0

信息设置:WSO2 身份服务器版本:5.9。我正在使用 WSO2 IS 在我的 PHP 项目中添加 SSO。我在 wso2 中为 PHP SAML 创建了 SAML SSO 服务提供者。服务提供者: 发行者: https://ssowebapp.domain.net/demo1/metadata.php 断言消费者网址: https://ssowebapp.domain.net/demo1/php-saml-master/index.php?acs Namid 格式: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress 启用注销 注销网址: https ://ssowebapp.domain.net/demo1/php-saml-master/index.php?sls 注销方法:返回-频道登出

这是我的 settings.php 文件:

< ?php
$spBaseUrl = 'https://ssowebapp.domain.net'; 

    $settingsInfo = array (
        'sp' => array (
            'entityId' => $spBaseUrl.'/demo1/metadata.php',
            'assertionConsumerService' => array (
                'url' => $spBaseUrl.'/php-saml-master/demo1/index.php?acs',
            ),
            'singleLogoutService' => array (
                'url' => $spBaseUrl.'/php-saml-master/demo1/index.php?sls',
                'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
             ),
              'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
         ),
        'idp' => array (
            'entityId' => 'https://wso2.domain.net:9443/samlsso',
            'singleSignOnService' => array (
                'url' => ''https://wso2.domain.net:9443/samlsso',
                'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
                ),
            'singleLogoutService' => array (
                'url' => ''https://wso2.domain.net:9443/samlsso'',
                 'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
            ),
            'x509cert' =>  '-----Certificate-------------'
        ),
    );  

This is my PHP code (index.php) :

 1. 

    <?php 
    session_start(); define("TOOLKIT_PATH",
        '/var/www/html/ssowebapp/php-saml-master/');  
        require_once(TOOLKIT_PATH.'_toolkit_loader.php');  
        require_once(TOOLKIT_PATH.'demo1/settings.php');

        $auth = new OneLogin_Saml2_Auth($settingsInfo); $requestId=null; if
        (isset($_GET['sso'])) {    // SSO action.  Will send an AuthNRequest
        to the IdP
            $auth->login(); } else if (isset($_GET['sso2'])) {              
            $returnTo = $spBaseUrl.'/demo1/attrs.php';  
            $auth->login($returnTo); } else if (isset($_GET['slo'])) {  
            $auth->logout(); } else if (isset($_GET['acs'])) {  
             $auth->processResponse();      
              $_SESSION['samlSessionIndex']         =  $auth->getSessionIndex();
              $_SESSION['samlNameId']               =    $auth->getNameId();
              $_SESSION['samlNameIdFormat']          = $auth->getNameIdFormat();
              $_SESSION['samlNameIdNameQualifier']   =  $auth->getNameIdNameQualifier();
              $_SESSION['samlNameIdSPNameQualifier'] = $auth->getNameIdSPNameQualifier();
               $_SESSION['LogoutRequestID'] =   $auth->getLastRequestID();
             $errors = $auth->getErrors();  
            if (!empty($errors)) {
                echo '<p>', implode(', ', $errors), '</p>';
            }

        if (!$auth->isAuthenticated()) {      
                echo "<p>Not authenticated</p>";  
                exit();
            }
            $_SESSION['samlUserdata'] = $auth->getAttributes(); 
            if (isset($_POST['RelayState']) && OneLogin_Saml2_Utils::getSelfURL() != $_POST['RelayState']) {
                $auth->redirectTo($_POST['RelayState']);  
            }                                              } else if (isset($_GET['sls'])) {       $auth->logout($returnTo, $paramters,
        $nameId, $sessionIndex, false, $nameIdFormat, $nameIdNameQualifier,
        $nameIdSPNameQualifier);

            $errors = $auth->getErrors(); 
            if (empty($errors)) {
                echo '<p>Sucessfully logged out</p>';
            } else {
                echo '<p>', implode(', ', $errors), '</p>';
            } } if (isset($_SESSION['samlUserdata'])) {      
            if (!empty($_SESSION['samlUserdata'])) {
                $attributes = $_SESSION['samlUserdata'];
                 //var_dump($auth->processResponse());
                echo 'You have the following attributes:<br>';
                echo '<table><thead><th>Name</th><th>Values</th></thead><tbody>';
                foreach ($attributes as $attributeName => $attributeValues) {
                    echo '<tr><td>' . htmlentities($attributeName) . '</td><td><ul>';
                    foreach ($attributeValues as $attributeValue) {
                        echo '<li>' . htmlentities($attributeValue) . '</li>';
                    }
                    echo '</ul></td></tr>';
                }
                echo '</tbody></table>';
            } else {                             // If there is not user data, we notify
                echo "<p>You don't have any attribute</p>";
            }

            echo '<p><a href="?slo" >Logout</a></p>'; // Print some links with possible } else {                                      
            echo '<p><a href="?sso" >Login</a></p>';
            echo '<p><a href="?sso2" >Login and access to attrs.php page</a></p>'; }

使用 SSSO 登录时没有问题。但是注销不起作用。我在 WSO2 IS 中有此错误:[2020-03-24 12:04:46,385] [ https://ssowebapp.domain.net/php-saml-master/demo1/index.php?sls]错误 {org.wso2 .carbon.identity.sso.saml.processors.SPInitLogoutRequestProcessor} - 没有与提供的会话索引对应的已建立会话。[2020-03-24 12:04:46,393] [ https://ssowebapp.domain.net/php-saml-master/demo1/index.php?sls] 警告 {org.wso2.carbon.identity.sso.saml .servlet.SAMLSSOProviderServlet} - 由于无效的注销请求而重定向到默认注销页面

4

0 回答 0