Skip to content

Commit

Permalink
Merge pull request SAML-Toolkits#539 from onelogin/saml-migration
Browse files Browse the repository at this point in the history
Remove references to onelogin support.
  • Loading branch information
not-ol-github authored Nov 18, 2022
2 parents 20a2cb3 + e2657c3 commit 664bc7c
Show file tree
Hide file tree
Showing 37 changed files with 856 additions and 860 deletions.
40 changes: 18 additions & 22 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,12 +1,8 @@
# OneLogin's SAML PHP Toolkit
# SAML PHP Toolkit

[![Build Status](https://api.travis-ci.org/onelogin/php-saml.png?branch=master)](http://travis-ci.org/onelogin/php-saml) [![Coverage Status](https://coveralls.io/repos/onelogin/php-saml/badge.png)](https://coveralls.io/r/onelogin/php-saml) [![License](https://poser.pugx.org/onelogin/php-saml/license.png)](https://packagist.org/packages/onelogin/php-saml)

## **Notice:** This project is currently not under active development, please see [#531](https://github.com/onelogin/php-saml/issues/531) for more information.

Add SAML support to your PHP software using this library.
Forget those complicated libraries and use this open source library provided
and supported by OneLogin Inc.


**The 3.X branch is compatible with PHP > 7.1, so if you are using that PHP version, use it and not the 2.X or the master branch**
Expand All @@ -22,7 +18,7 @@ Version 2.17.0 sets strict mode active by default

Update php-saml to 2.15.0, this version includes a security patch related to XEE attacks

php-saml is not affected by [201803-01](https://simplesamlphp.org/security/201803-01)
php-saml is not affected by [201803-01](https://simplesamlphp.org/security/201803-01)

Update php-saml to 2.10.4, this version includes a security patch related to
[signature validations on LogoutRequests/LogoutResponses](https://github.com/onelogin/php-saml/commit/949359f5cad5e1d085c4e5447d9aa8f49a6e82a1)
Expand All @@ -35,7 +31,7 @@ php-saml < v2.10.0 is vulnerable and allows signature wrapping!
Security Guidelines
-------------------

If you believe you have discovered a security vulnerability in this toolkit, please report it at https://www.onelogin.com/security with a description. We follow responsible disclosure guidelines, and will work with you to quickly find a resolution.
If you believe you have discovered a security vulnerability in this toolkit, please report it as an issue


Why add SAML support to my software?
Expand Down Expand Up @@ -65,7 +61,7 @@ since 2002, but lately it is becoming popular due its advantages:
General description
-------------------

OneLogin's SAML PHP toolkit let you build a SP (Service Provider) over
SAML PHP toolkit let you build a SP (Service Provider) over
your PHP application and connect it to any IdP (Identity Provider).

Supports:
Expand All @@ -86,7 +82,7 @@ Key features:
* **Easy to use** - Programmer will be allowed to code high-level and
low-level programming, 2 easy to use APIs are available.
* **Tested** - Thoroughly tested.
* **Popular** - OneLogin's customers use it. Many PHP SAML plugins uses it.
* **Popular** - customers use it. Many PHP SAML plugins uses it.

Integrate your PHP toolkit at OneLogin using this guide: [https://developers.onelogin.com/page/saml-toolkit-for-php](https://developers.onelogin.com/page/saml-toolkit-for-php)

