# OneLogin's SAML PHP Toolkit Compatible with PHP 7.X & 8.X
[![Build Status](https://api.travis-ci.org/onelogin/php-saml.png?branch=master)](http://travis-ci.org/onelogin/php-saml) [![Coverage Status](https://coveralls.io/repos/onelogin/php-saml/badge.png)](https://coveralls.io/r/onelogin/php-saml) [![License](https://poser.pugx.org/onelogin/php-saml/license.png)](https://packagist.org/packages/onelogin/php-saml)
Add SAML support to your PHP software using this library.
Forget those complicated libraries and use this open source library provided
and supported by OneLogin Inc.
Warning
-------
This version is compatible with PHP >=7.3 and 8.X and does not include xmlseclibs (you will need to install it via composer, dependency described in composer.json)
Security Guidelines
-------------------
If you believe you have discovered a security vulnerability in this toolkit, please report it at https://www.onelogin.com/security with a description. We follow responsible disclosure guidelines, and will work with you to quickly find a resolution.
Why add SAML support to my software?
------------------------------------
SAML is an XML-based standard for web browser single sign-on and is defined by
the OASIS Security Services Technical Committee. The standard has been around
since 2002, but lately it is becoming popular due its advantages:
* **Usability** - One-click access from portals or intranets, deep linking,
password elimination and automatically renewing sessions make life
easier for the user.
* **Security** - Based on strong digital signatures for authentication and
integrity, SAML is a secure single sign-on protocol that the largest
and most security conscious enterprises in the world rely on.
* **Speed** - SAML is fast. One browser redirect is all it takes to securely
sign a user into an application.
* **Phishing Prevention** - If you don’t have a password for an app, you
can’t be tricked into entering it on a fake login page.
* **IT Friendly** - SAML simplifies life for IT because it centralizes
authentication, provides greater visibility and makes directory
integration easier.
* **Opportunity** - B2B cloud vendor should support SAML to facilitate the
integration of their product.
General description
-------------------
OneLogin's SAML PHP toolkit let you build a SP (Service Provider) over
your PHP application and connect it to any IdP (Identity Provider).
Supports:
* SSO and SLO (SP-Initiated and IdP-Initiated).
* Assertion and nameId encryption.
* Assertion signature.
* Message signature: AuthNRequest, LogoutRequest, LogoutResponses.
* Enable an Assertion Consumer Service endpoint.
* Enable a Single Logout Service endpoint.
* Publish the SP metadata (which can be signed).
Key features:
* **saml2int** - Implements the SAML 2.0 Web Browser SSO Profile.
* **Session-less** - Forget those common conflicts between the SP and
the final app, the toolkit delegate session in the final app.
* **Easy to use** - Programmer will be allowed to code high-level and
low-level programming, 2 easy to use APIs are available.
* **Tested** - Thoroughly tested.
* **Popular** - OneLogin's customers use it. Many PHP SAML plugins uses it.
Integrate your PHP toolkit at OneLogin using this guide: [https://developers.onelogin.com/page/saml-toolkit-for-php](https://developers.onelogin.com/page/saml-toolkit-for-php)
Installation
------------
### Dependencies ###
* `php >= 5.4` and some core extensions like `php-xml`, `php-date`, `php-zlib`.
* `openssl`. Install the openssl library. It handles x509 certificates.
* `gettext`. Install that library and its php driver. It handles translations.
* `curl`. Install that library and its php driver if you plan to use the IdP Metadata parser.
### Code ###
#### Option 1. clone the repository from github ####
git clone git@github.com:onelogin/php-saml.git
Then pull the 3.X.X branch/tag
#### Option 2. Download from github ####
The toolkit is hosted on github. You can download it from:
* https://github.com/onelogin/php-saml/releases
Search for 3.X.X releases
Copy the core of the library inside the php application. (each application has its
structure so take your time to locate the PHP SAML toolkit in the best place).
See the "Guide to add SAML support to my app" to know how.
Take in mind that the compressed file only contains the main files.
If you plan to play with the demos, use the Option 1.
#### Option 3. Composer ####
The toolkit supports [composer](https://getcomposer.org/). You can find the `onelogin/php-saml` package at https://packagist.org/packages/onelogin/php-saml
In order to import the saml toolkit to your current php project, execute
```
composer require onelogin/php-saml
```
Remember to select the 3.X.X branch
After installation has completed you will find at the `vendor/` folder a new folder named `onelogin` and inside the `php-saml`. Make sure you are including the autoloader provided by composer. It can be found at `vendor/autoload.php`.
**Important** In this option, the x509 certs must be stored at `vendor/onelogin/php-saml/certs`
and settings file stored at `vendor/onelogin/php-saml`.
Your settings are at risk of being deleted when updating packages using `composer update` or similar commands. So it is **highly** recommended that instead of using settings files, you pass the settings as an array directly to the constructor (explained later in this document). If you do not use this approach your settings are at risk of being deleted when updating packages using `composer update` or similar commands.
Compatibility
-------------
This 4.X.X supports PHP >=7.3 .
It is not compatible with PHP5.6 or PHP7.0.
Namespaces
----------
If you are using the library with a framework like Symfony that contains
namespaces, remember that calls to the class must be done by adding a backslash (`\`) to the
start, for example to use the static method getSelfURLNoQuery use:
\OneLogin\Saml2\Utils::getSelfURLNoQuery()
Security warning
----------------
In production, the `strict` parameter **MUST** be set as `"true"` and the
`signatureAlgorithm` and `digestAlgorithm` under `security` must be set to
something other than SHA1 (see https://shattered.io/ ). Otherwise your
environment is not secure and will be exposed to attacks.
