single sign on - Two questions about PHP Simple SAML by OneLogin -


if has experience simple saml (php) https://github.com/onelogin/php-saml appreciate help.

first of all, have got working. app service provider , indeed permit authentication external identity provider. hurrah!

however have 2 questions have come part of process:

1) sp generates metadata url. if client has already provided idp's details, code works fine. can see php-saml code builds settings object, validates, , returns metadata xml. good.

but if client requests metadata url (in order configure sp @ end, in idp, first) reports error:

"invalid array settings: idp_entityid_not_found, idp_sso_not_found, idp_cert_or_fingerprint_not_found_and_required"

obviously exception pretty self-explanatory: of course details have indeed not been provided yet.

so question is: in looking @ xml of sp metadata, doesn't return of idp details, why can't generate metadata without knowing details?

the reason concern if idp has same issue @ their end (ie they wouldn't have sp's details, same error, , neither can proceed)?!

2) part of settings array, asks x509 certificate , private key sign requests. i'm using site's ssl certificate (my-domain.com). works fine.

but see other sp let people download certificate.

so let people download x509 part of certificate - public bit, assume. i'm wondering if certificate needs linked domain used metadata/acs urls?

or can old certificate e.g. self-signed one? do?

thanks! i'm confused this. simple surely not.

i'm maintainer of onelogin saml toolkit.

related 1) have request of split settings validation , implement in toolkits: https://github.com/onelogin/python-saml/issues/74

related 2)

saml requires x509 cert/key in order sign/encrypt saml elements.

  • some idps/sps use same x509 of apache/nginx server enable https (bought certs).

  • others use self signed certs, (you can create yours tool (https://www.samltool.com/self_signed_certs.php). recommend when creating them use idp/sp domain in order able identify them later (but not required saml). can use old ones, since can generate them anytime practice have them linked domain , them fresh, avoiding others share in past).


Comments

Post a Comment

Popular posts from this blog

javascript - Using jquery append to add option values into a select element not working -

i'm looking dynamically populate select element names of items stored array. for reason it's not working , i'm not sure why. html: <div class="col-md-4 col-md-offset-4"> <select class="select1"> </select> , <select class="select2"> </select> </div> note i'm using bootstrap layout. here's jquery i'm using try , populate ".select1" jquery: select: function() { $.each(state.greens, function(index, value) { $(".select1").append("<option value =' " + index + " '>" + state.greens[index].name + "</option>"); }); } note function 'select' stored within object called 'display'. state.greens name of array i'm trying access. so @ end of html page call display.select(); call function. no error messages showing in console. also, saw question: appending
Read more

Android soft keyboard reverts to default keyboard on orientation change -

i'm building android soft keyboard , can't seem fix bug - have arabic , qwerty keyboard , when rotate device on qwerty keyboard (or arabic shift), it's if program has "restarted" , becomes arabic keyboard without shift. the onsaveinstancestate(bundle savedinstancestate) not work because application not extend activity inputmethodservice . i put following in android manifest android:configchanges="keyboard|keyboardhidden|orientation" android:windowsoftinputmode="stateunchanged|adjustresize"> i tried using @override public void onconfigurationchanged(configuration newconfig) { super.onconfigurationchanged(newconfig); log.i(mydebug, "config changed " + currentkeyboard.equals(qwerty)); } however, currentkeyboard.equals(qwerty)) results false , made sure true before orientation change. any appreciated. i think applications fault. if application restarting on orientation change
Read more

Rendering JButton to get the JCheckBox behavior in a JTable by using images does not update my table -

i rendering jbutton image on simulate jcheckbox behavior. why don't let jtable render jcheckbox? because need bigger checkboxes , there's no way can resize them (as far know). so, have own table cell renderer , editor. both renders jbutton , checkbox images on them. trying change image checked image unchecked image (or vice versa) , update cell value (boolean true or false). however, reason, getcelleditorvalue() not update table. so, release mouse, value goes original one. any appreciated! lot! public class tableexample extends jframe { jscrollpane pane; jpanel panel; jtable table; object[][] data; mytablemodel tm; renderer buttoncolumn; public tableexample(object[][] data) throws ioexception { string[] columns = {"column#1", "column#2", "column#3", "column#4", "column#5", "column#6"}; this.data = data; this.setpreferredsize(new dimension(700, 500));
Read more