KNF:SimpleSAMLphp-sp/en: verschil tussen versies

Uit Kennisnet Developers Documentatie
Naar navigatie springen Naar zoeken springen
k (add cat and title)
 
(31 tussenliggende versies door 4 gebruikers niet weergegeven)
Regel 1: Regel 1:
{{PageTitleCustom|title=SimpleSAMLphp-sp|name=Kennisnet Federation|image=true|imageurl=KNF:Hoofdpagina/en}}
+
{{PageTitleCustom|title=Installing SimpleSAMLphp as a Service Provider|name=Entree Federation|image=false|imageurl=Hoofdpagina}}
  +
<br/>
  +
__TOC__
   
  +
==Step 1: Installation==
  +
Installation of SimplSAMLphp can be achieved by following the guides at the SimpleSAMLphp website:
  +
# [http://simplesamlphp.org/docs/stable/simplesamlphp-install Installation documentation SimpleSAMLphp]
  +
# [http://simplesamlphp.org/docs/stable/simplesamlphp-sp Quickstart document SimpleSAMLphp]
   
  +
==Step 2: Configuration==
===Installation===
 
  +
The Entree Federation requires a couple of specific configurations within SimpleSAMLphp.<br/>
   
  +
=== Editing authsources.php===
*[http://simplesamlphp.org/docs/stable/simplesamlphp-install Installation documentation SimpleSAMLphp]
 
  +
'''NOTE!''' The following example code exists of additions or changes. The php tags are not included.<br/>
*[http://simplesamlphp.org/docs/stable/simplesamlphp-sp Quickstart document SimpleSAMLphp]
 
  +
The changes are described in the comments.
 
===Configuration===
 
The Kennisnet Federation requires a couple of specific configurations within SimpleSAMLphp.<br/>
 
'''NOTE''' The following examples are additions or changes to the original. The php tags are not included.
 
 
====authsources.php====
 
 
<syntaxhighlight lang="php">
 
<syntaxhighlight lang="php">
 
'default-sp' => array(
 
'default-sp' => array(
Regel 23: Regel 25:
 
'certificate' => 'saml.crt',
 
'certificate' => 'saml.crt',
   
// Changing the standard menu for Identity Providers to the Kennisnet Federation menu
+
// Changing the standard menu for Identity Providers to the Entree Federation menu
// NOTE: The configuration below is set for the Entree staging environment. When going live the value should be changed to aselect.entree.kennisnet.nl
+
// NOTE: The configuration below is set for the Entree staging environment. When going live the value should be changed to https://engine.entree.kennisnet.nl/authentication/idp/metadata
'idp' => 'aselect-s.entree.kennisnet.nl',
+
'idp' => 'https://engine.entree-s.kennisnet.nl/authentication/idp/metadata', // staging/test url
  +
// 'idp' => 'https://engine.entree.kennisnet.nl/authentication/idp/metadata', // production url
   
// Changing the Kennisnet Federation attribute formats
+
// Setting the identifier format for the subject of the authentication
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
+
'NameIDPolicy' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified',
+
'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified',
   
 
// Optional configuration to enable pre-login which than can be called by the Identity provider
 
// Optional configuration to enable pre-login which than can be called by the Identity provider
Regel 37: Regel 40:
 
</syntaxhighlight>
 
</syntaxhighlight>
   
  +
{{Warn|From SimpleSAMLphp version 1.15 onwards 'NameIDFormat' has been replaced by 'NameIDPolicy'. The use of 'NameIDFormat' is no longer supported.}}
====config.php====
 
  +
  +
'''NOTE!''' Entree Federation refreshes the metadata every 4 hours. However a change in the entityID will not automatically be processed. Contact our servicedesk at https://support.kennisnet.org/ when you want to change your entityID.
  +
  +
=== Editing config.php===
  +
'''NOTE!''' The following example code exists of additions or changes. The php tags are not included.<br/>
  +
The changes are described in the comments.
 
