KNF:SimpleSAMLphp-idp/en
Installation of SimpleSAMLphp
In order to install SimpleSAMLphp you need to follow the installation guide at either one of these two links:
Attention: Not until you've completed the steps above you can adapt the configuration for Entree Federation as described in the following.
Adapt configuration for Entree Federation
Next we need to make some changes to the configuration of SimpleSAMLphp so the connection with Entre Federation will work.
Attention: The following configuration examples are additions or modifications. The php-tags ar not included.
Configure userstore in authsources.php
In the file authsources.php
you have to configure what kind of userstore you will be using. For example the userstore could be an LDAP, an SQL database, a file or an array. A summary of the options can be found at SimpleSAMLphp Identity Provider QuickStart.
In this example we'll use the option exampleauth:UserPass
. As an userstore we will be using an array containing usernames and passwords.
'demoSAMLIdP' => array(
'exampleauth:UserPass',
'user:demo' => array(
'uid' => array('username@demoOrgansisation'),
'eduPersonAffiliation' => array('student'),
'employeeNumber' => '123456789',
'mail' => 'email@address.com',
'givenName' => 'John',
'sn' => 'Doe',
'nlEduPersonHomeOrganizationId' => 'BRIN',
'nlEduPersonHomeOrganization' => 'My School'
),
Invoke userstore from metadata/saml20-idp-hosted.php
After configuring the userstore we can invoke the userstore frome the file metadata/saml20-idp-hosted.php
. In our example the userstore is the array named demoSAMLIdP
.
'demoSAMLIdP' => array(
//Determine the default host as IdP in case there are multiple IdP's
'host' => '__DEFAULT__',
//Specific attribute formats needed for Entree Federatie
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified',
//The NameID element must contain the same value as the uid attribute
'simplesaml.nameidattribute' => 'uid',
//Certificates for encrypting the messages. See also http://simplesamlphp.org/docs/1.5/simplesamlphp-idp#section_6
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
// The authentication source against which the users should be verified. This has to be one of the values in config/authsources.php
'auth' => 'demoSAMLIdP',
),