Single Sign On using SAML 2.0

Question

We’ve been tasked to integrate Single Sign On using SAML 2.

There will be two websites (one of them is ours, the other is an external website outside of our control). We use PHP and we believe theirs using .NET.

I’ve looked into implementing this using SimpleSamlPHP, however this hasn’t been going really well. I’ve been using a Ubuntu VM to test SimpleSAMLPHP before I implement it fully but I’m unable to proceed any further from the installation – I’ve gone through the documentation however I can’t see where I’ve gone wrong – is using VM causing the issue?

Anyway, are there any other methods which I can implement to get this working, with the ability to communicate with PHP and .NET websites?

Also, one final note is I need our website to be the primary SP, with theirs being a secondary SP – is this possible and if so how?

Thanks.

Answer 1

My advice would be to use Shibboleth.

Hope it helps,

Luis

Answer 2

Check out PingFederate from Ping Identity [Note: I work for Ping). There is native PHP application integration support as well as a web-services (JSON) based integration for your application (among others) for the Service Provider role. The same product can then easily handle the IDP duties as well to allow your users to SSO via SAML2 (or 1.0/1.1/WS-Federation (Passive)) to other Partners you may have. While I'm not 100% sure of all the use cases you may need to support, PF can more than handle your needs w/out any complicated deployment requirements.

Anyway - we can provide full trial software and help getting it up and running.

HTH - Ian