# OneLogin's SAML PHP Toolkit Compatible with PHP 5.X & 7.X
[![Build Status](https://api.travis-ci.org/onelogin/php-saml.png?branch=master)](http://travis-ci.org/onelogin/php-saml) [![Coverage Status](https://coveralls.io/repos/onelogin/php-saml/badge.png)](https://coveralls.io/r/onelogin/php-saml) [![License](https://poser.pugx.org/onelogin/php-saml/license.png)](https://packagist.org/packages/onelogin/php-saml)
Add SAML support to your PHP software using this library.
Forget those complicated libraries and use this open source library provided
and supported by OneLogin Inc.
Warning
-------
Version 3.4.0 introduces the 'rejectUnsolicitedResponsesWithInResponseTo' setting parameter, by default disabled, that will allow invalidate unsolicited SAMLResponse. This version as well will reject SAMLResponse if requestId was provided to the validator but the SAMLResponse does not contain a InResponseTo attribute. And an additional setting parameter 'destinationStrictlyMatches', by default disabled, that will force that the Destination URL should strictly match to the address that process the SAMLResponse.
Version 3.3.1 updates xmlseclibs to 3.0.4 (CVE-2019-3465), but php-saml was not directly affected since it implements additional checks that prevent to exploit that vulnerability.
Version 3.3.0 sets strict mode active by default
Update php-saml to 3.1.0, this version includes a security patch related to XEE attacks.
This version is compatible with PHP 7.X and does not include xmlseclibs (you will need to install it via composer, dependency described in composer.json)
Security Guidelines
-------------------
If you believe you have discovered a security vulnerability in this toolkit, please report it at https://www.onelogin.com/security with a description. We follow responsible disclosure guidelines, and will work with you to quickly find a resolution.
Why add SAML support to my software?
------------------------------------
SAML is an XML-based standard for web browser single sign-on and is defined by
the OASIS Security Services Technical Committee. The standard has been around
since 2002, but lately it is becoming popular due its advantages:
* **Usability** - One-click access from portals or intranets, deep linking,
password elimination and automatically renewing sessions make life
easier for the user.
* **Security** - Based on strong digital signatures for authentication and
integrity, SAML is a secure single sign-on protocol that the largest
and most security conscious enterprises in the world rely on.
* **Speed** - SAML is fast. One browser redirect is all it takes to securely
sign a user into an application.
* **Phishing Prevention** - If you don’t have a password for an app, you
can’t be tricked into entering it on a fake login page.
* **IT Friendly** - SAML simplifies life for IT because it centralizes
authentication, provides greater visibility and makes directory
integration easier.
* **Opportunity** - B2B cloud vendor should support SAML to facilitate the
integration of their product.
General description
-------------------
OneLogin's SAML PHP toolkit let you build a SP (Service Provider) over
your PHP application and connect it to any IdP (Identity Provider).
Supports:
* SSO and SLO (SP-Initiated and IdP-Initiated).
* Assertion and nameId encryption.
* Assertion signature.
* Message signature: AuthNRequest, LogoutRequest, LogoutResponses.
* Enable an Assertion Consumer Service endpoint.
* Enable a Single Logout Service endpoint.
* Publish the SP metadata (which can be signed).
Key features:
* **saml2int** - Implements the SAML 2.0 Web Browser SSO Profile.
* **Session-less** - Forget those common conflicts between the SP and
the final app, the toolkit delegate session in the final app.
* **Easy to use** - Programmer will be allowed to code high-level and
low-level programming, 2 easy to use APIs are available.
* **Tested** - Thoroughly tested.
* **Popular** - OneLogin's customers use it. Many PHP SAML plugins uses it.
Integrate your PHP toolkit at OneLogin using this guide: [https://developers.onelogin.com/page/saml-toolkit-for-php](https://developers.onelogin.com/page/saml-toolkit-for-php)
Installation
------------
### Dependencies ###
* `php >= 5.4` and some core extensions like `php-xml`, `php-date`, `php-zlib`.
* `openssl`. Install the openssl library. It handles x509 certificates.
* `gettext`. Install that library and its php driver. It handles translations.
* `curl`. Install that library and its php driver if you plan to use the IdP Metadata parser.
### Code ###
#### Option 1. clone the repository from github ####
git clone git@github.com:onelogin/php-saml.git
Then pull the 3.X.X branch/tag
#### Option 2. Download from github ####
The toolkit is hosted on github. You can download it from:
* https://github.com/onelogin/php-saml/releases
Search for 3.X.X releases
Copy the core of the library inside the php application. (each application has its
structure so take your time to locate the PHP SAML toolkit in the best place).
See the "Guide to add SAML support to my app" to know how.
Take in mind that the compressed file only contains the main files.
If you plan to play with the demos, use the Option 1.
#### Option 3. Composer ####
The toolkit supports [composer](https://getcomposer.org/). You can find the `onelogin/php-saml` package at https://packagist.org/packages/onelogin/php-saml
In order to import the saml toolkit to your current php project, execute
```
composer require onelogin/php-saml
```
Remember to select the 3.X.X branch
After installation has completed you will find at the `vendor/` folder a new folder named `onelogin` and inside the `php-saml`. Make sure you are including the autoloader provided by composer. It can be found at `vendor/autoload.php`.
**Important** In this option, the x509 certs must be stored at `vendor/onelogin/php-saml/certs`
and settings file stored at `vendor/onelogin/php-saml`.
Your settings are at risk of being deleted when updating packages using `composer update` or similar commands. So it is **highly** recommended that instead of using settings files, you pass the settings as an array directly to the constructor (explained later in this document). If you do not use this approach your settings are at risk of being deleted when updating packages using `composer update` or similar commands.
