KNF:SimpleSAMLphp-sp/en: verschil tussen versies

Uit Kennisnet Developers Documentatie
Ga naar: navigatie, zoeken
 
(29 tussenliggende versies door 3 gebruikers niet weergegeven)
Regel 1: Regel 1:
{{PageTitleCustom|title=SimpleSAMLphp-sp|name=Kennisnet Federation|image=true|imageurl=KNF:Hoofdpagina/en}}
+
{{PageTitleCustom|title=Installing SimpleSAMLphp as a Service Provider|name=Entree Federation|image=false|imageurl=Hoofdpagina}}
  +
<br/>
 
 
 
__TOC__
 
__TOC__
===Installation===
 
   
  +
==Step 1: Installation==
*[http://simplesamlphp.org/docs/stable/simplesamlphp-install Installation documentation SimpleSAMLphp]
 
  +
Installation of SimplSAMLphp can be achieved by following the guides at the SimpleSAMLphp website:
*[http://simplesamlphp.org/docs/stable/simplesamlphp-sp Quickstart document SimpleSAMLphp]
 
  +
# [http://simplesamlphp.org/docs/stable/simplesamlphp-install Installation documentation SimpleSAMLphp]
  +
# [http://simplesamlphp.org/docs/stable/simplesamlphp-sp Quickstart document SimpleSAMLphp]
   
===Configuration===
+
==Step 2: Configuration==
The Kennisnet Federation requires a couple of specific configurations within SimpleSAMLphp.<br/>
+
The Entree Federation requires a couple of specific configurations within SimpleSAMLphp.<br/>
'''NOTE''' The following examples are additions or changes to the original. The php tags are not included.
 
   
====authsources.php====
+
=== Editing authsources.php===
  +
'''NOTE!''' The following example code exists of additions or changes. The php tags are not included.<br/>
  +
The changes are described in the comments.
 
<syntaxhighlight lang="php">
 
<syntaxhighlight lang="php">
 
'default-sp' => array(
 
'default-sp' => array(
Regel 24: Regel 25:
 
'certificate' => 'saml.crt',
 
'certificate' => 'saml.crt',
   
// Changing the standard menu for Identity Providers to the Kennisnet Federation menu
+
// Changing the standard menu for Identity Providers to the Entree Federation menu
 
// NOTE: The configuration below is set for the Entree staging environment. When going live the value should be changed to aselect.entree.kennisnet.nl
 
// NOTE: The configuration below is set for the Entree staging environment. When going live the value should be changed to aselect.entree.kennisnet.nl
'idp' => 'aselect-s.entree.kennisnet.nl',
+
'idp' => 'aselect-s.entree.kennisnet.nl', // staging/test url
  +
// 'idp' => 'aselect.entree.kennisnet.nl', // production url
   
// Changing the Kennisnet Federation attribute formats
+
// Setting the identifier format for the subject of the authentication
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
+
'NameIDPolicy' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified',
+
'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified',
   
 
// Optional configuration to enable pre-login which than can be called by the Identity provider
 
// Optional configuration to enable pre-login which than can be called by the Identity provider
Regel 38: Regel 40:
 
</syntaxhighlight>
 
</syntaxhighlight>
   
  +
{{Warn|From SimpleSAMLphp version 1.15 onwards 'NameIDFormat' has been replaced by 'NameIDPolicy'. The use of 'NameIDFormat' is no longer supported.}}
====config.php====
 
  +
  +
'''NOTE!''' Entree Federation refreshes the metadata every 4 hours. However a change in the entityID will not automatically be processed. Contact our servicedesk at https://support.kennisnet.org/ when you want to change your entityID.
  +
  +
=== Editing config.php===
  +
'''NOTE!''' The following example code exists of additions or changes. The php tags are not included.<br/>
  +
The changes are described in the comments.
 
