KNF:SimpleSAMLphp-sp/en: verschil tussen versies
Naar navigatie springen
Naar zoeken springen
(10 tussenliggende versies door een andere gebruiker niet weergegeven) | |||
Regel 1: | Regel 1: | ||
+ | {{PageTitleCustom|title=Installing SimpleSAMLphp as a Service Provider|name=Entree Federation|image=false|imageurl=Hoofdpagina}} |
||
+ | <br/> |
||
+ | __TOC__ |
||
+ | |||
==Step 1: Installation== |
==Step 1: Installation== |
||
Installation of SimplSAMLphp can be achieved by following the guides at the SimpleSAMLphp website: |
Installation of SimplSAMLphp can be achieved by following the guides at the SimpleSAMLphp website: |
||
Regel 6: | Regel 10: | ||
==Step 2: Configuration== |
==Step 2: Configuration== |
||
The Entree Federation requires a couple of specific configurations within SimpleSAMLphp.<br/> |
The Entree Federation requires a couple of specific configurations within SimpleSAMLphp.<br/> |
||
⚫ | |||
=== Editing authsources.php=== |
=== Editing authsources.php=== |
||
⚫ | |||
+ | The changes are described in the comments. |
||
<syntaxhighlight lang="php"> |
<syntaxhighlight lang="php"> |
||
'default-sp' => array( |
'default-sp' => array( |
||
Regel 21: | Regel 26: | ||
// Changing the standard menu for Identity Providers to the Entree Federation menu |
// Changing the standard menu for Identity Providers to the Entree Federation menu |
||
− | // NOTE: The configuration below is set for the Entree staging environment. When going live the value should be changed to |
+ | // NOTE: The configuration below is set for the Entree staging environment. When going live the value should be changed to https://engine.entree.kennisnet.nl/authentication/idp/metadata |
− | 'idp' => ' |
+ | 'idp' => 'https://engine.entree-s.kennisnet.nl/authentication/idp/metadata', // staging/test url |
− | // 'idp' => ' |
+ | // 'idp' => 'https://engine.entree.kennisnet.nl/authentication/idp/metadata', // production url |
// Setting the identifier format for the subject of the authentication |
// Setting the identifier format for the subject of the authentication |
||
Regel 35: | Regel 40: | ||
</syntaxhighlight> |
</syntaxhighlight> |
||
− | From SimpleSAMLphp version 1.15 onwards 'NameIDFormat' has been replaced by 'NameIDPolicy'. The use of 'NameIDFormat' is no longer supported. |
+ | {{Warn|From SimpleSAMLphp version 1.15 onwards 'NameIDFormat' has been replaced by 'NameIDPolicy'. The use of 'NameIDFormat' is no longer supported.}} |
− | '''NOTE''' Entree Federation refreshes the metadata every 4 hours. However a change in the entityID will not automatically be processed. Contact our servicedesk at https://support.kennisnet.org/ when you want to change your entityID. |
+ | '''NOTE!''' Entree Federation refreshes the metadata every 4 hours. However a change in the entityID will not automatically be processed. Contact our servicedesk at https://support.kennisnet.org/ when you want to change your entityID. |
=== Editing config.php=== |
=== Editing config.php=== |
||
+ | '''NOTE!''' The following example code exists of additions or changes. The php tags are not included.<br/> |
||
+ | The changes are described in the comments. |
||
<syntaxhighlight lang="php"> |
<syntaxhighlight lang="php"> |
||
// The path through which simpleSAMLphp is available. This should match with the alias location in the webserver configuration |
// The path through which simpleSAMLphp is available. This should match with the alias location in the webserver configuration |
||
Regel 57: | Regel 64: | ||
// Production Entree Federation |
// Production Entree Federation |
||
− | $metadata[' |
+ | $metadata['https://engine.entree.kennisnet.nl/authentication/idp/metadata'] = array ( |
− | 'entityid' => ' |
+ | 'entityid' => 'https://engine.entree.kennisnet.nl/authentication/idp/metadata', |
'name' => |
'name' => |
||
array ( |
array ( |
||
Regel 106: | Regel 113: | ||
array ( |
array ( |
||
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', |
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', |
||
− | 'Location' => 'https:// |
+ | 'Location' => 'https://engine.entree.kennisnet.nl/authentication/idp/single-sign-on', |
), |
), |
||
1 => |
1 => |
||
array ( |
array ( |
||
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', |
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', |
||
− | 'Location' => 'https:// |
+ | 'Location' => 'https://engine.entree.kennisnet.nl/authentication/idp/single-sign-on', |
), |
), |
||
2 => |
2 => |
||
array ( |
array ( |
||
