1. SimpleSAMLphp installation
This guide is an exempel on how to do a base installation of SimpleSAMLphp.
SimpleSAMLphp
1.16.1
Operating System Ubuntu server 16.04 LTS
Preparations
Upgrade Ubuntu
Upgrade installed packages.
sudo apt-get update && sudo apt-get -y upgrade
sudo reboot
Install Apache and PHP
Any webserver software that supports PHP should work.
sudo apt-get -y install apache2 php libapache2-mod-php php-mcrypt php-dom php-curl
Disable Magic Quotes
Edit /etc/php/7.0/apache2/php.ini and add the following.
; Magic quotes
;
; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off
; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off
; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off
Enabeling HTTPS
Redirect requests to HTTPS. Edit /etc/apache2/sites-enabled/000-default.conf in <VirtualHost *:80> add the following, change myhost.example.com to the FQDN of the server
NOTE: The self-signed (snakeoil) certificate from the ssl-cert package will be used. In production the certificate MUST be obtained from a CA
Apache alias
Add an alias for the SimplesSAMLphp location. Edit /etc/apache2/sites-available/default-ssl.conf in <VirtualHost _default_:443> add the folowing.
Restart Apache.
Install SimpleSAMLphp
Download and Extract SimpleSAMLphp
Create the directory and extract SimpleSAMLphp. The directory must be the directory configured in the Apache Virtual Host Alias directive.
Generate a Self Signed Certificate
Messages sent between an IdP and a SP can be both encrypted and signed. In order to be able to perform this there need to be a private key and a certificate containing the public key. The SAML profile SAML 2.0 Interoperability Deployment Profile refer to the profie SAML V2.0 Metadata Interoperability Profile Version 1.0. According to the profile, no verification of the certificates MUST occur. The only requirement is that the certificate contains a public key. Therefore, it is recommended to generate your own self-signed certificate.
Configure SimpleSAMLphp
Generate cryptographic salt to be used in the next step.
Edit config/config.php change the following. For the secretsalt value use the salt that was generated in the previous step. Change the auth.adminpassword value.