Reputation: 1175
SAML Azure AD SSO setup for PHP web application
We have PHP web application which is hosted in Azure Centos and we want to enable SAML based SSO Azure AD. Here, I have created enterprise application but not able to understand how to configure "Basic SAML Configuration", specially the attributes -
- Identifier (Entity ID)?
- Reply URL (Assertion Consumer Service URL)
- Sign on URL
- Logout Url
How to populate these values, is there any configuration required in PHP application side? I have spent good amount of time but not able to find anything related to PHP.
My PHP application looks like this (Self Signed SSL enabled):
https://127.x.x.x/samplesso/login.php (login page), https://127.x.x.x/samplesso/products.php (After successful login)
Edit#1
As I have mentioned we have hosted php application in Azure Centos and below is the folder structure-
My application folder: /var/www/html/sample_web_app
SimpleSAMLPhp folder: /var/www/html/simplesamlphp
My PHP application Login Page: http://ipaddress/sample_web_app/login.php
When User clicks on "Go" button, my custom php code reads email and based on domain name we have to re-direct to different Azure SSO URL (B2B/B2C). How to do this?
After successful authentication in azure, it has to re-direct to my application home page URL : https://ipaddress/sample_web_app/home.php
Logout URL of my application: http://ipaddress/sample_web_app/logout.php
I tried with below details configuring in azure and when I access http://ipaddress/sample_web_app/, it's not even taking to Azure SSO page (php custom re-direction later)
- Entity ID: http://ipaddress/sample_web_app/
- Reply URL: https://ipaddress/sample_web_app/home.php
- Sign On URL: http://ipaddress/sample_web_app/login.php
- Logout URL: http://ipaddress/sample_web_app/logout.php
Anything missing here?
Upvotes: 2
Views: 8561
Answers (1)
Reputation: 3119
You can setup SAML Azure AD SSO for your PHP web application using SimpleSAMLphp
In the app registrations in Azure AD, select your app and click on endpoints. Copy the Federation metadata document. The federation metadata should be imported to your application.
The Identifier, Reply URL and Sign on URL should be configured in the Azure AD.
Identifier (Entity ID) : Enter a URL that uses the following pattern: 'https://.contoso.com' You can find this value as the Issuer element in the AuthnRequest (SAML request) sent by the application.
The Identifier ( Entity ID) can be similar to https://ip-address/
Reply URL : Specifies where the application expects to receive the SAML token. The reply URL is also referred to as the Assertion Consumer Service (ACS) URL. You can use the additional reply URL fields to specify multiple reply URLs. For example, you might need additional reply URLs for multiple subdomains. Or, for testing purposes you can specify multiple reply URLs (local host and public URLs) at one time.
If you are using SimpleSAMLphp, the reply URL should be similar to https://ip-address/sample_web_app/module.php/saml/sp/metadata.php/default-sp
Reference : https://www.lewisroberts.com/2015/09/05/single-sign-on-to-azure-ad-using-simplesamlphp/
Upvotes: 1
Related Questions
- Azure Active Directory SSO with Laravel
- SSO Setup for a Saas Application
- How to add an application to Azure AD with SSO option SAML
- Azure custom application SSO using SAML and azure active directory
- Steps to implement SSO for php application
- Setup Microsoft Azure SAML 2.0 SSO on an IIS website
- SSO implementation using php
- How to implement SSO using SAML in the existing ASP.net application
- SAML PHP Toolkit with azure as my
- PHP application, SAML and single sign-on with office 365