KNF:SimpleSAMLphp-idp/en

Uit Kennisnet Developers Documentatie
< KNF:SimpleSAMLphp-idp
Versie door Oostmeijer01 (overleg | bijdragen) op 16 aug 2018 om 15:39
(wijz) ← Oudere versie | Huidige versie (wijz) | Nieuwere versie → (wijz)
Naar navigatie springen Naar zoeken springen
Nl.gif Nederlands En.gif English


Installation of SimpleSAMLphp

In order to install SimpleSAMLphp you need to follow the installation guide at either one of these two locations:

  1. SimpleSAMLphp Installation and Configuration
  2. SimpleSAMLphp Identity Provider QuickStart

Attention: Not until you've completed the steps above you can adapt the configuration for Entree Federation as described in the following.

Adapt configuration for Entree Federation

Next we need to make some changes to the configuration of SimpleSAMLphp so the connection with Entree Federation will work.
Attention: The following configuration examples are additions or modifications. The php-tags are not included.

Configure userstore in authsources.php

In the file authsources.php you have to configure what kind of userstore you will be using. For example the userstore could be an LDAP, an SQL database, a file or an array. A summary of the options can be found at SimpleSAMLphp Identity Provider QuickStart.

In this example we'll use the option exampleauth:UserPass. As an userstore we will be using an array containing usernames and passwords.

    'demoSAMLIdP' => array(
        'exampleauth:UserPass',
        'user:demo' => array(
            'uid' => array('username@demoOrgansisation'),
            'eduPersonAffiliation' => array('student'),
            'employeeNumber' => '123456789',
            'mail' => 'email@address.com',
            'givenName' => 'John',
            'sn' => 'Doe',
            'nlEduPersonHomeOrganizationId' => 'BRIN',
            'nlEduPersonHomeOrganization' => 'My School'
        ),

Invoke userstore from metadata/saml20-idp-hosted.php

After configuring the userstore we can invoke the userstore frome the file metadata/saml20-idp-hosted.php. In our example the userstore is the array named demoSAMLIdP.

 'demoSAMLIdP' => array(
        //Determine the default host as IdP in case there are multiple IdP's
        'host' => '__DEFAULT__',

        //Specific attribute formats needed for Entree Federatie
        'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
        'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified',

        //The NameID element must contain the same value as the uid attribute
        'simplesaml.nameidattribute' => 'uid',

        //Certificates for encrypting the messages. See also http://simplesamlphp.org/docs/1.5/simplesamlphp-idp#section_6
        'privatekey' => 'server.pem',
        'certificate' => 'server.crt',

        // The authentication source against which the users should be verified. This has to be one of the values in config/authsources.php
        'auth' => 'demoSAMLIdP',
    ),