Making your PHP website into SAML Identity Provider

Question

Story is that I need to make my website act as Identity Provider (read: IDP). Website itself is on Zend platform. Idea is making a IDP controller by which Service Providers (read: SP) contacts IDP. As it must be part of the website, I would need to include some extension, which could be easily used for responding SAML requests from SP.

I have found list of PHP extensions from: https://wiki.surfnetlabs.nl/display/OSP/RFC+-+OpenSAMLphp,+a+new+PHP+library+for+SAML+2.0+support

All of these extensions have little documentation or are too complex. For example I haven't found a way to use SimpleSamlPHP in my application and also extracting useful code out of it looks very time consuming (which I really don't have anymore). Also I find all of them hard to implement into website.

I have been googling and checking github for days now, trying to find easy way to use some library (right now I'm trying to implement Lasso, which seems reasonable, but unfortunately lacks good examples / information how to use it as IDP).

Any kind of criticism, ideas, help or tutorial/code examples would be useful.

Answer 1

I wrote a guide about how deploy on an open source software (Tiki-wiki) an IdP using simplesamlphp, and how to connect the IdP to google or salesforce. Take a look:

https://github.com/pitbulk/tiki-saml/blob/master/doc/tiki_wiki_as_idp.rst