KNF:SimpleSAMLphp-sp/en: verschil tussen versies

Uit Kennisnet Developers Documentatie
Naar navigatie springen Naar zoeken springen
k (add cat and title)
Geen bewerkingssamenvatting
 
(31 tussenliggende versies door 4 gebruikers niet weergegeven)
Regel 1: Regel 1:
{{PageTitleCustom|title=SimpleSAMLphp-sp|name=Kennisnet Federation|image=true|imageurl=KNF:Hoofdpagina/en}}
{{PageTitleCustom|title=Installing SimpleSAMLphp as a Service Provider|name=Entree Federation|image=false|imageurl=Hoofdpagina}}
<br/>
__TOC__


==Step 1: Installation==
Installation of SimplSAMLphp can be achieved by following the guides at the SimpleSAMLphp website:
# [http://simplesamlphp.org/docs/stable/simplesamlphp-install Installation documentation SimpleSAMLphp]
# [http://simplesamlphp.org/docs/stable/simplesamlphp-sp Quickstart document SimpleSAMLphp]


===Installation===
==Step 2: Configuration==
The Entree Federation requires a couple of specific configurations within SimpleSAMLphp.<br/>


*[http://simplesamlphp.org/docs/stable/simplesamlphp-install Installation documentation SimpleSAMLphp]
=== Editing authsources.php===
*[http://simplesamlphp.org/docs/stable/simplesamlphp-sp Quickstart document SimpleSAMLphp]
'''NOTE!''' The following example code exists of additions or changes. The php tags are not included.<br/>
 
The changes are described in the comments.
===Configuration===
The Kennisnet Federation requires a couple of specific configurations within SimpleSAMLphp.<br/>
'''NOTE''' The following examples are additions or changes to the original. The php tags are not included.
 
====authsources.php====
<syntaxhighlight lang="php">
<syntaxhighlight lang="php">
     'default-sp' => array(
     'default-sp' => array(
Regel 23: Regel 25:
         'certificate' => 'saml.crt',
         'certificate' => 'saml.crt',


         // Changing the standard menu for Identity Providers to the Kennisnet Federation menu
         // Changing the standard menu for Identity Providers to the Entree Federation menu
         // NOTE: The configuration below is set for the Entree staging environment. When going live the value should be changed to aselect.entree.kennisnet.nl
         // NOTE: The configuration below is set for the Entree staging environment. When going live the value should be changed to https://engine.entree.kennisnet.nl/authentication/idp/metadata
         'idp' => 'aselect-s.entree.kennisnet.nl',
         'idp' => 'https://engine.entree-s.kennisnet.nl/authentication/idp/metadata',  // staging/test url
        // 'idp' => 'https://engine.entree.kennisnet.nl/authentication/idp/metadata', // production url


         // Changing the Kennisnet Federation attribute formats
         // Setting the identifier format for the subject of the authentication
         'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
         'NameIDPolicy' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
         'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified',
         'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified',


         // Optional configuration to enable pre-login which than can be called by the Identity provider
         // Optional configuration to enable pre-login which than can be called by the Identity provider
Regel 37: Regel 40:
</syntaxhighlight>
</syntaxhighlight>


====config.php====
{{Warn|From SimpleSAMLphp version 1.15 onwards 'NameIDFormat' has been replaced by 'NameIDPolicy'. The use of 'NameIDFormat' is no longer supported.}}
 
'''NOTE!''' Entree Federation refreshes the metadata every 4 hours. However a change in the entityID will not automatically be processed. Contact our servicedesk at https://support.kennisnet.org/ when you want to change your entityID.
 