In production also we highly recommended to register on the settings the IdP certificate instead of using the fingerprint method. The fingerprint, is a hash, so at the end is open to a collision attack that can end on a signature validation bypass. Other SAML toolkits deprecated that mechanism, we maintain it for compatibility and also to be used on test environment.
Getting started
---------------
### Knowing the toolkit ###
The new OneLogin SAML Toolkit contains different folders (`certs`, `endpoints`,
`lib`, `demo`, etc.) and some files.
Let's start describing the folders:
#### `certs/` ####
SAML requires a x509 cert to sign and encrypt elements like `NameID`, `Message`,
`Assertion`, `Metadata`.
If our environment requires sign or encrypt support, this folder may contain
the x509 cert and the private key that the SP will use:
* `sp.crt` - The public cert of the SP
* `sp.key` - The private key of the SP
Or also we can provide those data in the setting file at the `$settings['sp']['x509cert']`
and the `$settings['sp']['privateKey']`.
Sometimes we could need a signature on the metadata published by the SP, in
this case we could use the x509 cert previously mentioned or use a new x.509
cert: `metadata.crt` and `metadata.key`.
Use `sp_new.crt` if you are in a key rollover process and you want to
publish that x509 certificate on Service Provider metadata.
#### `src/` ####
This folder contains the heart of the toolkit, the libraries:
* `Saml2` folder contains the new version of the classes and methods that
are described in a later section.
#### `doc/` ####
This folder contains the API documentation of
没有合适的资源?快使用搜索试试~ 我知道了~
zabbix6.4.6
需积分: 0 10 下载量 104 浏览量
2023-08-30
09:50:38
上传
评论
收藏 41.72MB GZ 举报
温馨提示
共2000个文件
go:1777个
h:95个
md:65个
搭配centos7安装zabbix 感谢帖子https://blog.csdn.net/weixin_50877409/article/details/124295941
资源推荐
资源详情
资源评论
收起资源包目录
zabbix6.4.6 (2000个子文件)
sqlite3-binding.c 8.16MB
dpiOci.c 176KB
dpiConn.c 109KB
dpiStmt.c 77KB
dpiVar.c 77KB
dpiObject.c 39KB
dpiSodaColl.c 39KB
dpiData.c 34KB
dpiJson.c 34KB
dpiPool.c 32KB
dpiSubscr.c 28KB
dpiOracleType.c 26KB
dpiUtils.c 22KB
dpiQueue.c 22KB
dpiMsgProps.c 21KB
dpiLob.c 19KB
dpiSodaDb.c 17KB
dpiContext.c 16KB
dpiDeqOptions.c 15KB
dpiGlobal.c 15KB
dpiObjectType.c 14KB
dpiGen.c 13KB
dpiError.c 12KB
dpiEnv.c 9KB
dpiSodaDoc.c 9KB
dpiEnqOptions.c 7KB
dpiDebug.c 7KB
dpiSodaDocCursor.c 6KB
dpiSodaCollCursor.c 6KB
dpiRowid.c 6KB
dpiHandlePool.c 5KB
dpiHandleList.c 5KB
dpiObjectAttr.c 5KB
dpi.c 3KB
sqlite3_opt_unlock_notify.c 2KB
gccgo_c.c 2KB
subscr.c 250B
zerrors_windows.go 923KB
easyjson.go 250KB
ztypes_linux.go 245KB
easyjson.go 229KB
easyjson.go 195KB
zsyscall_windows.go 189KB
easyjson.go 182KB
zerrors_linux.go 178KB
codec_gen.go 161KB
easyjson.go 130KB
easyjson.go 130KB
easyjson.go 122KB
zsysnum_zos_s390x.go 117KB
cdproto.go 112KB
easyjson.go 105KB
types_windows.go 103KB
types.go 102KB
types.go 97KB
stmt.go 91KB
zerrors_darwin_amd64.go 87KB
zerrors_darwin_arm64.go 87KB
zerrors_freebsd_riscv64.go 84KB
zerrors_freebsd_386.go 80KB
zerrors_freebsd_amd64.go 79KB
zerrors_freebsd_arm64.go 79KB
zerrors_freebsd_arm.go 79KB
syscall_windows.go 79KB
zerrors_openbsd_arm64.go 79KB
zerrors_openbsd_amd64.go 79KB
zerrors_openbsd_mips64.go 79KB
zerrors_openbsd_386.go 79KB
zerrors_openbsd_arm.go 79KB
zerrors_openbsd_ppc64.go 79KB
zerrors_openbsd_riscv64.go 78KB
syscall_linux.go 75KB
easyjson.go 74KB
easyjson.go 74KB
zerrors_netbsd_386.go 73KB
zerrors_netbsd_arm64.go 72KB
zerrors_netbsd_amd64.go 72KB
zerrors_netbsd_arm.go 72KB
zerrors_dragonfly_amd64.go 71KB
easyjson.go 71KB
easyjson.go 69KB
zsyscall_darwin_amd64.go 68KB
zsyscall_darwin_arm64.go 67KB
setupapi_windows.go 67KB
sqlite3.go 65KB
dom.go 65KB
page.go 63KB
types.go 63KB
zmsg.go 60KB
zerrors_solaris_amd64.go 59KB
easyjson.go 59KB
zsyscall_solaris_amd64.go 59KB
zsyscall_openbsd_arm.go 56KB
zsyscall_openbsd_386.go 56KB
zsyscall_openbsd_amd64.go 56KB
zsyscall_openbsd_riscv64.go 56KB
zsyscall_openbsd_mips64.go 56KB
zsyscall_openbsd_ppc64.go 56KB
zsyscall_openbsd_arm64.go 56KB
zsyscall_linux.go 54KB
共 2000 条
- 1
- 2
- 3
- 4
- 5
- 6
- 20
资源评论
WooHuPoself#5029
- 粉丝: 3
- 资源: 10
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功