Welcome Guest, Not a member yet? Register   Sign In
SAML - simplesamlphp
#1

Hi,

Does anybody have experience integrating Codeigniter 3.x with a simplesamlphp ?

My issue is the following:
i've set up simplesamlphp as an IDP on my machine in a virtual host - this works fine
I've also set up a different instance of simplesamlphp as an SP in a different virtual host

My problem is with sessions.

After i am successfully authenticated i get re-directed back to my application, but my sessions don't want to behave:

- if i auto-load sessions, then my login page ends up in a continuous loop (redirect to IDP -> succesful auth -> redirect back to application -> sessions are screwed -> redirect back to IDP for auth)

- if i disable auto-load, then the i can use $_SESSION to store the attributes, etc... but the session does not remain the same as the default ci_session is replaced with the idp's session.

What is the best way to resolve this and be able to use sessions?
Reply
#2

Hi All,
I've finally cracked this Smile
If you find yourself in a situation where you want to integrate saml based SSO with your CI app then read on..

The key to success was to NOT use the phpsession driver for SimpleSAMLphp.
Once i've switched to using a SQL database for it, the session restore functionality started working.

So, just ensure that the config/config.php is not using phpsession as storetype:
PHP Code:
'store.type'         => 'sql'

Then it as simple as the below to integrate authentication in codeigniter:
PHP Code:
public function auth()
 
   {
 
       // Ensure we are not running in cli mode
 
       if (!is_cli())
 
       {
 
           // SimpleSAMLphp is installed under /var/simplesaml
 
           require_once('/var/simplesamlphp/lib/_autoload.php');

 
           // Authenticate against the 'default-sp' identity provider
 
           $auth = new \SimpleSAML\Auth\Simple('default-sp');

 
           if (!$auth->isAuthenticated())
 
           {
 
               // The user is not authenticated.

 
               $auth->requireAuth();
 
           }
 
           else
            
{
 
               // We are authenticated, let's get the attributes
 
               $attributes $auth->getAttributes();

 
               // Restore codeigniter's session
 
               $session SimpleSAML_Session::getSessionFromRequest();
 
               $session->cleanup();

 
               // Add the attributes to the restored session
 
               $_SESSION['attributes'] = $attributes;

 
             // Do something based on attributes:
 
            // redirect, etc..


 
           }
 
       }
 
   

My plan is to get the above integrated with Ion Auth, where the above function will use hooks set up and log in the users locally, then i can use Ion Auth to manage the authorizations to different parts of the application Smile
Reply




Theme © iAndrew 2016 - Forum software by © MyBB