Wrap Xojo web in PHP SAML/ADFS authentication through SimpleSAMLphp


I am currently using SAML 2.0 (via ADFS) for user authentication of my webserver against my corporate Azure AD domain. I use the excellent SimpleSAMLphp and it works well enough.

I would, if possible, try to keep using it. I’m wondering how I could wrap a Xojo Web application to require this authentication before allowing access.

Today I wrap the pages requiring access into an authentication routine that checks the ADFS and checks against local sessions saved in the server.

I’m not as familiar with the web application and how to run it. I’m thinking the web application could try to request authentication calling a server PHP page and redirect to the authentication page if the page doesn’t confirm the user is authenticated, and it would need to do this for every single call.

Have any of you done something like this? I tried looking for this but I only found ways to implement the authentication itself from scratch.

I recently needed to explore SAML and found that Xojo doesn’t have the required functionality for validating a SAML assertion. If you can get your PHP SAML script to validate the identity and talk to Xojo about it then you might be able to get it to work.

Alternatively you could drop SAML and switch to JWT, The chilkat plugin can handle the cryptography for validation. Unfortunately, I cannot share the code, but I can vouch for the success of JWT over SAML.

After spending the time neck deep in both technologies, I’ve discovered I prefer JWT over SAML by far. https://jwt.io

I know I would like JWT over SAML. I just don’t have the luxury of choosing. SAML is the only approved auth the company allows me to use for an external tool :frowning:

Thanks for the reply. It matches what I’d found. I’ll look into having simplesamlphp validate and have Xojo use that to decide if it shoudl serve or not.