Source Code Examples
Downloads
- PHP Source Code
- JSP Source Code
- Perl/CGI Source Code
- SAML Sample
- myOneLogin API WSDL
- validateSaml API WSDL
Documentation (HTML)
Documentation (PDF)
The 10 minute guide to SAML federation
Federation and single-sign-on doesn't have to be complex. This 10 minute guide will walk through the simplest user-case of utilizing myOneLogin to SAML enable your application. For more details of this scenario, click here for a practical example.
Objective
After authentication or as part of single-sign-on from existing active session, myOneLogin can generate a SAML assertion that your application can trust. Validating this assertion on the receiving end can be done by implementing a call to a web service provided by myOneLogin. This guide will show you in detail, how myOneLogin will generate this assertion, and how you can use the exposed web service to consume it.
Workflow
The following diagram shows the steps involved in a simple scenario, where the users' credentials (passwords) are managed by the myOneLogin system. This may not be the case in your production setup, and although it's possible to keep your user credentials in your current repository of choice, this workflow will give you a quick idea of how simple it is to integrate with myOneLogin.
- Access myOneLogin with a request to generate an assertion and redirect to your protected web page.
- myOneLogin generates a SAML assertion, and redirects the browser to your protected web page along with the assertion.
- Your protected web page takes the SAML assertion, and initiates a web service call to validate the given assertion.
- Your protected page can trust the result of the web service call, and consider the session authenticated if validation succeeded.
Following the workflow described above, this is the detailed description of the test. If you have signed up for an account with myOneLogin, you can use your own organization name. If you do not have a myOneLogin account, you can sign up for one in the public test organization https://developer.myonelogin.com/.
When going through the example below, replace <COMPANYNAME> with the organization name used when signing up for an account with myOneLogin. For testing purposes, the company name developer can be used.
Similarly, <COMPANYWEBSITE> indicates the hostname of the server where you are hosting the SAML validating target page.
1) Access myOneLogin with a request for redirect
https://<COMPANYNAME>.myonelogin.com/SAAS/API/1.0/GET/redirect? successRedirect=https://<COMPANYWEBSITE>/samlReceiver.phpThis link will take you to the <COMPANYNAME> organization of myOneLogin for authentication.
Note: you could also use a POST, in which case the API path is /SAAS/API/1.0/POST/login.
2) Redirect to your own SAML enabled page
https://<COMPANYWEBSITE>/samlReceiver.phpModify the link in step 1 to redirect the SAML to a page under your control. After successful authentication with myOneLogin, you will land on this page, defined by the parameter named successRedirect in step one above. samlReceiver.php is just a suggested name for this example, the fully qualified url to your SAML enabled page should be entered.
3) SAML enable your landing page
https://<COMPANYNAME>.myonelogin.com/SAAS/API/1.0/SOA/validateSaml?wsdlFor PHP, you can use our example of SAML validation through a web service call that is included in this document. The method you need to call is named validate and the two parameters are samlResponse and recipientName. See API documentation for more details.