KNF:SimpleSAMLphp-sp/en

Uit Kennisnet Developers Documentatie
Naar navigatie springen Naar zoeken springen

Entree Federation: Installing SimpleSAMLphp as Service Provider

Nl.gif Nederlands En.gif English


Step 1: Installation

Installation of SimplSAMLphp can be achieved by following the guides at the SimpleSAMLphp website:

  1. Installation documentation SimpleSAMLphp
  2. Quickstart document SimpleSAMLphp

Step 2: Configuration

The Entree Federation requires a couple of specific configurations within SimpleSAMLphp.
NOTE The following examples are additions or changes to the original. The php tags are not included.

Editing authsources.php

    'default-sp' => array(
        'saml:SP',
        
        // Insert your application entityID (usually the unique url of your service)   
        'entityID' => 'http://domainname.com',
        
        // Certificate generated in step 1.1 in the Quickstart
        'privatekey' => 'saml.pem',
        'certificate' => 'saml.crt',

        // Changing the standard menu for Identity Providers to the Entree Federation menu
        // NOTE: The configuration below is set for the Entree staging environment. When going live the value should be changed to aselect.entree.kennisnet.nl
        'idp' => 'aselect-s.entree.kennisnet.nl',  // staging/test url
        // 'idp' => 'aselect.entree.kennisnet.nl',  // production url

        // Setting the identifier format for the subject of the authentication
        'NameIDPolicy' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
        'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified',

        // Optional configuration to enable pre-login which than can be called by the Identity provider
        // 'IDPList' => array( 'entityidofidp', ),
        // 'ProxyCount' => 1,
    ),

From SimpleSAMLphp version 1.15 onwards 'NameIDFormat' has been replaced by 'NameIDPolicy'. The use of 'NameIDFormat' is no longer supported.

NOTE Entree Federation refreshes the metadata every 4 hours. However a change in the entityID will not automatically be processed. Contact our servicedesk at https://support.kennisnet.org/ when you want to change your entityID.

Editing config.php

        // The path through which simpleSAMLphp is available. This should match with the alias location in the webserver configuration
        'baseurlpath'           => 'simplesaml/',

        // Change the standard password for the webinterface!!! 
        'auth.adminpassword'          => '!123456!',

        // Insert your own contact information
        'technicalcontact_name'     => 'Technical contact',
        'technicalcontact_email'    => 'na@example.org',
Overgenomen van "https://developers.wiki.kennisnet.nl/index.php?title=KNF:SimpleSAMLphp-sp/en&oldid=8820"