KNF:SimpleSAMLphp-sp/en
< KNF:SimpleSAMLphp-sp
Naar navigatie springen
Naar zoeken springen
Versie door Holierhoek01 (overleg | bijdragen) op 23 aug 2016 om 11:08 (→metadata/saml20-idp-remote.php)
Kennisnet Federation: SimpleSAMLphp-sp
 Nederlands
|
 English
|
Installation
Configuration
The Entree Federation requires a couple of specific configurations within SimpleSAMLphp.
NOTE The following examples are additions or changes to the original. The php tags are not included.
authsources.php
'default-sp' => array(
'saml:SP',
// Insert your application entityID (usually the unique url of your service)
'entityID' => 'http://domainname.com',
// Certificate generated in step 1.1 in the Quickstart
'privatekey' => 'saml.pem',
'certificate' => 'saml.crt',
// Changing the standard menu for Identity Providers to the Entree Federation menu
// NOTE: The configuration below is set for the Entree staging environment. When going live the value should be changed to aselect.entree.kennisnet.nl
'idp' => 'aselect-s.entree.kennisnet.nl',
// Changing the Entree Federation attribute formats
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified',
// Optional configuration to enable pre-login which than can be called by the Identity provider
// 'IDPList' => array( 'entityidofidp', ),
// 'ProxyCount' => 1,
),
config.php
// The path through which simpleSAMLphp is available. This should match with the Alias location in the webserver configuration
'baseurlpath' => 'simplesaml/',
// Change the standard password for the webinterface!!!
'auth.adminpassword' => '!123456!',
// Insert your own contact information
'technicalcontact_name' => 'Servicedesk Kennisnet',
'technicalcontact_email' => 'servicedesk@kennisnet.nl',
metadata/saml20-idp-remote.php
// Add the metadata of the Entree Federation environment
// Production Entree Federation
$metadata['aselect.entree.kennisnet.nl'] = array (
'entityid' => 'aselect.entree.kennisnet.nl',
'name' =>
array (
'en' => 'Stichting Kennisnet',
),
'description' =>
array (
'en' => 'skn',
),
'OrganizationName' =>
array (
'en' => 'skn',
),
'OrganizationDisplayName' =>
array (
'en' => 'Stichting Kennisnet',
),
'url' =>
array (
'en' => 'http://www.kennisnetfederatie.nl',
),
'OrganizationURL' =>
array (
'en' => 'http://www.kennisnetfederatie.nl',
),
'contacts' =>
array (
0 =>
array (
'contactType' => 'administrative',
'company' => 'Stichting Kennisnet',
'emailAddress' =>
array (
0 => 'entree@kennisnet.nl',
),
'telephoneNumber' =>
array (
0 => '0800-KENNISNET (0800-536 647 638)',
),
),
),
'metadata-set' => 'saml20-idp-remote',
'redirect.sign' => true,
'SingleSignOnService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
),
1 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
),
2 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
),
),
'SingleLogoutService' =>
array (
),
'ArtifactResolutionService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/artifact',
'index' => 0,
),
),
'keys' =>
array (
0 =>
array (
'encryption' => false,
'signing' => true,
'type' => 'X509Certificate',
'X509Certificate' => 'MIIDrjCCApYCCQDmo4IZ7XxEgzANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCTkwxFTATBgNV
BAgMDFp1aWQtSG9sbGFuZDETMBEGA1UEBwwKWm9ldGVybWVlcjEcMBoGA1UECgwTU3RpY2h0aW5n
IEtlbm5pc25ldDEZMBcGA1UECwwQRW50cmVlIEZlZGVyYXRpZTEkMCIGA1UEAwwbYXNlbGVjdC5l
bnRyZWUua2VubmlzbmV0Lm5sMB4XDTE2MDEyMDEzNDcyN1oXDTE3MDgzMTEzNDcyN1owgZgxCzAJ
BgNVBAYTAk5MMRUwEwYDVQQIDAxadWlkLUhvbGxhbmQxEzARBgNVBAcMClpvZXRlcm1lZXIxHDAa