<syntaxhighlight lang="php">
 
<syntaxhighlight lang="php">
// The path through which simpleSAMLphp is available. This should match with the Alias location in the webserver configuration
+
// The path through which simpleSAMLphp is available. This should match with the alias location in the webserver configuration
 
'baseurlpath' => 'simplesaml/',
 
'baseurlpath' => 'simplesaml/',
   
Regel 47: Regel 55:
   
 
// Insert your own contact information
 
// Insert your own contact information
'technicalcontact_name' => 'Servicedesk Kennisnet',
+
'technicalcontact_name' => 'Technical contact',
'technicalcontact_email' => 'servicedesk@kennisnet.nl',
+
'technicalcontact_email' => 'na@example.org',
 
</syntaxhighlight>
 
</syntaxhighlight>
   
====metadata/saml20-idp-remote.php====
+
<!-- ====metadata/saml20-idp-remote.php====
 
<syntaxhighlight lang="php">
 
<syntaxhighlight lang="php">
// Add the metadata of the Kennisnet Federation environment
+
// Add the metadata of the Entree Federation environment
   
// Production Kennisnet Federation
+
// Production Entree Federation
 
$metadata['aselect.entree.kennisnet.nl'] = array (
 
$metadata['aselect.entree.kennisnet.nl'] = array (
 
'entityid' => 'aselect.entree.kennisnet.nl',
 
'entityid' => 'aselect.entree.kennisnet.nl',
'name' =>
+
'name' =>
 
array (
 
array (
 
'en' => 'Stichting Kennisnet',
 
'en' => 'Stichting Kennisnet',
 
),
 
),
'description' =>
+
'description' =>
 
array (
 
array (
 
'en' => 'skn',
 
'en' => 'skn',
 
),
 
),
'OrganizationName' =>
+
'OrganizationName' =>
 
array (
 
array (
 
'en' => 'skn',
 
'en' => 'skn',
 
),
 
),
'OrganizationDisplayName' =>
+
'OrganizationDisplayName' =>
 
array (
 
array (
 
'en' => 'Stichting Kennisnet',
 
'en' => 'Stichting Kennisnet',
 
),
 
),
'url' =>
+
'url' =>
 
array (
 
array (
 
'en' => 'http://www.kennisnetfederatie.nl',
 
'en' => 'http://www.kennisnetfederatie.nl',
 
),
 
),
'OrganizationURL' =>
+
'OrganizationURL' =>
 
array (
 
array (
 
'en' => 'http://www.kennisnetfederatie.nl',
 
'en' => 'http://www.kennisnetfederatie.nl',
  +
),
  +
'contacts' =>
  +
array (
  +
0 =>
  +
array (
  +
'contactType' => 'administrative',
  +
'company' => 'Stichting Kennisnet',
  +
'emailAddress' =>
  +
array (
  +
0 => 'entree@kennisnet.nl',
  +
),
  +
'telephoneNumber' =>
  +
array (
  +
0 => '0800-KENNISNET (0800-536 647 638)',
  +
),
  +
),
 
),
 
),
 
'metadata-set' => 'saml20-idp-remote',
 
'metadata-set' => 'saml20-idp-remote',
 
'redirect.sign' => true,
 
'redirect.sign' => true,
'SingleSignOnService' =>
+
'SingleSignOnService' =>
 
array (
 
array (
0 =>
+
0 =>
 
array (
 
array (
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
 
'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
 
'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
 
),
 
),
1 =>
+
1 =>
 
array (
 
array (
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
 
'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
 
'Location' => 'https://aselect.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
 
),
 
),
2 =>
+
2 =>
 
array (
 
array (
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
Regel 102: Regel 126:
 
),
 
),
 
),
 
),
'SingleLogoutService' =>
+
'SingleLogoutService' =>
 
array (
 
array (
 
),
 
),
'ArtifactResolutionService' =>
+
'ArtifactResolutionService' =>
 
array (
 
array (
0 =>
+
0 =>
 
array (
 
array (
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
Regel 114: Regel 138:
 