<syntaxhighlight lang="php">
 
<syntaxhighlight lang="php">
// The path through which simpleSAMLphp is available. This should match with the Alias location in the webserver configuration
+
// The path through which simpleSAMLphp is available. This should match with the alias location in the webserver configuration
 
'baseurlpath' => 'simplesaml/',
 
'baseurlpath' => 'simplesaml/',
   
Regel 46: Regel 55:
   
 
// Insert your own contact information
 
// Insert your own contact information
'technicalcontact_name' => 'Servicedesk Kennisnet',
+
'technicalcontact_name' => 'Technical contact',
'technicalcontact_email' => 'servicedesk@kennisnet.nl',
+
'technicalcontact_email' => 'na@example.org',
 
</syntaxhighlight>
 
</syntaxhighlight>
   
====metadata/saml20-idp-remote.php====
+
<!-- ====metadata/saml20-idp-remote.php====
 
<syntaxhighlight lang="php">
 
<syntaxhighlight lang="php">
// Add the metadata of the Kennisnet Federation environment
+
// Add the metadata of the Entree Federation environment
   
// Production Kennisnet Federation
+
// Production Entree Federation
$metadata['aselect.entree.kennisnet.nl'] = array (
+
$metadata['https://engine.entree.kennisnet.nl/authentication/idp/metadata'] = array (
'entityid' => 'aselect.entree.kennisnet.nl',
+
'entityid' => 'https://engine.entree.kennisnet.nl/authentication/idp/metadata',
'name' =>
+
'name' =>
 
array (
 
array (
 
'en' => 'Stichting Kennisnet',
 
'en' => 'Stichting Kennisnet',
 
),
 
),
'description' =>
+
'description' =>
 
array (
 
array (
 
'en' => 'skn',
 
'en' => 'skn',
 
),
 
),
'OrganizationName' =>
+
'OrganizationName' =>
 
array (
 
array (
 
'en' => 'skn',
 
'en' => 'skn',
 
),
 
),
'OrganizationDisplayName' =>
+
'OrganizationDisplayName' =>
 
array (
 
array (
 
'en' => 'Stichting Kennisnet',
 
'en' => 'Stichting Kennisnet',
 
),
 
),
'url' =>
+
'url' =>
 
array (
 
array (
 
'en' => 'http://www.kennisnetfederatie.nl',
 
'en' => 'http://www.kennisnetfederatie.nl',
 
),
 
),
'OrganizationURL' =>
+
'OrganizationURL' =>
 
array (
 
array (
 
'en' => 'http://www.kennisnetfederatie.nl',
 
'en' => 'http://www.kennisnetfederatie.nl',
  +
),
  +
'contacts' =>
  +
array (
  +
0 =>
  +
array (
  +
'contactType' => 'administrative',
  +
'company' => 'Stichting Kennisnet',
  +
'emailAddress' =>
  +
array (
  +
0 => 'entree@kennisnet.nl',
  +
),
  +
'telephoneNumber' =>
  +
array (
  +
0 => '0800-KENNISNET (0800-536 647 638)',
  +
),
  +
),
 
),
 
),
 
'metadata-set' => 'saml20-idp-remote',
 
'metadata-set' => 'saml20-idp-remote',
 
'redirect.sign' => true,
 
'redirect.sign' => true,
'SingleSignOnService' =>
+
'SingleSignOnService' =>
 
array (
 
array (
0 =>
+
0 =>
 
array (
 
array (
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
+
'Location' => 'https://engine.entree.kennisnet.nl/authentication/idp/single-sign-on',
 
),
 
),
1 =>
+
1 =>
 
array (
 
array (
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
+
'Location' => 'https://engine.entree.kennisnet.nl/authentication/idp/single-sign-on',
 
),
 
),
2 =>
+
2 =>
 
array (
 
array (
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
+
'Location' => 'https://engine.entree.kennisnet.nl/authentication/idp/single-sign-on',
 
