I'm building a SAAS web app in PHP that needs to integrate SSO. We'll have multiple client organizations, each that have their own Identity Provider (Active Directory). While researching possibilities, I came across SimpleSAMLphp, but I'm not sure it will fulfill my requirements and would like feedback on best approach for implementation. Seems like SAML or OAuth2 is the way to go, but I have limited experience in this area.
Need these abilities:
- Client Admins should be able to add and remove access to our app via AD.
- Authenticate user with their respective AD Server (flexibility for authenticating with others a big plus) - Other than depending on static IPs how can I know which Identity Provider to check?
- Users of organizations that do not have an Identity Provider should be able to login through the existing authentication method (hashed pass in mysql).
- We'll also have a hybrid mobile app (ios/android), developed on the IONIC framework, that will need to have SSO, wondering if I'd authenticate through REST API or how that process would work. Hoping for a solution that can accommodate both web app and the mobile app - if possible.
Additional info: I'm planning to host the PHP app on a CentOS server. We do have the capability of connecting a site-to-site VPN if required.