Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
SciFi2015-02-20 11:28:25
PHP
SciFi, 2015-02-20 11:28:25

How to integrate authorization through the ESIA on the site?

For authorization through the ESIA (public services), the SAML protocol is used. The SimpleSAML library has become the standard for PHP in solving this issue .
When integrating, I try to follow this instruction. But a lot of things are omitted from it. For example: what to do with the metadata file? Where to put it? Somehow you need to specify the path for it in the configs?
At the moment I'm doing this:
1. In simplesaml/metadata/saml20-idp-remote.php I write connection data:

$metadata['https://esia-portal1.test.gosuslugi.ru/idp/shibboleth'] = array(
    'name' => array(
        'ru' => 'Авторизация ЕСИА'
    ),
    'privatekey' => 'private.key', //путь к файлу закрытого ключа
    'certificate' => 'open.crt', //путь к сертификату открытого ключа
    'SingleSignOnService' => 'https://esia-portal1.test.gosuslugi.ru',
);

2. In the file simplesaml/config/authsources.php in the entityID I specify the site address and certificates, as mentioned in the link above.
3. Made an alias to the simplesaml folder and php_admin_value mbstring.func_overload 0
Now, when you try to login through the standard SimpleSAML interfaces, you are redirected to the ESIA authorization page. I enter data, I am authorized, but there is no redirect back to the site and no data about the user is transmitted back.
What did I miss?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

5 answer(s)
Report
J
jerry_ru, 2015-03-23
@jerry_ru

Let's use the ESIA terminology:
1. The metadata file is sent by the ESIA itself when registering your IP. Have you done this and registered your IP?
2. you do not need certificates yourself - you only need a private key, the public part certificate of which you sent to the ESIA in the metadata file
3. unfortunately, I cannot suggest how to implement this in php.
If in the end you don’t succeed, then there are ready-made solutions that include both consultations and program modules (including for php): esia.pro

Report
I
IvanVP, 2017-11-01
@IvanVP

There is a solution for Ruby on Rails + Devise
https://rubygems.org/gems/omniauth-esia
https://github.com/elsant/omniauth-esia

Report
E
exman82, 2015-11-02
@exman82

SciFi , managed to defeat SimpleSAML?

Report
K
Kirill, 2016-01-29
@KirillAG

Yes, the result is also interesting. As far as I know, ESIA was also connected using such libraries as SimpleSAML and OIOSAML.
As for ready-made solutions, in addition to the above, there is also a solution from the ESIA development team: identityblitz.ru/products/esia-bridge
It is true that it is not based on the SAML protocol, but OAuth 2.0/OpenID Connect, but for a number of organizations it is even better.

Report
T
tatar3005, 2017-02-13
@tatar3005

Can anyone please share how you did it.

Similar questions
S
sergeybogevolny2015-04-06 21:36:50
Is there an example of interaction between bootstrap wizard form and php? 2Reply
A
Arman2016-06-20 12:13:23
How to convert degrees to coordinates? 5Reply
P
Pavel2014-05-18 14:34:20
How to set up Chrome DevTools Autosave on windows? 4Reply
O
Ob1van2016-06-24 15:03:47
How to correctly configure suricata ips in af_packet mode ubuntu 16.04 server behind a transparent TOR gateway. Is it possible? 1Reply
R
Rustam Akhmetov2016-06-27 10:05:19
How to speed up cms Moodle? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question