Edit /etc/php/7.0/apache2/php.ini and add the following.
; Magic quotes
; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off
; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off
; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off
Redirect requests to HTTPS. Edit /etc/apache2/sites-enabled/000-default.conf in <VirtualHost *:80> add the following, change myhost.example.com to the FQDN of the server
Messages sent between an IdP and a SP can be both encrypted and signed. In order to be able to perform this there need to be a private key and a certificate containing the public key. The SAML profile SAML 2.0 Interoperability Deployment Profile refer to the profie SAML V2.0 Metadata Interoperability Profile Version 1.0. According to the profile, no verification of the certificates MUST occur. The only requirement is that the certificate contains a public key. Therefore, it is recommended to generate your own self-signed certificate.