I have a cakephp application which needs users to be authenticated via SAML Sign Sign on. For this, I have followed the link "
https://github.com/zl4bv/CakePHP-simpleSAMLphp-Plugin".
According to its documentation, I have downloaded fresh copies of cakephp and simpleSAMLphp. Now, I have a cakephp folder and simpleSAMLphp folder in my workspace. I have imstalled simpleSAMLphp as described in link "
https://simplesamlphp.org/docs/stable/". I followed these steps:
(1) I configured simpleSAML in apache configuration as below:
<VirtualHost *:80>
ServerName service.local-saml.com
DocumentRoot /var/www/simplesamlphp/www/
<Directory "/var/www/simplesamlphp/www/">
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>
(2) Now, in simplesamlphp application folder, I changed values for 'auth.adminpassword', 'secretsalt', 'technicalcontact_name', 'technicalcontact_email' in
/config/config.php file.
(3) I used SAML:sp module which is by default enabled.
(4) First, I started with SAML as a Identity Provider.
(5) I enabled 'enable.saml20-idp' => true, in
/config/config.php file.
(6) Created a ssl self-signed certificate by using command on terminal
sudo openssl req -new -x509 -days 3652 -nodes -out /etc/ssl/certs/simplesamlphp.crt -keyout /etc/ssl/certs/simplesamlphp.pem
(7) Moved the above certificates to
simplesamlphp/cert.
(8) Added private key and certificate to
config/authsources.php
'default-sp' => array(
'saml:SP',
'privatekey' => 'simplesamlphp.pem',
'certificate' => 'simplesamlphp.crt',
)
(9) Added private key and certicates to "
metadata/saml20-idp-hosted.php" file also.
(10) Changed the metadata in "
metadata/saml20-sp-remote.php"
$metadata['http://service.local-saml.com'] = array(
'AssertionConsumerService' => 'http://service.local-saml.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
'SingleLogoutService' => 'http://service.local-saml.com/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp',
);
(11) I added the metadata on link "
https://openidp.feide.no/simplesaml/module.php/core/loginuserpass.php?AuthState=_36266db92ac88d2d66ae8ede39dd1264a39243f08e%3Ahttps%3A%2F%2Fopenidp.feide.no%2Fsimplesaml%2Fmodule.php%2Fcore%2Fas_login.php%3FAuthId%3Dopenidp-ldap%26ReturnTo%3Dhttps%253A%252F%252Fopenidp.feide.no%252Fsimplesaml%252Fmodule.php%252Fmetaedit%252Findex.php".
(12) I typed the url "http://service.local-saml.com/simplesaml" on browser and it is working correctly. I tried to login with default-sp option and it is working correctly.
Now, I want to use this simplesamlphp with my cakephp application. (13) For this, as mentioned in "https://github.com/zl4bv/CakePHP-simpleSAMLphp-Plugin", I put the saml folder in /app/plugin folder of Cakephp
(14) I added lines on core.php and bootstrap.php files.
(15) I made a usersController and made same as given in example files of the link.
(16) I added folllowing
'sp1' => array(
'saml:SP',
'privatekey' => 'simplesamlphp.pem',
'certificate' => 'simplesamlphp.crt',
'entityID' => 'http://localhost/cakephp',
),
in
config/authsources.php of simplesamlphp.
(17) I added metadata in
metadata/saml20-sp-remote.php
$metadata['http://localhost/cakephp'] = array(
'AssertionConsumerService' => 'http://localhost/cakephp',
'SingleLogoutService' => 'http://localhost/cakephp',
);
When I typed
localhost/cakephp on browser, the link redirected to "
https://openidp.feide.no/simplesaml/module.php/core/loginuserpass.php", user, enters his username and password, but "
State information lost" error is displaying at "
http://service.local-saml.com/simplesaml/module.php/saml/sp/saml2-acs.php/sp1" and user is not returned to "localhost/cakephp". I want user to be returned to cakephp url when user enters login credentials.
Please help me where I am wrong and what something I have missed?