OneLogin - a cloud provider for SAML

SAML

Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. As its name implies, SAML is an XML-based markup language for security assertions (statements that service providers use to make access-control decisions)

• identity provider is the central system that controls identity and authentication.
• service provider is the application (or webapps) that are using SSO

Trying things out

We will try things out with onelogin. Onelogin is a Unified Access Management platform which provides secure single sign-on, multi-factor authentication, directory integration with AD, LDAP and other cool stuff. For our needs, it is a great platform to test things out.

Once an account has been created, I can login to the portal and set up a demo thingy maginny. oneLogin Portal. My portal is redacted.onelogin.com.

Once in, set up the configuration tab similar to what I have below.

Keep this page open because we need to copy the configuration from oneLogin to our settings.php file.

Create the x509 certificate

Part of the requirements for all of this to work is the X509 certificate. Goto the SSO tab, and click on the View Details in the X.509 section.

Later on you will copy the x.509 certificate to your settings.php file.

Further Links

• https://packagist.org/packages/onelogin/php-saml
• https://packagist.org/packages/asasmoyo/yii2-saml
• https://developers.onelogin.com/saml/php