Central login with SAML and making site to work as identity provider

Question

So my scenario goes like :

I have two sites a.com and site b.com and one authentication server cauth.com.

what client wants is ...

When user lands on a.com or b.com user fills in the login form on respective site , but the action of form will be on cauth.com (cauth.com/authenticate). when user is authenticated on cauth he is loggined on the both sites.

I am thinking to implement SAML to achieve the same and flow is like after authentication iDP(cauth.com) will send SAML response to the both the service providers and user will be given access to both the sites .

I am novice in SAML and unable to get proper documentation and comprehension for the same.

What I want to know is :

1. Is my solution to the problem worth implementation ?
2. Is it possible to make site (cauth.com) as identity provider.I have looked at thread Making your PHP website into SAML Identity Provider but not able to get proper solution.

Answer 1

SimpleSamlPHP should be pretty easy to set up. You'll want to make a copy of the folder modules/exampleauth/ and then alter the file modules/<yournewmodule>/lib/Auth/Source/External.php to work for your site. The documentation is good though and it's definitely the easiest thing for your need, and the right one.

I should add that following the instructions to set up SimpleSamlPHP should give you a basic understanding of which metadata files are most important and where they live and how things interact.