Azure SAML 2.0 With PHP Login API | SimpleSAMLPhp | Creating Your Own Enterprise Application

Рет қаралды 23,180

Күн бұрын

Introduction: (0:06)
Requirements: (1:48)
Implementation: (2:15)
Please avoid or flag spams/hateful comments. And do not spam. Enjoy :)
------------------------------------------------
Azure Tutorial | Login Using Microsoft Azure Active Directory And PHP | Single Sign On ( SSO ):
• Azure Tutorial | Login...
Azure Link:
portal.azure.com/
SimpleSAMLphp Download Link:
simplesamlphp....
SimpleSAMLphp install documentation:
simplesamlphp....
List Of Timezones:
www.php.net/ma...
Index.php Code Link:
unpossiblepog....
Subscribe my Channel:-
www.youtube.com...
Facebook Page:-
/ unpossiblens
Twitter Account:-
/ unpossiblepog
Blog :-
unpossiblepog....
------------------------------------------------
Hey guys.
This tutorial is about about Microsoft Azure’s SAML coonection with PHP.
Previously I made tutorial about Azure’s Simple SSO. You can check that out if you want to.
The Objective of SAML and Simple SSO tutorial is the same, that is to login using Microsoft account. But there is a huge difference between the approaches and security they provide.
There are few requirements for SAML implementation
1. At least 1 microsoft email account.
2. LINUX or Windows Operating systems with XAMPP installed. (Just for testing)
3. LINUX hosted live website with SSL implemented and with an access of CPANEL, WHM or FTP (eg filezilla).
4. Linux Operating system (with zip compressor) or Windows OS (with WinRAR, or 7zip)
Lets jump to PORTAL.AZURE.COM.
I am using trial version which is available for 14 days max.
Go to top menu, and select Azure Active Directory, this AZURE ACTIVE DIRECTORY is IdP, means Identity provider which authenticates if user has permission to access website or not.
Go to enterprise application and then new application.
If you are using trial version, you will see something like this but in pink color, which says something about create a trial version or something like that. I don’t know, Just click on it and you click on “skip for now”.
Then this type of page will appear.
Click on “Create your own application”, Give any name, click on “Integrate any other”.
Then create it and wait for around 20 seconds, they will redirect you on configuration page automatically.
Now we shall create users with subdomains for your friends, colleagues or clients.
Go to top menu, Azure Active Directory, then users. Create new user.
Click on show password.
Save the user id & password somewhere else.
Click on create.
I shall create another one to demonstrate how the SAML authentication works.
Lets go to enterprise application by clicking on side-menu, Azure Active Directory.
Enterprise Apps.
Select then app we created from the list.
Click on Set UP SINGLE SIGN ON.
Select SAML.
Now I have one website with SSL enabled.
Copy that path, go back to azure site, click on edit button of BASIC SAML Configuration.
Paste the link in, Entity ID and reply URL.
Actually, I shall just rename entity id, because you can give any name if you want to.
Then save it.
Don’t test it now because more configuration is yet to perform.
Now click on SAML Signing Certificate edit button.
then New Certificate, make sure to have same configuration as I have for signing option and algorithm.
Save it.
Now refresh the page.
The certificate configuration is generated automatically.
Now you can test it using your own main account.
As you can see even I don’t have any access right now.
Also notice that, in URL there is SAML2 written, means the restriction is provided by SAML module.
For that i shall go to “users and groups”, then “add user”, select a user from list.
I shall add myself.
Then, go to single sign on, and click on test, and click on “sign in as current user”.
As you can see, I successfully redirected after logged it.
Now I shall give access to steve rogers sub-user.
And lets see if he gets an access or not.
First I shall try tony stark who doesn’t have an access.
Click on “Sign in as someone else”.
Now copy logout URL and paste it in URL browser to logout from any account.
For PHP part, you can see the video.

Пікірлер: 57

@johnlin6121 2 жыл бұрын

BRILLIANT tutorial!!! I've browsed 100+ tuts online to try to figure out the whole process. Nothing was as lucid as this one. Thank you so much!

