问题
I'm new to SAML 2 and I'm working on a tool that requires SSO, but I'm clueless on how to go about it. Here's the flow:
1) User accesses main website and chooses to log in. 2) User enters login information and submits 3) System validates credentials, generates a SAML response and redirects user to the new tool along with the SAML response as a POST variable. 4) The new tool parses the response, stores/updates information in the database and creates an active session for the user.
1,2 and 3 are already created on the main website. What I'm working on is 4. The main developers provided us with a sample SAML response and a certificate. I have 2 issues/questions:
1) Using the SSO form on the test server, I entered the return URL to a php file on my server and submitted the form. It logged me in and redirected me to the page on my server. The code of the page is below and the output is further below:
<?php
var_dump($_POST);
?>
Output:
array(0) { }
Am I doing is right? I checked using Firebug on Firefox and I could find the samlresponse in there somewhere, but I'm not sure how exactly to bring it into the page. Any help?
2) Using the sample SAML response, we were able to code a small script that parses the sample and prints the 2-3 attributes within. Is this the right way to do it, or is there a better open source solutions available out there?
I tried reading up on SimpleSAMLPHP, OneLogin and a couple other such bundles, but they seem too complicated whereas I feel what I have to achieve here can be done with methods/solutions alot more simpler. Also, the bundles appear to have all features of offering SAML, whereas I'm just to receive and parse a response.
Thank you for your help in advanced! Cheers
回答1:
If you want to do manual parsing and handling of SAML messages OpenSAML may be the way to go. It is a very low level library and there is a lot of manual labour involved.
Here is the OpenSAML webpage
You will need to look into the SAML spec
My book, A Guide to OpenSAML, gives a good introduction and step by step on SAML and the OpenSAML library.
Also my blog has a couple of examples on this. http://blog.samlsecurity.com/search/label/OpenSAML http://blog.samlsecurity.com/search/label/SAML
回答2:
To be honest, parsing and validating SAML response is not trivial. SP needs to know IdP's EntityDescriptor(s), and IdP needs to know SP's EntityDescriptor(s). And there are several bindings/profiles. And the Response/Assertion could be encrypted/signed, which means you have to decrypt and/or verify digit signatures. SAML is a quite complex protocol, there is no easy way to parse/validate.
回答3:
You can try encode and decode your SAMLReponses with the link below:
https://rnd.feide.no/simplesaml/module.php/saml2debug/debug.php
You try automate these steps and parse it.
回答4:
You could use lightsaml php SAML data model library to parse/serialize SAML messages. If you're on Symfony2 framework you also might consider using the SamlSPBundle. Using just lightsaml receiving SAML Response and parsing it would look something like this:
$request = new Request();
$request->setQueryString($_SERVER['QUERY_STRING']);
$request->setGet($_GET);
$request->setPost($_POST);
$request->setRequestMethod($_SERVER['REQUEST_METHOD']);
$bindingDetector = new BindingDetector();
$bindingType = $bindingDetector->getBinding($request);
$binding = $bidingDetector->instantiate($bindingType);
$samlResponse = $binding->receive($request);
来源:https://stackoverflow.com/questions/16576690/handling-a-saml-response