),
 
),
 
),
 
),
'SingleLogoutService' =>
+
'SingleLogoutService' =>
 
array (
 
array (
 
),
 
),
'ArtifactResolutionService' =>
+
'ArtifactResolutionService' =>
 
array (
 
array (
0 =>
+
0 =>
 
array (
 
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
 
'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/artifact',
 
'index' => 0,
 
 
),
 
),
 
),
 
),
'certFingerprint' =>
+
'keys' =>
 
array (
 
array (
  +
0 =>
0 => '48a4f9fe019179a2867afc8598a64e0c45fa137b',
 
  +
array (
  +
'encryption' => false,
  +
'signing' => true,
  +
'type' => 'X509Certificate',
  +
'X509Certificate' => 'MIIDrjCCApYCCQDmo4IZ7XxEgzANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCTkwxFTATBgNV
  +
BAgMDFp1aWQtSG9sbGFuZDETMBEGA1UEBwwKWm9ldGVybWVlcjEcMBoGA1UECgwTU3RpY2h0aW5n
  +
IEtlbm5pc25ldDEZMBcGA1UECwwQRW50cmVlIEZlZGVyYXRpZTEkMCIGA1UEAwwbYXNlbGVjdC5l
  +
bnRyZWUua2VubmlzbmV0Lm5sMB4XDTE2MDEyMDEzNDcyN1oXDTE3MDgzMTEzNDcyN1owgZgxCzAJ
  +
BgNVBAYTAk5MMRUwEwYDVQQIDAxadWlkLUhvbGxhbmQxEzARBgNVBAcMClpvZXRlcm1lZXIxHDAa
  +
BgNVBAoME1N0aWNodGluZyBLZW5uaXNuZXQxGTAXBgNVBAsMEEVudHJlZSBGZWRlcmF0aWUxJDAi
  +
BgNVBAMMG2FzZWxlY3QuZW50cmVlLmtlbm5pc25ldC5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEP
  +
ADCCAQoCggEBAKAAcFlyAtHC22rupXKI61AvnJg/qca3wu4qbOvZU6967y8Sb2zLUzDbzyytjoFi
  +
qgKHXEiZteJqrSrfEU+N7cBkQkZMC16PInQuh7bKByoAWWtrnCf45XA9afEysORk3B0BvCbYiObm
  +
xPN4+bjJL6okCCKBIaEjfl7qgEXkPljrw+pB5fo+vmxDc1obFks5xyd3ReFCS9v9yZjjZUeX5S7y
  +
Us6WypbbQYWvtCugpWfElxaSjxU7KCplDGJG/77GqIWEpDk6w7nGZLfKXBczC52BZEuLH5MxTLKK
  +
Di24kzLs46bhP6h1LhcnGMW3IPeOCAzYmZk8Q2A3Sf4ecMGbpfkCAwEAATANBgkqhkiG9w0BAQsF
  +
AAOCAQEAFFtZbYyAoOfGrgYMbn7FLJaI49QOVLKYerNRs/Ay9i6des+wWZUhfgs+pofChtX2PBNH
  +
AbVB0fUHPYaKoHV+tZvYcMuFx/tHTs0x0WtdzTb1yFISOKliuZ5n1tu1GaL+kIvE8dz/0R1wrXgi
  +
TpwpJfNC9rNabjsOe512SsJ0AjlqOYef2FP3ZKVcPXyg/Itaa+UThj31Qx0qNwyyy5Z0cxpcSxTl
  +
VqrM5U+7vuTZxPHSkABqj8oDUkvRNF9DXZONT1Sh3Q/4/RvMt4knEtsG2Ao3kOetzSJHvys6WtI9
  +
T4nVvuq8Jzvj97FEG5oPk1mDZJrjVV/3V6FDAxvxuEhefg==',
  +
),
 
