Loading...

Skip to main content

History: saml

View published page Collapse Into Edit Sessions

Source of version: 13

«
»

Copy to clipboard

            !  {icon name="users"} SAML

!! Overview
{DIV(class="lead")}If you require Tiki to be an __Identity provider (IdP)__: It has been done but it's not properly documented. The general idea is to install [https://simplesamlphp.org/|SimpleSAMLphp] and let SimpleSAMLphp access Tiki's database. Please see: https://github.com/pitbulk/tiki-saml/blob/master/doc/tiki_wiki_as_idp.rst

If you need this feature and would like this to be streamlined, documented and future-proof (as was done for Tiki as a Service Provider ), please contact Marc Laporte (en/fr) or Torsten Fabricius (de) so we can make this happen together.{DIV}

^ ((dev:Removing MCrypt as a dependency|Mcrypt)) is no longer used by Tiki since 18.x LTS.

However, it is still used by the SAML feature which depends on php-saml, which is installed by ((Packages)).  [https://github.com/onelogin/php-saml/issues/255|Upcoming php-saml 3.x will no longer use Mcrypt]. Tiki will update to php -saml 3.x as soon as it's released.
^ 


((Tiki17)) can be a SAML Service Provider (SP), thanks to the integration of [https://github.com/onelogin/php-saml|OneLogin's SAML PHP Toolkit].

When setting up Tiki as a SAML Service Provider, you would need to provide to the IdP the URLs for assertion consumer service, and single logout service (if used). These are : http<your site baseurl>/tiki-login.php?saml_acs and http<your site baseurl>/tiki-login.php?saml_sls respectively.

~tc~ Preference documentation generated from https://sourceforge.net/p/tikiwiki/code/HEAD/tree/trunk/lib/prefs/ ~/tc~
~tc~ To update documentation see https://dev.tiki.org/How-to-get-commit-access ~/tc~
{PREFDOC(tab="login-saml2")/}

{QUOTE(replyto="Wikipedia" source_url="https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language")}Security Assertion Markup Language (SAML) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. 

The single most important requirement that SAML addresses is web browser single sign-on (SSO). Single sign-on is common at the intranet level (using cookies, for example) but extending it beyond the intranet has been problematic and has led to the proliferation of non-interoperable proprietary technologies. (Another more recent approach to addressing the browser SSO problem is the OpenID Connect protocol.){QUOTE}



!! Related links
* https://en.wikipedia.org/wiki/Identity_provider
* https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language

History

Enable pagination rows per page

Advanced

Information	Version
Wed 05 Jan, 2022 02:43 GMT-0000 Marc Laporte	18
Sun 10 Oct, 2021 01:13 GMT-0000 Marc Laporte	17
Sun 10 Oct, 2021 01:10 GMT-0000 Marc Laporte	16
Sun 10 Oct, 2021 01:05 GMT-0000 Marc Laporte	15
Sun 10 Oct, 2021 01:02 GMT-0000 Marc Laporte Move to distinct page. Average user wants to connect Tiki to their current SAML server so don't confuse them with such messages	14
Thu 22 Oct, 2020 22:57 GMT-0000 Nelson Ko	13
Mon 22 Oct, 2018 00:45 GMT-0000 Marc Laporte That image makes no sense	12
Mon 03 Sep, 2018 11:29 GMT-0000 Torsten Fabricius added language codes to Marc (en/fr) and Torsten (de)	11
Mon 03 Sep, 2018 11:28 GMT-0000 Torsten Fabricius added a Heading with Lead and put Marcs notice to the top into the lead	10
Sun 13 May, 2018 12:42 GMT-0000 Marc Laporte	9
Thu 24 Aug, 2017 22:32 GMT-0000 drsassafras updated to prefdoc plugin	8
Sat 07 Jan, 2017 05:21 GMT-0000 Marc Laporte Version created by rescue script 2017-04-24T18:09:12+00:00	7
Sat 21 Aug, 2010 03:37 GMT-0000 Marc Laporte Page created by rescue script 2017-04-24T18:09:12+00:00	6