KNF:SimpleSAMLphp-sp/en
< KNF:SimpleSAMLphp-sp
Naar navigatie springen
Naar zoeken springen
Versie door Holierhoek01 (overleg | bijdragen) op 23 aug 2016 om 11:07 (→metadata/saml20-idp-remote.php)
Kennisnet Federation: SimpleSAMLphp-sp
 Nederlands
|
 English
|
Installation
Configuration
The Entree Federation requires a couple of specific configurations within SimpleSAMLphp.
NOTE The following examples are additions or changes to the original. The php tags are not included.
authsources.php
'default-sp' => array(
'saml:SP',
// Insert your application entityID (usually the unique url of your service)
'entityID' => 'http://domainname.com',
// Certificate generated in step 1.1 in the Quickstart
'privatekey' => 'saml.pem',
'certificate' => 'saml.crt',
// Changing the standard menu for Identity Providers to the Entree Federation menu
// NOTE: The configuration below is set for the Entree staging environment. When going live the value should be changed to aselect.entree.kennisnet.nl
'idp' => 'aselect-s.entree.kennisnet.nl',
// Changing the Entree Federation attribute formats
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified',
// Optional configuration to enable pre-login which than can be called by the Identity provider
// 'IDPList' => array( 'entityidofidp', ),
// 'ProxyCount' => 1,
),
config.php
// The path through which simpleSAMLphp is available. This should match with the Alias location in the webserver configuration
'baseurlpath' => 'simplesaml/',
// Change the standard password for the webinterface!!!
'auth.adminpassword' => '!123456!',
// Insert your own contact information
'technicalcontact_name' => 'Servicedesk Kennisnet',
'technicalcontact_email' => 'servicedesk@kennisnet.nl',
metadata/saml20-idp-remote.php
// Add the metadata of the Entree Federation environment
// Production Entree Federation
$metadata['aselect.entree.kennisnet.nl'] = array (
'entityid' => 'aselect.entree.kennisnet.nl',
'name' =>
array (
'en' => 'Stichting Kennisnet',
),
'description' =>
array (
'en' => 'skn',
),
'OrganizationName' =>
array (
'en' => 'skn',
),
'OrganizationDisplayName' =>
array (
'en' => 'Stichting Kennisnet',
),
'url' =>
array (
'en' => 'https://www.kennisnet.nl/entree-federatie/',
),
'OrganizationURL' =>
array (
'en' => 'https://www.kennisnet.nl/entree-federatie/',
),
'metadata-set' => 'saml20-idp-remote',
'redirect.sign' => true,
'SingleSignOnService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
),
1 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
),
2 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
),
),
'SingleLogoutService' =>
array (
),
'ArtifactResolutionService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/artifact',
'index' => 0,
),
),
'certFingerprint' =>
array (
0 => '48a4f9fe019179a2867afc8598a64e0c45fa137b',
),
