• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content

Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

Building an SSO platform in php (Zendcon 2010)

on

  • 18,551 views

A presentation explaining how to build Single Sign On functionality in PHP using standards such as OpenID, OAuth and SAML. Delivered on November 4, 2010 at Zendcon in Santa Clara

A presentation explaining how to build Single Sign On functionality in PHP using standards such as OpenID, OAuth and SAML. Delivered on November 4, 2010 at Zendcon in Santa Clara

Statistics

Views

Total Views
18,551
Views on SlideShare
16,880
Embed Views
1,671

Actions

Likes
23
Downloads
463
Comments
1

19 Embeds 1,671

http://www.egeniq.com 1486
http://medresalabs.posterous.com 44
http://posterous.com 37
http://jujo00obo2o234ungd3t8qjfcjrs3o6k-a-sites-opensocial.googleusercontent.com 27
http://blog.jaffamonkey.com 27
http://www.planet-php.net 14
http://edit2day.blogspot.com 13
http://blog.fasoulas.com 6
http://www.phpeye.com 3
http://static.slidesharecdn.com 3
http://phpeye.com 2
http://tibi.vn 2
http://131.253.14.98 1
http://translate.googleusercontent.com 1
http://dev.tibi.vn 1
http://www.twylah.com 1
http://planet-php.org 1
http://www.planet-php.org 1
http://www.linkedin.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • Single Sign-On is HARD to get right, which is why there are relatively few packaged solutions out there. Presentations like this one are just confusing. So I came up with a solution:

    http://barebonescms.com/documentation/sso/

    Basically, follow the directions to install the server. Then follow the directions to install the client a couple of times. Then hook one client up to the server to secure it. Then hook the other client up to your application. Done. And it only takes a few hours of work without the nitty-gritty of trying to figure out the terminology used in this presentation. It takes far less time to set up than coding the average login system.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Building an SSO platform in php (Zendcon 2010) Building an SSO platform in php (Zendcon 2010) Presentation Transcript

    • Building an SSO platform Ivo Jansch - Egeniq November 4, 2010 - Zendcon
    • About Egeniq Startup Mobile Tech Knowledge Geeks Development
    • About Me @ijansch Developer Author Entreprenerd PHP
    • Single Sign On Why do we need it?
    • We use many applications Your Your other corporate corporate application application
    • Across devices and locations Your Your other corporate corporate application application
    • A quick poll
    • Level 0 - One Password To Rule Them All
    • 1 password to rule them all Your Your other corporate corporate application application
    • Level 1 - Shared Identity Using a single authentication backend for apps
    • Shared Identity LDAP Server Your Your other corporate corporate application application
    • Level 2 - OpenID Using OpenID for external Identity Management
    • OpenID Flow OpenID OpenID Consumer Provider
    • OpenID Demo OpenID Consumer login.php OpenID Provider consume index.php .php
    • Protecting the secret
    • Delegate to OpenID provider
    • Consume the response
    • Caveats OpenID providers hesitant to be OpenID consumers No trust establishment between consumer and provider
    • Level 3 - OAuth Using OAuth for external IDM and authorization
    • OAuth Flow OAuth OAuth Consumer Provider
    • Landing adjusted for OAuth
    • OAuth Configuration
    • Delegate auth to Twitter
    • Consuming the response
    • Level 4 - SAML Creating our own Identity Provider
    • SAML Security Assertion Markup Language XML standard by OASIS Assertions contain: Proof of Identity Attributes Supports XML signatures and encryption
    • SAML Flow Auth Backend (LDAP, ...) Service Identity Provider Provider
    • SimpleSAMLphp Auth Backend (LDAP, ...) Identity Provider Simple Service SAML Provider SimpleSAMLPHP PHP
    • IDP SimpleSAMLphp setup
    • IDP Auth Source Configuration
    • IDP Hosted Configuration
    • IDP Remote Configuration
    • IDP Virtual Host Apache Config
    • Testing the IDP
    • SP SimpleSAMLphp setup
    • SP Auth Source Configuration
    • SP Remote Configuration
    • Back to our landing page
    • Delegate auth to the IDP
    • Integrating 3d party apps Simplesamlphp is easy to integrate
    • Wordpress Plugin: http://wordpress.org/extend/plugins/simplesamlphp-authentication/
    • MediaWiki Plugin: http://www.mediawiki.org/wiki/Extension:SAMLAuth
    • SugarCRM Plugin: didn’t work Problem: auth structure Solution: hacking the source Options: Contact me if you need to get SugarCRM to do SSO :-) Wait for SugarCRM 6.1, it contains a working SAML plugin (/via @smalyshev)
    • Google Apps Requires Premier or Education Edition Configure SAML endpoint => Done! Docs: http://code.google.com/googleapps/domain/sso/ saml_reference_implementation.html
    • Google Apps
    • Making apps SSO ready Application Auth Plugin Start Logged in? Yes No Show Login Authenticate Site Form
    • Making apps SSO ready Application Auth Plugin Start Logged in? Yes No Show Login Authenticate Site Form
    • Making apps SSO ready Application Auth Plugin Start Logged in? Yes No Show Login Site Form Authenticate
    • Making apps SSO ready Application Auth Plugin Start Logged in? No Yes Login Form Show Login Site Form Authenticate
    • Level 5 - Federation Dealing with multiple Identity Providers
    • Federation Identity Provider Identity Provider Service Authentication Provider Federation
    • Identity Confederation Authentication Provider Federation Identity Provider Identity Provider Service Authentication Provider Federation
    • Collaboration Infrastructures http://www.surfnet.nl/en/Thema/coin/Pages/Default.aspx
    • The Future
    • The Future
    • Conclusion What should you take away from this talk?
    • In your next project... You will NOT create more userids !! You WILL use standard protocols !!
    • Thank You ivo@egeniq.com http://www.egeniq.com @ijansch @egeniq Please leave feedback at: http://joind.in/2282
    • Credits Pictures used in this presentation are creative commons attribution licensed pictures. Here are the owners and the URLS where the originals can be found: ‘Multiple Padlock Farm Gate’ by Mike Baird - http://www.flickr.com/photos/mikebaird/2354116406/ ‘Love Locks’ by James Manners - http://www.flickr.com/photos/jmanners/443421045/ ‘Seguridad’ by Juan J. Martinez - http://www.flickr.com/photos/reidrac/4696900602/ ‘Hotel Keys by Henri Bergius - http://www.flickr.com/photos/bergie/3468886680/ ‘OAuth Shiny’ by Chris Messina - http://www.flickr.com/photos/factoryjoe/3343062926/ ‘Take a number please’ by Andres Rueda - http://www.flickr.com/photos/andresrueda/3259487071/ ’38/365 Puzzled’ by Mykl Roventine - http://www.flickr.com/photos/myklroventine/3261364899/ ‘Visiting Portage’ by Jeremy Bronson - http://www.flickr.com/photos/jbrons/4444017497/ ‘_dsc8037’ by Sergey Vladimirov - http://www.flickr.com/photos/vlsergey/4138735474/ Application logo’s and other icons have been used under the assumption that use of them in this context is considered fair use.