I have a PHP application that will be accessed by users who are already
signed into Google ( the app runs in an iFrame on a Google Site that
requires Google login)
What is the best SSO approach that uses Google login, so users have
the same identity in both places?
Best to use a some OpenID opensource? .. zend/cake/symf plugin?
GoogleApps infrastructure? .. or a identity service like Janrain?
Is it too early to go with OpenID Connect? etc.
Thanks much.
OpenID works well - and indeed, is good enough for StackOverflow - you probably used it to register your account here.
There's an article called Getting Started with OpenID. Although it's on Zend's website, it doesn't seem to be tied to the Zend framework, so is a good starting point. It covers all the modules you need to download, and includes an example to help get you started.
Also take a look on simplesamlphp and its integration with Google:
Setting up a simpleSAMLphp SAML 2.0 IdP to use with Google Apps
Is an open source project based on php. Nice comunity and complete documentation.
Hi again I recently discovered this interesting project HybridAuth, an SSO PHP Library for authentication through identity providers like Facebook, Twitter, Google, Yahoo, LinkedIn, MySpace, Windows Live, Tumblr, Identica, LastFM, OpenID, PayPal, Vimeo, Foursquare, AOL, Viadeo, and others.
I didnt test it but seems also a good solution.
Related
I need to create a centralized authentication website. Something like how facebook does with "Login with facebook", but instead of using facebook I would be using my own website. I've been search for 3 days and found a couple of terms but don't know exactly if that's what I should use.
I found these:
OAUTH 2
SAML
Identity provider(All php projects were deprecated)
But still I don't if this is what I should be looking for.
Any help would be appreciated.
Use simpleSAMLphp as your IDP.
If you then want to extend to Facebook, federate this with Azure ACS.
ACS provides authentication with:
Facebook
Google
Yahoo
Windows Live
Is there a standardized way to set up AD authentication for a web service that does not have direct access to the AD controller? I'm thinking of a cloud application such as Google Apps that wishes to authenticate against an organization's AD.
I have googled around quite a bit but I don't seem to know the right keywords. Maybe someone else can elighten me or give me some search pointers.
FWIW, our applications are written in PHP using Zend Framework.
The most elegant solution to your problem would be using identity federation. The basic idea is to authenticate your user locally like you do on your regular apps and send a security token to your cloud provider, proving the identity of your users.
SAML is the most common federation protocol used for achieving this. Google has a nice page explaining the details and the wikipedia page is also insightful:
There are plenty of identity federation solutions, for example:
Active Directory Federation Services (ADFS)
SimpleSAMLphp
Shibboleth
OpenAM
SimpleSAMLphp may be a good start to familiarize with SAML, as it is.. simple :)
The procedure to connect it to google apps is described here.
ADFS would be an AD-centric solution, but is a bit more complex to configure.
I want to integrate openid authentication into my php application. It must support authentication from yahoo, google, aol, msn/hotmail/live (not sure if its support openid).
I have tried searching google and have been able to come up with anything useful. I will really appreciate advises and links to good tutorials.
Thanks in anticipation.
This looks like a pretty solid tutorial covering the Google part.
Googling for 'php openid implementation tutorial' yields lots of relevant links.
Good luck!
Take a look at Janrain Engage. With the free version you can choose 6 different providers.
EDIT:
They provide an single API for authentication using OpenID and other authentication methods. Services like Twitter, Facebook and Windows Live don't use OpenID but some other method (i.e. Twitter uses something based on OAuth). Instead of implementing every method yourself you can use one single unified API.
I absolutely love StackOverflow's usage of OpenID for registration. How would I go about adding this to my site? It is PHP based. I went to openid.net and looked at the libraries there, but could find little in the way of documentation or examples.
This tutorial was helpful for a previous project I worked on using PHP and OpenID. It has an example app.
http://devzone.zend.com/article/3581
(source: zend.com)
Documentation and examples.
OpenID is great, but have one big disadvantage. Let's imagine that I'm having Google account and Yahoo account. I will login using Google and then I will try to login using Yahoo. And it will be different accounts; it's really difficult to remember what openID provider I was using for registration... So, be careful with OpenID on entertainment websites, but it is still ok for developers websites.
Check OpenId class from Zend Framework.
I really would like to integrate the Myspace ID platform on my site using PHP, instead of allowing users to sign in to my site anytime with there myspace ID I am planning on just using it 1 time on signup process to allow them to import profile data from there myspace to my network.
I have note been able to find any good example code for doing any kind of myspace integration, has anyone done this and care to share any info on the issue please?
MySpace is an OpenID provider. What you're looking for is an OpenID consumer library.
This one turned up as the first result on Google though there are many more out there: PHP OpenID Library
This let's people not only use MySpace, but Google, AOL, Yahoo, Flickr and innumerable other sites to sign into yours. I use it regularly. Even Stack Overflow uses OpenID sign in. Great stuff!
A simple solution would be to use JanRain - they handle login for multiple networks including MySpace, Facebook, Twitter, Yahoo!, etc.
http://www.janrain.com/