'certData' => 'MIICsDCCAhkCBEPd1t8wDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNVBAYTAk5MMRUwEwYDVQQIEwxadWlkLUhvbGxhbmQxEzARBgNVBAcTClpvZXRlcm1lZXIxHDAaBgNVBAoTE1N0aWNodGluZyBLZW5uaXNuZXQxHzAdBgNVBAsTFkVudHJlZSBOZXh0IEdlbmVyYXRpb24xJDAiBgNVBAMTG2FzZWxlY3QuZW50cmVlLmtlbm5pc25ldC5ubDAeFw0wNjAxMzAwOTA1MzVaFw0xNjAyMDcwOTA1MzVaMIGeMQswCQYDVQQGEwJOTDEVMBMGA1UECBMMWnVpZC1Ib2xsYW5kMRMwEQYDVQQHEwpab2V0ZXJtZWVyMRwwGgYDVQQKExNTdGljaHRpbmcgS2VubmlzbmV0MR8wHQYDVQQLExZFbnRyZWUgTmV4dCBHZW5lcmF0aW9uMSQwIgYDVQQDExthc2VsZWN0LmVudHJlZS5rZW5uaXNuZXQubmwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ4CmyqXS7kTIHsJsRvLjnYbyXjYs+JYk078Mggmp5fyIrb5qA0kkXIHvXY+8Cj050jqPk2T1Qm9qq+D05b2tj7/p9f+5uPr6x3NsZU3kbPD7JgdGNWSJovOS/v36Xv322+yjixP6v1nHFCgdQueKh/Wx1nRcs/zg1I4uqEVmPAJAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAl1fcp/JJ7r2JdpXilq1YFzwPNeNX3bkEcJSiUeGF9yWMJkA4270Dwwf3wOPtlwSWYaJSlDr7fefW9HUCYoVriIavUSJh9s0g7EwsNzmp38Fc1abEmq1bJ8IvLamEoOnOUTJ3pVhgGdv6I7dja8lft+JiA/1WcirlxZtrRi5r994=',
);
// Staging Entree Federation
$metadata['aselect-s.entree.kennisnet.nl'] = array (
'entityid' => 'aselect-s.entree.kennisnet.nl',
'name' =>
array (
'en' => 'Stichting Kennisnet',
),
'description' =>
array (
'en' => 'skn',
),
'OrganizationName' =>
array (
'en' => 'skn',
),
'OrganizationDisplayName' =>
array (
'en' => 'Stichting Kennisnet',
),
'url' =>
array (
'en' => 'http://www.kennisnetfederatie.nl',
),
'OrganizationURL' =>
array (
'en' => 'http://www.kennisnetfederatie.nl',
),
'contacts' =>
array (
0 =>
array (
'contactType' => 'administrative',
'company' => 'Stichting Kennisnet',
'emailAddress' =>
array (
0 => 'entree@kennisnet.nl',
),
'telephoneNumber' =>
array (
0 => '0800-KENNISNET (0800-536 647 638)',
),
),
),
'metadata-set' => 'saml20-idp-remote',
'redirect.sign' => true,
'SingleSignOnService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
),
1 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
),
2 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
),
),
'SingleLogoutService' =>
array (
),
'ArtifactResolutionService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/artifact',
'index' => 0,
),
),
'keys' =>
array (
0 =>
array (
'encryption' => false,
'signing' => true,
'type' => 'X509Certificate',
'X509Certificate' => 'MIIDvjCCAqYCCQCfXTWG7R858jANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCTkwxFTATBgNV
BAgMDFp1aWQtSG9sbGFuZDETMBEGA1UEBwwKWm9ldGVybWVlcjEcMBoGA1UECgwTU3RpY2h0aW5n
IEtlbm5pc25ldDEZMBcGA1UECwwQRW50cmVlIEZlZGVyYXRpZTEsMCoGA1UEAwwjYXNlbGVjdC5z
dGFnaW5nLmVudHJlZS5rZW5uaXNuZXQubmwwHhcNMTYwMTIwMTQyMjMwWhcNMTcwODMxMTQyMjMw
WjCBoDELMAkGA1UEBhMCTkwxFTATBgNVBAgMDFp1aWQtSG9sbGFuZDETMBEGA1UEBwwKWm9ldGVy
bWVlcjEcMBoGA1UECgwTU3RpY2h0aW5nIEtlbm5pc25ldDEZMBcGA1UECwwQRW50cmVlIEZlZGVy
YXRpZTEsMCoGA1UEAwwjYXNlbGVjdC5zdGFnaW5nLmVudHJlZS5rZW5uaXNuZXQubmwwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtNrqb9Hr5zmMQdLRTvKZVGf06suwpnn0krC/M9VR4
Zj3Yz3EQgXYnVvLIjdJTVIhG1zfMO+bmHZ/4Rxc/V733rD2ACQjl43cPCmfdkjIEPoXljWaXdnaG
H3bXaQ+jhu6acrGDDqL9Bodqf25T40zkwe7MY9B6eD7JUZa7qNHCwg0HRnCEtXZDdxpiv0cdcOCP
NqHMcQIC/unnCApbaxpZi9haXnciWGmCMf9e6TT2B9i6nLiiKeJ1Vv1DlE5Gqmy94buq86+eTXpR
qN7U+6eU5kcnSlQ3+LAyQ+zP49BNmXrN2xjQ5f1GCm7J+7UgY+q/hpsG3NM6sMsIMzxn+IqpAgMB
AAEwDQYJKoZIhvcNAQELBQADggEBAIfuVWMln0ekx7G5dQwUdvXFjFhxCslUqLkU0mpyQ46n28Ej
cJMf9d10rLdB7HI/8OyBHDpkU0d/rrrvvi3p0Y2llBTYvQKwIqxa79g10pO7Pjx64X/3i6xHX7Lx
2gxWu+KJyUjie2P5a+AhP3XK7+ej5MFR4hQcliRNo2n+J6ZYAfiTRZln5H3d4HJC7cKD/qJr1aUb
jiB3pehW2Smdfa0dXgVBsjuQSnBdxkNgGUgG4o2e8yaFKMRerfu7AP78bbcpOaCmvaCLoba8dYMR
ABjD9S8JZ5oNu5o+qR7h3fmdLGpCDlk+YTeUfzMYR982n6u/HEUYyz9MA6+U5cklPnk=',
),
),
);