When the user returns from the SAML gateway, shouldn't you be able to then verify that the user exists? From the authenticate method, you can also manipulate the response and send additional headers/abort the request. The digest/basic auth classes do this.
The original plan for authcomponent was to make extension easier for these types of uses. With offsite authentication methods, you obviously don't get as much benefit from AuthComponent, but it should at least be workable, and not fight against you as it did before. -Mark On Aug 25, 8:18 pm, Ben McClure <ben.mccl...@gmail.com> wrote: > I'm working on an Authentication module to work with the AuthComponent to > log users in via SimpleSAMPphp (single sign-on via SAML) > > I understand how to create auth modules and have created one named > SimpleSamlAuthenticate, but I am a bit stuck on implementing the > authenticate(CakeRequest $request, CakeResponse $response) function. > > The docs indicate the function should either return false if the user cannot > be identified, or a user array if they can. To actually initiate a > SimpleSAMLphp authentication, however, the SimpleSAML_Auth_Simple class gets > loaded and its requireAuth() or login() function gets called, which > redirects the user to the registered SAML Identity Provider where they > authenticate and are returned back to the application. > > This doesn't seem compatible with the AuthComponent... It seems like maybe > what I need to do is authenticate outside of the Auth component, and then > utilize the AuthComponent after authentication to verify that it succeeded > and that the user session is valid, but that seems to defeat most of the > purpose of the AuthComponent in general. > > But if so, would it make more sense for me to stop using the AuthComponent > entirely and create a new method component which ties SAML authentication > sessions in with one of the available Authorization modules? > > When I read about the AuthComponent changes in 2.0, I thought that maybe I > could finally utilize the CakePHP Auth component for something, but now I'm > not so sure :) > > Ben -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
