Category Archives: OpenID

SimpleSAMLphp version 1.6.2

Posted on July 29, 2010 by andreas

Version 1.6.2 of simpleSAMLphp is available from:

http://simplesamlphp.googlecode.com/files/simplesamlphp-1.6.2.tar.gz

SHA1SUM:

2f4e0b59f03af6fec79004546b439eeaaeac0182 simplesamlphp-1.6.2.tar.gz

This release contains security fixes since version 1.6.1.

During an inspection of the various templates, several cross-site scripting vulnerabilities were discovered. They are mostly related to displaying of metadata or user-attributes, and thus require the attacker to be able to change the metadata or attributes your installation receives.

Except for the issues with attributes and metadata, you may be vulnerable if:

You use the InfoCard module.
You use the openid authentication source.
You use the oauth module.

All users of simpleSAMLphp are encouraged to upgrade.

Continue reading →

Posted in InfoCard, OpenID, SAML Metadata, SimpleSAMLphp | Leave a comment

SimpleSAMLphp version 1.6.0

Posted on July 2, 2010 by andreas

simpleSAMLphp version 1.6 was made available earlier this summer. This release note was somewhat delayed here at rnd.feide.no, due to the fact that I was out of office.

Documentation is available at:

http://simplesamlphp.org/docs/1.6/

Changes include:

Support for HTTP-Artifact binding on both IdP and SP (thanks to Danny Bollaert, Shoaib Ali and Bill Young).
Better error reporting from single logout on the IdP- it will now respond with the correct error code to SPs.
OpenID 2.0 support.
Better support for specifying parameters in the SAML 2 authentication request.
Error page when the user accesses the IdP with cookies disabled.

Also, several bug fixes and other changes. See the changelog for more details:

http://simplesamlphp.org/docs/1.6/simplesamlphp-changelog

If you are upgrading from a previous version of simpleSAMLphp, you should have a look at the upgrade notes, as they list changes that may break existing installations:

http://simplesamlphp.org/docs/1.6/simplesamlphp-upgrade-notes-1.6

Continue reading →

Posted in OpenID, SimpleSAMLphp | Leave a comment

New OpenIdP Available

Posted on March 24, 2010 by andreas

Feide OpenIdP is now live in a brand new version.

The source code is available as a module to SimpleSAMLphp (not part of the simpleSAMLphp distribution though).

https://openidp.feide.no

The module is implemented by Thomas Graff, one of the members of the Feide team.

Feide OpenIdP allows self registration of users, self registration of SAML 2.0 SPs and supports OpenID.

Continue reading →

Posted in OpenID, OpenIdP, SimpleSAMLphp | Leave a comment

Create custom links on the login page

Posted on March 23, 2010 by andreas

We’ve added support for including custom links on the login page, without modifying the theme. This support is already enabled in the subversion version of simpleSAMLphp.

In authsources.php, you may add links by doing something like this:

    'core:loginpage_links' => array(
        array(
            'href' => SimpleSAML_Module::getModuleURL('openid/openidtest.php'),
            'text' => '{openid:dictopenid:openidtestpage}',
        ),
        array(
            'href' => 'http://uninett.no',
            'text' => array('en' => 'UNINETT Home page', 'no' => 'UNINETT sin hjemmeside'),
        ),
    )

Continue reading →

Posted in OpenID, SimpleSAMLphp | Leave a comment

New Login Page

Posted on March 23, 2010 by andreas

I’ve redesigned the OpenIdP login page.

This is checked in as the themefeidernd module in simpleSAMLphp, as an example of how you can create a theme module that overrides a template for the login page. You can test the theme module, by adding this to your config.php:

'theme.use' => 'themefeidernd:feidernd',

Continue reading →

Posted in OpenID, OpenIdP, SimpleSAMLphp | Leave a comment

Connecting to the Feide RnD SVN Repository using Versions

Posted on January 18, 2010 by andreas

Click to add a repository:

Fill in this url:

https://svn.rnd.feide.no/docs/trunk/geant

and then type in your username and password from Feide OpenIdP. Your username on the short form, like ‘andreas‘.

Then click on the GÉANT bookmark in the left pane, next click on the first line on the right pane, and then click Checkout button.

Find a suitable place for your work copy, in example inside your Documents folder:

And you now have a working work copy:

Now, you may add files, edit files.

To update others changes into your working copy: click Update.
To provide your changes back to the repository (for others): click Commit.

Continue reading →

Posted in OpenID, OpenIdP | Leave a comment

Identity Discovery Usability

Posted on October 22, 2009 by andreas

JISC and Bob ‘RL’ Morgan initiated a discussion on IdP discovery usability that inspired me to try to summarize my thoughts on the topic.

What is bad today? – Examples from real life

UK Access Federation

In a UK federated service, you would need to know that you must click Shibboleth login (notice: a name of some piece of software), in order to get to a discovery service. A SP-specific IdP Discovery Service today in UK Access Federation will present you with a drop-down box of approximately 750 entries listing universities. It takes quite some time for a browser to scroll to the bottom. When the user goes to the next SP, he/she is blessed with the wonderful SSO experience with simple login, but before that happens, the user is presented with the same question and 750-entries-long drop-down list.

Question or answer?

When a danish user goes to a Kalmar Union service, and is presented with a IdP Discovery Service service asking something along Where are you from?.

Continue reading →

Posted in OpenID, SAML Metadata | Leave a comment

Feide OpenIdP gets OpenID support

Posted on October 21, 2009 by andreas

If you have created an account on the Feide OpenIdP, you may now use that account to login to any OpenID site. You may also setup your blog to point to OpenID for authentication – then you will get your blog URL as an openID, and you will be asked for username password on Feide OpenIdP.