1.2. SimpleSAMLphp som SP
This guide describes how to configure SimpleSAMLphp as a service provider (SP).
Configure SimpleSAMLphp
Change to the SimpleSAMLphp home directory
cd /var/simplesamlphp
Authsource
Edit config/authsources.php. Change 'privatekey', 'certificate' and the AttributeConsumingService configuration.
'certificate' => 'server.crt',
'privatekey' => 'server.key',
'name' => array(
'en' => 'FooBar',
'sv' => 'FooBar',
),
'attributes' => array(
'eduPersonPrincipalName' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',
'mail' => 'urn:oid:0.9.2342.19200300.100.1.3',
'givenName' => 'urn:oid:2.5.4.42',
'sn' => 'urn:oid:2.5.4.4',
'norEduOrgNIN' => 'urn:oid:1.3.6.1.4.1.2428.90.1.12',
'sisSchoolUnitCode' => 'urn:oid:1.2.752.194.10.2.4',
),
'attributes.required' => array (
'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',
'urn:oid:0.9.2342.19200300.100.1.3',
),
'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
Metadata
Get the metadata describing the SP. Change the hostnamn. --no-check-certificate is only needed if the HTTPS certificate is self-signed.
wget --no-check-certificate -O metadata-sp.xml https://myhost.example.com/simplesaml/module.php/saml/sp/metadata.php/default-sp
In the following metadata DiscoveryResponse (row 8), NameID (row 24, 25), Organisation and ContacPerson (row 42-73) have been added. NOTE: This is an example and can't be uploaded to the federation. Read more about how to publish metadata on the federation website.
A SAML Protected website
Create a PHP script that the web server can access.