Azure SAML 2.0 With PHP Login API | SimpleSAMLPhp | Login With Microsoft...

### Make sure to create index.php file inside your (renamed)folder. ###

index.php code :-

<?php
require_once 'lib/_autoload.php';
$as = new SimpleSAML_Auth_Simple('default-sp');
$as->requireAuth();

$attributes = $as->getAttributes();

echo '<pre>';
print_r($attributes);
echo '</pre>';

$url = $as->getLogoutURL();
echo '<a href="' . htmlspecialchars($url) . '">Logout</a>';

?>

------------------------------------
Please avoid or flag spams/hateful comments. And do not spam. Enjoy :)
------------------------------------------------

Azure Tutorial | Login Using Microsoft Azure Active Directory And PHP | Single Sign On ( SSO ):
https://youtu.be/IbJt7tr8kL0

Azure Link:
https://portal.azure.com/

SimpleSAMLphp Download Link:
https://simplesamlphp.org/

SimpleSAMLphp install documentation:
https://simplesamlphp.org/docs/stable/simplesamlphp-install

List Of Timezones:
https://www.php.net/manual/en/timezones.php

Index.php Code Link:


Subscribe my Channel:-
http://www.youtube.com/user/SanketRooney?sub_confirmation=1

Facebook Page:-
https://www.facebook.com/UnpossibleNS

Twitter Account:-
https://twitter.com/UnpossiblePOG

Blog :-
https://unpossiblepog.blogspot.in/
------------------------------------------------

Hey guys.
This tutorial is about about Microsoft Azure’s SAML coonection with PHP.
Previously I made tutorial about Azure’s Simple SSO. You can check that out if you want to.
The Objective of SAML and Simple SSO tutorial is the same, that is to login using Microsoft account. But there is a huge difference between the approaches and security they provide.
1st is, Simple Single Sign On (SSO) is just a procedure where you can perform login operation. But SAML is a language which has similar structure as XML. That XML then helps to generate a configuration. Developers had to store those configuration in code or in database so that user can login later. You will understand that at the end of tutorial.
2nd is, in Simple SSO, anyone with microsoft email account can perform login. But in SAML, you can decide who which user can login.
3rd is, In Simple SSO, you must have original microsoft email account like xyz@outlook.com, but in SAML you can create subdomain account. For example, if your email address is abc@outlook.com and if your friend “DEF” doesn’t have any email account, you can create his email as def@xyz.microsoft.com.
Which doesn’t exists as an email but can login in your web application. Here XYZ.microsoft.com becomes a subdomain for your friend’s id.

4th is You can use Simple SSO for public websites like e-commerce or social media to create account by adding a button as LOGIN WITH MICROSOFT ACCOUNT, but SAML is mostly used
for private access websites like any admin sites or management systems where logins need restrictions.

There are few requirements for SAML implementation
1. At least 1 microsoft email account.
2. LINUX or Windows Operating systems with XAMPP  installed. (Just for testing)
3. LINUX hosted live website with SSL implemented and with an access of CPANEL, WHM or FTP (eg filezilla).
4. Linux Operating system (with zip compressor) or Windows OS (with WinRAR, or 7zip),