),
 
),
 
),
 
),
'certFingerprint' =>
+
'keys' =>
 
array (
 
array (
  +
0 =>
0 => '48a4f9fe019179a2867afc8598a64e0c45fa137b',
 
  +
array (
  +
'encryption' => false,
  +
'signing' => true,
  +
'type' => 'X509Certificate',
  +
'X509Certificate' => 'MIIDrjCCApYCCQDmo4IZ7XxEgzANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCTkwxFTATBgNV
  +
BAgMDFp1aWQtSG9sbGFuZDETMBEGA1UEBwwKWm9ldGVybWVlcjEcMBoGA1UECgwTU3RpY2h0aW5n
  +
IEtlbm5pc25ldDEZMBcGA1UECwwQRW50cmVlIEZlZGVyYXRpZTEkMCIGA1UEAwwbYXNlbGVjdC5l
  +
bnRyZWUua2VubmlzbmV0Lm5sMB4XDTE2MDEyMDEzNDcyN1oXDTE3MDgzMTEzNDcyN1owgZgxCzAJ
  +
BgNVBAYTAk5MMRUwEwYDVQQIDAxadWlkLUhvbGxhbmQxEzARBgNVBAcMClpvZXRlcm1lZXIxHDAa
  +
BgNVBAoME1N0aWNodGluZyBLZW5uaXNuZXQxGTAXBgNVBAsMEEVudHJlZSBGZWRlcmF0aWUxJDAi
  +
BgNVBAMMG2FzZWxlY3QuZW50cmVlLmtlbm5pc25ldC5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEP
  +
ADCCAQoCggEBAKAAcFlyAtHC22rupXKI61AvnJg/qca3wu4qbOvZU6967y8Sb2zLUzDbzyytjoFi
  +
qgKHXEiZteJqrSrfEU+N7cBkQkZMC16PInQuh7bKByoAWWtrnCf45XA9afEysORk3B0BvCbYiObm
  +
xPN4+bjJL6okCCKBIaEjfl7qgEXkPljrw+pB5fo+vmxDc1obFks5xyd3ReFCS9v9yZjjZUeX5S7y
  +
Us6WypbbQYWvtCugpWfElxaSjxU7KCplDGJG/77GqIWEpDk6w7nGZLfKXBczC52BZEuLH5MxTLKK
  +
Di24kzLs46bhP6h1LhcnGMW3IPeOCAzYmZk8Q2A3Sf4ecMGbpfkCAwEAATANBgkqhkiG9w0BAQsF
  +
AAOCAQEAFFtZbYyAoOfGrgYMbn7FLJaI49QOVLKYerNRs/Ay9i6des+wWZUhfgs+pofChtX2PBNH
  +
AbVB0fUHPYaKoHV+tZvYcMuFx/tHTs0x0WtdzTb1yFISOKliuZ5n1tu1GaL+kIvE8dz/0R1wrXgi
  +
TpwpJfNC9rNabjsOe512SsJ0AjlqOYef2FP3ZKVcPXyg/Itaa+UThj31Qx0qNwyyy5Z0cxpcSxTl
  +
VqrM5U+7vuTZxPHSkABqj8oDUkvRNF9DXZONT1Sh3Q/4/RvMt4knEtsG2Ao3kOetzSJHvys6WtI9
  +
T4nVvuq8Jzvj97FEG5oPk1mDZJrjVV/3V6FDAxvxuEhefg==',
  +
),
 
),
 
),
'certData' => 'MIICsDCCAhkCBEPd1t8wDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNVBAYTAk5MMRUwEwYDVQQIEwxadWlkLUhvbGxhbmQxEzARBgNVBAcTClpvZXRlcm1lZXIxHDAaBgNVBAoTE1N0aWNodGluZyBLZW5uaXNuZXQxHzAdBgNVBAsTFkVudHJlZSBOZXh0IEdlbmVyYXRpb24xJDAiBgNVBAMTG2FzZWxlY3QuZW50cmVlLmtlbm5pc25ldC5ubDAeFw0wNjAxMzAwOTA1MzVaFw0xNjAyMDcwOTA1MzVaMIGeMQswCQYDVQQGEwJOTDEVMBMGA1UECBMMWnVpZC1Ib2xsYW5kMRMwEQYDVQQHEwpab2V0ZXJtZWVyMRwwGgYDVQQKExNTdGljaHRpbmcgS2VubmlzbmV0MR8wHQYDVQQLExZFbnRyZWUgTmV4dCBHZW5lcmF0aW9uMSQwIgYDVQQDExthc2VsZWN0LmVudHJlZS5rZW5uaXNuZXQubmwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ4CmyqXS7kTIHsJsRvLjnYbyXjYs+JYk078Mggmp5fyIrb5qA0kkXIHvXY+8Cj050jqPk2T1Qm9qq+D05b2tj7/p9f+5uPr6x3NsZU3kbPD7JgdGNWSJovOS/v36Xv322+yjixP6v1nHFCgdQueKh/Wx1nRcs/zg1I4uqEVmPAJAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAl1fcp/JJ7r2JdpXilq1YFzwPNeNX3bkEcJSiUeGF9yWMJkA4270Dwwf3wOPtlwSWYaJSlDr7fefW9HUCYoVriIavUSJh9s0g7EwsNzmp38Fc1abEmq1bJ8IvLamEoOnOUTJ3pVhgGdv6I7dja8lft+JiA/1WcirlxZtrRi5r994=',
 