@narayanramchandani106 3 жыл бұрын

Thank you for taking the time and effort to record this. This video has been helpful to setup an Azure Enterprise app SSO connection as well. Best of luck!

@lakermark2006 3 жыл бұрын

Very helpful. i couldn't quite understand what you said/meant when creating the index.php towards the end. But, overall, this was informative. Thanks for posting this tutorial.

@Brayan2895 3 жыл бұрын

Thanks a lot! greetings from Colombia!

@kevinguiot3602 5 ай бұрын

Thank you very much for this very precise and very concrete tutorial. One like + one new subscriber!

@itsmrpaddy 3 жыл бұрын

Thank you for your help! This helped me connect my SimpleSAMLphp with Azure :-)

@diocaraballo 4 жыл бұрын

Easy, fast and clearly tutorial. Thanks!!

@UnpossiblePOG 4 жыл бұрын

Glad it helped!

@BhanuChava-h9o Жыл бұрын

Thanks for this detailed tutorial

@thomasbeutel7931 2 жыл бұрын

Thank you for the tutorial. It was very helpful!

@vishnumg1771 4 жыл бұрын

Thanks brother , Very helpful video for me.. Thanks a lot

@bharatcj8166 4 жыл бұрын

Thanks Brother, Helped me a lot!

@Syntheticheroism Жыл бұрын

Appreciate the time you spent making this. I'd say most of it was clear, but you're going way too fast. Also, in the end, it would be more helpful if you actually demonstrated a simple interface for your domain with a login form, a button to press to login with sso, present the flow, and have a logout button to demonstrate that as well.

@hermansonon7776 9 ай бұрын

Good job bro

@victorgoncalves6130 Жыл бұрын

Hi, is a great tutorial!!!! a question, unpossible2 is a simplesaml other project?? copy all configuration and with then get the metadata remote?

@sushilkumartechy 4 жыл бұрын

Great Tutorial. In this example simplesamlphp act as sp, can you please also provide a tutorial where simplesamlphp act as idp.

@UnpossiblePOG 4 жыл бұрын

I could but 14 days trial was ended :)

@welitonsernajotto 3 жыл бұрын

Thanks man!!! Help me a lot!

@vidhyalakshmi4847 3 жыл бұрын

Thanks. this helped me too. but incase if any of you have problem as below :PHP Fatal error: Uncaught SimpleSAML\Error\CriticalConfigurationError: The configuration is invalid: Setting secure cookie on plain HTTP is not allowed. in /var/www/html/simplesaml/lib/SimpleSAML/Session.php:306 then follow the below steps. i guess this is in the recent versions: a. uncomment the application array and provide values in config\config.php 'application' => [ /* * The 'baseURL' configuration option allows you to specify a protocol, * host and optionally a port that serves as the canonical base for all * your application's URLs. This is useful when the environment * observed in the server differs from the one observed by end users, * for example, when using a load balancer to offload TLS. * * Note that this configuration option does not allow setting a path as * part of the URL. If your setup involves URL rewriting or any other * tricks that would result in SimpleSAMLphp observing a URL for your * application's scripts different than the canonical one, you will * need to compute the right URLs yourself and pass them dynamically * to SimpleSAMLphp's API. */ 'baseURL' => 'www.yourwebsite.com', ], fount it from here : github.com/simplesamlphp/simplesamlphp/issues/808

@whayAl 2 жыл бұрын

thank you friend :)

@vladvasilov 3 жыл бұрын

Thanks. I'm wondering if this can be wrapped in a team's tab app?

@MdAlauddinHossain 3 жыл бұрын

Thanks for the tutorials.. By the way I have earned 450 USD so far using your tutorials …let have a lunch (when I go to Kolkata) together .. thanks

@UnpossiblePOG 3 жыл бұрын

What? LOL!! No Enjoy your earning. Invest in Cryptocurrencies.

@BhavikShah28 3 жыл бұрын

Thanks for the tutorial. It helped me a lot. I just wanted to know how can we redirect back to SP Page after logout?

@UnpossiblePOG 3 жыл бұрын

Yes, there is a logout setting somewhere in AZURE dashboard.