Lets jump to PORTAL.AZURE.COM.
I am using trial version which is available for 14 days max.
Go to top menu, and select Azure Active Directory, this AZURE ACTIVE DIRECTORY is IdP, means Identity provider which authenticates if user has permission to access website or not.
Go to enterprise application and then new application.
If you are using trial version, you will see something like this but in pink color, which says something about create a trial version or something like that. I don’t know, Just click on it and you click on “skip for now”.
Then this type of page will appear.
Click on “Create your own application”, Give any name,  click on “Integrate any other”.
Then create it and wait for around 20 seconds, they will redirect you on configuration page automatically.
Now we shall create users with subdomains for your friends, colleagues or clients.
Go to top menu, Azure Active Directory, then users. Create new user.
Click on show password.
Save the user id & password somewhere else.
Click on create.
I shall create another one to demonstrate how the SAML authentication works.
Lets go to enterprise application by clicking on side-menu, Azure Active Directory.
Enterprise Apps.
Select then app we created from the list.
Click on Set UP SINGLE SIGN ON.
Select SAML.
Now I have one website with SSL enabled.
Copy that path, go back to azure site, click on edit button of BASIC SAML Configuration.
Paste the link in, Entity ID and reply URL.
Actually, I shall just rename entity id, because you can give any name if you want to.
Then save it.
Don’t test it now because more configuration is yet to perform.
Now click on SAML Signing Certificate edit button.
then New Certificate, make sure to have same configuration as I have for signing option and algorithm.
Save it.
Now refresh the page.
The certificate configuration is generated automatically.
Now you can test it using your own main account.
As you can see even I don’t have any access right now.
Also notice that, in URL there is SAML2 written, means the restriction is provided by SAML module.
For that i shall go to “users and groups”, then “add user”, select a user from list.
I shall add myself.
Then,  go to single sign on, and click on test, and click on “sign in as current user”.
As you can see, I successfully redirected after logged it.
Now I shall give access to steve rogers sub-user.
And lets see if he gets an access or not.
First I shall try tony stark who doesn’t have an access.
Click on “Sign in as someone else”.
But even then it gives me direct access to this site so click on “use a different account”.
They ask me to change password because we are using default password.
But still it will not redirect me.
Lets try using steve rogers account.
And you see, that it redirects me.
Now copy logout URL and paste it in URL browser to logout from any account.
Now lets jump to PHP code.
Go to google and search “simpleSAMLphp”
Go to website, click on download.
Make sure not to download from GITHUB as they don’t provide vendor folder which is required for login.
Download the latest version from top link which is has the extension of tar.gz which is compressed version like .rar or .zip file
Now go to “documentation”, and click on “Using SimpleSamlphp as SAML service provider”.
this is just a documentation although you should avoid it because it tells you to make virtual host on your computer which doesn’t help at all.
But if you are using LINUX OS, then execute this command in terminal.
Go to the folder where you downloaded it.
Go back and open that folder in terminal.
type tar then space, then xzf then space then type the filename. Hint,is just type first few letters of that downloaded file and press tab it will automatically paste it’s name.
Then we have to rename this file to any name by using MV command.
If you are using windows OS, then just extract that folder using winrar or 7zip and rename that folder to anything you want.
You can ignore the rest of the information.
I am using sublime text for text-editor. You can use notepad ++ or netbeans etc.
If you see inside it, there is a vendor folder which has libraries.
Open xampp and try to access the project using localhost.
As you can see there is an error, also notice that it automatically redirect so somewhere else.
Open the file config.php which is  inside config folder.
Re-write the baseurlpath.
First add the folder name that we renamed, in my case, it was unpossible_2, then www.
Save it.
Let’s again try to access website and you see that there is no error even when it auto-redirects.
Now we are ready to implement it on live server.
Compress this folder.
Upload it in live website via cpanel or you can upload whole folder through FTP without compressing it.
But will take a lot of time to upload file via FTP. Choice is yours.
After uploaded, extract that file.
Now lets go to azure website. and in application configuration, click on “edit button” of BASIC SAML config.
Now paste that extra path in reply url. which is your website, then your folder, then www.
Save it.
Then copy the whole URL.
Go inside that folder and open config folder.
Then open config.php.
Here paste that path we copied.
Scroll down, and add any timezone you prefer.
add any random password.
Save it.
Then lets access that URL.
And you will see that it redirects.
Click on configuration tab.
Everything is working.
Now go to cpanel, and open authsources.php file.
Now go to azure site and copy entity id.
Copy it and paste it in code.
Then copy azure AD identifier and paste it in Idp value.
Now lets refresh website.
Go to authentication tab, click on “test configured authentication sources”,then click on admin.
Type the password that we gave in config file.
Now again access www folder.
Go to federation tab.
Click on XML to SImpleSAMLPHP metadata converter.
Here you have to add xml file.
so go to azure site and save the xml file.
Browser that downloaded XML file and click on parse.
Now scroll down.
Here the provide you the PHP code and tell us to paste it in “samp20-idp-remote” file.
Copy this code
Go to cpanel.
Go inside metadata, and find the file “samp20-idp-remote” .
Open it.
and paste that code in this file. close php tag.
save it.
No again access www folder on browser.
Click on authentication tab.
Click on “test configured authentication sources”.
then default-sp.
You will be redirected to login.
Once logged in, you will see yours details like email ID, name etc.
And there is a logout button too.
Click on it to logout from current account.
Lets try that again using incorrect account.
Let try using correct account.
Now it is very lengthy to fetch out required info from Default user interface they provided.
So I made a manual code to directly get the file.
Link of that code is given in the description.
Add that in index file.
Also in azure configuration, change the reply url path, just remove /www.
Paste index.php file inside your folder.
Lets access that index.php file.
And you will see that code is now displaying that data in array.
You can get any data and push it in SESSION to maintain login.
Also there is a logout button at the bottom.

