Question

I have a Drupal site I am standing up for a client. I ve been asked to use Single Sign on using SAML2 (where I would be the service provider and my client would be the identity provider).

The best thing I have found so far has been either

SimpleSAMLPHP https://ow.feide.no/simplesamlphp:drupal

or

Shibboleth -- http://drupal.org/project/shib_auth

From looking at the documentation from these it looks like the Shibboleth module might be further ahead, but I m not sure that you can connect Shibboleth to SAML. Can you? Or do you need to connect to a Shibboleth identity provider?

The SimpleSAML module looks good, except it seems to require memcache which I would prefer to not use.

Thanks!

Answer 1

The Shibboleth project is an implementation of SAML, which is a specification of a protocol that deals with exchange of Assertions (AKA security tokens). A shibboleth server is an installation that talks the Identity Provider side of the SAML protocol, and it will be able to talk to any Service Provider as long at they both follow the specifications of SAML. Since this is the case for both SimpleSAMLPHP and the Shibboleth Service Provider modules, you can use either really. So if you don t want to use memcache you can safely choose shib_auth.

友情链接