 
);
 
);
   
// Staging Kennisnet Federation
+
// Staging Entree Federation
 
$metadata['aselect-s.entree.kennisnet.nl'] = array (
 
$metadata['aselect-s.entree.kennisnet.nl'] = array (
 
'entityid' => 'aselect-s.entree.kennisnet.nl',
 
'entityid' => 'aselect-s.entree.kennisnet.nl',
'name' =>
+
'name' =>
 
array (
 
array (
'en' => 'Stichting Kennisnet (staging)',
+
'en' => 'Stichting Kennisnet',
 
),
 
),
'description' =>
+
'description' =>
 
array (
 
array (
 
'en' => 'skn',
 
'en' => 'skn',
 
),
 
),
'OrganizationName' =>
+
'OrganizationName' =>
 
array (
 
array (
 
'en' => 'skn',
 
'en' => 'skn',
 
),
 
),
'OrganizationDisplayName' =>
+
'OrganizationDisplayName' =>
 
array (
 
array (
'en' => 'Stichting Kennisnet (staging)',
+
'en' => 'Stichting Kennisnet',
 
),
 
),
'url' =>
+
'url' =>
 
array (
 
array (
 
'en' => 'http://www.kennisnetfederatie.nl',
 
'en' => 'http://www.kennisnetfederatie.nl',
 
),
 
),
'OrganizationURL' =>
+
'OrganizationURL' =>
 
array (
 
array (
 
'en' => 'http://www.kennisnetfederatie.nl',
 
'en' => 'http://www.kennisnetfederatie.nl',
  +
),
  +
'contacts' =>
  +
array (
  +
0 =>
  +
array (
  +
'contactType' => 'administrative',
  +
'company' => 'Stichting Kennisnet',
  +
'emailAddress' =>
  +
array (
  +
0 => 'entree@kennisnet.nl',
  +
),
  +
'telephoneNumber' =>
  +
array (
  +
0 => '0800-KENNISNET (0800-536 647 638)',
  +
),
  +
),
 
),
 
),
 
'metadata-set' => 'saml20-idp-remote',
 
'metadata-set' => 'saml20-idp-remote',
 
'redirect.sign' => true,
 
'redirect.sign' => true,
'SingleSignOnService' =>
+
'SingleSignOnService' =>
 
array (
 
array (
0 =>
+
0 =>
 
array (
 
array (
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
 
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
 
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
 
),
 
),
1 =>
+
1 =>
 
array (
 
array (
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
 
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
 
'Location' => 'https://aselect-s.entree.kennisnet.nl/openaselect/profiles/saml2/sso/web',
 
),
 
),
2 =>
+
2 =>
 
array (
 
array (
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
Regel 168: Regel 229:
 
),
 
),
 
),
 
),
'SingleLogoutService' =>
+
'SingleLogoutService' =>
 
array (
 
array (
 
),
 
),
'ArtifactResolutionService' =>
+
'ArtifactResolutionService' =>
 
array (
 
array (
0 =>
+
0 =>
 
array (
 
array (
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
 
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
Regel 180: Regel 241:
 
),
 
),
 
),
 
),
'certFingerprint' =>
+
'keys' =>
 
array (
 
array (
  +
0 =>
0 => 'f2b78d5163e010ddcd4a7d8ef1b11eb68853c3b8',
 
  +
array (
  +
'encryption' => false,
  +
'signing' => true,
  +
'type' => 'X509Certificate',
  +
'X509Certificate' => 'MIIDvjCCAqYCCQCfXTWG7R858jANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCTkwxFTATBgNV
  +
BAgMDFp1aWQtSG9sbGFuZDETMBEGA1UEBwwKWm9ldGVybWVlcjEcMBoGA1UECgwTU3RpY2h0aW5n
  +
IEtlbm5pc25ldDEZMBcGA1UECwwQRW50cmVlIEZlZGVyYXRpZTEsMCoGA1UEAwwjYXNlbGVjdC5z
  +
dGFnaW5nLmVudHJlZS5rZW5uaXNuZXQubmwwHhcNMTYwMTIwMTQyMjMwWhcNMTcwODMxMTQyMjMw
  +
WjCBoDELMAkGA1UEBhMCTkwxFTATBgNVBAgMDFp1aWQtSG9sbGFuZDETMBEGA1UEBwwKWm9ldGVy
  +
bWVlcjEcMBoGA1UECgwTU3RpY2h0aW5nIEtlbm5pc25ldDEZMBcGA1UECwwQRW50cmVlIEZlZGVy
  +
YXRpZTEsMCoGA1UEAwwjYXNlbGVjdC5zdGFnaW5nLmVudHJlZS5rZW5uaXNuZXQubmwwggEiMA0G
  +
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtNrqb9Hr5zmMQdLRTvKZVGf06suwpnn0krC/M9VR4
  +
Zj3Yz3EQgXYnVvLIjdJTVIhG1zfMO+bmHZ/4Rxc/V733rD2ACQjl43cPCmfdkjIEPoXljWaXdnaG
  +
H3bXaQ+jhu6acrGDDqL9Bodqf25T40zkwe7MY9B6eD7JUZa7qNHCwg0HRnCEtXZDdxpiv0cdcOCP
  +
NqHMcQIC/unnCApbaxpZi9haXnciWGmCMf9e6TT2B9i6nLiiKeJ1Vv1DlE5Gqmy94buq86+eTXpR
  +
qN7U+6eU5kcnSlQ3+LAyQ+zP49BNmXrN2xjQ5f1GCm7J+7UgY+q/hpsG3NM6sMsIMzxn+IqpAgMB
  +
AAEwDQYJKoZIhvcNAQELBQADggEBAIfuVWMln0ekx7G5dQwUdvXFjFhxCslUqLkU0mpyQ46n28Ej
  +
cJMf9d10rLdB7HI/8OyBHDpkU0d/rrrvvi3p0Y2llBTYvQKwIqxa79g10pO7Pjx64X/3i6xHX7Lx
  +
2gxWu+KJyUjie2P5a+AhP3XK7+ej5MFR4hQcliRNo2n+J6ZYAfiTRZln5H3d4HJC7cKD/qJr1aUb
  +
jiB3pehW2Smdfa0dXgVBsjuQSnBdxkNgGUgG4o2e8yaFKMRerfu7AP78bbcpOaCmvaCLoba8dYMR
  +
ABjD9S8JZ5oNu5o+qR7h3fmdLGpCDlk+YTeUfzMYR982n6u/HEUYyz9MA6+U5cklPnk=',
  +
),
 
