Integrating SimpleSAMLphp...

jenelso2's picture

Hey folks, we've got a push on our campus to join the InCommon federation and use the SAML 2 / Shibboleth framework.  I know that Jadu has CAS integration, and it's possible to "shibbolize" a CAS server, but it would be nice to have native SAML 2 authentication / account creation in Jadu.


To that end, I've started to integrate the SimpleSAMLphp library into our Jadu installation so that we can authenticate our campus network users and create a truly Single Sign-On (SSO) solution for our web applications.  I've got it working, for the most part, but I'm hitting a snag when it comes to HTTP headers being sent by Jadu Core PHP (JaduStatus.php and others).  I can't initiate a SAML 2 session due to the headers being sent to the browser from those core files before my front-end template and/or script code (doctype.php in particular).  Although I'd like to SAML authenticate the control center, this is more for creating a user-attribute based custom content / user portal experience.

I'm wondering if anyone else has had to fight an HTTP header issue in Jadu before?  One thing I'm considering is going through the core files one by one and adding all potential non-location headers to an array, then array_walk()ing through the array of headers in the doctype.php file after I create my SAML session.  I think this solution will work, but it's also going to be a nightmare to maintain and debug if I have issues.

Any thoughts from the other devs?

** EDIT 3/29/2016 **

So that'll teach me to post without digging far enough into the problem.  Turns out there's some neat functionality in php using .user.ini files when running PHP in the FastCGI/CGI Server API mode.  I added a .user.ini file to the /site/ folder and added "auto_prepend_file = /path/to/jadusaml.php" to it.  Now, every php file request inside the /site/ folder automatically requires the jadusaml.php file first before it does anything else.  Now I can manage all my authentication/authorization and such before the Jadu core even gets involved.  Problem solved....so far.
General Concept: 
Jadu Product: 
Jadu Version: