How to connect identityServer3 to php application. I have application in asp.net MVC which is using IDS3 now i need to connect php client app with SSO integration base on IDS3.
I think this is less a question about IdentityServer3, and more a question of what OpenID Connect libraries are recommended for PHP.
http://openid.net/developers/libraries/
The OpenID web site lists three OIDC libraries for relying parties - the right one to choose depends on your web server (nginx, Apache) and application stack (e.g. Drupal).
Recommend you try the most lightweight first and see if it supports what you need.
https://github.com/jumbojett/OpenID-Connect-PHP
I am implementing same type of auth but get client secret validator error, do you have any docs? I m using openid-oauth2 library
Related
I'm building a mobile project that needs to be in constant communication with a server and i need some information . I know how to build local apps but this is the first time that i'm building an app that requires external call to a server / authentication service .
I'm asking for guidance how to proceed and which services/servers to use.
What type of server/database do i need ?
I'm guessing i will be requiring an API service but no idea how to choose/make one.
I want to use azure services/database but i also don't want to be dependent on it. I want to have my own url that i send request to and interact with a server/db that i can later move to another host fairly easily.
I develop websites mostly and i'm familiar with php/laravel + Mysql but i think in this case it will be overkill to create a laravel app simply for the server backend .
The app will be mobile only so i don't expect to have a webpage for it . simply an external server/database where the data will be saved.
First i need an authentication service - where each user will register on the phone which will then be saved in my external server/database . Then when they need to login - they will input the login details on the phone , which will query the esternal server/database and if validated - get their details from the server.
First, you need to decide which kind of server communication you'll need. it's in real time and constant? then you'll need a websocket. It's in bursts when you need to send or get data? then you'll need some kind of webservice (REST, RPC, SOAP). Then you have to evaluate the user load you'll have. And finally, the human resources you'll have.
Based on your question, I think a REST webservice will be more than enough. You may:
-Create a REST service for every group of related resources. Example: the /user URL should handle the signup, login, logout and user update operations.
-Create a method for each one of those operations and handle them. Then, call the method from the REST service class.
-Depending on the amount of users and the technology you're using, create a server to handle the requests, or upload your REST project to a server (tomcat, for example).
-Create an app and consume the REST services from there.
There are tons of tech you can choose for these things. PHP allows creating REST services, I think. Java is a very good choice too, since you can use the same code in both server and android apps. Node.Js is pretty popular, too, since you don't need servers and uses NIO (althought java can do both things using jetty and also has multithreading); golang and scala both have superb performance (golang is a lot more easier to learn, though, and it has no need to use external webservers).
Hope this helps.
For mobile applications the best will be REST (representational state transfer),becouse is lightweight and flex to use in other technology. I had project which include REST and mobile app and web app and it working very well.
In this scenario, we usually will build a REST API service for client end. As you are familiar with Laravel, you can refer to http://www.programmableweb.com/news/how-to-build-restful-apis-using-php-and-laravel/how-to/2014/08/13#apiu for how to build a REST API service with Laravel. Also you can leverage other light 3rd part PHP frameworks to build REST API service.
You can create and develop the application on local and then deploy to Azure Web Apps. Please refer to https://azure.microsoft.com/en-us/documentation/articles/app-service-web-php-get-started/ for more info.
And there several vendors provide MySQL services on Azure. ClearDB is a BaaS on Azure for MySQL. You also can use the VM to host your MySQL Service. E.G. MySQL by Bitnami and MySQL by Docker.
I have WPF app and Web browser control in it. I am opening a web page which is a php application.
I need to pass my machine credential's to the php application.
The Web browser control opens a [http://app/login.php]. The user has logged onto the machine with his domain credential's. The PHP website uses windows authentication..
Both the WPF application and php site are internal application(i.e. same domain)
You have a CakePHP application and a login.php? Then there is something seriously wrong with it.
You need to get your current logged in users identity and pass that on to the php application.
See Using windows authentication with php?
If you're using CakePHP 2.0 you might find an LDAP adapter for the AuthComponent. I guess you can use google to find more, I don't know if this one here is any good or not http://www.analogrithems.com/rant/2012/01/03/cakephp-2-0-ldapauth/
My answer covers the CakePHP part
Best practice would be to communicate using REST, between your wpf and cakephp. CakePHP provides a very easy way to connect your actions via REST. You will have to connect your authentication method using the REST.
Cake's documentation has a nice section on REST from CakePHP.
Omniauth is a wrapper that standardizes authentication with multiple third-party providers for Ruby on Rails applications.
For more information, see
https://github.com/intridea/omniauth/
Is there a similar library that does this for PHP web applications?
Looks like HybridAuth is one of the choices.
Check out Opauth. It's an OmniAuth-inspired authentication framework for PHP.
It allows developer to easily implement authentication to 3rd party providers simply by downloading and dropping strategies.
Disclaimer: I'm the author of Opauth.
This PHP oAuth API library comes with built-in support to integrate many oAuth servers, but it can be configured to access any other server that is not yet supported built-in. It supports either oAuth 1.0, 1.0a and 2.0 transparently under the same class API.
Look into OpenID, I am not familiar with the framework you're asking about but it seems to do what you are asking. The Stack Exchange network implemented it too, which is how we can login using Google accounts etc.
Is it possible to use the Google App Engine with datastore only and keep your application on an external traditional server?
I'm interested in the GAE for Business SQL service coming soon but I only want to use GAE for the database. I would like to keep the php application on a traditional server for a variety of reasons.
Is this possible?
Yes it is possible and GAE is fairly used in this specific scenario; think about the hundreds of Iphone/Android applications that use GAE as back-end.
A simple common design would have:
A Web API to communicate with GAE datastore since you can't connect directly to it from your php application. Have a look to restlet for a cool RESTful Java web framework that supports GAE or the new Appengine-rest-server Python project .
A security check to validate that the requests are coming from the php application (HMAC / SSL).
I am looking at ways to tie together a number of Windows-based web services together under single-sign-on. Microsoft's Windows Identity Framework and ADFS 2.0 are the perfect tools for the job, except that not all of our web services are written in .NET. One is classic ASP and another PHP. Are there existing libraries that will work for those platforms, or will I need to build them from scratch?
There are two ways to do this that I can think of off the top of my head:
Find a product that will sit in your Web server that intercepts calls, bounces unauthenticated users to an IdP, parses the responses, and puts the data in the header of the requests that it then passes on to your ASP/PHP app. There are many types of products that do this, e.g., Shibboleth SP, Ping Identity, and OpenSSO. I think Centrify DirectControl and Quest Single Sign-on might also provide this sort of capability.
Build a comparable component yourself that can do this sort of thing and leverage frameworks to help with the parsing of SAML and/or WS-Federation messages. If you take this route, check out SimpleSAMLphp and OIOSAML.NET.
HTH!
Using IIS 7.0 pipeline you can write a http module that will handle authentication for all sites hosted on the iis. (including classic asp and php).
See: MSDN article