=== Editing config.php===
'''NOTE!''' The following example code exists of additions or changes. The php tags are not included.<br/>
The changes are described in the comments.
<syntaxhighlight lang="php">
<syntaxhighlight lang="php">
         // The path through which simpleSAMLphp is available. This should match with the Alias location in the webserver configuration
         // The path through which simpleSAMLphp is available. This should match with the alias location in the webserver configuration
         'baseurlpath'          => 'simplesaml/',
         'baseurlpath'          => 'simplesaml/',


Regel 46: Regel 55:


         // Insert your own contact information
         // Insert your own contact information
         'technicalcontact_name'    => 'Servicedesk Kennisnet',
         'technicalcontact_name'    => 'Technical contact',
         'technicalcontact_email'    => 'servicedesk@kennisnet.nl',
         'technicalcontact_email'    => 'na@example.org',
</syntaxhighlight>
</syntaxhighlight>


====metadata/saml20-idp-remote.php====
<!-- ====metadata/saml20-idp-remote.php====
<syntaxhighlight lang="php">
<syntaxhighlight lang="php">
// Add the metadata of the Kennisnet Federation environment
// Add the metadata of the Entree Federation environment


// Production Kennisnet Federation
// Production Entree Federation
$metadata['aselect.entree.kennisnet.nl'] = array (
$metadata['https://engine.entree.kennisnet.nl/authentication/idp/metadata'] = array (
   'entityid' => 'aselect.entree.kennisnet.nl',
   'entityid' => 'https://engine.entree.kennisnet.nl/authentication/idp/metadata',
   'name' =>
   'name' =>  
   array (
   array (
     'en' => 'Stichting Kennisnet',
     'en' => 'Stichting Kennisnet',
   ),
   ),
   'description' =>
   'description' =>  
   array (
   array (
     'en' => 'skn',
     'en' => 'skn',
   ),
   ),
   'OrganizationName' =>
   'OrganizationName' =>  
   array (
   array (
     'en' => 'skn',
     'en' => 'skn',
   ),
   ),
   'OrganizationDisplayName' =>
   'OrganizationDisplayName' =>  
   array (
   array (
     'en' => 'Stichting Kennisnet',
     'en' => 'Stichting Kennisnet',
   ),
   ),
   'url' =>
   'url' =>  
   array (
   array (
     'en' => 'http://www.kennisnetfederatie.nl',
     'en' => 'http://www.kennisnetfederatie.nl',
   ),
   ),
   'OrganizationURL' =>
   'OrganizationURL' =>  
   array (
   array (
     'en' => 'http://www.kennisnetfederatie.nl',
     'en' => 'http://www.kennisnetfederatie.nl',
  ),
  'contacts' =>
  array (
    0 =>
    array (
      'contactType' => 'administrative',
      'company' => 'Stichting Kennisnet',
      'emailAddress' =>
      array (
        0 => 'entree@kennisnet.nl',
      ),
      'telephoneNumber' =>
      array (
        0 => '0800-KENNISNET (0800-536 647 638)',
      ),
    ),
   ),
   ),
   'metadata-set' => 'saml20-idp-remote',
   'metadata-set' => 'saml20-idp-remote',
   'redirect.sign' => true,
   'redirect.sign' => true,
   'SingleSignOnService' =>
   'SingleSignOnService' =>  
   array (
   array (
     0 =>
     0 =>  
     array (
     array (
       'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
       'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
       'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
       'Location' => 'https://engine.entree.kennisnet.nl/authentication/idp/single-sign-on',
     ),
     ),
     1 =>
     1 =>  
     array (
     array (
       'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
       'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
       'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
       'Location' => 'https://engine.entree.kennisnet.nl/authentication/idp/single-sign-on',
     ),
     ),
     2 =>
     2 =>  
     array (
     array (
       'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
       'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
       'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
       'Location' => 'https://engine.entree.kennisnet.nl/authentication/idp/single-sign-on',
     ),
     ),
   ),
   ),
   'SingleLogoutService' =>
   'SingleLogoutService' =>  
   array (
   array (
   ),
   ),
   'ArtifactResolutionService' =>
   'ArtifactResolutionService' =>  
   array (
   array (
     0 =>
     0 =>  
     array (
     array (
      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
      'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/artifact',
      'index' => 0,
     ),
     ),
   ),
   ),
   'certFingerprint' =>
   'keys' =>  
   array (
   array (
     0 => '48a4f9fe019179a2867afc8598a64e0c45fa137b',
     0 =>  
    array (
      'encryption' => false,
      'signing' => true,
      'type' => 'X509Certificate',
      'X509Certificate' => 'MIIDrjCCApYCCQDmo4IZ7XxEgzANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCTkwxFTATBgNV
BAgMDFp1aWQtSG9sbGFuZDETMBEGA1UEBwwKWm9ldGVybWVlcjEcMBoGA1UECgwTU3RpY2h0aW5n
IEtlbm5pc25ldDEZMBcGA1UECwwQRW50cmVlIEZlZGVyYXRpZTEkMCIGA1UEAwwbYXNlbGVjdC5l
bnRyZWUua2VubmlzbmV0Lm5sMB4XDTE2MDEyMDEzNDcyN1oXDTE3MDgzMTEzNDcyN1owgZgxCzAJ
BgNVBAYTAk5MMRUwEwYDVQQIDAxadWlkLUhvbGxhbmQxEzARBgNVBAcMClpvZXRlcm1lZXIxHDAa
BgNVBAoME1N0aWNodGluZyBLZW5uaXNuZXQxGTAXBgNVBAsMEEVudHJlZSBGZWRlcmF0aWUxJDAi
BgNVBAMMG2FzZWxlY3QuZW50cmVlLmtlbm5pc25ldC5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKAAcFlyAtHC22rupXKI61AvnJg/qca3wu4qbOvZU6967y8Sb2zLUzDbzyytjoFi
qgKHXEiZteJqrSrfEU+N7cBkQkZMC16PInQuh7bKByoAWWtrnCf45XA9afEysORk3B0BvCbYiObm
xPN4+bjJL6okCCKBIaEjfl7qgEXkPljrw+pB5fo+vmxDc1obFks5xyd3ReFCS9v9yZjjZUeX5S7y
Us6WypbbQYWvtCugpWfElxaSjxU7KCplDGJG/77GqIWEpDk6w7nGZLfKXBczC52BZEuLH5MxTLKK
Di24kzLs46bhP6h1LhcnGMW3IPeOCAzYmZk8Q2A3Sf4ecMGbpfkCAwEAATANBgkqhkiG9w0BAQsF
AAOCAQEAFFtZbYyAoOfGrgYMbn7FLJaI49QOVLKYerNRs/Ay9i6des+wWZUhfgs+pofChtX2PBNH
AbVB0fUHPYaKoHV+tZvYcMuFx/tHTs0x0WtdzTb1yFISOKliuZ5n1tu1GaL+kIvE8dz/0R1wrXgi
TpwpJfNC9rNabjsOe512SsJ0AjlqOYef2FP3ZKVcPXyg/Itaa+UThj31Qx0qNwyyy5Z0cxpcSxTl
VqrM5U+7vuTZxPHSkABqj8oDUkvRNF9DXZONT1Sh3Q/4/RvMt4knEtsG2Ao3kOetzSJHvys6WtI9
T4nVvuq8Jzvj97FEG5oPk1mDZJrjVV/3V6FDAxvxuEhefg==',
    ),
   ),
   ),
  'certData' => 'MIICsDCCAhkCBEPd1t8wDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNVBAYTAk5MMRUwEwYDVQQIEwxadWlkLUhvbGxhbmQxEzARBgNVBAcTClpvZXRlcm1lZXIxHDAaBgNVBAoTE1N0aWNodGluZyBLZW5uaXNuZXQxHzAdBgNVBAsTFkVudHJlZSBOZXh0IEdlbmVyYXRpb24xJDAiBgNVBAMTG2FzZWxlY3QuZW50cmVlLmtlbm5pc25ldC5ubDAeFw0wNjAxMzAwOTA1MzVaFw0xNjAyMDcwOTA1MzVaMIGeMQswCQYDVQQGEwJOTDEVMBMGA1UECBMMWnVpZC1Ib2xsYW5kMRMwEQYDVQQHEwpab2V0ZXJtZWVyMRwwGgYDVQQKExNTdGljaHRpbmcgS2VubmlzbmV0MR8wHQYDVQQLExZFbnRyZWUgTmV4dCBHZW5lcmF0aW9uMSQwIgYDVQQDExthc2VsZWN0LmVudHJlZS5rZW5uaXNuZXQubmwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ4CmyqXS7kTIHsJsRvLjnYbyXjYs+JYk078Mggmp5fyIrb5qA0kkXIHvXY+8Cj050jqPk2T1Qm9qq+D05b2tj7/p9f+5uPr6x3NsZU3kbPD7JgdGNWSJovOS/v36Xv322+yjixP6v1nHFCgdQueKh/Wx1nRcs/zg1I4uqEVmPAJAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAl1fcp/JJ7r2JdpXilq1YFzwPNeNX3bkEcJSiUeGF9yWMJkA4270Dwwf3wOPtlwSWYaJSlDr7fefW9HUCYoVriIavUSJh9s0g7EwsNzmp38Fc1abEmq1bJ8IvLamEoOnOUTJ3pVhgGdv6I7dja8lft+JiA/1WcirlxZtrRi5r994=',
);
);