Expand Down Expand Up @@ -356,7 +352,7 @@ $settings = array (
// URL Location where the <Response> from the IdP will be returned
'url' => '',
// SAML protocol binding to be used when returning the <Response>
// message. OneLogin Toolkit supports this endpoint for the
// message. SAML Toolkit supports this endpoint for the
// HTTP-POST binding only.
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
),
Expand All @@ -382,7 +378,7 @@ $settings = array (
// URL Location where the <Response> from the IdP will be returned
'url' => '',
// SAML protocol binding to be used when returning the <Response>
// message. OneLogin Toolkit supports the HTTP-Redirect binding
// message. SAML Toolkit supports the HTTP-Redirect binding
// only for this endpoint.
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
),
Expand Down Expand Up @@ -415,7 +411,7 @@ $settings = array (
// will be sent.
'url' => '',
// SAML protocol binding to be used when returning the <Response>
// message. OneLogin Toolkit supports the HTTP-Redirect binding
// message. SAML Toolkit supports the HTTP-Redirect binding
// only for this endpoint.
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
),
Expand All @@ -425,9 +421,9 @@ $settings = array (
'url' => '',
// URL location of the IdP where the SP will send the SLO Response (ResponseLocation)
// if not set, url for the SLO Request will be used
'responseUrl' => '',
'responseUrl' => '',
// SAML protocol binding to be used when returning the <Response>
// message. OneLogin Toolkit supports the HTTP-Redirect binding
// message. SAML Toolkit supports the HTTP-Redirect binding
// only for this endpoint.
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
),
Expand Down Expand Up @@ -824,7 +820,7 @@ $_SESSION['samlNameidSPNameQualifier'] = $auth->getNameIdSPNameQualifier();
$_SESSION['samlSessionIndex'] = $auth->getSessionIndex();

if (isset($_POST['RelayState']) && OneLogin_Saml2_Utils::getSelfURL() != $_POST['RelayState']) {
// To avoid 'Open Redirect' attacks, before execute the
// To avoid 'Open Redirect' attacks, before execute the
// redirection confirm the value of $_POST['RelayState'] is a // trusted URL.
$auth->redirectTo($_POST['RelayState']);
}
Expand Down Expand Up @@ -1164,7 +1160,7 @@ if (isset($_GET['sso'])) { // SSO action. Will send an AuthNRequest to the I

$_SESSION['samlUserdata'] = $auth->getAttributes(); // Retrieves user data
if (isset($_POST['RelayState']) && OneLogin_Saml2_Utils::getSelfURL() != $_POST['RelayState']) {
// To avoid 'Open Redirect' attacks, before execute the
// To avoid 'Open Redirect' attacks, before execute the
// redirection confirm the value of $_POST['RelayState'] is a // trusted URL.
$auth->redirectTo($_POST['RelayState']); // Redirect if there is a
} // relayState set
Expand Down Expand Up @@ -1219,9 +1215,9 @@ $needsAuth = empty($_SESSION['samlUserdata']);

if ($needsAuth) {
// put SAML settings into an array to avoid placing files in the
// composer vendor/ directories
// composer vendor/ directories
$samlsettings = array(/*...config goes here...*/);

$auth = new \OneLogin\Saml2\Auth($samlsettings);

if (!empty($_REQUEST['SAMLResponse']) && !empty($_REQUEST['RelayState'])) {
Expand Down Expand Up @@ -1351,7 +1347,7 @@ Lets describe now the classes and methods of the SAML2 library.

##### OneLogin_Saml2_Auth - Auth.php #####

Main class of OneLogin PHP Toolkit
Main class of PHP Toolkit

* `OneLogin_Saml2_Auth` - Initializes the SP SAML instance
* `login` - Initiates the SSO process.
Expand Down Expand Up @@ -1448,7 +1444,7 @@ SAML 2 Logout Response class

##### OneLogin_Saml2_Settings - `Settings.php` #####

Configuration of the OneLogin PHP Toolkit
Configuration of the PHP Toolkit

* `OneLogin_Saml2_Settings` - Initializes the settings: Sets the paths of
the different folders and Loads settings info from settings file or
Expand Down Expand Up @@ -1562,7 +1558,7 @@ Demos require that SP and IdP are well configured before test it.

### SP setup ###

The Onelogin's PHP Toolkit allows you to provide the settings info in two ways:
The PHP Toolkit allows you to provide the settings info in two ways:

* Use a `settings.php` file that we should locate at the base folder of the
toolkit.
Expand Down Expand Up @@ -1637,7 +1633,7 @@ must be done.

### SP setup ###

The Onelogin's PHP Toolkit allows you to provide the settings info in two ways:
The PHP Toolkit allows you to provide the settings info in two ways:

* Use a `settings.php` file that we should locate at the base folder of the
toolkit.
Expand Down
2 changes: 1 addition & 1 deletion certs/README
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
Take care of this folder that could contain private key. Be sure that this folder never is published.