BgNVBAoME1N0aWNodGluZyBLZW5uaXNuZXQxGTAXBgNVBAsMEEVudHJlZSBGZWRlcmF0aWUxJDAi
BgNVBAMMG2FzZWxlY3QuZW50cmVlLmtlbm5pc25ldC5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKAAcFlyAtHC22rupXKI61AvnJg/qca3wu4qbOvZU6967y8Sb2zLUzDbzyytjoFi
qgKHXEiZteJqrSrfEU+N7cBkQkZMC16PInQuh7bKByoAWWtrnCf45XA9afEysORk3B0BvCbYiObm
xPN4+bjJL6okCCKBIaEjfl7qgEXkPljrw+pB5fo+vmxDc1obFks5xyd3ReFCS9v9yZjjZUeX5S7y
Us6WypbbQYWvtCugpWfElxaSjxU7KCplDGJG/77GqIWEpDk6w7nGZLfKXBczC52BZEuLH5MxTLKK
Di24kzLs46bhP6h1LhcnGMW3IPeOCAzYmZk8Q2A3Sf4ecMGbpfkCAwEAATANBgkqhkiG9w0BAQsF
AAOCAQEAFFtZbYyAoOfGrgYMbn7FLJaI49QOVLKYerNRs/Ay9i6des+wWZUhfgs+pofChtX2PBNH
AbVB0fUHPYaKoHV+tZvYcMuFx/tHTs0x0WtdzTb1yFISOKliuZ5n1tu1GaL+kIvE8dz/0R1wrXgi
TpwpJfNC9rNabjsOe512SsJ0AjlqOYef2FP3ZKVcPXyg/Itaa+UThj31Qx0qNwyyy5Z0cxpcSxTl
VqrM5U+7vuTZxPHSkABqj8oDUkvRNF9DXZONT1Sh3Q/4/RvMt4knEtsG2Ao3kOetzSJHvys6WtI9
T4nVvuq8Jzvj97FEG5oPk1mDZJrjVV/3V6FDAxvxuEhefg==',
),
),
);
// Staging Entree Federation
$metadata['aselect-s.entree.kennisnet.nl'] = array (
'entityid' => 'aselect-s.entree.kennisnet.nl',
'name' =>
array (
'en' => 'Stichting Kennisnet',
),
'description' =>
array (
'en' => 'skn',
),
'OrganizationName' =>
array (
'en' => 'skn',
),
'OrganizationDisplayName' =>
array (
'en' => 'Stichting Kennisnet',
),
'url' =>
array (
'en' => 'http://www.kennisnetfederatie.nl',
),
'OrganizationURL' =>
array (
'en' => 'http://www.kennisnetfederatie.nl',
),
'contacts' =>
array (
0 =>
array (
'contactType' => 'administrative',
'company' => 'Stichting Kennisnet',
'emailAddress' =>
array (
0 => 'entree@kennisnet.nl',
),
'telephoneNumber' =>
array (
0 => '0800-KENNISNET (0800-536 647 638)',
),
),
),
'metadata-set' => 'saml20-idp-remote',
'redirect.sign' => true,
'SingleSignOnService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
),
1 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
),
2 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
),
),
'SingleLogoutService' =>
array (
),
'ArtifactResolutionService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/artifact',
'index' => 0,
),
),
'keys' =>
array (
0 =>
array (
'encryption' => false,
'signing' => true,
'type' => 'X509Certificate',
'X509Certificate' => 'MIIDvjCCAqYCCQCfXTWG7R858jANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCTkwxFTATBgNV
BAgMDFp1aWQtSG9sbGFuZDETMBEGA1UEBwwKWm9ldGVybWVlcjEcMBoGA1UECgwTU3RpY2h0aW5n
IEtlbm5pc25ldDEZMBcGA1UECwwQRW50cmVlIEZlZGVyYXRpZTEsMCoGA1UEAwwjYXNlbGVjdC5z
dGFnaW5nLmVudHJlZS5rZW5uaXNuZXQubmwwHhcNMTYwMTIwMTQyMjMwWhcNMTcwODMxMTQyMjMw
WjCBoDELMAkGA1UEBhMCTkwxFTATBgNVBAgMDFp1aWQtSG9sbGFuZDETMBEGA1UEBwwKWm9ldGVy
bWVlcjEcMBoGA1UECgwTU3RpY2h0aW5nIEtlbm5pc25ldDEZMBcGA1UECwwQRW50cmVlIEZlZGVy
YXRpZTEsMCoGA1UEAwwjYXNlbGVjdC5zdGFnaW5nLmVudHJlZS5rZW5uaXNuZXQubmwwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtNrqb9Hr5zmMQdLRTvKZVGf06suwpnn0krC/M9VR4
Zj3Yz3EQgXYnVvLIjdJTVIhG1zfMO+bmHZ/4Rxc/V733rD2ACQjl43cPCmfdkjIEPoXljWaXdnaG
H3bXaQ+jhu6acrGDDqL9Bodqf25T40zkwe7MY9B6eD7JUZa7qNHCwg0HRnCEtXZDdxpiv0cdcOCP
NqHMcQIC/unnCApbaxpZi9haXnciWGmCMf9e6TT2B9i6nLiiKeJ1Vv1DlE5Gqmy94buq86+eTXpR
qN7U+6eU5kcnSlQ3+LAyQ+zP49BNmXrN2xjQ5f1GCm7J+7UgY+q/hpsG3NM6sMsIMzxn+IqpAgMB
AAEwDQYJKoZIhvcNAQELBQADggEBAIfuVWMln0ekx7G5dQwUdvXFjFhxCslUqLkU0mpyQ46n28Ej
cJMf9d10rLdB7HI/8OyBHDpkU0d/rrrvvi3p0Y2llBTYvQKwIqxa79g10pO7Pjx64X/3i6xHX7Lx
2gxWu+KJyUjie2P5a+AhP3XK7+ej5MFR4hQcliRNo2n+J6ZYAfiTRZln5H3d4HJC7cKD/qJr1aUb
jiB3pehW2Smdfa0dXgVBsjuQSnBdxkNgGUgG4o2e8yaFKMRerfu7AP78bbcpOaCmvaCLoba8dYMR
ABjD9S8JZ5oNu5o+qR7h3fmdLGpCDlk+YTeUfzMYR982n6u/HEUYyz9MA6+U5cklPnk=',
),
),
);