KNF:SimpleSAMLphp-sp/en: verschil tussen versies
Naar navigatie springen
Naar zoeken springen
| Regel 124: | Regel 124: | ||
$metadata['aselect-s.entree.kennisnet.nl'] = array ( |
$metadata['aselect-s.entree.kennisnet.nl'] = array ( |
||
'entityid' => 'aselect-s.entree.kennisnet.nl', |
'entityid' => 'aselect-s.entree.kennisnet.nl', |
||
| − | 'name' => |
+ | 'name' => |
array ( |
array ( |
||
| − | 'en' => 'Stichting Kennisnet |
+ | 'en' => 'Stichting Kennisnet', |
), |
), |
||
| − | 'description' => |
+ | 'description' => |
array ( |
array ( |
||
'en' => 'skn', |
'en' => 'skn', |
||
), |
), |
||
| − | 'OrganizationName' => |
+ | 'OrganizationName' => |
array ( |
array ( |
||
'en' => 'skn', |
'en' => 'skn', |
||
), |
), |
||
| − | 'OrganizationDisplayName' => |
+ | 'OrganizationDisplayName' => |
array ( |
array ( |
||
| − | 'en' => 'Stichting Kennisnet |
+ | 'en' => 'Stichting Kennisnet', |
), |
), |
||
| − | 'url' => |
+ | 'url' => |
array ( |
array ( |
||
| − | 'en' => ' |
+ | 'en' => 'http://www.kennisnetfederatie.nl', |
), |
), |
||
| − | 'OrganizationURL' => |
+ | 'OrganizationURL' => |
array ( |
array ( |
||
| − | 'en' => ' |
+ | 'en' => 'http://www.kennisnetfederatie.nl', |
| + | ), |
||
| + | 'contacts' => |
||
| + | array ( |
||
| + | 0 => |
||
| + | array ( |
||
| + | 'contactType' => 'administrative', |
||
| + | 'company' => 'Stichting Kennisnet', |
||
| + | 'emailAddress' => |
||
| + | array ( |
||
| + | 0 => 'entree@kennisnet.nl', |
||
| + | ), |
||
| + | 'telephoneNumber' => |
||
| + | array ( |
||
| + | 0 => '0800-KENNISNET (0800-536 647 638)', |
||
| + | ), |
||
| + | ), |
||
), |
), |
||
'metadata-set' => 'saml20-idp-remote', |
'metadata-set' => 'saml20-idp-remote', |
||
'redirect.sign' => true, |
'redirect.sign' => true, |
||
| − | 'SingleSignOnService' => |
+ | 'SingleSignOnService' => |
array ( |
array ( |
||
| − | 0 => |
+ | 0 => |
array ( |
array ( |
||
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', |
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', |
||
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web', |
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web', |
||
), |
), |
||
| − | 1 => |
+ | 1 => |
array ( |
array ( |
||
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', |
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', |
||
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web', |
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web', |
||
), |
), |
||
| − | 2 => |
+ | 2 => |
array ( |
array ( |
||
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact', |
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact', |
||
| Regel 168: | Regel 184: | ||
), |
), |
||
), |
), |
||
| − | 'SingleLogoutService' => |
+ | 'SingleLogoutService' => |
array ( |
array ( |
||
), |
), |
||
| − | 'ArtifactResolutionService' => |
+ | 'ArtifactResolutionService' => |
array ( |
array ( |
||
| − | 0 => |
+ | 0 => |
array ( |
array ( |
||
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP', |
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP', |
||
| Regel 180: | Regel 196: | ||
), |
), |
||
), |
