Okta and SAML with PHP
SAML as we all know is a complicated beast. My encounter with SAML was to hook up Single Sign On into a Laravel application trough Okta. Whilst half the jargon was pure Greek to me I managed to figure out a couple of things in the process.
In my opinion most parts where lot of people new to SAML struggle is understanding the workflows and misunderstanding the use case that they are working towards.
This article covers the steps I used to enable a user to login to their Okta account and then access the PHP app.
If you look at the settings the url would ideally be your application URL. Since its a Laravel app we point to the login URL and handle the SAML response processing via a Middleware.
In terms of setting up the app that’s all there is to it on Okta.
Now on Laravel ( or your app side ). We do the following ,
Pull in the lightSAML package you can do it with composer easily.
Now the when the request hits the app from Okta we do the following :
Extract the SAMLResponse
Convert it to XML
Create the Response object using the XML
Get data from the Assertion
In this example we map the Okta users Email address for an existing user and then log the user in. But this can be used in several ways based on the use case.