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact', |
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact', |
||
− | 'Location' => 'https:// |
+ | 'Location' => 'https://engine.entree.kennisnet.nl/authentication/idp/single-sign-on', |
), |
), |
||
), |
), |
||
Regel 126: | Regel 133: | ||
0 => |
0 => |
||
array ( |
array ( |
||
− | 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP', |
||
− | 'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/artifact', |
||
− | 'index' => 0, |
||
), |
), |
||
), |
), |
||
Regel 160: | Regel 164: | ||
// Staging Entree Federation |
// Staging Entree Federation |
||
− | $metadata[' |
+ | $metadata['https://engine.entree.kennisnet.nl/authentication/idp/metadata'] = array ( |
− | 'entityid' => ' |
+ | 'entityid' => 'https://engine.entree-s.kennisnet.nl/authentication/idp/metadata', |
'name' => |
'name' => |
||
array ( |
array ( |
||
Regel 209: | Regel 213: | ||
array ( |
array ( |
||
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', |
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', |
||
− | 'Location' => 'https:// |
+ | 'Location' => 'https://engine.entree-s.kennisnet.nl/authentication/idp/single-sign-on', |
), |
), |
||
1 => |
1 => |
||
array ( |
array ( |
||
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', |
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', |
||
− | 'Location' => 'https:// |
+ | 'Location' => 'https://engine.entree-s.kennisnet.nl/authentication/idp/single-sign-on', |
), |
), |
||
2 => |
2 => |
||
array ( |
array ( |
||
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact', |
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact', |
||
− | 'Location' => 'https:// |
+ | 'Location' => 'https://engine.entree-s.kennisnet.nl/authentication/idp/single-sign-on', |
), |
), |
||
), |
), |
||
Regel 229: | Regel 233: | ||
0 => |
0 => |
||
array ( |
array ( |
||
− | 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP', |
||
− | 'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/artifact', |
||
− | 'index' => 0, |
||
), |
), |
||
), |
), |
Huidige versie van 3 nov 2022 om 13:53
Entree Federation: Installing SimpleSAMLphp as a Service Provider
Nederlands | English |
Step 1: Installation
Installation of SimplSAMLphp can be achieved by following the guides at the SimpleSAMLphp website:
Step 2: Configuration
The Entree Federation requires a couple of specific configurations within SimpleSAMLphp.
Editing authsources.php
NOTE! The following example code exists of additions or changes. The php tags are not included.
The changes are described in the comments.
'default-sp' => array(
'saml:SP',
// Insert your application entityID (usually the unique url of your service)
'entityID' => 'http://domainname.com',
// Certificate generated in step 1.1 in the Quickstart
'privatekey' => 'saml.pem',
'certificate' => 'saml.crt',
// Changing the standard menu for Identity Providers to the Entree Federation menu
// NOTE: The configuration below is set for the Entree staging environment. When going live the value should be changed to https://engine.entree.kennisnet.nl/authentication/idp/metadata
'idp' => 'https://engine.entree-s.kennisnet.nl/authentication/idp/metadata', // staging/test url
// 'idp' => 'https://engine.entree.kennisnet.nl/authentication/idp/metadata', // production url
// Setting the identifier format for the subject of the authentication
'NameIDPolicy' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified',
// Optional configuration to enable pre-login which than can be called by the Identity provider
// 'IDPList' => array( 'entityidofidp', ),
// 'ProxyCount' => 1,
),
From SimpleSAMLphp version 1.15 onwards 'NameIDFormat' has been replaced by 'NameIDPolicy'. The use of 'NameIDFormat' is no longer supported. |
NOTE! Entree Federation refreshes the metadata every 4 hours. However a change in the entityID will not automatically be processed. Contact our servicedesk at https://support.kennisnet.org/ when you want to change your entityID.
Editing config.php
NOTE! The following example code exists of additions or changes. The php tags are not included.
The changes are described in the comments.
// The path through which simpleSAMLphp is available. This should match with the alias location in the webserver configuration
'baseurlpath' => 'simplesaml/',
// Change the standard password for the webinterface!!!
'auth.adminpassword' => '!123456!',
// Insert your own contact information
'technicalcontact_name' => 'Technical contact',
'technicalcontact_email' => 'na@example.org',