php-saml 是 PHP 的 SAML 开发包。
配置示例:
<?php $settings = array ( // If 'strict' is True, then the PHP Toolkit will reject unsigned // or unencrypted messages if it expects them to be signed or encrypted. // Also it will reject the messages if the SAML standard is not strictly // followed: Destination, NameId, Conditions ... are validated too. 'strict' => false, // Enable debug mode (to print errors). 'debug' => false, // Set a BaseURL to be used instead of try to guess // the BaseURL of the view that process the SAML Message. // Ex http://sp.example.com/ // http://example.com/sp/ 'baseurl' => null, // Service Provider Data that we are deploying. 'sp' => array ( // Identifier of the SP entity (must be a URI) 'entityId' => '', // Specifies info about where and how the <AuthnResponse> message MUST be // returned to the requester, in this case our SP. 'assertionConsumerService' => array ( // URL Location where the <Response> from the IdP will be returned 'url' => '', // SAML protocol binding to be used when returning the <Response> // message. OneLogin Toolkit supports this endpoint for the // HTTP-POST binding only. 'binding' => 'urn:oasis:names����SAML:2.0:bindings:HTTP-POST', ), // If you need to specify requested attributes, set a // attributeConsumingService. nameFormat, attributeValue and // friendlyName can be omitted "attributeConsumingService"=> array( "serviceName" => "SP test", "serviceDescription" => "Test Service", "requestedAttributes" => array( array( "name" => "", "isRequired" => false, "nameFormat" => "", "friendlyName" => "", "attributeValue" => array() ) ) ), // Specifies info about where and how the <Logout Response> message MUST be // returned to the requester, in this case our SP. 'singleLogoutService' => array ( // URL Location where the <Response> from the IdP will be returned 'url' => '', // SAML protocol binding to be used when returning the <Response> // message. OneLogin Toolkit supports the HTTP-Redirect binding // only for this endpoint. 'binding' => 'urn:oasis:names����SAML:2.0:bindings:HTTP-Redirect', ), // Specifies the constraints on the name identifier to be used to // represent the requested subject. // Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported. 'NameIDFormat' => 'urn:oasis:names����SAML:1.1:nameid-format:emailAddress', // Usually x509cert and privateKey of the SP are provided by files placed at // the certs folder. But we can also provide them with the following parameters 'x509cert' => '', 'privateKey' => '', /* * Key rollover * If you plan to update the SP x509cert and privateKey * you can define here the new x509cert and it will be * published on the SP metadata so Identity Providers can * read them and get ready for rollover. */ // 'x509certNew' => '', ), // Identity Provider Data that we want connected with our SP. 'idp' => array ( // Identifier of the IdP entity (must be a URI) 'entityId' => '', // SSO endpoint info of the IdP. (Authentication Request protocol) 'singleSignOnService' => array ( // URL Target of the IdP where the Authentication Request Message // will be sent. 'url' => '', // SAML protocol binding to be used when returning the <Response> // message. OneLogin Toolkit supports the HTTP-Redirect binding // only for this endpoint. 'binding' => 'urn:oasis:names����SAML:2.0:bindings:HTTP-Redirect', ), // SLO endpoint info of the IdP. 'singleLogoutService' => array ( // URL Location of the IdP where SLO Request will be sent. 'url' => '', // URL location of the IdP where the SP will send the SLO Response (ResponseLocation) // if not set, url for the SLO Request will be used 'responseUrl' => '', // SAML protocol binding to be used when returning the <Response> // message. OneLogin Toolkit supports the HTTP-Redirect binding // only for this endpoint. 'binding' => 'urn:oasis:names����SAML:2.0:bindings:HTTP-Redirect', ), // Public x509 certificate of the IdP 'x509cert' => '', /* * Instead of use the whole x509cert you can use a fingerprint in order to * validate a SAMLResponse, but we don't recommend to use that * method on production since is exploitable by a collision attack. * (openssl x509 -noout -fingerprint -in "idp.crt" to generate it, * or add for example the -sha256 , -sha384 or -sha512 parameter) * * If a fingerprint is provided, then the certFingerprintAlgorithm is required in order to * let the toolkit know which algorithm was used. Possible values: sha1, sha256, sha384 or sha512 * 'sha1' is the default value. * * Notice that if you want to validate any SAML Message sent by the HTTP-Redirect binding, you * will need to provide the whole x509cert. */ // 'certFingerprint' => '', // 'certFingerprintAlgorithm' => 'sha1', /* In some scenarios the IdP uses different certificates for * signing/encryption, or is under key rollover phase and * more than one certificate is published on IdP metadata. * In order to handle that the toolkit offers that parameter. * (when used, 'x509cert' and 'certFingerprint' values are * ignored). */ // 'x509certMulti' => array( // 'signing' => array( // 0 => '<cert1-string>', // ), // 'encryption' => array( // 0 => '<cert2-string>', // ) // ), ), );
示例代码:
// Initializes toolkit with settings.php & advanced_settings files.