), |
||
| − | ' |
+ | 'keys' => |
array ( |
array ( |
||
| + | 0 => |
||
| − | 0 => 'f2b78d5163e010ddcd4a7d8ef1b11eb68853c3b8', |
||
| + | array ( |
||
| + | 'encryption' => false, |
||
| + | 'signing' => true, |
||
| + | 'type' => 'X509Certificate', |
||
| + | 'X509Certificate' => 'MIIDvjCCAqYCCQCfXTWG7R858jANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCTkwxFTATBgNV |
||
| + | BAgMDFp1aWQtSG9sbGFuZDETMBEGA1UEBwwKWm9ldGVybWVlcjEcMBoGA1UECgwTU3RpY2h0aW5n |
||
| + | IEtlbm5pc25ldDEZMBcGA1UECwwQRW50cmVlIEZlZGVyYXRpZTEsMCoGA1UEAwwjYXNlbGVjdC5z |
||
| + | dGFnaW5nLmVudHJlZS5rZW5uaXNuZXQubmwwHhcNMTYwMTIwMTQyMjMwWhcNMTcwODMxMTQyMjMw |
||
| + | WjCBoDELMAkGA1UEBhMCTkwxFTATBgNVBAgMDFp1aWQtSG9sbGFuZDETMBEGA1UEBwwKWm9ldGVy |
||
| + | bWVlcjEcMBoGA1UECgwTU3RpY2h0aW5nIEtlbm5pc25ldDEZMBcGA1UECwwQRW50cmVlIEZlZGVy |
||
| + | YXRpZTEsMCoGA1UEAwwjYXNlbGVjdC5zdGFnaW5nLmVudHJlZS5rZW5uaXNuZXQubmwwggEiMA0G |
||
| + | CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtNrqb9Hr5zmMQdLRTvKZVGf06suwpnn0krC/M9VR4 |
||
| + | Zj3Yz3EQgXYnVvLIjdJTVIhG1zfMO+bmHZ/4Rxc/V733rD2ACQjl43cPCmfdkjIEPoXljWaXdnaG |
||
| + | H3bXaQ+jhu6acrGDDqL9Bodqf25T40zkwe7MY9B6eD7JUZa7qNHCwg0HRnCEtXZDdxpiv0cdcOCP |
||
| + | NqHMcQIC/unnCApbaxpZi9haXnciWGmCMf9e6TT2B9i6nLiiKeJ1Vv1DlE5Gqmy94buq86+eTXpR |
||
| + | qN7U+6eU5kcnSlQ3+LAyQ+zP49BNmXrN2xjQ5f1GCm7J+7UgY+q/hpsG3NM6sMsIMzxn+IqpAgMB |
||
| + | AAEwDQYJKoZIhvcNAQELBQADggEBAIfuVWMln0ekx7G5dQwUdvXFjFhxCslUqLkU0mpyQ46n28Ej |
||
| + | cJMf9d10rLdB7HI/8OyBHDpkU0d/rrrvvi3p0Y2llBTYvQKwIqxa79g10pO7Pjx64X/3i6xHX7Lx |
||
| + | 2gxWu+KJyUjie2P5a+AhP3XK7+ej5MFR4hQcliRNo2n+J6ZYAfiTRZln5H3d4HJC7cKD/qJr1aUb |
||
| + | jiB3pehW2Smdfa0dXgVBsjuQSnBdxkNgGUgG4o2e8yaFKMRerfu7AP78bbcpOaCmvaCLoba8dYMR |
||
| + | ABjD9S8JZ5oNu5o+qR7h3fmdLGpCDlk+YTeUfzMYR982n6u/HEUYyz9MA6+U5cklPnk=', |
||
| + | ), |
||
), |
), |
||
| − | 'certData' => 'MIICwDCCAikCBE1k+lAwDQYJKoZIhvcNAQEEBQAwgaYxCzAJBgNVBAYTAk5MMRUwEwYDVQQIEwxadWlkLUhvbGxhbmQxEzARBgNVBAcTClpvZXRlcm1lZXIxHDAaBgNVBAoTE1N0aWNodGluZyBLZW5uaXNuZXQxHzAdBgNVBAsTFkVudHJlZSBOZXh0IEdlbmVyYXRpb24xLDAqBgNVBAMTI2FzZWxlY3Quc3RhZ2luZy5lbnRyZWUua2VubmlzbmV0Lm5sMB4XDTExMDIyMzEyMTUxMloXDTE2MDIwNjEyMTUxMlowgaYxCzAJBgNVBAYTAk5MMRUwEwYDVQQIEwxadWlkLUhvbGxhbmQxEzARBgNVBAcTClpvZXRlcm1lZXIxHDAaBgNVBAoTE1N0aWNodGluZyBLZW5uaXNuZXQxHzAdBgNVBAsTFkVudHJlZSBOZXh0IEdlbmVyYXRpb24xLDAqBgNVBAMTI2FzZWxlY3Quc3RhZ2luZy5lbnRyZWUua2VubmlzbmV0Lm5sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+iQDEWzzn76RgfOsnNrE0xS+WvmXr6oWTwoMaNVGZC5UnESbV5vPsNWTEbP8Vh2bT6kTaTnjDMx4POWasHnBPR/h0MCJ78D4nqkIEuhz+QBEvfMgZEgXJgOtoqgenDpXAkoetJkkkmRwt4mBk+puUJUaP3WcI5/J7BM/NdH6JQwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAK5WdDPy4clXgsVWie58A0NkALRwCl7Rbwb0bzddNN0qMpbHGZVINQWzbv6fitd5LLAP8wKtEA82unqH7GpQ+8P1BNlmQVbVBA/otFP1n4NKxKBWwyBgNo6CzsCw/yDSxShNH4abwXs0OhQcnAYnY6WNzYAbG/OVcIuYbkxfiiCk', |
||
); |
); |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
Versie van 23 aug 2016 11:07
Kennisnet Federation: SimpleSAMLphp-sp
 Nederlands
|
 English
|
Installation
Configuration
The Entree Federation requires a couple of specific configurations within SimpleSAMLphp.
