About SimpleSAMLphp 2009
-
Upload
andreas-akre-solberg -
Category
Technology
-
view
1.381 -
download
1
description
Transcript of About SimpleSAMLphp 2009
![Page 2: About SimpleSAMLphp 2009](https://reader035.fdocuments.in/reader035/viewer/2022081513/557ad149d8b42a200f8b5061/html5/thumbnails/2.jpg)
What is it?
Software with focus on SAML (both SP and IdP),but with support for multiple protocols.
![Page 3: About SimpleSAMLphp 2009](https://reader035.fdocuments.in/reader035/viewer/2022081513/557ad149d8b42a200f8b5061/html5/thumbnails/3.jpg)
Widespread• Wide adoption, and interest is increasing…• Mostly Europe and US.Both commercial / educational. • 350 users on mailing-list.• Translated into 20 languages• IDDY-award in California 2008.
Visitors of project homepage demography ›
![Page 4: About SimpleSAMLphp 2009](https://reader035.fdocuments.in/reader035/viewer/2022081513/557ad149d8b42a200f8b5061/html5/thumbnails/4.jpg)
Project structure
Contributors
Secondary commiters
Main developers
Project leader 1
2
~ 5
~ 15
![Page 5: About SimpleSAMLphp 2009](https://reader035.fdocuments.in/reader035/viewer/2022081513/557ad149d8b42a200f8b5061/html5/thumbnails/5.jpg)
Why people like it • easy to install and maintain just drop a folder to install :) • easy to extend • fully modularized • very helpful open source community.
• authentication sources• processing filters• themes• hooks
![Page 6: About SimpleSAMLphp 2009](https://reader035.fdocuments.in/reader035/viewer/2022081513/557ad149d8b42a200f8b5061/html5/thumbnails/6.jpg)
Version 1.5 (October 2009)with improved interoperability with Shibboleth
• automated shibboleth-style metadata consumption• Improved experience with combined
SAML 1.1 and SAML 2.0 envir.• Improved SAML 1.1 + 2.0 integrated
IdP Discovery Service.• SAML 1.1 Artifact binding• encrypted NameIDs
![Page 7: About SimpleSAMLphp 2009](https://reader035.fdocuments.in/reader035/viewer/2022081513/557ad149d8b42a200f8b5061/html5/thumbnails/7.jpg)
Multiple protocols • SAML 2.X SP • SAML 2.X IdP • Shib 1.3 SP • Shib 1.3 IdP • OpenID Provider • OpenID Consumer • OAuth • WS-Fed / ADFS • Infocard • CAS
• Twitter auth • Facebook auth •!YubiKey
*) some protocols experimental support
•!Radius client •!LDAP • SQL
![Page 8: About SimpleSAMLphp 2009](https://reader035.fdocuments.in/reader035/viewer/2022081513/557ad149d8b42a200f8b5061/html5/thumbnails/8.jpg)
Protocols can be bridged!
SAML 2.0IdP
SimpleSAMLphp bridgeacting as
OpenID Providerand
SAML 2.0 SP
Example I
![Page 9: About SimpleSAMLphp 2009](https://reader035.fdocuments.in/reader035/viewer/2022081513/557ad149d8b42a200f8b5061/html5/thumbnails/9.jpg)
Protocols can be bridged!
SAML 2.0SP
SimpleSAMLphp bridgeacting as
SAML 2.0 IdPand
SAML 1.1 SP
SAML 1.1IdP
Example II
![Page 10: About SimpleSAMLphp 2009](https://reader035.fdocuments.in/reader035/viewer/2022081513/557ad149d8b42a200f8b5061/html5/thumbnails/10.jpg)
Apache 2 + PHP 5
simpleSAMLphp
Scalable from simple
![Page 11: About SimpleSAMLphp 2009](https://reader035.fdocuments.in/reader035/viewer/2022081513/557ad149d8b42a200f8b5061/html5/thumbnails/11.jpg)
to not sosimple
with the memcachesessionhandler
Failover
Failover
Load balancedLoad balanced
Apache 2PHP 5
simpleSAMLphp
Apache 2PHP 5
simpleSAMLphp
Load balancer
memcache1B
memcache2B
memcache1A
memcache2A
Apache 2PHP 5
simpleSAMLphp
Apache 2PHP 5
simpleSAMLphp
Load balanced
memcache3B
memcache3A
Failover
memcache1C
memcache2C
memcache3C
![Page 12: About SimpleSAMLphp 2009](https://reader035.fdocuments.in/reader035/viewer/2022081513/557ad149d8b42a200f8b5061/html5/thumbnails/12.jpg)
PerformanceLast performance test on IdP: ~ 12.000 SAML logins per minute on one server instance
Possible because of the lightweight design from the group up.
![Page 13: About SimpleSAMLphp 2009](https://reader035.fdocuments.in/reader035/viewer/2022081513/557ad149d8b42a200f8b5061/html5/thumbnails/13.jpg)
"Self-check" API• Santity-check API allows you to check if everything is "OK".• Can be connected to monitoring systems like NAGIOS.• Hooks for adding sanity check tests in external modules.
![Page 14: About SimpleSAMLphp 2009](https://reader035.fdocuments.in/reader035/viewer/2022081513/557ad149d8b42a200f8b5061/html5/thumbnails/14.jpg)
Statistics module
![Page 15: About SimpleSAMLphp 2009](https://reader035.fdocuments.in/reader035/viewer/2022081513/557ad149d8b42a200f8b5061/html5/thumbnails/15.jpg)
User consent
![Page 16: About SimpleSAMLphp 2009](https://reader035.fdocuments.in/reader035/viewer/2022081513/557ad149d8b42a200f8b5061/html5/thumbnails/16.jpg)
Fancy Robust Single Log-Out
![Page 17: About SimpleSAMLphp 2009](https://reader035.fdocuments.in/reader035/viewer/2022081513/557ad149d8b42a200f8b5061/html5/thumbnails/17.jpg)
IdP Discovery Service
• Tabbed interface• Drop-down free• Incremental live search
![Page 18: About SimpleSAMLphp 2009](https://reader035.fdocuments.in/reader035/viewer/2022081513/557ad149d8b42a200f8b5061/html5/thumbnails/18.jpg)
Timed-out HTTP-POST Rescue
The wiki use-caseWhat will happen if you save and the session is timed out?
SimpleSAMLphp rescues the user's
data when session is timed out .
AFAIK No other software does.
![Page 19: About SimpleSAMLphp 2009](https://reader035.fdocuments.in/reader035/viewer/2022081513/557ad149d8b42a200f8b5061/html5/thumbnails/19.jpg)
Easy log lookupwith TrackID
![Page 20: About SimpleSAMLphp 2009](https://reader035.fdocuments.in/reader035/viewer/2022081513/557ad149d8b42a200f8b5061/html5/thumbnails/20.jpg)
more...http://rnd.feide.no/simplesamlphp