Building SSO IdP for a PHP site


Can we build SSO IdP using componentspace API for PHP service provider. Moreover, the PHP service provider will have the login UI and from there it will redirect to ComponentSpace IdP. There won’t be another login page at the IdP. Can this be achieved with ComponentSpace?


We interoperate with SimpleSAMLphp.
However, having the login page at the SP rather than the IdP goes against the SAML specification and is not something we would recommend. The login page should be part of the IdP not the SP and it’s the IdP that then authenticates the user.
Why do you want the login page to be part of the SP?

Thanks for the reply. SP is a PHP site and we want to have the Login page at the SP so that PHP developers can easily maintain the page.


Are you comfortable with the SP site having access to your users’ passwords? How do you intend to transmit the user name and password to the IdP site for authentication?

Actually one of the SPs will have user data store hosted. So we are authenticating against that data store. Credentials could be POSTed encrypted. Can we have the IdP as a Web API for issuing tokens?

You can use a web API to pass the credentials for validation. However, this is a proprietary solution and is not covered by the SAML specification. You could use our component to construct SAML assertion tokens if required but we don't directly support web APIs. Our focus is on the SAML specification and browser based SAML SSO. Your requirements fall outside the SAML specification.