phpMyFAQ SAML 2.0 authentication for SSO

Per my post here (http://forum.phpmyfaq.de/viewtopic.php?f=2&t=19479), please add SAML 2.0 authentication as one of the supported options for SSO. Thank you!

Jun 27 '16 14:06 s0phr0syn3

I would be willing to help with this. I would be looking to configure phpMyFAQ 2.9 (I think) with SAML and have done a good handful of integrations with SAML thus far.

I'm a little confused though, as the features page (http://www.phpmyfaq.de/features) says "Your can also use various Single Sign On services like Shibboleth or NTLM.", but I see nothing in the documentation or codebase to that mentions any SSO... continuing to look.

It would at least be useful to know:

Which parts of the site (/admin, others?) would 'require' authentication and authorisation;
Which parts of the site (/ ?) could have a session as optional, or unauthenticated.
Which parts of the codebase should we look at

Cheers, Cameron

Jul 01 '16 03:07 cameronkerrnz

What about possibly integrating directly with SimpleSAML: https://simplesamlphp.org/docs/stable/simplesamlphp-sp#section_6 ?

Mar 10 '17 15:03 chsnell

That would work, and such a degree of integration would be preferable.

Cheers, Cameron

Mar 10 '17 18:03 cameronkerrnz

Also interested having SAML integration. Has anyone made progress on this?

Dec 17 '18 19:12 joshuanutt

Yes, SAML please!

Sep 05 '19 09:09 BasvanH

Has anybody started working on this? I'm asking as I could potentially help.

Jul 15 '20 10:07 ser

@ser not yet, feel free to do it. Would be awesome.

Jul 15 '20 10:07 thorsten

I tried many times to start this up, but unfortunately I am officially giving up. As I usually program in python, I'm finding php development environment really hard to set up, I am just unable to prepare it. Sorry!

But I would love to have SAML available in phpmyfaq.

Jun 07 '21 04:06 ser

@ser You can use the Docker Compose environment for development, I use this, too.

Jun 07 '21 05:06 thorsten

Just giving this a bump, would love to see SAML integration.

Jun 18 '22 20:06 Grunticus03

It's on my list for v3.2

Jun 19 '22 14:06 thorsten

Possible libraries:

https://github.com/onelogin/php-saml
https://simplesamlphp.org/

Jun 21 '22 18:06 thorsten

From my initial technical survey I recommend onelogin - it's exactly a client library we need. Simplesamlphp is when acting as authentication server is required as well as option, it makes it more complex to deploy.

Jun 22 '22 00:06 ser

Yes, after reading a bit into the topic I think that's the way to go.

Jun 22 '22 04:06 thorsten

@ser @wwalker0307 @BasvanH @chsnell Who want's to be an alpha tester?

Jun 22 '22 04:06 thorsten

Me!

Jun 22 '22 11:06 ser

This still being worked on? I'll be an alpha tester for this.

Sep 16 '22 04:09 Grunticus03

I added Azure AD authentication recently and wanted to add SAML now. But it looks like that https://github.com/onelogin/php-saml is not under active development anymore.

Sep 17 '22 11:09 thorsten

So maybe OAUTH2 OpenID Connect could be first in queue? It's currently getting more popular than SAML

Sep 18 '22 00:09 ser

@ser The Azure AD connection was quite straight forward to implement. And the upcoming version 3.2 will have everything to have support for other OAuth2 OpenID Connect solutions.

Sep 18 '22 08:09 thorsten

Your observation about low SAML libraries support is important, it looks it's time for me to make switch from SAML to OAUTH2 as single authorisation service. I suppose SAML as an older generation will slowly get marginalised. It will also resolve this issue, at least for me :)

Sep 23 '22 00:09 ser

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

Dec 31 '22 18:12 stale[bot]