问题
I'm beginning work on adding SAML SSO support to a project and am looking for any helpful resources specifically geared towards PHP. I understand the basic concepts and have poked around for any libraries that could help but have come up empty. The only thing I've found is simpleSAMLphp which appears to be an entire stack.
Any tips for integrating SAML into an existing project? Bonus points for Zend-Framework related suggestions!
回答1:
I think that SimpleSAMLPHP is the way to go to make your application act as a full-fledged SAML 2.0 Service Provider. It's indeed a complete stack, but you can narrow down the functionalities to the bare minimum.
From my experience, configuration is a lot simpler than with Shibboleth. This step is simplified with the configuration website that ships with the distribution package.
The impact on each PHP page is relatively small: http://simplesamlphp.org/docs/1.8/simplesamlphp-sp#section_6
This is the solution we opted for on our Zend environment.
回答2:
We used the PHP-SAML toolkit from OneLogin for a project that worked used non-transparant proxies (simpleSAMLphp didn't like not knowing the URL it was hosted on).
It is dead simple supporting the most basic login, but SAML 2.0 is a huge spec and it may not support what you want from it (for instance it doesn't support signing Authentication Requests).
回答3:
While not a PHP specific solution, maybe Shibboleth will be an acceptable solution for you - it supports both Apache and IIS and can be used with potentially any web framework - java/php/asp.net. This also helps by being a Filter plugin into your webserver so your application will require minimal (if any) modifications to use it
回答4:
We used SamlSpBundle wich we found quite configurable and Symfony2 friendly. If you're not on Symfony2 framework you might look at it's foundation library lightsaml which is a stand-alone.
回答5:
http://framework.zend.com/manual/en/zend.infocard.basics.html has SAML1.0, but SAML has moved on since then...
来源:https://stackoverflow.com/questions/2094136/getting-started-with-saml-and-php