我决定使用Single Sign On按照https://simplesamlphp.org/docs/stable/为我的项目实施Single Logout SSO和SimpleSAMLPhP SLO。我能够实现SSO,但对于SLO,它已部分实施
即如果我从Service Provider(SP)退出,我的Identity Provider(IDP)也会退出,但如果我从我的IDP退出,我的SP就没有退出。
如果您需要任何其他信息,请告诉我们,谢谢您的帮助
我的IDP是saml20-idp-hosted
$metadata['__DYNAMIC:1__'] = array(
/*
* The hostname of the server (VHOST) that will use this SAML entity.
*
* Can be '__DEFAULT__', to use this entry by default.
*/
'host' => '__DEFAULT__',
// X.509 key and certificate. Relative to the cert directory.
'privatekey' => 'example.org.pem',
'certificate' => 'example.org.crt',
/*
* Authentication source to use. Must be one that is configured in
* 'config/authsources.php'.
*/
'auth' => 'example-userpass',
//'logouttype' => 'iframe',
'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
'authproc' => array(
// Convert LDAP names to oids.
100 => array('class' => 'core:AttributeMap', 'name2oid'),
),
);
我的IDP的saml20-sp-remote
$metadata['http://service.example.com/simplesaml/module.php/saml/sp/metadata.php/default-sp'] = array (
'SingleLogoutService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'http://service.example.com/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp',
),
),
'AssertionConsumerService' =>
array (
0 =>
array (
'index' => 0,
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'http://service.example.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
),
1 =>
array (
'index' => 1,
'Binding' => 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post',
'Location' => 'http://service.example.com/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp',
),
2 =>
array (
'index' => 2,
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
'Location' => 'http://service.example.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
),
3 =>
array (
'index' => 3,
'Binding' => 'urn:oasis:names:tc:SAML:1.0:profiles:artifact-01',
'Location' => 'http://service.example.com/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp/artifact',
),
),
'certData' => 'MIIDazCCAlOgAwIBAgIJAJ653EqbAryJMA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdORVdZT1JLMQwwCgYDVQQHDANOWUMxDzANBgNVBAoMBlNTTlRQTDEMMAoGA1UECwwDREVWMB4XDTE3MDUwNDEyMjMzOFoXDTI3MDUwNDEyMjMzOFowTDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB05FV1lPUksxDDAKBgNVBAcMA05ZQzEPMA0GA1UECgwGU1NOVFBMMQwwCgYDVQQLDANERVYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XfZhpHhuBHLf0UgnUGOv9zP04OMbRgmD/AI/jL4A2GONrOJYdlsCJcU9sAySBFxwZ8UkpkWYzjpzqjRc2ZmSYQmUt9m7raYciynLlcWP5FKdvZjmlTbjL0XGSGtOi4a39A/eYp5JmOx1eZT5jStiFJCUtzEqHfUYO/foGaaGxAqwur2q/8eiaW1PuKjxSRkuGek3i83lWmMAkkxT74YMrpuB2YP2N7wiiIm/ChYI4enYCWQpB8kpSujRzd/OLCL2tNc4Bp8Qhs2mOw46i5arkzzBtIKE0up6wpLsRT+mNpO1lqD9M7EAPi8JZBK7kh/9kJXqaCdXAeJvd18Z+uAZAgMBAAGjUDBOMB0GA1UdDgQWBBTuu/EDcjRd9Mtk3R4IJveBU/mpAjAfBgNVHSMEGDAWgBTuu/EDcjRd9Mtk3R4IJveBU/mpAjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAy20lxkQ9lR2wzUsH7jfYJNXJ2/Qc34YHguGDuxzMGzAPVu6CHUygUlaUBW/QTCam/xvru/pqsKAzs0FYiuImJr/X6wbJpDZNcvd/27ZuXbGK7N0k/F446KA9VOh8F7eRa0S3+WqU1MpnBxIvYT0D0xsSKDBKhx/giLaQMJv73PHFC+UXFmUnd/U4fcJc4gUJC2vAjr43DJjvQxJC13x9XqjIpaE/57Un2+zIujIvm3ChHu/kdmtwBIXLLehKJO5NqvkqoWJ4n1Mk8lZkRjsXFKCxJInnhRDLvwDj+ruPvpGZrK3VdUfjQQ06EmwCzvXRKetUU02R0k660pr2e6ngk',
);
MY SP的saml20-idp-remote
$metadata['http://service.ssntpl.com/simplesaml/saml2/idp/metadata.php'] = array (
'metadata-set' => 'saml20-idp-remote',
'entityid' => 'http://service.ssntpl.com/simplesaml/saml2/idp/metadata.php',
'SingleSignOnService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'http://service.ssntpl.com/simplesaml/saml2/idp/SSOService.php',
),
),
'SingleLogoutService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'http://service.ssntpl.com/simplesaml/saml2/idp/SingleLogoutService.php',
),
),
'certData' => 'MIIDazCCAlOgAwIBAgIJAKBDKYu8FJdhMA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdORVdZT1JLMQwwCgYDVQQHDANOWUMxDzANBgNVBAoMBlNTTlRQTDEMMAoGA1UECwwDREVWMB4XDTE3MDUwNDEyMTMyMloXDTI3MDUwNDEyMTMyMlowTDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB05FV1lPUksxDDAKBgNVBAcMA05ZQzEPMA0GA1UECgwGU1NOVFBMMQwwCgYDVQQLDANERVYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1TMKfjMZdCC5/P9/zzLo/Gt5+Yyjx+SVD/rtzVAHbJlMNnLT1DTUrEqnsVs8BclPGDzoMgWFJsCrbAnGQ3eO/qsJzhFMmyYpaJbcAX6N5UaxYzNjlrR6jzkGZkSXiXXDUiZHfU+nL07Xiaa+dPpBnytnQx27nGRk72OrMcoZfX39PjAC9gu7n89wHeXgGjF71+d3tE6e+rXG0kainGfAPuy5CYQprTFRuJTGH36BM9XjtzQu80uJ2Izh75u22pi5I0ze6bQ1pqH2m/gOcsFHkOLl729rPrdBN6VgM99ib+CDOa5+iwhOpZVANdT4QHEAYVVWO0fO/SDLx1uQQ3majAgMBAAGjUDBOMB0GA1UdDgQWBBSCKl1N/wX+IzpVxjbFvIULg8G8wDAfBgNVHSMEGDAWgBSCKl1N/wX+IzpVxjbFvIULg8G8wDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBIVQzXoympqzWGa6rrXF5QKWTuZ1B1QohpzdJ8Le4njy8zphwzjQN3ZOnVgvszQcmzSJl9j1CduFNYFlywU5XeSjFLqZkWCXvRFk+hOBEFY1b1XXHQ1YP/wuUiCNPdCOq6lUVREqFIrpVgdA1boWWwGYbjDNHIejRACJXATAgF59Ce4mPlNn/MhluLNsvtR/TvsIwmgkQfc2rtKGdMFBjIr2hqGRLs6uxf2ICTVPLVyWLGSpAJvBr29LTmutRyiXPGiaZkdPXXJTSnB++FZn0kuHZx1WlZUvzGQa8oc9scYLNLL3zAQ60twl4KetaiCEzS7xr2aY2G23kcPrZCABo6',
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
);
MY SP saml20-idp-hosted
$metadata['__DYNAMIC:1__'] = array(
/*
* The hostname of the server (VHOST) that will use this SAML entity.
*
* Can be '__DEFAULT__', to use this entry by default.
*/
'host' => '__DEFAULT__',
// X.509 key and certificate. Relative to the cert directory.
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
/*
* Authentication source to use. Must be one that is configured in
* 'config/authsources.php'.
*/
'auth' => 'example-userpass',
);