Symfony Bundle for Single Sign On with SAML in PIMCORE
- Pimcore == 5.4.4
- SAML stand for Security Assertion Markup Language.
- It is used for exchanging Authorizationand and Authentication data between parties, in particular, between Service Provider and Identity Provider.
- SAML Service Provider is a system entity that receives and accepts authentication assertions in conjunction with a SSO.
- SAML Identity Provider is a system entity that issues authentication assertions in conjunction with a SSO.
- Add the package simplesamlphp/saml2 in the existing pimcore application using the command composer require simplesamlphp/saml2.
- Add the SAMLBundle under the src folder.
- Insert the Federation metadata obtained from the service provider application in the SAMLBundle config. (Federation metadata, is a xml documnet that provides us data that describes a Relying Party or Claims Provider).
- Add the config for the identity provider. Eg.
- entityID: <i.e. spn:f0c4f90b-56d3-49b7-8021-53fd09714e46>
- NameIDFormat: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
- replyURL: <i.e http://dev.local.com/saml/sso>
- baseURLPath: /
- First We had override the pimcore login page and inserted our customized login page having a sso login. (outlook)
- When user click this link, the SAMLBundle creates a SAML 2.0 request with the provided configuration using simplesaml/saml2 library and sent it to the outlook login page.
- If the user is already logged in, the response from the outlook is given instantly, otherwise the response is obtained by the application after a successful login in the outlook.