NOTE The following examples are additions or changes to the original. The php tags are not included.
authsources.php
'default-sp' => array(
'saml:SP',
// Insert your application entityID (usually the unique url of your service)
'entityID' => 'http://domainname.com',
// Certificate generated in step 1.1 in the Quickstart
'privatekey' => 'saml.pem',
'certificate' => 'saml.crt',
// Changing the standard menu for Identity Providers to the Entree Federation menu
// NOTE: The configuration below is set for the Entree staging environment. When going live the value should be changed to aselect.entree.kennisnet.nl
'idp' => 'aselect-s.entree.kennisnet.nl',
// Changing the Entree Federation attribute formats
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified',
// Optional configuration to enable pre-login which than can be called by the Identity provider
// 'IDPList' => array( 'entityidofidp', ),
// 'ProxyCount' => 1,
),
config.php
// The path through which simpleSAMLphp is available. This should match with the Alias location in the webserver configuration
'baseurlpath' => 'simplesaml/',
// Change the standard password for the webinterface!!!
'auth.adminpassword' => '!123456!',
// Insert your own contact information
'technicalcontact_name' => 'Servicedesk Kennisnet',
'technicalcontact_email' => 'servicedesk@kennisnet.nl',
metadata/saml20-idp-remote.php
// Add the metadata of the Entree Federation environment
// Production Entree Federation
$metadata['aselect.entree.kennisnet.nl'] = array (
'entityid' => 'aselect.entree.kennisnet.nl',
'name' =>
array (
'en' => 'Stichting Kennisnet',
),
'description' =>
array (
'en' => 'skn',
),
'OrganizationName' =>
array (
'en' => 'skn',
),
'OrganizationDisplayName' =>
array (
'en' => 'Stichting Kennisnet',
),
'url' =>
array (
'en' => 'https://www.kennisnet.nl/entree-federatie/',
),
'OrganizationURL' =>
array (
'en' => 'https://www.kennisnet.nl/entree-federatie/',
),
'metadata-set' => 'saml20-idp-remote',
'redirect.sign' => true,
'SingleSignOnService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
),
1 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
),
2 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
),
),
'SingleLogoutService' =>
array (
),
'ArtifactResolutionService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/artifact',
'index' => 0,
),
),
'certFingerprint' =>
array (
0 => '48a4f9fe019179a2867afc8598a64e0c45fa137b',
),
'certData' => 'MIICsDCCAhkCBEPd1t8wDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNVBAYTAk5MMRUwEwYDVQQIEwxadWlkLUhvbGxhbmQxEzARBgNVBAcTClpvZXRlcm1lZXIxHDAaBgNVBAoTE1N0aWNodGluZyBLZW5uaXNuZXQxHzAdBgNVBAsTFkVudHJlZSBOZXh0IEdlbmVyYXRpb24xJDAiBgNVBAMTG2FzZWxlY3QuZW50cmVlLmtlbm5pc25ldC5ubDAeFw0wNjAxMzAwOTA1MzVaFw0xNjAyMDcwOTA1MzVaMIGeMQswCQYDVQQGEwJOTDEVMBMGA1UECBMMWnVpZC1Ib2xsYW5kMRMwEQYDVQQHEwpab2V0ZXJtZWVyMRwwGgYDVQQKExNTdGljaHRpbmcgS2VubmlzbmV0MR8wHQYDVQQLExZFbnRyZWUgTmV4dCBHZW5lcmF0aW9uMSQwIgYDVQQDExthc2VsZWN0LmVudHJlZS5rZW5uaXNuZXQubmwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ4CmyqXS7kTIHsJsRvLjnYbyXjYs+JYk078Mggmp5fyIrb5qA0kkXIHvXY+8Cj050jqPk2T1Qm9qq+D05b2tj7/p9f+5uPr6x3NsZU3kbPD7JgdGNWSJovOS/v36Xv322+yjixP6v1nHFCgdQueKh/Wx1nRcs/zg1I4uqEVmPAJAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAl1fcp/JJ7r2JdpXilq1YFzwPNeNX3bkEcJSiUeGF9yWMJkA4270Dwwf3wOPtlwSWYaJSlDr7fefW9HUCYoVriIavUSJh9s0g7EwsNzmp38Fc1abEmq1bJ8IvLamEoOnOUTJ3pVhgGdv6I7dja8lft+JiA/1WcirlxZtrRi5r994=',