),
 
),
'certData' => 'MIICsDCCAhkCBEPd1t8wDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNVBAYTAk5MMRUwEwYDVQQIEwxadWlkLUhvbGxhbmQxEzARBgNVBAcTClpvZXRlcm1lZXIxHDAaBgNVBAoTE1N0aWNodGluZyBLZW5uaXNuZXQxHzAdBgNVBAsTFkVudHJlZSBOZXh0IEdlbmVyYXRpb24xJDAiBgNVBAMTG2FzZWxlY3QuZW50cmVlLmtlbm5pc25ldC5ubDAeFw0wNjAxMzAwOTA1MzVaFw0xNjAyMDcwOTA1MzVaMIGeMQswCQYDVQQGEwJOTDEVMBMGA1UECBMMWnVpZC1Ib2xsYW5kMRMwEQYDVQQHEwpab2V0ZXJtZWVyMRwwGgYDVQQKExNTdGljaHRpbmcgS2VubmlzbmV0MR8wHQYDVQQLExZFbnRyZWUgTmV4dCBHZW5lcmF0aW9uMSQwIgYDVQQDExthc2VsZWN0LmVudHJlZS5rZW5uaXNuZXQubmwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ4CmyqXS7kTIHsJsRvLjnYbyXjYs+JYk078Mggmp5fyIrb5qA0kkXIHvXY+8Cj050jqPk2T1Qm9qq+D05b2tj7/p9f+5uPr6x3NsZU3kbPD7JgdGNWSJovOS/v36Xv322+yjixP6v1nHFCgdQueKh/Wx1nRcs/zg1I4uqEVmPAJAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAl1fcp/JJ7r2JdpXilq1YFzwPNeNX3bkEcJSiUeGF9yWMJkA4270Dwwf3wOPtlwSWYaJSlDr7fefW9HUCYoVriIavUSJh9s0g7EwsNzmp38Fc1abEmq1bJ8IvLamEoOnOUTJ3pVhgGdv6I7dja8lft+JiA/1WcirlxZtrRi5r994=',
 
 
);
 
);
   
// Staging Kennisnet Federation
+
// Staging Entree Federation
$metadata['aselect-s.entree.kennisnet.nl'] = array (
+
$metadata['https://engine.entree.kennisnet.nl/authentication/idp/metadata'] = array (
'entityid' => 'aselect-s.entree.kennisnet.nl',
+
'entityid' => 'https://engine.entree-s.kennisnet.nl/authentication/idp/metadata',
'name' =>
+
'name' =>
 
array (
 
array (
'en' => 'Stichting Kennisnet (staging)',
+
'en' => 'Stichting Kennisnet',
 
),
 
),
'description' =>
+
'description' =>
 
array (
 
array (
 
'en' => 'skn',
 
'en' => 'skn',
 
),
 
),
'OrganizationName' =>
+
'OrganizationName' =>
 
array (
 
array (
 
'en' => 'skn',
 
'en' => 'skn',
 
),
 
),
'OrganizationDisplayName' =>
+
'OrganizationDisplayName' =>
 
array (
 
array (
'en' => 'Stichting Kennisnet (staging)',
+
'en' => 'Stichting Kennisnet',
 
),
 
),
'url' =>
+
'url' =>
 
array (
 
array (
 
'en' => 'http://www.kennisnetfederatie.nl',
 
'en' => 'http://www.kennisnetfederatie.nl',
 
),
 
),
'OrganizationURL' =>
+
'OrganizationURL' =>
 
array (
 
array (
 
'en' => 'http://www.kennisnetfederatie.nl',
 
'en' => 'http://www.kennisnetfederatie.nl',
  +
),
  +
'contacts' =>
  +
array (
  +
0 =>
  +
array (
  +
'contactType' => 'administrative',
  +
'company' => 'Stichting Kennisnet',
  +
'emailAddress' =>
  +
array (
  +
0 => 'entree@kennisnet.nl',
  +
),
  +
'telephoneNumber' =>
  +
array (
  +
0 => '0800-KENNISNET (0800-536 647 638)',
  +
),
  +
),
 
),
 
),
 
'metadata-set' => 'saml20-idp-remote',
 
'metadata-set' => 'saml20-idp-remote',
 
'redirect.sign' => true,
 
'redirect.sign' => true,
'SingleSignOnService' =>
+
'SingleSignOnService' =>
 
array (
 
array (
0 =>
+
0 =>
 
array (
 
array (
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
+
'Location' => 'https://engine.entree-s.kennisnet.nl/authentication/idp/single-sign-on',
 
),
 
),
1 =>
+
1 =>
 
array (
 
array (
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
+
'Location' => 'https://engine.entree-s.kennisnet.nl/authentication/idp/single-sign-on',
 
),
 
),
2 =>
+
2 =>
 
array (
 
array (
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
+
'Location' => 'https://engine.entree-s.kennisnet.nl/authentication/idp/single-sign-on',
 
