I did a Webinar for Zend on March 31st, 2011 about Single Sign On. In this presentation I covered openid, oauth and saml as suitable implementations for single sign on to web applications.
25. Level 4 - SAML
Creating our own Identity Provider
Thursday, March 31, 2011
26. SAML
Security Assertion Markup Language
XML standard by OASIS
Assertions contain:
Proof of Identity
Attributes
Supports XML signatures and encryption
Thursday, March 31, 2011
27. SAML Flow Auth
Backend
(LDAP, ...)
Service Identity
Provider Provider
Thursday, March 31, 2011
28. SimpleSAMLphp Auth
Backend
(LDAP, ...)
Identity Provider
Simple
Service
SAML
Provider SimpleSAMLPHP
PHP
Thursday, March 31, 2011
40. Integrating 3d party apps
Simplesamlphp is easy to integrate
Thursday, March 31, 2011
41. Wordpress
Plugin:
http://wordpress.org/extend/plugins/simplesamlphp-authentication/
Thursday, March 31, 2011
42. MediaWiki
Plugin:
http://www.mediawiki.org/wiki/Extension:SAMLAuth
Thursday, March 31, 2011
43. SugarCRM
Plugin: didn’t work
Problem: auth structure
Solution: hacking the source
Options:
Contact me if you need to get SugarCRM to do
SSO :-)
Wait for SugarCRM 6.1, it contains a working SAML
plugin (/via @smalyshev)
Thursday, March 31, 2011
44. Google Apps
Requires Premier or Education Edition
Configure SAML endpoint => Done!
Docs:
http://code.google.com/googleapps/domain/sso/
saml_reference_implementation.html
Thursday, March 31, 2011
46. Making apps SSO ready
Application Auth Plugin
Start
Logged
in?
Yes No
Show Login
Authenticate
Site Form
Thursday, March 31, 2011
47. Making apps SSO ready
Application Auth Plugin
Start
Logged
in?
Yes No
Show Login
Authenticate
Site Form
Thursday, March 31, 2011
48. Making apps SSO ready
Application Auth Plugin
Start Logged
in?
Yes
No
Show Login
Site Form
Authenticate
Thursday, March 31, 2011
49. Making apps SSO ready
Application Auth Plugin
Start Logged
in?
No
Yes
Login
Form
Show Login
Site Form
Authenticate
Thursday, March 31, 2011
50. Conclusion
What should you take away from this talk?
Thursday, March 31, 2011
51. In your next project...
You will NOT create more userids !!
You WILL use standard protocols !!
Thursday, March 31, 2011
52. Thank You
ivo@egeniq.com http://www.egeniq.com
@ijansch @egeniq
Thursday, March 31, 2011
53. Credits
Pictures used in this presentation are creative commons attribution licensed pictures.
Here are the owners and the URLS where the originals can be found:
‘Multiple Padlock Farm Gate’ by Mike Baird - http://www.flickr.com/photos/mikebaird/2354116406/
‘Love Locks’ by James Manners - http://www.flickr.com/photos/jmanners/443421045/
‘Seguridad’ by Juan J. Martinez - http://www.flickr.com/photos/reidrac/4696900602/
‘Hotel Keys by Henri Bergius - http://www.flickr.com/photos/bergie/3468886680/
‘OAuth Shiny’ by Chris Messina - http://www.flickr.com/photos/factoryjoe/3343062926/
‘Take a number please’ by Andres Rueda - http://www.flickr.com/photos/andresrueda/3259487071/
’38/365 Puzzled’ by Mykl Roventine - http://www.flickr.com/photos/myklroventine/3261364899/
‘Visiting Portage’ by Jeremy Bronson - http://www.flickr.com/photos/jbrons/4444017497/
‘_dsc8037’ by Sergey Vladimirov - http://www.flickr.com/photos/vlsergey/4138735474/
Application logo’s and other icons have been used under the assumption that use of them in this context is
considered fair use.
Thursday, March 31, 2011