1.1. SimpleSAMLphp IdP

This guide describes how to configure SimpleSAMLphp as an identity provider (IdP).

Configure SimpleSAMLphp



Enable the IdP

Change to the SimpleSAMLphp home directory

cd /var/simplesamlphp



Edit config/config.php change enable.saml20-idp to true.

'enable.saml20-idp' => true,

Configure the IdP

Change metadata/saml20-idp-hosted.php to the following.

$metadata['__DYNAMIC:1__'] = array( 'host' => '__DEFAULT__', 'auth' => 'example-userpass', 'privatekey' => 'server.key', 'certificate' => 'server.crt', 'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri', 'authproc' => array( 97 => array( 'class' => 'saml:AuthnContextClassRef', 'AuthnContextClassRef' => 'skolfederation.se-bas', ), 100 => array( 'class' => 'core:AttributeMap', 'name2oid' ), ), );

Enable the exampleauth module

To be able to test the installation there must exist some users. Enable the SimpleSAMLphp module exampleauth by creating the file enable in the exampleauth module directory.

Configure exampleauth

Edit the filen config/authsources.php change example-userpass to the following.

Metadata

Get the metadata describing the IdP. Change the hostnamn. --no-check-certificate is only needed if the HTTPS certificate is self-signed.





In the following metadata persistent NameID (row 24), organisation and ContacPerson (row 27-58) have been added. NOTE: This is an example and can't be uploaded to the federation. Read more about ow to publish metadata on the federation website.