I have read a lot of document regarding this, Few of which are as follows
http://www.opengroup.org/security/sso/sso_intro.htm
http://www.authenticationworld.com/Single-Sign-On-Authentication/
http://merbist.com/2012/04/04/building-and-implementing-a-single-sign-on-solution/
https://wiki.queensu.ca/display/itsd/Single+Sign-On
I know the concept now but my client already has a systems build which has there own authentication system already in place and working and now i need to implement this concept for him all over his application
He has given me the access for only one of the main application where i can implement this but now the problem is, Client is not ready for the access of other application,
So is there any way where i can implement some plugging and ask the client to call this every time for the authentication and implement the single sign on.
It would be really helpful if anyone can give me the basic building block or Steps to implement this.
You can make SimpleSamlPHP as your IDP to implement Single Sign On to your client application. SimpleSamlPHP(IDP will take care of the authentication).This is light weight IDP Where you can store the user info and Payload as configuration file.
Refer the below link to configure the SimpleSamlPHP.
https://simplesamlphp.org/docs/stable/
Related
I'm in the process of designing an API to service a browser web app. I want to design the API in a way where if the need arises, it can be used cross platform. For the first stage I want to implement user name and password authentication (I believe the terminology is grant_type = password). I've read up on OAuth 2.0 being a standard in practice and I have a few questions:
Is there a suggested way of binding tokens and token expiry dates to users in the database? Can this be done in one table, or is it better to keep them separate?
I want to polish up and verify username and password authentication works before exploring into having 3rd party authentication (Facebook, Google+, Twitter, etc...) Is there anything I should know ahead of time when creating the database tables and API to make sure it is extendable into these features?
I'm hearing a lot about JWT, is this considered a standard way of generating and returning tokens to the front end?
I am looking to build the api in PHP and I was going to use the implementation from https://github.com/bshaffer/oauth2-server-php but it looks like it is failing on php versions 7 and up. (I'm going to use 7.2 for this project) It may also be easier to create it myself one piece at a time.
Any direction or insight into the above would be greatly appreciated. This will be my first stab at implementing an extendable authentication framework in an app.
I'm setting up around 4 Laravel 5.3 based apps at the moment, they are all part of one "ecosystem".
I plan to use a central Laravel app that will handle any user signup, user login and also hold all user details. These details will be used across the 4 separate Laravel web apps. I may also use these user details inside mobile apps in the future so I assume i'll need some sort of JWT based system to control this.
I've thought about using Laravel Passport to achieve this but I don't think this will work for this scenario. In all honesty, the documentation is not clear to me whether this is the sort of system it is designed for or if I need to use a different oAuth2 system. My understanding is it is for API authentication only, or am I wrong?
All my other Laravel apps will be on different servers so I can't share the database unfortunately. I need to implement a cross domain solution it seems.
Thanks in advance for any info on this, just to clarify that I am not asking you to code the script for me, simply to help point me in the right direction on how to do this properly - can't really show code on something I don't know!
I believe I have explained everything that I am trying to achieve here, and I have already done research but nothing seems to be clicking in my brain.
I think it depends on your business logic. Below is what i'm thinking:
If what you mean Multi Domains is the sub domains (as you mentioned login.site.com), i think the simplest way is to use site.com wide cookie with redis/memcached as the session storage solution.
If they do have different domain names, and beyond the central site, user when visit site A also want site B feature (or content, those sites are closely connected), i thought the JWT solution is the better choice.
Any other cases, choose OAuth
Well, maybe others have better ideas.
My web development experience has mostly been setting up a CMS like Wordpress or Drupal and creating custom themes. Actually work in server-size coding has been very minimal. I've played around with php a little, trying to mod off of phpBB and beginning to learn some MVC work with CodeIgniter. Overall, this seems like a pretty big step forward, but it's something I need (I think) to do for a project I am working on.
Essentially what I want to do is have a service like Twitter of Facebook (not in the social networking sense); a user is able to log into the site and perform various operations, while also being able to use an android application that supports limited operations.
After some Googling and reading articles on the internet, it appears REST is the way to go. But I can't quite seem to grasp some of the technical details. I understand how the HTTP Request/Response works, but I don't know how I can code everything server side so that visiting example.com/item/1 will bring up the details of item 1 in the browser and can also perform a GET Request in my Android app so it can grab the details from the database and display in on the site.