),
 
),
 
),
 
),
'SingleLogoutService' =>
+
'SingleLogoutService' =>
 
array (
 
array (
 
),
 
),
'ArtifactResolutionService' =>
+
'ArtifactResolutionService' =>
 
array (
 
array (
0 =>
+
0 =>
 
array (
 
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
 
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/artifact',
 
'index' => 0,
 
 
),
 
),
 
),
 
),
'certFingerprint' =>
+
'keys' =>
 
array (
 
array (
  +
0 =>
0 => 'f2b78d5163e010ddcd4a7d8ef1b11eb68853c3b8',
 
  +
array (
  +
'encryption' => false,
  +
'signing' => true,
  +
'type' => 'X509Certificate',
  +
'X509Certificate' => 'MIIDvjCCAqYCCQCfXTWG7R858jANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCTkwxFTATBgNV
  +
BAgMDFp1aWQtSG9sbGFuZDETMBEGA1UEBwwKWm9ldGVybWVlcjEcMBoGA1UECgwTU3RpY2h0aW5n
  +
IEtlbm5pc25ldDEZMBcGA1UECwwQRW50cmVlIEZlZGVyYXRpZTEsMCoGA1UEAwwjYXNlbGVjdC5z
  +
dGFnaW5nLmVudHJlZS5rZW5uaXNuZXQubmwwHhcNMTYwMTIwMTQyMjMwWhcNMTcwODMxMTQyMjMw
  +
WjCBoDELMAkGA1UEBhMCTkwxFTATBgNVBAgMDFp1aWQtSG9sbGFuZDETMBEGA1UEBwwKWm9ldGVy
  +
bWVlcjEcMBoGA1UECgwTU3RpY2h0aW5nIEtlbm5pc25ldDEZMBcGA1UECwwQRW50cmVlIEZlZGVy
  +
YXRpZTEsMCoGA1UEAwwjYXNlbGVjdC5zdGFnaW5nLmVudHJlZS5rZW5uaXNuZXQubmwwggEiMA0G
  +
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtNrqb9Hr5zmMQdLRTvKZVGf06suwpnn0krC/M9VR4
  +
Zj3Yz3EQgXYnVvLIjdJTVIhG1zfMO+bmHZ/4Rxc/V733rD2ACQjl43cPCmfdkjIEPoXljWaXdnaG
  +
H3bXaQ+jhu6acrGDDqL9Bodqf25T40zkwe7MY9B6eD7JUZa7qNHCwg0HRnCEtXZDdxpiv0cdcOCP
  +
NqHMcQIC/unnCApbaxpZi9haXnciWGmCMf9e6TT2B9i6nLiiKeJ1Vv1DlE5Gqmy94buq86+eTXpR
  +
qN7U+6eU5kcnSlQ3+LAyQ+zP49BNmXrN2xjQ5f1GCm7J+7UgY+q/hpsG3NM6sMsIMzxn+IqpAgMB
  +
AAEwDQYJKoZIhvcNAQELBQADggEBAIfuVWMln0ekx7G5dQwUdvXFjFhxCslUqLkU0mpyQ46n28Ej
  +
cJMf9d10rLdB7HI/8OyBHDpkU0d/rrrvvi3p0Y2llBTYvQKwIqxa79g10pO7Pjx64X/3i6xHX7Lx
  +
2gxWu+KJyUjie2P5a+AhP3XK7+ej5MFR4hQcliRNo2n+J6ZYAfiTRZln5H3d4HJC7cKD/qJr1aUb
  +
jiB3pehW2Smdfa0dXgVBsjuQSnBdxkNgGUgG4o2e8yaFKMRerfu7AP78bbcpOaCmvaCLoba8dYMR
  +
ABjD9S8JZ5oNu5o+qR7h3fmdLGpCDlk+YTeUfzMYR982n6u/HEUYyz9MA6+U5cklPnk=',
  +
),
 