Don’t forget to like, share and subscribe.
Required links are given in the description.
Thanks for watching. 

Google API Update Alert 1 | Google Sheet And Google Calendar With PHP | ...

Download VENDOR Folder (Only for PHP version 7.2+): https://unpossiblepog.com/research-and-development/php/Vendor-Folder-For-Google-Sheet-Drive-Calendar-With-PHP-Version-7.2-And-Onward

Please avoid or flag spams/hateful comments. And do not spam. Enjoy :)
------------------------------------------------

Google Sheet API | Part 1 | Connect And Display Sheet Data Using PHP | Latest:
https://youtu.be/CI0xL93Xtpg

Google Sheet API | Part 2 | Create New Sheet | Add & Update Cell Values:
https://youtu.be/X9h47ht-NnY

Google Sheet API | Part 1 | Connect And Display Sheet Data Using PHP | Latest:
https://youtu.be/Q-498CAa1xE

Google Calendar API Tutorial #2 | Access Different Calendars Using PHP:
https://youtu.be/9FfWnfpx9Kw

Subscribe my Channel:-
http://www.youtube.com/user/SanketRooney?sub_confirmation=1

Facebook Page:-
https://www.facebook.com/UnpossibleNS

Twitter Account:-
https://twitter.com/UnpossiblePOG

Blog :-
https://unpossiblepog.blogspot.in/
------------------------------------------------

Hey guys.
Google recently added some extra steps, for security reasons, while we create credentials for developing APIs for PHP.
It is making direct impact on my 4 tutorials on GOOGLE APIs which are on google sheet and calendar so I had to make this video as soon as possible.
Plus the process has a huge bug. I shall tell you how to bypass that bug and make the code work.
In this case I am using google sheet, but steps are similar for google calendar too.
Here you will see that, I created a folder in HTDOCS of xampp.
If you go to quickstart, and click on enable API, there is an extra INPUT you have to do. For my 4 tutorials, you have to select “web server”, and give the path which is for security reason so that no other website will access same API and code.
I am using localhost just for testing, and folder name as “google_update”, make sure to have same folder on both sides, and I shall give the name as quickstart.php. You will see that quickstart file later.
Download the credentials.
Paste it in that newly created folder.
Open that folder in terminal.
execute the command they provided.
Once done, copy the php code, create a new file as quickstart.php in our folder. Paste the code.
Make changes as same as I do in that code.
In terminal, make sure you are in that folder, then execute this command.
When clicked on “ALLOW”, you will see a huge bug.
The output was supposed to be like this. but, they provide you verification code in URL.
This change was done by google in coronavirus quarantine so it is possible they they didn’t get time to test it.
I understand that they are human too, they will fix it.
If you observe, the process directly executed the file.
So just copy the verification code and paste it in terminal.
hit enter. And you will be connected with API.
Now what you can do is comment those lines and then execute file in browser.
You can execute it without any request variables.
Sometimes you get error like this for token.json which says “file_put_contents(token.json), permission deined”
So just go to it’s properties and make it executable for everyone by changing the permission.
Now you can continue watching my tutorials.
Don’t forget to like, share and subscribe.
Required links are given in the description.
Thanks for watching. 

