KNF:SimpleSAMLphp-idp/en: verschil tussen versies

Uit Kennisnet Developers Documentatie
Naar navigatie springen Naar zoeken springen
Regel 30: Regel 30:
   
 
===Invoke userstore from metadata/saml20-idp-hosted.php===
 
===Invoke userstore from metadata/saml20-idp-hosted.php===
In the file <source lang="text" enclose="none">metadata/saml20-idp-hosted.php</source>
+
After configuring the userstore we can invoke the userstore frome the file <source lang="text" enclose="none">metadata/saml20-idp-hosted.php</source>. In our example the userstore is the array named <source lang="text" enclose="none">demoSAMLIdP</source>.
  +
<syntaxhighlight lang="php">
  +
'demoSAMLIdP' => array(
  +
//Determine the default host as IdP in case there are multiple IdP's
  +
'host' => '__DEFAULT__',
   
  +
//Specific attribute formats needed for Entree Federatie
  +
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
  +
'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified',
  +
  +
//The NameID element must contain the same value as the uid attribute
  +
'simplesaml.nameidattribute' => 'uid',
  +
  +
//Certificates for encrypting the messages. See also http://simplesamlphp.org/docs/1.5/simplesamlphp-idp#section_6
  +
'privatekey' => 'server.pem',
  +
'certificate' => 'server.crt',
  +
  +
// The authentication source against which the users should be verified. This has to be one of the values in config/authsources.php
  +
'auth' => 'demoSAMLIdP',
  +
),
  +
</syntaxhighlight>
   
   

Versie van 25 aug 2016 13:58

Installation of SimpleSAMLphp

In order to install SimpleSAMLphp you need to follow the installation guide at either one of these two links:

  1. SimpleSAMLphp Installation and Configuration
  2. SimpleSAMLphp Identity Provider QuickStart

Attention: Not until you've completed the steps above you can adapt the configuration for Entree Federation as described in the following.

Adapt configuration for Entree Federation

Next we need to make some changes to the configuration of SimpleSAMLphp so the connection with Entre Federation will work.
Attention: The following configuration examples are additions or modifications. The php-tags ar not included.

Configure userstore in authsources.php

In the file authsources.php you have to configure what kind of userstore you will be using. For example the userstore could be an LDAP, an SQL database, a file or an array. A summary of the options can be found at SimpleSAMLphp Identity Provider QuickStart.

In this example we'll use the option exampleauth:UserPass. As an userstore we will be using an array containing usernames and passwords.

    'demoSAMLIdP' => array(
        'exampleauth:UserPass',
        'user:demo' => array(
            'uid' => array('username@demoOrgansisation'),
            'eduPersonAffiliation' => array('student'),
            'employeeNumber' => '123456789',
            'mail' => 'email@address.com',
            'givenName' => 'John',
            'sn' => 'Doe',
            'nlEduPersonHomeOrganizationId' => 'BRIN',
            'nlEduPersonHomeOrganization' => 'My School'
        ),

Invoke userstore from metadata/saml20-idp-hosted.php

After configuring the userstore we can invoke the userstore frome the file metadata/saml20-idp-hosted.php. In our example the userstore is the array named demoSAMLIdP.

 'demoSAMLIdP' => array(
        //Determine the default host as IdP in case there are multiple IdP's
        'host' => '__DEFAULT__',

        //Specific attribute formats needed for Entree Federatie
        'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
        'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified',

        //The NameID element must contain the same value as the uid attribute
        'simplesaml.nameidattribute' => 'uid',

        //Certificates for encrypting the messages. See also http://simplesamlphp.org/docs/1.5/simplesamlphp-idp#section_6
        'privatekey' => 'server.pem',
        'certificate' => 'server.crt',

        // The authentication source against which the users should be verified. This has to be one of the values in config/authsources.php
        'auth' => 'demoSAMLIdP',
    ),