),
 
),
'certData' => 'MIICwDCCAikCBE1k+lAwDQYJKoZIhvcNAQEEBQAwgaYxCzAJBgNVBAYTAk5MMRUwEwYDVQQIEwxadWlkLUhvbGxhbmQxEzARBgNVBAcTClpvZXRlcm1lZXIxHDAaBgNVBAoTE1N0aWNodGluZyBLZW5uaXNuZXQxHzAdBgNVBAsTFkVudHJlZSBOZXh0IEdlbmVyYXRpb24xLDAqBgNVBAMTI2FzZWxlY3Quc3RhZ2luZy5lbnRyZWUua2VubmlzbmV0Lm5sMB4XDTExMDIyMzEyMTUxMloXDTE2MDIwNjEyMTUxMlowgaYxCzAJBgNVBAYTAk5MMRUwEwYDVQQIEwxadWlkLUhvbGxhbmQxEzARBgNVBAcTClpvZXRlcm1lZXIxHDAaBgNVBAoTE1N0aWNodGluZyBLZW5uaXNuZXQxHzAdBgNVBAsTFkVudHJlZSBOZXh0IEdlbmVyYXRpb24xLDAqBgNVBAMTI2FzZWxlY3Quc3RhZ2luZy5lbnRyZWUua2VubmlzbmV0Lm5sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+iQDEWzzn76RgfOsnNrE0xS+WvmXr6oWTwoMaNVGZC5UnESbV5vPsNWTEbP8Vh2bT6kTaTnjDMx4POWasHnBPR/h0MCJ78D4nqkIEuhz+QBEvfMgZEgXJgOtoqgenDpXAkoetJkkkmRwt4mBk+puUJUaP3WcI5/J7BM/NdH6JQwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAK5WdDPy4clXgsVWie58A0NkALRwCl7Rbwb0bzddNN0qMpbHGZVINQWzbv6fitd5LLAP8wKtEA82unqH7GpQ+8P1BNlmQVbVBA/otFP1n4NKxKBWwyBgNo6CzsCw/yDSxShNH4abwXs0OhQcnAYnY6WNzYAbG/OVcIuYbkxfiiCk',
 
 
);
 
);
</syntaxhighlight>
+
</syntaxhighlight> -->
  +
   
[[Categorie:Kennisnet Federatie]]
+
[[Categorie:Entree Federatie]]

Huidige versie van 3 nov 2022 om 13:53

Entree Federation: Installing SimpleSAMLphp as a Service Provider

Nl.gif Nederlands En.gif English


Step 1: Installation

Installation of SimplSAMLphp can be achieved by following the guides at the SimpleSAMLphp website:

  1. Installation documentation SimpleSAMLphp
  2. Quickstart document SimpleSAMLphp

Step 2: Configuration

The Entree Federation requires a couple of specific configurations within SimpleSAMLphp.

Editing authsources.php

NOTE! The following example code exists of additions or changes. The php tags are not included.
The changes are described in the comments.

    'default-sp' => array(
        'saml:SP',
        
        // Insert your application entityID (usually the unique url of your service)   
        'entityID' => 'http://domainname.com',
        
        // Certificate generated in step 1.1 in the Quickstart
        'privatekey' => 'saml.pem',
        'certificate' => 'saml.crt',

        // Changing the standard menu for Identity Providers to the Entree Federation menu
        // NOTE: The configuration below is set for the Entree staging environment. When going live the value should be changed to https://engine.entree.kennisnet.nl/authentication/idp/metadata
        'idp' => 'https://engine.entree-s.kennisnet.nl/authentication/idp/metadata',  // staging/test url
        // 'idp' => 'https://engine.entree.kennisnet.nl/authentication/idp/metadata',  // production url

        // Setting the identifier format for the subject of the authentication
        'NameIDPolicy' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
        'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified',

        // Optional configuration to enable pre-login which than can be called by the Identity provider
        // 'IDPList' => array( 'entityidofidp', ),
        // 'ProxyCount' => 1,
    ),
Warn.gif From SimpleSAMLphp version 1.15 onwards 'NameIDFormat' has been replaced by 'NameIDPolicy'. The use of 'NameIDFormat' is no longer supported.

NOTE! Entree Federation refreshes the metadata every 4 hours. However a change in the entityID will not automatically be processed. Contact our servicedesk at https://support.kennisnet.org/ when you want to change your entityID.

Editing config.php

NOTE! The following example code exists of additions or changes. The php tags are not included.
The changes are described in the comments.

        // The path through which simpleSAMLphp is available. This should match with the alias location in the webserver configuration
        'baseurlpath'           => 'simplesaml/',

        // Change the standard password for the webinterface!!! 
        'auth.adminpassword'          => '!123456!',

        // Insert your own contact information
        'technicalcontact_name'     => 'Technical contact',
        'technicalcontact_email'    => 'na@example.org',