Google Sheet API | Part 2 | Create New Sheet | Add & Update Cell Values

------------------------------------------------

Download VENDOR Folder (Only for PHP version 7.2+): https://unpossiblepog.com/research-and-development/php/Vendor-Folder-For-Google-Sheet-Drive-Calendar-With-PHP-Version-7.2-And-Onward

Hey guys, this is UNPOSSIBLE POG.
In previous part, we saw how to connect GOOGLE SHEET with PHP, and display data. If you haven’t watch that, then you can click on top corner or link is given in the description.
In this part, we shall learn how to create new spreadsheet and how to add & update data in it.
First of all, I shall get rid of those comments.
Then first we shall learn how to create new spreadsheet.
Go to the link that I provided in description, copy the code in PHP tab, comment previous display code, from below service variable up to bottom.
We shall paste it here.
Add any title you want.
And execute it.
It will respond with spreadsheet ID.
Lets go to google sheet’s home page, and you will find that spreadsheet.
Remember that newly created sheet always creates subsheet named “sheet1“ inside it by default.
I shall just delete it because I am not going to use it.
Next is to add & update data in out sheet.

We shall need spreadsheet ID and range.
Go to the description and click on "Add / Update spreadsheet values” link.
Skip that “Writing to single range”, because it is useless.

But before that, we shall append values, means add new rows in spreadsheet.
Copy the code, paste it after range.
Now I am going to add two new rows. So follow my format.
Notice that we are only adding 3 columns that is from A to C.
2 after A doesn’t matter right now.
And “VALUEINPUTOPTION” can have two values, either RAW or USER_ENTERED.
RAW means, the data goes as it is as you can see.
“USER_ENTERED” on the other hand performs operation before sending data to spreadsheet.
For examples, it can calculate the values.
As you can see, it showed addition.
But if you use RAW for same syntax, then it gives you an error, so keep a note.
Lets comment it.

We shall use spreadsheet ID & range again. But range now matters the most when it comes to update.
Lets try some data so that, spreadsheet will start updating from 6th row.
Updating data is vary risky so be careful while executing otherwise it can remove your important data.
Now we put 6 so that it will start operation from 6th row.
As you can see, data is replaced.
But what if we add row number which is empty?
It adds new rows in spreadsheet.
So that is it.
Don’t forget to like, share and subscribe.
Required links are given in the description.
Thanks for watching. 
Please avoid or flag spams/hateful comments. And do not spam. Enjoy :)
------------------------------------------------
How to connect with Google sheet and display data:-
https://youtu.be/CI0xL93Xtpg

Create new Spreadsheet:-
https://developers.google.com/sheets/api/guides/create

Add / Update spreadsheet values:-
https://developers.google.com/sheets/api/guides/values

Subscribe my Channel:-
http://www.youtube.com/user/SanketRooney?sub_confirmation=1

Facebook Page:-
https://www.facebook.com/UnpossibleNS

Twitter Account:-
https://twitter.com/UnpossiblePOG

Blog :-
https://unpossiblepog.blogspot.in/

MS Azure Tutorial | Login Using Microsoft Azure Active Directory And PHP...

Download Whole API with Composed Repository (Only for PHP v7.2 & Plus):- https://unpossiblepog.com/research-and-development/PHP/Magium-Active-Directory-With-VENDOR-For-Microsoft-Azure-SSO-Only-For-PHP-Version-7.2-And-Onward

Hey guys, this is UNPOSSIBLE POG.
In this video, I shall make a connection between microsoft azure and PHP, in short, an authentication using microsoft account through cloud service.
This service is one of the type of “Software as a service” that is SaaS.
As you know, microsoft Azure is a of the cloud-service provider where you can store your data, use it, execute it.
We are using AZURE to authenticate user’s account on their servers rather than our own server or computer.
What do I mean by that?
Suppose you have a website called www.xyz.com, than rather than creating your own login form, you can use microsoft’s login page. So what are the advantage?
Some of them are,
1, if you create your own login page, then it may have loopholes from where hackers can hack into your website. (Loophole maybe like sql injection, bruteforce login)
2, your code can validate email pattern but can not identify if they are real or not. For example if an intruder whats to access your service, then he can create add an email like random-person123@hammer.com which has same pattern as any email but may not exists in real world.
There are many more, but lets skip that for now.

