SimpleSAMLphp

I’ve added yet another company that offers commercial support on SimpleSAMLphp: SSOeasy. http://simplesamlphp.org/support

9star research now announces commercial support for SimpleSAML Services. We are thrilled to learn that the company 9star research, well-known in the community, now are including SimpleSAMLphp in its list of official services. Our team of dependable SimpleSAMLphp experts and … Continue reading →

PRiSE has got an expert team on digital identity who has worked in middleware and digital identity international projects. PRiSE announces commercial support on SimpleSAMLphp. More information about commercial support on SimpleSAMLphp

Based upon input from Brook Schofield, Mikael Linden and others, I’ve put together a new revision of the Basic Metadata Aggregation Profile, version 0.3. Basic Metadata Aggregation Profile v 0.3 (pdf) List of changes Improved layout on section 2, aggregator … Continue reading →

A good introduction to the OAuth 2.0 spec and the changes from OAuth 1.0 over at hueniverse: Introducing OAuth 2.0

I’ve ran rnd.feide.no on Drupal for 2-3 years now. While drupal is a very sophisticated platform with tons of features; for this particular site, it was basically an overkill. I’ve just converted the site back to WordPress which I used … Continue reading →

Here are a couple of slides I put together in the last minute before the BoF started at TNC2009 in Malaga.

Here is the slides for my presentation about Single Log-Out at TNC2009.

I’ve added OAuth support in a module in SimpleSAMLphp and made a proof of concept demo on how to perform authentication initiated from a command line client. Here is how it looks: You can update simplesamlphp, enable the oauth module, and run the ... [More] demo.php command line script your self. The server side is also embedded in the module. Make sure that you do not enable the oauth module on your production server, this is for demo purposes only. The CLI runs as an OAuth Consumer, the OAuth Service Provider is co-located with a SAML 2.0 Service Provider and perform the federated authentication via an SAML 2.0 IdP. Here is more or less all the neccessary code that needs to be included in your CLI script: echo 'Welcome to the OAuth CLI client' . "\n"; $consumer = new sspmod_oauth_Consumer($key, $secret); // Get the request token $requestToken = $consumer->getRequestToken($baseurl . '/module.php/oauth/requestToken.php'); echo "Got a request token from the OAuth service provider [" . $requestToken->key . "] with the secret [" . $requestToken->secret . read more [Less]

Do not use the SimpleOAuthDataStore that is included in the PHP OAuth library. The reason is the obvious relation between the key and the secret. Hash functions are fun to use, isn’t they? The developer should very well know that md5(md5( is ... [More] insecure, he/she should use md5(md5(md5( ;P function new_token($consumer, $type="request") {/*{{{*/ $key = md5(time()); $secret = time() time(); $token = new OAuthToken($key, md5(md5($secret))); [Less]