// Staging Kennisnet Federation
// Staging Entree Federation
$metadata['aselect-s.entree.kennisnet.nl'] = array (
$metadata['https://engine.entree.kennisnet.nl/authentication/idp/metadata'] = array (
   'entityid' => 'aselect-s.entree.kennisnet.nl',
   'entityid' => 'https://engine.entree-s.kennisnet.nl/authentication/idp/metadata',
   'name' =>
   'name' =>  
   array (
   array (
     'en' => 'Stichting Kennisnet (staging)',
     'en' => 'Stichting Kennisnet',
   ),
   ),
   'description' =>
   'description' =>  
   array (
   array (
     'en' => 'skn',
     'en' => 'skn',
   ),
   ),
   'OrganizationName' =>
   'OrganizationName' =>  
   array (
   array (
     'en' => 'skn',
     'en' => 'skn',
   ),
   ),
   'OrganizationDisplayName' =>
   'OrganizationDisplayName' =>  
   array (
   array (
     'en' => 'Stichting Kennisnet (staging)',
     'en' => 'Stichting Kennisnet',
   ),
   ),
   'url' =>
   'url' =>  
   array (
   array (
     'en' => 'http://www.kennisnetfederatie.nl',
     'en' => 'http://www.kennisnetfederatie.nl',
   ),
   ),
   'OrganizationURL' =>
   'OrganizationURL' =>  
   array (
   array (
     'en' => 'http://www.kennisnetfederatie.nl',
     'en' => 'http://www.kennisnetfederatie.nl',
  ),
  'contacts' =>
  array (
    0 =>
    array (
      'contactType' => 'administrative',
      'company' => 'Stichting Kennisnet',
      'emailAddress' =>
      array (
        0 => 'entree@kennisnet.nl',
      ),
      'telephoneNumber' =>
      array (
        0 => '0800-KENNISNET (0800-536 647 638)',
      ),
    ),
   ),
   ),
   'metadata-set' => 'saml20-idp-remote',
   'metadata-set' => 'saml20-idp-remote',
   'redirect.sign' => true,
   'redirect.sign' => true,
   'SingleSignOnService' =>
   'SingleSignOnService' =>  
   array (
   array (
     0 =>
     0 =>  
     array (
     array (
       'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
       'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
       'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
       'Location' => 'https://engine.entree-s.kennisnet.nl/authentication/idp/single-sign-on',
     ),
     ),
     1 =>
     1 =>  
     array (
     array (
       'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
       'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
       'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
       'Location' => 'https://engine.entree-s.kennisnet.nl/authentication/idp/single-sign-on',
     ),
     ),
     2 =>
     2 =>  
     array (
     array (
       'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
       'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
       'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
       'Location' => 'https://engine.entree-s.kennisnet.nl/authentication/idp/single-sign-on',
     ),
     ),
   ),
   ),
   'SingleLogoutService' =>
   'SingleLogoutService' =>  
   array (
   array (
   ),
   ),
   'ArtifactResolutionService' =>
