1.2. SimpleSAMLphp som SP



This guide describes how to configure SimpleSAMLphp as a service provider (SP).

Configure SimpleSAMLphp

Change to the SimpleSAMLphp home directory

cd /var/simplesamlphp

Authsource

Edit config/authsources.php. Change 'privatekey', 'certificate' and the AttributeConsumingService configuration.

'certificate' => 'server.crt', 'privatekey' => 'server.key', 'name' => array( 'en' => 'FooBar', 'sv' => 'FooBar', ), 'attributes' => array( 'eduPersonPrincipalName' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6', 'mail' => 'urn:oid:0.9.2342.19200300.100.1.3', 'givenName' => 'urn:oid:2.5.4.42', 'sn' => 'urn:oid:2.5.4.4', 'norEduOrgNIN' => 'urn:oid:1.3.6.1.4.1.2428.90.1.12', 'sisSchoolUnitCode' => 'urn:oid:1.2.752.194.10.2.4', ), 'attributes.required' => array ( 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6', 'urn:oid:0.9.2342.19200300.100.1.3', ), 'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',

Metadata

Get the metadata describing the SP. Change the hostnamn. --no-check-certificate is only needed if the HTTPS certificate is self-signed.

wget --no-check-certificate -O metadata-sp.xml https://myhost.example.com/simplesaml/module.php/saml/sp/metadata.php/default-sp





In the following metadata DiscoveryResponse (row 8), NameID (row 24, 25), Organisation and ContacPerson (row 42-73) have been added. NOTE: This is an example and can't be uploaded to the federation. Read more about how to publish metadata on the federation website.

A SAML Protected website

Create a PHP script that the web server can access.