misilot
commented
10 years ago Would this allow for attribute release via CAS and SAML? Or is this more targeted for shibboleth?
Closed dteoh closed 7 years ago
misilot
commented
10 years ago Would this allow for attribute release via CAS and SAML? Or is this more targeted for shibboleth?
dteoh
commented
10 years ago Sorry, what do you mean by "attribute release"? Do you mean getting the user's authentication details, like their username, name, etc? If that is the case, yes, this pull request allows you to configure your app to authenticate using either CAS or SAML (but not both at the same time). I haven't done any work to target this at Shibboleth.
misilot
commented
10 years ago We get attributes such as studentid, email, first name, last name, groups, etc via SAML1.1 (https://wiki.jasig.org/display/CASUM/SAML+1.1).
Everything goes through CAS for authentication, but the attributes come back via SAML. For all my previous applications (before trying out symfony2), I was using phpCAS which supported this.
Thanks
dteoh
commented
10 years ago In that case, I'm going to go with "no". This pull request assumes that you want the app to participate in a SAML authentication flow from the beginning to the end. I don't think the underlying SAML library (onelogin/php-saml) supports a hybrid authentication system.
Taluu
commented
9 years ago Hey,
Any news on this ? Saw a saml2 branch in the uq-ts-ss repo. Is this branch usable ?
dteoh
commented
9 years ago The saml branch, was/is still in use across many uq-its-ss production applications.
The saml2 branch uses version 2 of the php-saml library. From what I remember, the last time I tried to get the saml2 working with our apps, I discovered that the library was not very compatible with Symfony2 (or any other framework that uses the front controller design pattern) because the validation code checks against SCRIPT_NAME and other superglobals. I did lodge some issues with the php-saml project, and some things did get fixed, but not enough to get our production apps running with it. It is possible that all issues have since been resolved, but since I am no longer with the company, I no longer maintain the code.
Feel free to lodge issues and pull requests in the uq-its-ss/BeSimpleSsoAuthBundle repo if you have issues or enhancements.
acidjames
commented
7 years ago Hi, @dteoh if you update the PR with the latest master (i undertand this is an old PR), i may be able to test and merge, though i have never used SAML before.
If anyone needs SAML outside of this bundle, you can try https://github.com/lightSAML/SpBundle
dteoh
commented
7 years ago I'm going to close this because I am no longer able to maintain the code.
We have a branch of SsoAuthBundle with support for SAML authentication. We are using CAS authentication, but are gradually switching over to SAML, so we added SAML support in this bundle to make the transition easier.
I'd like to solicit feedback from the community about our implementation and what can be done to make the bundle more agnostic towards other SSO protocols. Right now, the bundle is very CAS centric.