);
// Staging Entree Federation
$metadata['aselect-s.entree.kennisnet.nl'] = array (
'entityid' => 'aselect-s.entree.kennisnet.nl',
'name' =>
array (
'en' => 'Stichting Kennisnet',
),
'description' =>
array (
'en' => 'skn',
),
'OrganizationName' =>
array (
'en' => 'skn',
),
'OrganizationDisplayName' =>
array (
'en' => 'Stichting Kennisnet',
),
'url' =>
array (
'en' => 'http://www.kennisnetfederatie.nl',
),
'OrganizationURL' =>
array (
'en' => 'http://www.kennisnetfederatie.nl',
),
'contacts' =>
array (
0 =>
array (
'contactType' => 'administrative',
'company' => 'Stichting Kennisnet',
'emailAddress' =>
array (
0 => 'entree@kennisnet.nl',
),
'telephoneNumber' =>
array (
0 => '0800-KENNISNET (0800-536 647 638)',
),
),
),
'metadata-set' => 'saml20-idp-remote',
'redirect.sign' => true,
'SingleSignOnService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
),
1 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
),
2 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
),
),
'SingleLogoutService' =>
array (
),
'ArtifactResolutionService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/artifact',
'index' => 0,
),
),
'keys' =>
array (
0 =>
array (
'encryption' => false,
'signing' => true,
'type' => 'X509Certificate',
'X509Certificate' => 'MIIDvjCCAqYCCQCfXTWG7R858jANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCTkwxFTATBgNV
BAgMDFp1aWQtSG9sbGFuZDETMBEGA1UEBwwKWm9ldGVybWVlcjEcMBoGA1UECgwTU3RpY2h0aW5n
IEtlbm5pc25ldDEZMBcGA1UECwwQRW50cmVlIEZlZGVyYXRpZTEsMCoGA1UEAwwjYXNlbGVjdC5z
dGFnaW5nLmVudHJlZS5rZW5uaXNuZXQubmwwHhcNMTYwMTIwMTQyMjMwWhcNMTcwODMxMTQyMjMw
WjCBoDELMAkGA1UEBhMCTkwxFTATBgNVBAgMDFp1aWQtSG9sbGFuZDETMBEGA1UEBwwKWm9ldGVy
bWVlcjEcMBoGA1UECgwTU3RpY2h0aW5nIEtlbm5pc25ldDEZMBcGA1UECwwQRW50cmVlIEZlZGVy
YXRpZTEsMCoGA1UEAwwjYXNlbGVjdC5zdGFnaW5nLmVudHJlZS5rZW5uaXNuZXQubmwwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtNrqb9Hr5zmMQdLRTvKZVGf06suwpnn0krC/M9VR4
Zj3Yz3EQgXYnVvLIjdJTVIhG1zfMO+bmHZ/4Rxc/V733rD2ACQjl43cPCmfdkjIEPoXljWaXdnaG
H3bXaQ+jhu6acrGDDqL9Bodqf25T40zkwe7MY9B6eD7JUZa7qNHCwg0HRnCEtXZDdxpiv0cdcOCP
NqHMcQIC/unnCApbaxpZi9haXnciWGmCMf9e6TT2B9i6nLiiKeJ1Vv1DlE5Gqmy94buq86+eTXpR
qN7U+6eU5kcnSlQ3+LAyQ+zP49BNmXrN2xjQ5f1GCm7J+7UgY+q/hpsG3NM6sMsIMzxn+IqpAgMB
AAEwDQYJKoZIhvcNAQELBQADggEBAIfuVWMln0ekx7G5dQwUdvXFjFhxCslUqLkU0mpyQ46n28Ej
cJMf9d10rLdB7HI/8OyBHDpkU0d/rrrvvi3p0Y2llBTYvQKwIqxa79g10pO7Pjx64X/3i6xHX7Lx
2gxWu+KJyUjie2P5a+AhP3XK7+ej5MFR4hQcliRNo2n+J6ZYAfiTRZln5H3d4HJC7cKD/qJr1aUb
jiB3pehW2Smdfa0dXgVBsjuQSnBdxkNgGUgG4o2e8yaFKMRerfu7AP78bbcpOaCmvaCLoba8dYMR
ABjD9S8JZ5oNu5o+qR7h3fmdLGpCDlk+YTeUfzMYR982n6u/HEUYyz9MA6+U5cklPnk=',
),
),
);