),
 
),
'certData' => 'MIICwDCCAikCBE1k+lAwDQYJKoZIhvcNAQEEBQAwgaYxCzAJBgNVBAYTAk5MMRUwEwYDVQQIEwxadWlkLUhvbGxhbmQxEzARBgNVBAcTClpvZXRlcm1lZXIxHDAaBgNVBAoTE1N0aWNodGluZyBLZW5uaXNuZXQxHzAdBgNVBAsTFkVudHJlZSBOZXh0IEdlbmVyYXRpb24xLDAqBgNVBAMTI2FzZWxlY3Quc3RhZ2luZy5lbnRyZWUua2VubmlzbmV0Lm5sMB4XDTExMDIyMzEyMTUxMloXDTE2MDIwNjEyMTUxMlowgaYxCzAJBgNVBAYTAk5MMRUwEwYDVQQIEwxadWlkLUhvbGxhbmQxEzARBgNVBAcTClpvZXRlcm1lZXIxHDAaBgNVBAoTE1N0aWNodGluZyBLZW5uaXNuZXQxHzAdBgNVBAsTFkVudHJlZSBOZXh0IEdlbmVyYXRpb24xLDAqBgNVBAMTI2FzZWxlY3Quc3RhZ2luZy5lbnRyZWUua2VubmlzbmV0Lm5sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+iQDEWzzn76RgfOsnNrE0xS+WvmXr6oWTwoMaNVGZC5UnESbV5vPsNWTEbP8Vh2bT6kTaTnjDMx4POWasHnBPR/h0MCJ78D4nqkIEuhz+QBEvfMgZEgXJgOtoqgenDpXAkoetJkkkmRwt4mBk+puUJUaP3WcI5/J7BM/NdH6JQwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAK5WdDPy4clXgsVWie58A0NkALRwCl7Rbwb0bzddNN0qMpbHGZVINQWzbv6fitd5LLAP8wKtEA82unqH7GpQ+8P1BNlmQVbVBA/otFP1n4NKxKBWwyBgNo6CzsCw/yDSxShNH4abwXs0OhQcnAYnY6WNzYAbG/OVcIuYbkxfiiCk',
 
 
);
 
);
</syntaxhighlight>
+
</syntaxhighlight> -->
  +
   
[[Categorie:Kennisnet Federatie]]
+
[[Categorie:Entree Federatie]]

Huidige versie van 20 aug 2018 om 15:00

Entree Federation: Installing SimpleSAMLphp as a Service Provider

Nl.gif Nederlands En.gif English


Step 1: Installation

Installation of SimplSAMLphp can be achieved by following the guides at the SimpleSAMLphp website:

  1. Installation documentation SimpleSAMLphp
  2. Quickstart document SimpleSAMLphp

Step 2: Configuration

The Entree Federation requires a couple of specific configurations within SimpleSAMLphp.

Editing authsources.php

NOTE! The following example code exists of additions or changes. The php tags are not included.
The changes are described in the comments.

    'default-sp' => array(
        'saml:SP',
        
        // Insert your application entityID (usually the unique url of your service)   
        'entityID' => 'http://domainname.com',
        
        // Certificate generated in step 1.1 in the Quickstart
        'privatekey' => 'saml.pem',
        'certificate' => 'saml.crt',

        // Changing the standard menu for Identity Providers to the Entree Federation menu
        // NOTE: The configuration below is set for the Entree staging environment. When going live the value should be changed to aselect.entree.kennisnet.nl
        'idp' => 'aselect-s.entree.kennisnet.nl',  // staging/test url
        // 'idp' => 'aselect.entree.kennisnet.nl',  // production url

        // Setting the identifier format for the subject of the authentication
        'NameIDPolicy' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
        'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified',

        // Optional configuration to enable pre-login which than can be called by the Identity provider
        // 'IDPList' => array( 'entityidofidp', ),
        // 'ProxyCount' => 1,
    ),
Warn.gif From SimpleSAMLphp version 1.15 onwards 'NameIDFormat' has been replaced by 'NameIDPolicy'. The use of 'NameIDFormat' is no longer supported.

NOTE! Entree Federation refreshes the metadata every 4 hours. However a change in the entityID will not automatically be processed. Contact our servicedesk at https://support.kennisnet.org/ when you want to change your entityID.

Editing config.php

NOTE! The following example code exists of additions or changes. The php tags are not included.
The changes are described in the comments.

        // The path through which simpleSAMLphp is available. This should match with the alias location in the webserver configuration
        'baseurlpath'           => 'simplesaml/',

        // Change the standard password for the webinterface!!! 
        'auth.adminpassword'          => '!123456!',

        // Insert your own contact information
        'technicalcontact_name'     => 'Technical contact',
        'technicalcontact_email'    => 'na@example.org',