How to make a simple SAML request with PHP?

Question

I have worked with PHP a lot before but I have never used SAML because I never had to connect to a remote server. I have been reading various tutorials, posts, and examples for days now I still am getting no where. I have read up on :

• UC Santa Barbra Lecture on SAML
• OneLogin example and guide
• Wiki on SAML
• Rackspace guide on Auth Tokens
• Fiede RnD Example
• Getting started SAML and PHP

But still no success. I think when I was reading up on Onelogin, SimpleSAMLphp, and Shibboleth I felt like I was in the wrong place because I feel downloading and unpacking huge files as stacks would be for a service provider... In this case I am the Identity Provider and I thought it would be as simple as just making some xml and sending it off; and looking for a response. Not needing these huge amounts of code but maybe I am mistaken.

When I look at the xml most of it makes sense. For example:

<saml:Assertion
Version="2.0"
ID=“_34234se72”
IssueInstant="2005-04-01T16:58:33.173Z">
 <saml:Issuer>http://authority.example.com/</saml:Issuer>
 <ds:Signature>...</ds:Signature>
 <saml:Subject>
     <saml:NameID format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
        jygH5F90l
    </saml:NameID>
 </saml:Subject>
  <saml:AuthnStatement
      AuthnInstant="2005-04-01T16:57:30.000Z">
        <saml:AuthnContext>
          <saml:AuthnContextClassRef>
            urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
          </saml:AuthnContextClassRef>
        </saml:AuthnContext>
   </saml:AuthnStatement>
</saml:Assertion>

I think I understand the process of sending 'jygH5F901' as the 'NameID' but lines line urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport make little to no sense to me. Could someone please point me to a good guide on how to get started or at least in the right direction.

All I need to do is:

1. Get an Authorization Token
2. Exchange the Authorization Token for an Access Token.
3. Use that Access token to GET information from the service providers database.

Any help would be greatly appreciated; I am completely new to SAML so I probably sound dumb; but if just anyone could link me to a thorough guide or example that explains the structure and has more copy-paste friendly work. I just need to get that connection, import data then once I can get a hold of those returned variables all the PHP stuff after is easy. Thanks for your time; and any effort will be greatly appreciated.

Answer 1

SAML is quite complicated and if you are going to generate the XML manually I would strongly recommend that you read up on SAML and review the specs. I would recommend looking at the technical overview in the specs first.

Specs: http://saml.xml.org/saml-specifications
Technical overview: https://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf

I warn you it can be a lot of work doing this manually and doing it right. I would recommend using a application design for this purpose like shibboleth