Compatibility
-------------
This 3.X.X supports PHP 7.X. but can be used with PHP >=5.4 as well (5.6.24+ recommended for security reasons).
Namespaces
----------
If you are using the library with a framework like Symfony that contains
namespaces, remember that calls to the class must be done by adding a backslash (`\`) to the
start, for example to use the static method getSelfURLNoQuery use:
\OneLogin\Saml2\Utils::getSelfURLNoQuery()
Security warning
----------------
In production, the `strict` parameter **MUST** be set as `"true"` and the
`signatureAlgorithm` and `digestAlgorithm` under `security` must be set to
something other than SHA1 (see https://shattered.io/ ). Otherwise your
environment is not secure and will be exposed to attacks.
In production also we highly recommended to register on the settings the IdP certificate instead of using the fingerprint method. The fingerprint, is a hash, so at the end is open to a collision attack that can end on a signature validation bypass. Other SAML toolkits deprecated that mechanism, we maintain it for compatibility and also to be used on test environment.
Getting started
---------------
### Knowing the toolkit ###
The new OneLogin SAML Toolkit contains different folders (`certs`, `endpoints`,
`lib`, `demo`, etc.) and some files.
Let's start describing the folders:
#### `certs/` ####
SAML requires a x509 cert to sign and encrypt elements like `NameID`, `Message`,
`Assertion`, `Metadata`.
If our environment requires sign or encrypt support, this folder may
没有合适的资源?快使用搜索试试~ 我知道了~
温馨提示
共2000个文件
php:1010个
go:398个
c:383个
Zabbix是一款流行的开源网络监控系统,可以监控各种网络设备、服务器、应用程序等。最新版本的Zabbix-5.0.24提供了更多的功能和改进,包括更好的性能、更好的安全性和更好的用户体验。如果您想使用最新版本的Zabbix-5.0.24,以下是一些推荐的使用说明: 下载并安装Zabbix-5.0.24,您可以从Zabbix官网下载源代码包或安装程序包。 配置Zabbix服务器和代理,包括设置Zabbix数据库、Zabbix服务器和Zabbix代理的参数。 添加主机和应用程序,以开始监控您的网络设备、服务器和应用程序。 创建触发器和报警,以在问题出现时及时通知您。 使用Zabbix的图形化界面和报表功能,以更好地了解您的网络和系统的状态和趋势。 定期升级Zabbix,以获得更多的功能和改进,并保持系统的安全性和稳定性。 总之,Zabbix-5.0.24是一款功能强大、稳定可靠的网络监控系统,可以帮助您更好地了解您的网络和系统的状态和性能。如果您正在寻找一种高效的网络监控解决方案,Zabbix是一个值得考虑的选择。
资源推荐
资源详情
资源评论
收起资源包目录
zabbix-5.0.24版本资源 (2000个子文件)
configure.ac 60KB
Makefile.am 6KB
Makefile.am 4KB
Makefile.am 4KB
Makefile.am 2KB
Makefile.am 2KB
Makefile.am 2KB
Makefile.am 1KB
Makefile.am 1KB
Makefile.am 1KB
Makefile.am 1KB
Makefile.am 887B
Makefile.am 791B
Makefile.am 637B
Makefile.am 604B
Makefile.am 569B
Makefile.am 559B
Makefile.am 554B
Makefile.am 499B
Makefile.am 490B
Makefile.am 482B
Makefile.am 481B
Makefile.am 466B
Makefile.am 446B
Makefile.am 433B
Makefile.am 433B
Makefile.am 425B
Makefile.am 422B
Makefile.am 416B
Makefile.am 409B
Makefile.am 397B
Makefile.am 394B
Makefile.am 382B
Makefile.am 380B
Makefile.am 373B
Makefile.am 357B
Makefile.am 310B
Makefile.am 309B
Makefile.am 297B
Makefile.am 283B
Makefile.am 266B
Makefile.am 264B
Makefile.am 264B
Makefile.am 253B
Makefile.am 246B
Makefile.am 217B
Makefile.am 215B
Makefile.am 207B
Makefile.am 206B
Makefile.am 197B
Makefile.am 191B
Makefile.am 186B
Makefile.am 182B
Makefile.am 181B
Makefile.am 180B
Makefile.am 179B
Makefile.am 178B
Makefile.am 177B
Makefile.am 169B
Makefile.am 166B
Makefile.am 164B
Makefile.am 163B
Makefile.am 163B
Makefile.am 163B
Makefile.am 162B
Makefile.am 159B
Makefile.am 159B
Makefile.am 155B
Makefile.am 153B
Makefile.am 151B
Makefile.am 151B
Makefile.am 147B
Makefile.am 147B
Makefile.am 147B
Makefile.am 146B
Makefile.am 144B
Makefile.am 143B
Makefile.am 141B
Makefile.am 140B
Makefile.am 139B
Makefile.am 139B
Makefile.am 137B
Makefile.am 136B
Makefile.am 134B
Makefile.am 134B
Makefile.am 133B
Makefile.am 128B
Makefile.am 128B
Makefile.am 127B
Makefile.am 124B
Makefile.am 122B
Makefile.am 94B
AUTHORS 98B
duktape.c 3.5MB
dbconfig.c 486KB
vmware.c 262KB
expression.c 239KB
str.c 210KB
host.c 209KB
dbschema.c 190KB
共 2000 条
- 1
- 2
- 3
- 4
- 5
- 6
- 20
资源评论
Fɪʀᴇᴡᴏʀᴋs
- 粉丝: 4094
- 资源: 5
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功