@atribhattacharyya2631 4 жыл бұрын

wonderful video.. please tell me one thing...if my microsite acts as the service provider for an SAML login for active directory based idp..then when the users login in their active directory first and then navigate to my microsite (which is SAML authenticated by the idp) will they see their logged in state(i.e., welcome john | logout button) without clicking a login button?

@UnpossiblePOG 4 жыл бұрын

I haven't tried, give it a try.

@food4soul0 2 жыл бұрын

Hi Please make similar video using onelogin saml thanks

@mohamedelhoseny1586 3 жыл бұрын

thank you very much it authenticated well, and i started a session and navigate to another file but the values doesn't received from the other file

@UnpossiblePOG 3 жыл бұрын

Start session at the top pages where you want to create/call sessions.

@jessk77v 4 жыл бұрын

Thanks for your tutorial, super easy!!. Did you know if I can have more than two active directories?

@UnpossiblePOG 4 жыл бұрын

I don't know, give it a try. Lets see if we can have 2 active directories or not.

@SRMUMBAI 4 жыл бұрын

Changla ahe

@jegatheshwarant171 Жыл бұрын

Bro i have downloaded simplesamlphp tar file from the given link and after extract there is no www folder

@atribhattacharyya2631 Жыл бұрын

Access from public folder

@rakeshdongarwar3273 2 жыл бұрын

Do you have any videos using the same technique for Laravel ?

@UnpossiblePOG 2 жыл бұрын

You just need to know how to call php library in laravel.

@mohammedaltaf878 3 жыл бұрын

Your Video was really very helpful. Appreciate your effort. Is there any codebase for Codeigniter with SimpleSAML?

@UnpossiblePOG 3 жыл бұрын

Actually, SIMPLESAMLPHP is a library. You have to create a function to add input and get output. You smartly have to use "include_once()" function to call file inside "vendor" folder.

@AhmedEid_dev 4 жыл бұрын

Hello, how can I add lang=en Parameters to request like SigAlg, Signature and RelayState

@UnpossiblePOG 4 жыл бұрын

I don't have an answer sir. Try google, there can be an a solution. sorry :)

@vishnumg1771 4 жыл бұрын

Hello , I did this same as in video, but my website(website/saml_mission/www/) is not accessing the www folder instead of this its showing the index page everytime... Can you help?

@UnpossiblePOG 4 жыл бұрын

Sure. 1st check the redirect-url at both places, that is in AZURE and in PHP code. It is possible that one of your path is at index.php. If not, then send me a message on my facebook page. (Link the in video description)

@nimmakayalanadh2001 3 жыл бұрын

am using saml sso forgerock right now . Is it possible to move Azure Ad with that in zend php

@UnpossiblePOG 3 жыл бұрын

I think the SIMPLESAMLPHP will work on all services similar to MICROSOFT AZURE SAML. Try it.

@meetshah4174 3 жыл бұрын

Hello i am getting too many redirect error while authenticating. Have you any idea why this happen?

@UnpossiblePOG 3 жыл бұрын

Send me a screenshot of your index.php

@luckyadiatma2157 4 жыл бұрын

Could you give us github repo? It make us easier to review what is wrong Thanks

@UnpossiblePOG 4 жыл бұрын

github.com/simplesamlphp/simplesamlphp

@kapilpartap64 8 ай бұрын

is it still working ?

@Sebastian-kk6yf 8 ай бұрын

could you check it?

@sushantchavan4774 3 жыл бұрын

bhava fulll speed chennai express

@mr_don_key 3 жыл бұрын

Your way of teaching misses proper instructions, you go through the screens like crazy, instead of a proper pace. Also i noticed you haven't prepaired this properly, since you are seeking yourself all over the place, making it feel amature.

@UnpossiblePOG 3 жыл бұрын

The recording was 35 minutes long, so I have to make it as short as possible to not to make it boring for developers. And yes, I was amature when in comes to MS Azure. Its because of two things. First I had to learn SSO and SAML, both within a 14 days (trial version limitation). Second, before making tutorials I only performed them once, RnD took a lot of time, so its difficult to remember all those steps in sequence for both of them (SSO & SAML) when I have only one day to "prepare".