Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 35 Current »


This guide describes how to configure SimpleSAMLphp as a service provider (SP).

Configure SimpleSAMLphp

Change to the SimpleSAMLphp home directory

cd /var/simplesamlphp

Authsource

Edit config/authsources.php. Change 'privatekey', 'certificate' and the AttributeConsumingService configuration. 

'certificate' => 'server.crt',
'privatekey' => 'server.key',
'name' => array(
     'en' => 'FooBar',
     'sv' => 'FooBar',
  ),
'attributes' => array(
    'eduPersonPrincipalName' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',
    'mail' => 'urn:oid:0.9.2342.19200300.100.1.3',
    'givenName' => 'urn:oid:2.5.4.42',
    'sn' => 'urn:oid:2.5.4.4',
    'norEduOrgNIN' => 'urn:oid:1.3.6.1.4.1.2428.90.1.12',
    'sisSchoolUnitCode' => 'urn:oid:1.2.752.194.10.2.4',
),
'attributes.required' => array (
    'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',
    'urn:oid:0.9.2342.19200300.100.1.3',
),

Metadata

Get the metadata describing the SP. Change the hostnamn. --no-check-certificate is only needed if the HTTPS certificate is self-signed.

wget --no-check-certificate -O metadata-sp.xml https://myhost.example.com/simplesaml/module.php/saml/sp/metadata.php/default-sp