   'ArtifactResolutionService' =>  
   array (
   array (
     0 =>
     0 =>  
     array (
     array (
      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
      'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/artifact',
      'index' => 0,
     ),
     ),
   ),
   ),
   'certFingerprint' =>
   'keys' =>  
   array (
   array (
     0 => 'f2b78d5163e010ddcd4a7d8ef1b11eb68853c3b8',
     0 =>  
    array (
      'encryption' => false,
      'signing' => true,
      'type' => 'X509Certificate',
      'X509Certificate' => 'MIIDvjCCAqYCCQCfXTWG7R858jANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCTkwxFTATBgNV
BAgMDFp1aWQtSG9sbGFuZDETMBEGA1UEBwwKWm9ldGVybWVlcjEcMBoGA1UECgwTU3RpY2h0aW5n
IEtlbm5pc25ldDEZMBcGA1UECwwQRW50cmVlIEZlZGVyYXRpZTEsMCoGA1UEAwwjYXNlbGVjdC5z
dGFnaW5nLmVudHJlZS5rZW5uaXNuZXQubmwwHhcNMTYwMTIwMTQyMjMwWhcNMTcwODMxMTQyMjMw
WjCBoDELMAkGA1UEBhMCTkwxFTATBgNVBAgMDFp1aWQtSG9sbGFuZDETMBEGA1UEBwwKWm9ldGVy
bWVlcjEcMBoGA1UECgwTU3RpY2h0aW5nIEtlbm5pc25ldDEZMBcGA1UECwwQRW50cmVlIEZlZGVy
YXRpZTEsMCoGA1UEAwwjYXNlbGVjdC5zdGFnaW5nLmVudHJlZS5rZW5uaXNuZXQubmwwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtNrqb9Hr5zmMQdLRTvKZVGf06suwpnn0krC/M9VR4
Zj3Yz3EQgXYnVvLIjdJTVIhG1zfMO+bmHZ/4Rxc/V733rD2ACQjl43cPCmfdkjIEPoXljWaXdnaG
H3bXaQ+jhu6acrGDDqL9Bodqf25T40zkwe7MY9B6eD7JUZa7qNHCwg0HRnCEtXZDdxpiv0cdcOCP
NqHMcQIC/unnCApbaxpZi9haXnciWGmCMf9e6TT2B9i6nLiiKeJ1Vv1DlE5Gqmy94buq86+eTXpR
qN7U+6eU5kcnSlQ3+LAyQ+zP49BNmXrN2xjQ5f1GCm7J+7UgY+q/hpsG3NM6sMsIMzxn+IqpAgMB
AAEwDQYJKoZIhvcNAQELBQADggEBAIfuVWMln0ekx7G5dQwUdvXFjFhxCslUqLkU0mpyQ46n28Ej
cJMf9d10rLdB7HI/8OyBHDpkU0d/rrrvvi3p0Y2llBTYvQKwIqxa79g10pO7Pjx64X/3i6xHX7Lx
2gxWu+KJyUjie2P5a+AhP3XK7+ej5MFR4hQcliRNo2n+J6ZYAfiTRZln5H3d4HJC7cKD/qJr1aUb
jiB3pehW2Smdfa0dXgVBsjuQSnBdxkNgGUgG4o2e8yaFKMRerfu7AP78bbcpOaCmvaCLoba8dYMR
ABjD9S8JZ5oNu5o+qR7h3fmdLGpCDlk+YTeUfzMYR982n6u/HEUYyz9MA6+U5cklPnk=',
    ),
   ),
   ),
  'certData' => 'MIICwDCCAikCBE1k+lAwDQYJKoZIhvcNAQEEBQAwgaYxCzAJBgNVBAYTAk5MMRUwEwYDVQQIEwxadWlkLUhvbGxhbmQxEzARBgNVBAcTClpvZXRlcm1lZXIxHDAaBgNVBAoTE1N0aWNodGluZyBLZW5uaXNuZXQxHzAdBgNVBAsTFkVudHJlZSBOZXh0IEdlbmVyYXRpb24xLDAqBgNVBAMTI2FzZWxlY3Quc3RhZ2luZy5lbnRyZWUua2VubmlzbmV0Lm5sMB4XDTExMDIyMzEyMTUxMloXDTE2MDIwNjEyMTUxMlowgaYxCzAJBgNVBAYTAk5MMRUwEwYDVQQIEwxadWlkLUhvbGxhbmQxEzARBgNVBAcTClpvZXRlcm1lZXIxHDAaBgNVBAoTE1N0aWNodGluZyBLZW5uaXNuZXQxHzAdBgNVBAsTFkVudHJlZSBOZXh0IEdlbmVyYXRpb24xLDAqBgNVBAMTI2FzZWxlY3Quc3RhZ2luZy5lbnRyZWUua2VubmlzbmV0Lm5sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+iQDEWzzn76RgfOsnNrE0xS+WvmXr6oWTwoMaNVGZC5UnESbV5vPsNWTEbP8Vh2bT6kTaTnjDMx4POWasHnBPR/h0MCJ78D4nqkIEuhz+QBEvfMgZEgXJgOtoqgenDpXAkoetJkkkmRwt4mBk+puUJUaP3WcI5/J7BM/NdH6JQwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAK5WdDPy4clXgsVWie58A0NkALRwCl7Rbwb0bzddNN0qMpbHGZVINQWzbv6fitd5LLAP8wKtEA82unqH7GpQ+8P1BNlmQVbVBA/otFP1n4NKxKBWwyBgNo6CzsCw/yDSxShNH4abwXs0OhQcnAYnY6WNzYAbG/OVcIuYbkxfiiCk',
);
);
</syntaxhighlight>
</syntaxhighlight> -->
 