There are 4 important requirements that you need to have.
1) Microsoft account (free trials / Purchased )
2) Should have a live website hosted on servers, with access of CPANEL, WHM or FTP (Filezilla)
3) Any SSL certificate should be installed on that domain. (HTTPS)
4) Linux Operating systems (Debian family) In your PC or LAPTOP with xampp installed in it (PHP version > 7 is recommended)

Lets get started.
Go to portal.azure.com
If you are using trial version, then click on “skip for now”
From top menu, click on “Azure active directory”
 Click on App registration.
Click on “New registration”
Type any random name that you want for application.
Make sure to select Multi tenant (tenant = users) with personal microsoft account.
Platform is optional.
Click on REGISTER.
Now scroll down,  and make select on “YES” on “Treat application as a public client”, and save it.
Then again, click on TOP MENU, “AZURE ACTIVE DIRECTORY”, then select the application we created.
Make sure to copy “APPLICATION (CLIENT) ID”, we need that later on.
Then click on “ADD a Redirect URI”.
You came back to same page of configuration.
Now click on “Add a platform”, and select “WEB”.
Now, I have one website with HTTPS enabled.
For now I shall use that link as redirect URL.
That UNPOSSIBLE_1 is just a folder that I am going to create later in my website, so don’t panic.
Make sure to tick “Access tokens” and “ID tokens”  checked, and click on configure.
You can also tick tokens configuration from here if you want to.
Now click on “Certificates and Secrets”,"New Client Secret”, add random description.
Click on “Add”.
Now make sure to copy this client for later use because next time when you come on same page, they won’t display you the secret value.
Lets again go to, top menu, Azure Active Directory, App registration, you can see that we have certificates ticked for our application.

Now lets jump to PHP.
I provided you the github link the the description.
Download ZIP,
Go to downloaded folder and paste it in HTDOCS folder of XAMPP.
I already downloaded it.
Extract it.
Now rename the extracted folder as the same name that we gave in the folder in my case its “UNPOSSIBLE_1”.
I am using sublime text for editor, but you can you anything like netbeans, notepad++ etc;
Notice that there is a folder called, “examples”, and inside it there is WWW, we are using this index.php as an executable program. So paste that path in redirect URL and save it.
In directories, go to HTDOCS and open your folder in terminal.
Now this is where things get tricky.

Open composer.json file inside your folder and copy those lines and paste it in require array of composer.json file.
Now here, type this.
In terminal type “sudo apt-get install composer” and enter your password.
I already installed composer.

Depending on your php version, type those commands, for CURL,
Sudo apt-get install php-curl
Oops, don’t forget to add SUDO before that command


Now run this command
“composer require, then name of library”
means “composer require  magium/active-directory”

You may see some problems like this, because there are many extension that may require for that JSON to run.
In simple words, currently we installed “php-curl”, which is one of the extension we needed.

You can paste those problems below in comment box, I shall try to find the solution to those problem. Most of the time, the problem could be the “mission extensions” in your system.
You can ignore this orange thing.
Now if you look inside program, there is a vendor folder which was generated by execute composer.json file.
Now we have to compress that file in ZIP only and upload it in LIVE WEBSITE using CPANEL, you can also you upload a whole folder via FTP, so that you don’t have to compress folder.(FTP takes more time to upload)
You will have to upload that zip file in public_html.
Once uploaded, go to file system, and extract that zip file.
Your folder will appear, now go inside that folder, then example, then the www.
Edit the index.php.
Add comma here.
HERE, have to add  new array key as ‘redirect_url’.
Add client ID, client secret, directory as common.

I made a mistake here, type “return_url” as a “key”.

Now, lets test it,  paste our link in browser’s URL.
You will be automatically redirected to Microsoft LOGIN.
Which means, that index.php file can be used as a login page for your web application.
You see that, they provide you some info about user, you can user’s email and name in PHP session  to maintain login and to create account.
Share it with your colleagues, friends, or employees to implement Microsoft azure authentication in your website.

Required links are given in the description.
Thanks for watching. 
Don’t forget to like, share and subscribe.
-------------------------------------------------------
Subscribe my Channel:-
http://www.youtube.com/user/SanketRooney?sub_confirmation=1

Facebook Page:-
https://www.facebook.com/UnpossibleNS

Twitter Account:-
https://twitter.com/UnpossiblePOG

Blog :-
https://unpossiblepog.blogspot.in/