Onelogin PHP Toolkit expects certs for the SP stored at:
PHP Toolkit expects certs for the SP stored at:

* sp.key Private Key
* sp.crt Public cert
Expand Down
2 changes: 1 addition & 1 deletion composer.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "onelogin/php-saml",
"description": "OneLogin PHP SAML Toolkit",
"description": "PHP SAML Toolkit",
"license": "MIT",
"homepage": "https://developers.onelogin.com/saml/php",
"keywords": ["saml", "saml2", "onelogin"],
Expand Down
2 changes: 1 addition & 1 deletion demo-old/consume.php
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
echo '</ul></td></tr>';
}
echo '</tbody></table><br><br>';
echo "The v.1 of the Onelogin's PHP SAML Tookit does not support SLO.";
echo "The v.1 of the PHP SAML Tookit does not support SLO.";
}
} else {
echo 'Invalid SAML response.';
Expand Down
4 changes: 2 additions & 2 deletions demo1/Readme.txt
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ The example requires that SP and IdP are well configured before test it.
SP setup
--------

The Onelogin's PHP Toolkit allows you to provide the settings info in 2 ways:
The PHP Toolkit allows you to provide the settings info in 2 ways:
* Use a settings.php file that we should locate at the base folder of the
toolkit.
* Use an array with the setting data.
Expand Down Expand Up @@ -59,7 +59,7 @@ How it works
endpoint). The SLS endpoint (index.php?sls)of the SP process the Logout
Response and if is valid, close the user session of the local app. Notice
that the SLO Workflow starts and ends at the SP.

5.2 SLO Initiated by IdP. In this case, the action takes place on the IdP
side, the logout process is initiated at the idP, sends a Logout Request to the SP (SLS endpoint, index.php?sls). The SLS endpoint of the SP
process the Logout Request and if is valid, close the session of the user
Expand Down
12 changes: 6 additions & 6 deletions demo2/Readme.txt
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,12 @@ The example requires that SP and IdP are well configured before test it.
SP setup
--------

The Onelogin's PHP Toolkit allows you to provide the settings info in 2 ways:
The PHP Toolkit allows you to provide the settings info in 2 ways:
* Use a settings.php file that we should locate at the base folder of the
toolkit.
* Use an array with the setting data.

The first is the case of the demo2 app. The setting.php file and the
The first is the case of the demo2 app. The setting.php file and the
setting_extended.php file should be defined at the base folder of the toolkit.
Review the setting_example.php and the advanced_settings_example.php to
learn how to build them.
Expand Down Expand Up @@ -44,14 +44,14 @@ demo1, only changes the targets.
sent to the IdP automatically, (as RelayState is sent the origin url).
We authenticate at the IdP and then a Response is sent to the SP, to the
ACS endpoint, in this case acs.php of the endpoints folder.

2. The SAML Response is processed in the ACS, if the Response is not valid,
the process stop here and a message is showed. Otherwise we are redirected
to the RelayState view (sso.php or index.php). The sso.php detect if the
user is logged and do a redirect to index.php, so we will be in the
index.php at the end.

3. We are logged in the app and the user attributes are showed.
3. We are logged in the app and the user attributes are showed.
At this point, we can test the single log out functionality.

4. The single log out funcionality could be tested by 2 ways.
Expand All @@ -63,9 +63,9 @@ demo1, only changes the targets.
The SLS endpoint of the SP process the Logout Response and if is
valid, close the user session of the local app. Notice that the SLO
Workflow starts and ends at the SP.

5.2 SLO Initiated by IdP. In this case, the action takes place on the IdP
side, the logout process is initiated at the idP, sends a Logout
side, the logout process is initiated at the idP, sends a Logout
Request to the SP (SLS endpoint sls.php of the endpoint folder).
The SLS endpoint of the SP process the Logout Request and if is valid,
close the session of the user at the local app and sends a Logout Response
Expand Down
Loading

0 comments on commit 664bc7c

Please sign in to comment.