Steps to implement SSO for php application

who is the IDP and who will be the service provider.

IDP (Identity Provider) is the one who creates, stores, maintains and authenticates the identity of the user or principal in saml terms. So in your case it is the clients application.

SP (Service Provider) is the one who provides the service or resource to a user (authenticated by IDP) so in your case it is your application.

SSO workflow

could someone please help by mentioning the things that need to be implemented.

As you can see in the above diagram when user will try to access a resource on your site you will have to redirect them to IDP to confirm whether this user is authenticated and if you should return them the resource/response they are looking for. The SSO url and other details are exchanged between IDP and SP through Metadata.

Once IDP has authenticated the user it will POST a response on your application url. This response contains an assertion through which you will know user details and whether user is authenticated or not. You will have to parse this response (xml). Also, these assertions are generally signed with certificate and are encoded base 64.

You will also have to think about SLO so when a user clicks on logout in your site you might have to clear their session from your application and redirect them to the IDP so they get logged out from there as well.

As suggested by smartin you can use some library which will make it easier to implement SAML. I am also learning about SAML as we are working on converting our current application into IDP :)

I found this SAML official documentation and some of the diagrams very helpful. http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.html


Your app is the SP, and the customer will provide to you the IdP metadata to register on your SP.

In order to add SAML support to a PHP application, you have 2 alternatives:

  • simpleSAMLphp
  • php-saml
  • LightSAML

All of them are well documented, you will need to spend some time reading/learning.