1. SimpleSAMLphp installation

1 Preparations
- 1.1 Upgrade Ubuntu
- 1.2 Install Apache and PHP
- 1.3 Disable Magic Quotes
- 1.4 Enabeling HTTPS
- 1.5 Apache alias
2 Install SimpleSAMLphp

This guide is an exempel on how to do a base installation of SimpleSAMLphp.

SimpleSAMLphp 1.16.1
Operating System Ubuntu server 16.04 LTS

Preparations

Upgrade Ubuntu

Upgrade installed packages.

sudo apt-get update && sudo apt-get -y upgrade
sudo reboot

Install Apache and PHP

Any webserver software that supports PHP should work.

sudo apt-get -y install apache2 php libapache2-mod-php php-mcrypt php-dom php-curl

Disable Magic Quotes

Edit /etc/php/7.0/apache2/php.ini and add the following.

; Magic quotes
;

; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off

; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off

Enabeling HTTPS

Redirect requests to HTTPS. Edit /etc/apache2/sites-enabled/000-default.conf in <VirtualHost *:80> add the following, change myhost.example.com to the FQDN of the server

NOTE: The self-signed (snakeoil) certificate from the ssl-cert package will be used. In production the certificate MUST be obtained from a CA

Apache alias

Add an alias for the SimplesSAMLphp location. Edit /etc/apache2/sites-available/default-ssl.conf in <VirtualHost _default_:443> add the folowing.

Restart Apache.

Install SimpleSAMLphp

Download and Extract SimpleSAMLphp

Create the directory and extract SimpleSAMLphp. The directory must be the directory configured in the Apache Virtual Host Alias directive.

Generate a Self Signed Certificate

Messages sent between an IdP and a SP can be both encrypted and signed. In order to be able to perform this there need to be a private key and a certificate containing the public key. The SAML profile SAML 2.0 Interoperability Deployment Profile refer to the profie SAML V2.0 Metadata Interoperability Profile Version 1.0. According to the profile, no verification of the certificates MUST occur. The only requirement is that the certificate contains a public key. Therefore, it is recommended to generate your own self-signed certificate.

Configure SimpleSAMLphp

Generate cryptographic salt to be used in the next step.

Edit config/config.php change the following. For the secretsalt value use the salt that was generated in the previous step. Change the auth.adminpassword value.