<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://myhost.example.com/simplesaml/module.php/saml/sp/metadata.php/default-sp" ID="pfxf2a19aa6-3e7a-c207-e204-dadb7f60f06d"><ds:Signature>
  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <ds:Reference URI="#pfxf2a19aa6-3e7a-c207-e204-dadb7f60f06d"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>5e1aPfjVtC1Tfd6oZuXcST9gPZE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>oLGrNErO4FgoPMFTuMTPN6AC6geTEIjvR23HJQoZIJFg5pJxbpzrSezvaZJvX0mhic3KLgKD/kTXU35+JrxAht5WlFBPNsbRjZYjwgRuqD4ixN9qbckeoSGwSZP6igNA3WF1x87umhqUjiNi2+y3bE2IlFTs4C6EbBtqbxNWbj/fXxEbUeKFmX8dmHlNGez3ENaT/IAce84kTsRr13L+I+pKHrgKXRq5Dfitj5hV+HS92FiNcVZSQqyMWaA8/9lt5JTCFR+zY3z53WH4uyl0pqyL5uSGjlwtzmJw//GFZQw4dwXDevKTiEXW1fyd3eqQ7b1eRhP3qSpj4IX6q+EPFg==</ds:SignatureValue>
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDYTCCAkmgAwIBAgIJAMXIIbRdVsS8MA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDAeFw0xNTAyMDYxNDU0MDlaFw0yMDAyMDYxNDU0MDlaMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLTkRr8MNJTgstjgiR7i2JGTigMFs8Eo6ZV6lx9OTjvBfIWHUoYFyEz1DfcCVhRzgqGzkcixYR/akLU1yNgANSJXtnYIqx7EcMFpjSSst/Sys93svSbtknIxT6GuQYaRtqKVBx9t+uChRPbeMSAq51dgEC/P6w1tl2SmNqV1JTH3LgldcidUHbWB3p+2VaUyev1H+GcDH/PBMmEzPmuIgQtKdMe7WtfTHdx6fm8KN71UOquhHhoJhaMcOTqXIjAS+6HUaV69+CRMgZDzCla2NnP9PtBSgdfNneSTkCgdQN/4TzbtZ1Jjhfp4Owd5gMcx1UhKXPD8hNxEIHnzbA4ee8CAwEAAaNQME4wHQYDVR0OBBYEFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMB8GA1UdIwQYMBaAFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALqoR3hnFmBK4wHCgOTKTCUeqnAYq0g/3gMB+NGJ4qvTPeVB9L3aJWI+jPLxekEt/2dYrrA1ZeOfE90ylxoHBAVvOB7JEsiVNbPSAroUlz1Sx9WzPzYjnu8+u6MldzgMX2jGR9eWKvPdPOrz7HJZF+XuC/iUTeXkUl6grKlFU17/Cud9AGPs3J1dV6YHrbbnlIbmosMTgM+wG1iBrYN4i/E06CkjLEaNVfhelho7CcSRXnDDbBsExzqeRKau+ny6ozoz+57CtEgbfC99qD62eTgbN3q39O7rFNmMeKPBoMeALDJWlQuHsFoOgmtIXaD7l31vv2moWycHn4Z8nTvcIG8=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIDYTCCAkmgAwIBAgIJAMXIIbRdVsS8MA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDAeFw0xNTAyMDYxNDU0MDlaFw0yMDAyMDYxNDU0MDlaMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLTkRr8MNJTgstjgiR7i2JGTigMFs8Eo6ZV6lx9OTjvBfIWHUoYFyEz1DfcCVhRzgqGzkcixYR/akLU1yNgANSJXtnYIqx7EcMFpjSSst/Sys93svSbtknIxT6GuQYaRtqKVBx9t+uChRPbeMSAq51dgEC/P6w1tl2SmNqV1JTH3LgldcidUHbWB3p+2VaUyev1H+GcDH/PBMmEzPmuIgQtKdMe7WtfTHdx6fm8KN71UOquhHhoJhaMcOTqXIjAS+6HUaV69+CRMgZDzCla2NnP9PtBSgdfNneSTkCgdQN/4TzbtZ1Jjhfp4Owd5gMcx1UhKXPD8hNxEIHnzbA4ee8CAwEAAaNQME4wHQYDVR0OBBYEFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMB8GA1UdIwQYMBaAFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALqoR3hnFmBK4wHCgOTKTCUeqnAYq0g/3gMB+NGJ4qvTPeVB9L3aJWI+jPLxekEt/2dYrrA1ZeOfE90ylxoHBAVvOB7JEsiVNbPSAroUlz1Sx9WzPzYjnu8+u6MldzgMX2jGR9eWKvPdPOrz7HJZF+XuC/iUTeXkUl6grKlFU17/Cud9AGPs3J1dV6YHrbbnlIbmosMTgM+wG1iBrYN4i/E06CkjLEaNVfhelho7CcSRXnDDbBsExzqeRKau+ny6ozoz+57CtEgbfC99qD62eTgbN3q39O7rFNmMeKPBoMeALDJWlQuHsFoOgmtIXaD7l31vv2moWycHn4Z8nTvcIG8=</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:KeyDescriptor use="encryption">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIDYTCCAkmgAwIBAgIJAMXIIbRdVsS8MA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDAeFw0xNTAyMDYxNDU0MDlaFw0yMDAyMDYxNDU0MDlaMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLTkRr8MNJTgstjgiR7i2JGTigMFs8Eo6ZV6lx9OTjvBfIWHUoYFyEz1DfcCVhRzgqGzkcixYR/akLU1yNgANSJXtnYIqx7EcMFpjSSst/Sys93svSbtknIxT6GuQYaRtqKVBx9t+uChRPbeMSAq51dgEC/P6w1tl2SmNqV1JTH3LgldcidUHbWB3p+2VaUyev1H+GcDH/PBMmEzPmuIgQtKdMe7WtfTHdx6fm8KN71UOquhHhoJhaMcOTqXIjAS+6HUaV69+CRMgZDzCla2NnP9PtBSgdfNneSTkCgdQN/4TzbtZ1Jjhfp4Owd5gMcx1UhKXPD8hNxEIHnzbA4ee8CAwEAAaNQME4wHQYDVR0OBBYEFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMB8GA1UdIwQYMBaAFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALqoR3hnFmBK4wHCgOTKTCUeqnAYq0g/3gMB+NGJ4qvTPeVB9L3aJWI+jPLxekEt/2dYrrA1ZeOfE90ylxoHBAVvOB7JEsiVNbPSAroUlz1Sx9WzPzYjnu8+u6MldzgMX2jGR9eWKvPdPOrz7HJZF+XuC/iUTeXkUl6grKlFU17/Cud9AGPs3J1dV6YHrbbnlIbmosMTgM+wG1iBrYN4i/E06CkjLEaNVfhelho7CcSRXnDDbBsExzqeRKau+ny6ozoz+57CtEgbfC99qD62eTgbN3q39O7rFNmMeKPBoMeALDJWlQuHsFoOgmtIXaD7l31vv2moWycHn4Z8nTvcIG8=</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://myhost.example.com/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://myhost.example.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp" index="0"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://myhost.example.com/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp" index="1"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://myhost.example.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp" index="2"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://myhost.example.com/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp/artifact" index="3"/>
  </md:SPSSODescriptor>
</md:EntityDescriptor>


