1.1. SimpleSAMLphp IdP
This guide describes how to configure SimpleSAMLphp as an identity provider (IdP).
Configure SimpleSAMLphp
Enable the IdP
Change to the SimpleSAMLphp home directory
cd /var/simplesamlphp
Edit config/config.php change enable.saml20-idp to true.
'enable.saml20-idp' => true,
Configure the IdP
Change metadata/saml20-idp-hosted.php to the following.
$metadata['__DYNAMIC:1__'] = array(
'host' => '__DEFAULT__',
'auth' => 'example-userpass',
'privatekey' => 'server.key',
'certificate' => 'server.crt',
'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
'authproc' => array(
97 => array(
'class' => 'saml:AuthnContextClassRef',
'AuthnContextClassRef' => 'skolfederation.se-bas',
),
100 => array(
'class' => 'core:AttributeMap',
'name2oid'
),
),
);
Enable the exampleauth module
To be able to test the installation there must exist some users. Enable the SimpleSAMLphp module exampleauth
by creating the file enable in the exampleauth module directory.
Configure exampleauth
Edit the filen config/authsources.php change example-userpass to the following.
Metadata
Get the metadata describing the IdP. Change the hostnamn. --no-check-certificate is only needed if the HTTPS certificate is self-signed.
In the following metadata persistent NameID (row 24), organisation and ContacPerson (row 27-58) have been added. NOTE: This is an example and can't be uploaded to the federation. Read more about ow to publish metadata on the federation website.