1.2. SimpleSAMLphp som SP

1 Configure SimpleSAMLphp
2 Authsource
3 Metadata
4 A SAML Protected website

This guide describes how to configure SimpleSAMLphp as a service provider (SP).

Configure SimpleSAMLphp

Change to the SimpleSAMLphp home directory

cd /var/simplesamlphp

Authsource

Edit config/authsources.php. Change 'privatekey', 'certificate' and the AttributeConsumingService configuration.

'certificate' => 'server.crt',
'privatekey' => 'server.key',
'name' => array(
     'en' => 'FooBar',
     'sv' => 'FooBar',
  ),
'attributes' => array(
    'eduPersonPrincipalName' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',
    'mail' => 'urn:oid:0.9.2342.19200300.100.1.3',
    'givenName' => 'urn:oid:2.5.4.42',
    'sn' => 'urn:oid:2.5.4.4',
    'norEduOrgNIN' => 'urn:oid:1.3.6.1.4.1.2428.90.1.12',
    'sisSchoolUnitCode' => 'urn:oid:1.2.752.194.10.2.4',
),
'attributes.required' => array (
    'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',
    'urn:oid:0.9.2342.19200300.100.1.3',
),
'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',

Metadata

Get the metadata describing the SP. Change the hostnamn. --no-check-certificate is only needed if the HTTPS certificate is self-signed.

wget --no-check-certificate -O metadata-sp.xml https://myhost.example.com/simplesaml/module.php/saml/sp/metadata.php/default-sp

In the following metadata DiscoveryResponse (row 8), NameID (row 24, 25), Organisation and ContacPerson (row 42-73) have been added. NOTE: This is an example and can't be uploaded to the federation. Read more about how to publish metadata on the federation website.

A SAML Protected website

Create a PHP script that the web server can access.