In the following metadata DiscoveryResponse (row 8), NameID (row 24, 25), Organisation and ContacPerson (row 42-73) have been added. NOTE: This is an example and can't be uploaded to the federation. Read more about how to publish metadata on the federation website.

<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://myhost.example.com/simplesaml/module.php/saml/sp/metadata.php/default-sp" ID="pfxf2a19aa6-3e7a-c207-e204-dadb7f60f06d"><ds:Signature>
  <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <ds:Reference URI="#pfxf2a19aa6-3e7a-c207-e204-dadb7f60f06d"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>5e1aPfjVtC1Tfd6oZuXcST9gPZE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>oLGrNErO4FgoPMFTuMTPN6AC6geTEIjvR23HJQoZIJFg5pJxbpzrSezvaZJvX0mhic3KLgKD/kTXU35+JrxAht5WlFBPNsbRjZYjwgRuqD4ixN9qbckeoSGwSZP6igNA3WF1x87umhqUjiNi2+y3bE2IlFTs4C6EbBtqbxNWbj/fXxEbUeKFmX8dmHlNGez3ENaT/IAce84kTsRr13L+I+pKHrgKXRq5Dfitj5hV+HS92FiNcVZSQqyMWaA8/9lt5JTCFR+zY3z53WH4uyl0pqyL5uSGjlwtzmJw//GFZQw4dwXDevKTiEXW1fyd3eqQ7b1eRhP3qSpj4IX6q+EPFg==</ds:SignatureValue>
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDYTCCAkmgAwIBAgIJAMXIIbRdVsS8MA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDAeFw0xNTAyMDYxNDU0MDlaFw0yMDAyMDYxNDU0MDlaMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLTkRr8MNJTgstjgiR7i2JGTigMFs8Eo6ZV6lx9OTjvBfIWHUoYFyEz1DfcCVhRzgqGzkcixYR/akLU1yNgANSJXtnYIqx7EcMFpjSSst/Sys93svSbtknIxT6GuQYaRtqKVBx9t+uChRPbeMSAq51dgEC/P6w1tl2SmNqV1JTH3LgldcidUHbWB3p+2VaUyev1H+GcDH/PBMmEzPmuIgQtKdMe7WtfTHdx6fm8KN71UOquhHhoJhaMcOTqXIjAS+6HUaV69+CRMgZDzCla2NnP9PtBSgdfNneSTkCgdQN/4TzbtZ1Jjhfp4Owd5gMcx1UhKXPD8hNxEIHnzbA4ee8CAwEAAaNQME4wHQYDVR0OBBYEFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMB8GA1UdIwQYMBaAFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALqoR3hnFmBK4wHCgOTKTCUeqnAYq0g/3gMB+NGJ4qvTPeVB9L3aJWI+jPLxekEt/2dYrrA1ZeOfE90ylxoHBAVvOB7JEsiVNbPSAroUlz1Sx9WzPzYjnu8+u6MldzgMX2jGR9eWKvPdPOrz7HJZF+XuC/iUTeXkUl6grKlFU17/Cud9AGPs3J1dV6YHrbbnlIbmosMTgM+wG1iBrYN4i/E06CkjLEaNVfhelho7CcSRXnDDbBsExzqeRKau+ny6ozoz+57CtEgbfC99qD62eTgbN3q39O7rFNmMeKPBoMeALDJWlQuHsFoOgmtIXaD7l31vv2moWycHn4Z8nTvcIG8=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
  <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
    <md:Extensions><idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" index="1" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://myhost.example.com/simplesaml/module.php/saml/sp/discoresp.php"/></md:Extensions>
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIDYTCCAkmgAwIBAgIJAMXIIbRdVsS8MA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDAeFw0xNTAyMDYxNDU0MDlaFw0yMDAyMDYxNDU0MDlaMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLTkRr8MNJTgstjgiR7i2JGTigMFs8Eo6ZV6lx9OTjvBfIWHUoYFyEz1DfcCVhRzgqGzkcixYR/akLU1yNgANSJXtnYIqx7EcMFpjSSst/Sys93svSbtknIxT6GuQYaRtqKVBx9t+uChRPbeMSAq51dgEC/P6w1tl2SmNqV1JTH3LgldcidUHbWB3p+2VaUyev1H+GcDH/PBMmEzPmuIgQtKdMe7WtfTHdx6fm8KN71UOquhHhoJhaMcOTqXIjAS+6HUaV69+CRMgZDzCla2NnP9PtBSgdfNneSTkCgdQN/4TzbtZ1Jjhfp4Owd5gMcx1UhKXPD8hNxEIHnzbA4ee8CAwEAAaNQME4wHQYDVR0OBBYEFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMB8GA1UdIwQYMBaAFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALqoR3hnFmBK4wHCgOTKTCUeqnAYq0g/3gMB+NGJ4qvTPeVB9L3aJWI+jPLxekEt/2dYrrA1ZeOfE90ylxoHBAVvOB7JEsiVNbPSAroUlz1Sx9WzPzYjnu8+u6MldzgMX2jGR9eWKvPdPOrz7HJZF+XuC/iUTeXkUl6grKlFU17/Cud9AGPs3J1dV6YHrbbnlIbmosMTgM+wG1iBrYN4i/E06CkjLEaNVfhelho7CcSRXnDDbBsExzqeRKau+ny6ozoz+57CtEgbfC99qD62eTgbN3q39O7rFNmMeKPBoMeALDJWlQuHsFoOgmtIXaD7l31vv2moWycHn4Z8nTvcIG8=</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:KeyDescriptor