[[Categorie:Kennisnet Federatie]]
[[Categorie:Entree Federatie]]

Huidige versie van 3 nov 2022 om 14:53

Entree Federation: Installing SimpleSAMLphp as a Service Provider

Nl.gif Nederlands En.gif English


Step 1: Installation

Installation of SimplSAMLphp can be achieved by following the guides at the SimpleSAMLphp website:

  1. Installation documentation SimpleSAMLphp
  2. Quickstart document SimpleSAMLphp

Step 2: Configuration

The Entree Federation requires a couple of specific configurations within SimpleSAMLphp.

Editing authsources.php

NOTE! The following example code exists of additions or changes. The php tags are not included.
The changes are described in the comments. 

    'default-sp' => array(
        'saml:SP',
        
        // Insert your application entityID (usually the unique url of your service)   
        'entityID' => 'http://domainname.com',
        
        // Certificate generated in step 1.1 in the Quickstart
        'privatekey' => 'saml.pem',
        'certificate' => 'saml.crt',

        // Changing the standard menu for Identity Providers to the Entree Federation menu
        // NOTE: The configuration below is set for the Entree staging environment. When going live the value should be changed to https://engine.entree.kennisnet.nl/authentication/idp/metadata
        'idp' => 'https://engine.entree-s.kennisnet.nl/authentication/idp/metadata',  // staging/test url
        // 'idp' => 'https://engine.entree.kennisnet.nl/authentication/idp/metadata',  // production url

        // Setting the identifier format for the subject of the authentication
        'NameIDPolicy' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
        'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified',

        // Optional configuration to enable pre-login which than can be called by the Identity provider
        // 'IDPList' => array( 'entityidofidp', ),
        // 'ProxyCount' => 1,
    ),
Warn.gif From SimpleSAMLphp version 1.15 onwards 'NameIDFormat' has been replaced by 'NameIDPolicy'. The use of 'NameIDFormat' is no longer supported.

NOTE! Entree Federation refreshes the metadata every 4 hours. However a change in the entityID will not automatically be processed. Contact our servicedesk at https://support.kennisnet.org/ when you want to change your entityID.

Editing config.php

NOTE! The following example code exists of additions or changes. The php tags are not included.
The changes are described in the comments. 

        // The path through which simpleSAMLphp is available. This should match with the alias location in the webserver configuration
        'baseurlpath'           => 'simplesaml/',

        // Change the standard password for the webinterface!!! 
        'auth.adminpassword'          => '!123456!',

        // Insert your own contact information
        'technicalcontact_name'     => 'Technical contact',
        'technicalcontact_email'    => 'na@example.org',
Overgenomen van "https://developers.wiki.kennisnet.nl/index.php?title=KNF:SimpleSAMLphp-sp/en&oldid=12564"