Рет қаралды 23,180
Introduction: (0:06)
Requirements: (1:48)
Implementation: (2:15)
Please avoid or flag spams/hateful comments. And do not spam. Enjoy :)
------------------------------------------------
Azure Tutorial | Login Using Microsoft Azure Active Directory And PHP | Single Sign On ( SSO ):
• Azure Tutorial | Login...
Azure Link:
portal.azure.com/
SimpleSAMLphp Download Link:
simplesamlphp....
SimpleSAMLphp install documentation:
simplesamlphp....
List Of Timezones:
www.php.net/ma...
Index.php Code Link:
unpossiblepog....
Subscribe my Channel:-
www.youtube.com...
Facebook Page:-
/ unpossiblens
Twitter Account:-
/ unpossiblepog
Blog :-
unpossiblepog....
------------------------------------------------
Hey guys.
This tutorial is about about Microsoft Azure’s SAML coonection with PHP.
Previously I made tutorial about Azure’s Simple SSO. You can check that out if you want to.
The Objective of SAML and Simple SSO tutorial is the same, that is to login using Microsoft account. But there is a huge difference between the approaches and security they provide.
There are few requirements for SAML implementation
1. At least 1 microsoft email account.
2. LINUX or Windows Operating systems with XAMPP installed. (Just for testing)
3. LINUX hosted live website with SSL implemented and with an access of CPANEL, WHM or FTP (eg filezilla).
4. Linux Operating system (with zip compressor) or Windows OS (with WinRAR, or 7zip)
Lets jump to PORTAL.AZURE.COM.
I am using trial version which is available for 14 days max.
Go to top menu, and select Azure Active Directory, this AZURE ACTIVE DIRECTORY is IdP, means Identity provider which authenticates if user has permission to access website or not.
Go to enterprise application and then new application.
If you are using trial version, you will see something like this but in pink color, which says something about create a trial version or something like that. I don’t know, Just click on it and you click on “skip for now”.
Then this type of page will appear.
Click on “Create your own application”, Give any name, click on “Integrate any other”.
Then create it and wait for around 20 seconds, they will redirect you on configuration page automatically.
Now we shall create users with subdomains for your friends, colleagues or clients.
Go to top menu, Azure Active Directory, then users. Create new user.
Click on show password.
Save the user id & password somewhere else.
Click on create.
I shall create another one to demonstrate how the SAML authentication works.
Lets go to enterprise application by clicking on side-menu, Azure Active Directory.
Enterprise Apps.
Select then app we created from the list.
Click on Set UP SINGLE SIGN ON.
Select SAML.
Now I have one website with SSL enabled.
Copy that path, go back to azure site, click on edit button of BASIC SAML Configuration.
Paste the link in, Entity ID and reply URL.
Actually, I shall just rename entity id, because you can give any name if you want to.
Then save it.
Don’t test it now because more configuration is yet to perform.
Now click on SAML Signing Certificate edit button.
then New Certificate, make sure to have same configuration as I have for signing option and algorithm.
Save it.
Now refresh the page.
The certificate configuration is generated automatically.
Now you can test it using your own main account.
As you can see even I don’t have any access right now.
Also notice that, in URL there is SAML2 written, means the restriction is provided by SAML module.
For that i shall go to “users and groups”, then “add user”, select a user from list.
I shall add myself.
Then, go to single sign on, and click on test, and click on “sign in as current user”.
As you can see, I successfully redirected after logged it.
Now I shall give access to steve rogers sub-user.
And lets see if he gets an access or not.
First I shall try tony stark who doesn’t have an access.
Click on “Sign in as someone else”.
Now copy logout URL and paste it in URL browser to logout from any account.
For PHP part, you can see the video.