Versions Compared

Old Version 36

changes.mady.by.user Thijs Kinkhorst

Saved on

compared with

New Version 37

changes.mady.by.user Thijs Kinkhorst

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: merge in "SimpleSAMLphp and SURFconext"

...

In this tutorial, we will set up a simple Service Provider, written in PHP, and connect it to the SURFconext infrastructure, using the SimpleSAMLphp product.

The tutorial assumes you are using a Linux environment; however, there is no reason to assume that this approach won't work on different operating systems that support PHP.

...

  • The resulting private key (saml.key) and certificate (saml.crt) need to be placed in the cert/ subdirectory in the SimpleSAMLphp root (/var/simplesaml).

The 

Tooltip
linkTextUnderlinetrue
linkTextconfiguration file
stylewhite
alignmentleft

 thus becomes:

Code Block
languagephp
<?php
$config = array([
    // This is a authentication source which handles SimpleSAMLphp admin authentication.
    'admin' => array([
        'core:AdminPassword',
    )],

    // An authentication source which can authenticate against SURFconext
    'default-sp' => array([
        'saml:SP',
        'privatekey'  => 'saml.key',
        'certificate' => 'saml.crt',
        'idp' => 'https://engine.test.surfconext.nl/authentication/idp/metadata',

        ),
)// The entries below are all OPTIONAL but RECOMMENDED to tell SURFconext
        // some details about your service.
        'name' => [
                'en' => 'Name of the Service',
                'nl' => 'Naam van de Dienst',
        ],
 
        'description' => [
                'en' => 'Description of the Service',
                'nl' => 'Omschrijving van de dienst',
        ],

    ],
];
Info

Be aware of the environment your IdP lives in. In the example above the production test environment of SURFconext is used. A common mistake is to try to connect to the test enviromnent environment of SURFconext, and make use of the production environments link. Use one of the followingYou can find the right entityID inside the metadata for each environment:

...

Code Block
languagephp
<?php
$metadata['https://engine.test.surfconext.nl/authentication/idp/metadata'] = [
    'name' => [
        'en' => 'SURFconext test',
        'nl' => 'SURFconext test',
    ],
    'SingleSignOnService' => 'https://engine.test.surfconext.nl/authentication/idp/single-sign-on/key:20190208',
    'certificate' => 'engineblock.test.surfconext.nl.20190208.pem',

    // convert OID formatted attributes from SAML assertion to 'name' similar to LDAP
    // so they will be available as 'mail' and 'displayName'
    'authproc' => [
      50 => [
        'class' => 'core:AttributeMap', 'oid2name',
      ],
    ],
];

Where the .pem file is a file placed under the cert/ directory containing the SAML signing certificate you can find this file at https://metadata.test.surfconext.nl/ under "Assertion signing certificate".

...

Next, we need to add the SP to SURFconext. SURFnet doesn't allow just anyone to connect directly to its production platform.  To register, put the metadata URL (https://mfsp.example.org/simplesaml/module.php/saml/sp/metadata.php/default-sp) in the SP Dashboard form, fill it out and publish the entity to TEST.

If not using the SP dahsboard, send an email to support@surfconext.nl. 

...

When visiting this script, you will now be required to log on via SURFconext.

Further configuration

We recommend you consider Securing your simpleSAMLphp setup.

That's all folks!

Please direct any questions or comments about this document to support@surfconext.nl.