use="encryption">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIDYTCCAkmgAwIBAgIJAMXIIbRdVsS8MA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDAeFw0xNTAyMDYxNDU0MDlaFw0yMDAyMDYxNDU0MDlaMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLTkRr8MNJTgstjgiR7i2JGTigMFs8Eo6ZV6lx9OTjvBfIWHUoYFyEz1DfcCVhRzgqGzkcixYR/akLU1yNgANSJXtnYIqx7EcMFpjSSst/Sys93svSbtknIxT6GuQYaRtqKVBx9t+uChRPbeMSAq51dgEC/P6w1tl2SmNqV1JTH3LgldcidUHbWB3p+2VaUyev1H+GcDH/PBMmEzPmuIgQtKdMe7WtfTHdx6fm8KN71UOquhHhoJhaMcOTqXIjAS+6HUaV69+CRMgZDzCla2NnP9PtBSgdfNneSTkCgdQN/4TzbtZ1Jjhfp4Owd5gMcx1UhKXPD8hNxEIHnzbA4ee8CAwEAAaNQME4wHQYDVR0OBBYEFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMB8GA1UdIwQYMBaAFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALqoR3hnFmBK4wHCgOTKTCUeqnAYq0g/3gMB+NGJ4qvTPeVB9L3aJWI+jPLxekEt/2dYrrA1ZeOfE90ylxoHBAVvOB7JEsiVNbPSAroUlz1Sx9WzPzYjnu8+u6MldzgMX2jGR9eWKvPdPOrz7HJZF+XuC/iUTeXkUl6grKlFU17/Cud9AGPs3J1dV6YHrbbnlIbmosMTgM+wG1iBrYN4i/E06CkjLEaNVfhelho7CcSRXnDDbBsExzqeRKau+ny6ozoz+57CtEgbfC99qD62eTgbN3q39O7rFNmMeKPBoMeALDJWlQuHsFoOgmtIXaD7l31vv2moWycHn4Z8nTvcIG8=</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://myhost.example.com/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp"/>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://myhost.example.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp" index="0"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://myhost.example.com/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp" index="1"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://myhost.example.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp" index="2"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://myhost.example.com/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp/artifact" index="3"/>
    <md:AttributeConsumingService index="1">
      <md:ServiceName xml:lang="en">FooBar DNP</md:ServiceName>
      <md:ServiceName xml:lang="sv">FooBar DNP</md:ServiceName>
      <md:RequestedAttribute FriendlyName="sisSchoolUnitCode" Name="urn:oid:1.2.752.194.10.2.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
      <md:RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
      <md:RequestedAttribute FriendlyName="givenName" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
      <md:RequestedAttribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
      <md:RequestedAttribute FriendlyName="displayName" Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
      <md:RequestedAttribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
      <md:RequestedAttribute FriendlyName="norEduOrgNIN" Name="urn:oid:1.3.6.1.4.1.2428.90.1.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
    </md:AttributeConsumingService>
  </md:SPSSODescriptor>
  <md:Organization>
    <md:OrganizationName xml:lang="en">Example organization</md:OrganizationName>
    <md:OrganizationName xml:lang="sv">Exempel organisation</md:OrganizationName>
    <md:OrganizationDisplayName xml:lang="en">Example organization</md:OrganizationDisplayName>
    <md:OrganizationDisplayName xml:lang="sv">Exempel organisation</md:OrganizationDisplayName>
    <md:OrganizationURL xml:lang="en">www.example.com</md:OrganizationURL>
    <md:OrganizationURL xml:lang="sv">www.example.com</md:OrganizationURL>
  </md:Organization>
  <md:ContactPerson contactType="technical" xml:lang="sv">
    <md:GivenName>Kalle</md:GivenName>
    <md:SurName>Andersson</md:SurName>
    <md:EmailAddress>kalle.andersson@example.com</md:EmailAddress>
    <md:TelephoneNumber>+468123456</md:TelephoneNumber>
  </md:ContactPerson>
  <md:ContactPerson contactType="technical" xml:lang="en">
    <md:GivenName>Kalle</md:GivenName>
    <md:SurName>Andersson</md:SurName>
    <md:EmailAddress>kalle.andersson@example.com</md:EmailAddress>
    <md:TelephoneNumber>+468123456</md:TelephoneNumber>
  </md:ContactPerson>
  <md:ContactPerson contactType="support" xml:lang="sv">
    <md:GivenName>Kalle</md:GivenName>
    <md:SurName>Andersson</md:SurName>
    <md:EmailAddress>kalle.andersson@example.com</md:EmailAddress>
    <md:TelephoneNumber>+468123456</md:TelephoneNumber>
  </md:ContactPerson>
  <md:ContactPerson contactType="support" xml:lang="en">
    <md:GivenName>Kalle</md:GivenName>
    <md:SurName>Andersson</md:SurName>
    <md:EmailAddress>kalle.andersson@example.com</md:EmailAddress>
    <md:TelephoneNumber>+468123456</md:TelephoneNumber>
  </md:ContactPerson>
</md:EntityDescriptor>

