Hi, can you show us the code you used ? This would help a lot.
Thanks in advance.
Ciao
Piero.

rvanore · June 8, 2022, 5:45pm

Yes, could you please share the code you used. I am just beginning this process and this would be extremely helpful.