KNF:SimpleSAMLphp-idp/en: verschil tussen versies
(Nieuwe pagina aangemaakt met '==Installation of SimpleSAMLphp== In order to install SimpleSAMLphp you need to follow the installation guide at either one of these two links: #[http://simplesamlp...') |
|||
(16 tussenliggende versies door dezelfde gebruiker niet weergegeven) | |||
Regel 1: | Regel 1: | ||
+ | {{Talen}} |
||
+ | <br/> |
||
+ | __TOC__ |
||
+ | |||
==Installation of SimpleSAMLphp== |
==Installation of SimpleSAMLphp== |
||
− | In order to install SimpleSAMLphp you need to follow the installation guide at either one of these two |
+ | In order to install SimpleSAMLphp you need to follow the installation guide at either one of these two locations: |
− | #[http://simplesamlphp.org/docs/stable/simplesamlphp-install |
+ | #[http://simplesamlphp.org/docs/stable/simplesamlphp-install SimpleSAMLphp Installation and Configuration] |
− | #[http://simplesamlphp.org/docs/stable/simplesamlphp-idp |
+ | #[http://simplesamlphp.org/docs/stable/simplesamlphp-idp SimpleSAMLphp Identity Provider QuickStart] |
− | ''' |
+ | '''Attention:''' Not until you've completed the steps above you can adapt the configuration for Entree Federation as described in the following. |
==Adapt configuration for Entree Federation== |
==Adapt configuration for Entree Federation== |
||
+ | Next we need to make some changes to the configuration of SimpleSAMLphp so the connection with Entree Federation will work.<br> |
||
⚫ | In the file <source lang="text" enclose="none">authsources.php</source> you have to configure what kind of userstore you will be using. For example the userstore could be an LDAP, an SQL database, a file or an array. A summary of the options can be found at [http://simplesamlphp.org/docs/1.5/simplesamlphp-idp#section_2 |
||
+ | '''Attention: '''The following configuration examples are additions or modifications. The php-tags are not included. |
||
+ | |||
⚫ | |||
⚫ | In the file <source lang="text" enclose="none">authsources.php</source> you have to configure what kind of userstore you will be using. For example the userstore could be an LDAP, an SQL database, a file or an array. A summary of the options can be found at [http://simplesamlphp.org/docs/1.5/simplesamlphp-idp#section_2 SimpleSAMLphp Identity Provider QuickStart]. |
||
+ | |||
+ | In this example we'll use the option <source lang="text" enclose="none">exampleauth:UserPass</source>. As an userstore we will be using an array containing usernames and passwords. |
||
<syntaxhighlight lang="php"> |
<syntaxhighlight lang="php"> |
||
'demoSAMLIdP' => array( |
'demoSAMLIdP' => array( |
||
'exampleauth:UserPass', |
'exampleauth:UserPass', |
||
− | ' |
+ | 'user:demo' => array( |
'uid' => array('username@demoOrgansisation'), |
'uid' => array('username@demoOrgansisation'), |
||
'eduPersonAffiliation' => array('student'), |
'eduPersonAffiliation' => array('student'), |
||
'employeeNumber' => '123456789', |
'employeeNumber' => '123456789', |
||
− | 'mail' => 'email@ |
+ | 'mail' => 'email@address.com', |
− | 'givenName' => ' |
+ | 'givenName' => 'John', |
− | 'sn' => ' |
+ | 'sn' => 'Doe', |
'nlEduPersonHomeOrganizationId' => 'BRIN', |
'nlEduPersonHomeOrganizationId' => 'BRIN', |
||
− | 'nlEduPersonHomeOrganization' => ' |
+ | 'nlEduPersonHomeOrganization' => 'My School' |
), |
), |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
− | |||
⚫ | |||
− | |||
− | |||
===Invoke userstore from metadata/saml20-idp-hosted.php=== |
===Invoke userstore from metadata/saml20-idp-hosted.php=== |
||
+ | After configuring the userstore we can invoke the userstore frome the file <source lang="text" enclose="none">metadata/saml20-idp-hosted.php</source>. In our example the userstore is the array named <source lang="text" enclose="none">demoSAMLIdP</source>. |
||
+ | <syntaxhighlight lang="php"> |
||
+ | 'demoSAMLIdP' => array( |
||
+ | //Determine the default host as IdP in case there are multiple IdP's |
||
+ | 'host' => '__DEFAULT__', |
||
+ | //Specific attribute formats needed for Entree Federatie |
||
+ | 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified', |
||
+ | 'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified', |
||
+ | //The NameID element must contain the same value as the uid attribute |
||
+ | 'simplesaml.nameidattribute' => 'uid', |
||
+ | //Certificates for encrypting the messages. See also http://simplesamlphp.org/docs/1.5/simplesamlphp-idp#section_6 |
||
+ | 'privatekey' => 'server.pem', |
||
+ | 'certificate' => 'server.crt', |
||
+ | // The authentication source against which the users should be verified. This has to be one of the values in config/authsources.php |
||
+ | 'auth' => 'demoSAMLIdP', |
||
+ | ), |
||
+ | </syntaxhighlight> |
||
− | |||
− | |||
− | [[Categorie:Kennisnet Federatie]] |
||
[[Categorie:Entree Federatie]] |
[[Categorie:Entree Federatie]] |
Huidige versie van 16 aug 2018 om 14:39
Nederlands | English |
Installation of SimpleSAMLphp
In order to install SimpleSAMLphp you need to follow the installation guide at either one of these two locations:
Attention: Not until you've completed the steps above you can adapt the configuration for Entree Federation as described in the following.
Adapt configuration for Entree Federation
Next we need to make some changes to the configuration of SimpleSAMLphp so the connection with Entree Federation will work.
Attention: The following configuration examples are additions or modifications. The php-tags are not included.
Configure userstore in authsources.php
In the file authsources.php
you have to configure what kind of userstore you will be using. For example the userstore could be an LDAP, an SQL database, a file or an array. A summary of the options can be found at SimpleSAMLphp Identity Provider QuickStart.
In this example we'll use the option exampleauth:UserPass
. As an userstore we will be using an array containing usernames and passwords.
'demoSAMLIdP' => array(
'exampleauth:UserPass',
'user:demo' => array(
'uid' => array('username@demoOrgansisation'),
'eduPersonAffiliation' => array('student'),
'employeeNumber' => '123456789',
'mail' => 'email@address.com',
'givenName' => 'John',
'sn' => 'Doe',
'nlEduPersonHomeOrganizationId' => 'BRIN',
'nlEduPersonHomeOrganization' => 'My School'
),
Invoke userstore from metadata/saml20-idp-hosted.php
After configuring the userstore we can invoke the userstore frome the file metadata/saml20-idp-hosted.php
. In our example the userstore is the array named demoSAMLIdP
.
'demoSAMLIdP' => array(
//Determine the default host as IdP in case there are multiple IdP's
'host' => '__DEFAULT__',
//Specific attribute formats needed for Entree Federatie
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified',
//The NameID element must contain the same value as the uid attribute
'simplesaml.nameidattribute' => 'uid',
//Certificates for encrypting the messages. See also http://simplesamlphp.org/docs/1.5/simplesamlphp-idp#section_6
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
// The authentication source against which the users should be verified. This has to be one of the values in config/authsources.php
'auth' => 'demoSAMLIdP',
),