A SAML Protected website

Create a PHP script that the web server can access.

<?php
    //Load SimpleSAMLphp.
    require_once('/var/simplesamlphp/lib/_autoload.php');

    //Initiate a SimpleSAML_Auth_Simple object.
    $as = new SimpleSAML_Auth_Simple('default-sp');

    //If the user is not authenticated, authenticate the user
    $as->requireAuth();

    //Get the users attributes and print them.
    $attributes = $as->getAttributes();
    print_r($attributes);

	//Output the attributes to a file
    $myFile = "/tmp/attributes.log";
    $fh = fopen($myFile, 'a') or die("can't open file");
    $stringData = print_r($attributes, true);
    fwrite($fh, $stringData);
    fclose($fh);

	//Displays a Login and Logout link
    $url_in = $as->getLoginURL();
    $url_out = $as->getLogoutURL();
    print('<br><a href="' . htmlspecialchars($url_in) . '">Login</a>');
    print('<br><a href="' . htmlspecialchars($url_out) . '">Logout</a><br>');

	//If using PHP sessions in SimpleSAMLphp cleanup the SimpleSAMLphp session to be able to use $_SESSION
    $session = SimpleSAML_Session::getSessionFromRequest();
    $session->cleanup();
     
    //Display PHP information
    phpinfo()
?>
</body>
</html>


  • No labels