Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keep custom sessions during authentication #1962

Open
dstr0h opened this issue Feb 14, 2024 · 1 comment
Open

Keep custom sessions during authentication #1962

dstr0h opened this issue Feb 14, 2024 · 1 comment

Comments

@dstr0h
Copy link

dstr0h commented Feb 14, 2024

Specifics of your environment

  1. Are you acting as SP/IdP/proxy? => IdP
  2. SimpleSAMLphp: What version are you using? => 2.0.0
  3. PHP: What version are you using? => 8.1
  4. Platform: unix or Windows? => Dev: Windows / Productive: Unix
  5. Webserver: Apache/Nginx/ISS? => Apache

Describe the bug
I want to use the existing Login Page of our website for saml authentication. If the user is already logged on our website, he/she should be automatically authenticated to the SP.
I tried to do the following steps:

I created an External Auth Source and in the "getUser" function I wanted to check if our custom Login Session exists, which means the user is logged in. But somehow I cannot access my own Sessions during the authentication process. I tried to use the session_write_close() function before calling any SAML functions.

In getUser() I tried to call these functions...

$session = SimpleSAML_Session::getSessionFromRequest();
$session->cleanup();

... to get my custom Sessions, but nothing works. The only thing I get is the SimpleSAMLphp_SESSION.
I'm kinda new to SAML - so maybe I'm doing anything wrong, I'm not sure tbh.

I just want to use the ID of the current user (which is stored in a Session) in the "getUser" function. Or is it possible to append custom params to the requireAuth function? I tried it but it doesn't work either.
@nathanjrobertson
Copy link
Contributor

That's not really the way SAML works, or at least getting it to work the way you describe will be really hard work.

SAML has a central authentication server (IDP, "Identity Provider") which has the passwords / does the authentication, and one or more web servers (SP, "Service Providers") which trust the IDP. In that model, your existing web server would be a "Service Provider" (ie. client of the authentication server - IDP). The IDP should have the login page, the SPs trust the IDP.

I'm assuming your existing website has a database (or something like that) which you're doing authentication against at the moment, and you more care about not moving the source data more that you actually care which server the page is hosted on. I'd change your setup so that your web server is an SP, and write an authentication module / plugin for SimpleSAMLphp to query your existing website database (or whatever the authentication backend for your website is) to actually do the authentication. If it's simple enough, you might be able to use one of the bundled authentication modules,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nathanjrobertson @dstr0h