$auth = new OneLogin_Saml2_Auth();
//or
$settings = new OneLogin_Saml2_Settings();
// Initializes toolkit with the array provided.
$auth = new OneLogin_Saml2_Auth($settingsInfo);
//or
$settings = new OneLogin_Saml2_Settings($settingsInfo);
require_once 'custom_settings.php'; // The custom_settings.php contains a
// $settingsInfo array.
$auth = new OneLogin_Saml2_Auth($settingsInfo);
define("TOOLKIT_PATH", '/var/www/php-saml/');
require_once(TOOLKIT_PATH . '_toolkit_loader.php');-
php-saml 是 PHP 的 SAML 开发包。 配置示例:<?php $settings = array ( // If 'strict' is True, then the PHP Toolkit will reject unsigned // or unencrypted messages if it expects them to be signed or encrypted. //
-
我正在尝试使用我的网络应用程序中的SAML进行身份验证. Backtrace: 1 /app_path/application/lib/simplesamlphp/www/_include.php:37 (SimpleSAML_exception_handler) 0 [builtin] (N/A) Caused by: Exception: Unable to find the current
-
我是SAML领域的新手,我正尝试使用OneLogIn的saml-php将其仅作为SP实施到我的应用程序中.现在,我可以使用OneLogIn测试应用程序使它正常工作,但是,每当外部源尝试通过它登录时,都会出现以下错误: Fatal error: Uncaught exception 'OneLogin_Saml2_Error' with message 'SAML Response not foun
-
PHP 源码 Source Insight 相关资料 Extending and Embedding PHP PHP Internals Book 深入理解PHP内核 PHP扩展开发及内核应用 Laruence 鸟哥博客
-
CodeIgniter 的开发遵循本页所描述的编码规范,我们也推荐在你自己的应用程序开发中使用 这些规范,但不做强求。 目录 PHP 开发规范 文件格式 TextMate BBEdit PHP 结束标签 文件的命名 类和方法的命名 变量的命名 注释 常量 TRUE、FALSE 和 NULL 逻辑操作符 对返回值进行比较以及类型转换 调试代码 文件中的空格 兼容性 一个类一个文件 空格 换行 代码缩
-
用 PHP 作为我们「Docker 开发大礼包」开篇是带着一些朝圣的心情的。这是一门堪称「古老」的语言,也是一门争议最多的语言,更是一门不断涅槃的语言。「PHP 是最好的语言」这个流传已久的梗,或许正是对我国最有群众基础的编程语言描述里,最经典的注解。 就让我们一起回顾一下 PHP 的发展历程作为此系列文章的开篇。历史是最好的老师,他给每个未来提供启示。 谁创造了 PHP? Rasmus Lerd
-
我需要为PHP配置OneLogin SAML工具包。 我按照此链接中的 PHP SAML 工具包配置步骤进行操作。 我添加了应用程序 SAML 测试连接器 (IdP w/ attr)。 我将存储库Github的内容添加到我的托管中以运行PHP代码。 我在 demo1/settings 中定义了变量.php 6.-URL将页面重定向到mypage.onelogin。com和我编写与demo1应用程序
-
我的paypal sdk版本为^1.13 我的paypal实现有错误。我遵循了本教程https://www.youtube.com/watch?v=BD1dOWIABe0 我试图搜索错误,但我似乎找不到答案,所以我需要一些帮助。我做错了什么?我需要降级吗?因为教程中的视频是2年前制作的,所以我认为我需要降级,但有可能吗? 异常“PayPal\exception\PayPalConnectionEx
-
我们尝试在新项目开发过程中更好的使用 PHP 技术,通过结合国外 PHP 领域最新的开发模式、工具和经验,使您的 PHP 项目、团队焕发新生,重装上阵。