Any suggested readings or some tips on how to execute this?
You can implement this using MVC. By default, have the controller ask the model for the details of the item, then pass the info to the view. Repeat this process for each type of request you want to accept such as POST, PUT etc., where you define a new function in the controller, ask the model to perform the corresponding database action, and return the response to the view.
There is helpful tutorial for getting a REST server up and running using CodeIgniter here
I currently have a web app that uses the google maps API, PHP, and MySQL to populate custom map bubbles and markers on a map.
Currently, the app is hosted by us and managed by us and is included as an iframe on a clients page, however this is quite tiresome..
I would like to develop an API/library that can be included on the page and then inject code into a div container (much like Google maps does). However, i have no idea what to search for or what to read up on to learn.
I have a basic rest api that is configured to provide read-only functionality in json/jsonp format to an authorized client. I am using Phil Sturgeon's REST-SERVER library for CI.
Here is a link to the current format, we pull this page in an iframe with no-scrollbars.
http://fhaz.mapitusa.com
Update: I found a partial solution.. web widgets: http://alexmarandon.com/articles/web_widget_jquery/
i need to develop a web widget.
I need to know:
what to learn
what types of programming methodologies to know
What to look for examples
What are some options to get away from the iframe and using a sort of "hard embed".
You didn't say it out loud, but because you specifically mention you now have a read-only api i figure you also want to send commands to the (your) server. I would start with looking into authentication methods. And for this, I would go for OAuth. You'll have to write a basic client class which can connect and authenticate the client to the server. This can be pretty simple and small. Php even has a pecl extension available (see http://nl.php.net/manual/en/book.oauth.php) which is pretty easy to use. If you do not have the possibility of installing pecl extensions curl will also do the trick, and even that isn't really necessary. Twitter also has a nice explanation of how OAuth works, with links to external resources. Check it out! https://dev.twitter.com/docs/auth/oauth
Note that at the server level you'll have to implement your own role system, oauth only lets your client connect to the server in a secure manner. Ie. it will let your "users" log in to your application, but will not check if the logged in user is, example given, an admin user with all rights, a read-only user or something in the middle.
If you have OAuth straightened out just write a list of API calls you want to implement. You should namespace them, for example like:
/map/marker/get
/map/marker/set
/map/bubble/get
...
Your client API should be able to make a call like this:
$api = new MyGreatApi();
$params = array('id' => 3, 'color' => 'red', ...);
$response = $api->call('/map/marker/get', $params);
echo $response;
Check out some oauth library implementations like the one Twitter promotes (https://dev.twitter.com/docs/twitter-libraries#php), or in example the really simple one bits on the run uses (http://developer.longtailvideo.com/botr/downloads/php-api-kit.zip)
At server level you catch the api call and route the request to the specific controller (to use some MVC terms). If, eg, you fetch the call '/map/marker/get' you can just explode('/', $call); and search for the right class/function/method/whatever and let it do the magic for you, then send back the output (which can be as simple as to echo $output) and you are up and running! Note that if you have the authentication and role-checking right, the functions which produce the output can be treated as normal, oldschool, php functions. There's nothing special at them! It's the authentication and routing of api calls which should be your main concern.
I hope this clarifies some of your questions and give you a direction. If I misunderstood your question, please correct me!
I have a small web app written in php / mysql that stores customer information and does various things with it.
One of my users has expressed interest in integrating my app with the custom software (also web-based) that they use for setting up customer appointments.
Basically they want a system where, when they create a new customer account using their online software, that information is automatically relayed to my application, to create the customer account on my end as well. This would save them having to enter the same information twice.
I am wondering what your suggestions are for the easiest way to approach something like this? Do I have to create a full-blown RESTful API? (I have never done anything like that before and am not really sure where to start with such a thing.) Or is there a simpler way?
Any ideas or suggestions would be much appreciated. Thanks (in advance) for your help!
In order for another application to communicate with yours, you will have to create some type of API, whether it be RESTful or not.
Personally, I recommend REST as it is fairly trivial to setup and there are LOTS of tutorials on the internet to show you how. If you use Zend Framework, it's 10x easier as they have a REST controller you can extend and quickly build an API with.
Something very simple, which has worked for me is to simply accept the information as a POST. The other application will send the information via POST, which you process in your php, and store it in mysql. if the data is sensitive, you can set up a cert and go over ssl.