Superpatterns

Pat Patterson on Identity Management, Federation and Single Malt Scotch
         

accessmanager adoption authentication bloggers burtongroup catalyst community extensions federation google identity libertyalliance lightbulb links opends openid opensource opensso php saml sdn security sso sun webservices
 
« Previous page | Main

02 Nov · Thu 2006

Added Single Logout to Lightbulb - SAML 2.0 in PHP
[ ]

I just finished adding single logout to the 'Lightbulb' OpenSSO SAML 2.0 PHP implementation. I'll take this opportunity to reiterate: THIS IS BY NO MEANS PRODUCTION CODE. There are probably bugs, there are certainly shortcuts. This is development out in the open.

Please do feel free to pick this up, play with it, suggest improvements - even contribute code. As I mentioned before, there is a bit of process to this, but I think it's more than worth it.

The next step for me now is to write a how-to on getting an IdP up to play with...

@ 05:14 PM PST Comments [2]
 
 
 

20 Oct · Fri 2006

Q&A on the OpenSSO SAML 2.0 PHP work
[ ]

Yesterday I announced the first drop of my SAML 2.0 PHP code. I've had a few questions since then - here they are, with answers:

  • Q: Can I contribute to this?
    A: Of course! This was the whole point of releasing this code as open source. I know a little about SAML 2.0, but I'm no PHP expert. I'd welcome PHP folks to take a look and suggest/make improvements. See the OpenSSO governance for more information on contributing.
  • Q: Is this 'pure' PHP?
    A: That depends on your definition of 'pure'. No custom modules are required. It does use openssl, mysql, dom and xml, but support for these is pretty standard. The default PHP5 in my Ubuntu 6.06 had everything I needed.

Please do leave comments with any further questions - I'll update this entry with the answers.

@ 10:01 AM PDT Comments [1]
 
 
 

19 Oct · Thu 2006

Switching on the Lightbulb
[ ]

Over the past few months I've had a side project - implementing a SAML 2.0 service provider (SP) in PHP. I originally set out using PHP/Java Bridge and got something working (I even presented it [pdf] at Identity Open Space in Vancouver), but I was inspired by Kim Cameron's success in implementing InfoCard in PHP to try a more direct approach.

Rob Richard's XML Security implementation provided the impetus I needed to get a 'pure' PHP SAML 2.0 SP working. Rob kindly allowed me to adopt the XML Security code into OpenSSO (note that the base XML security code is still, and will continue to be, available, in its original public domain form, at Rob's page) and I set forth hacking away.

Well - I'm done with an initial version. SAML 2.0 POST profile works. There is no artifact profile, no single log out, no bells or whistles. It does verify the assertion signature (via PHP's integration with openssl) and checks that the certificate fingerprint matches what it expects from that identity provider.

There is some general documentation on SAML-enabling PHP [odt], and some specific documentation on this code [odt]. I'll write a step-by-step guide to getting it up and running next...

UPDATE - some FAQs here.

@ 05:03 PM PDT Comments [2]
 
 
 
« Previous page | Main
 

    OpenSSO - Get It Now

    Identity Management Buzz Podcast
    Stay connected to news, show notes and leave your feedback.
    » More
    Contact Me
  • My status
  • View Pat Patterson's profile on LinkedIn
  • ohloh profile for Pat Patterson
  • Feedback form
  • i-name
    Listening To
    Listen to Radio Pat
    www.flickr.com
    superpat7's photos More of superpat7's photos
    Technorati
Valid XHTML or CSS?
[This is a Roller site]
    Disclaimer
  • I work at Sun Microsystems. The opinions expressed here are my own, and neither Sun nor any other party necessarily agrees with them.
Original theme by Rowell Sotto. Heavily modified by Pat Patterson.