...
- Download and unpack SimpleSAMLphp into
/var/simplesamlsimplesamlphp(step 4) - Configure Apache (step 6)
- Configure SimpleSAMLphp (step 7)
...
In addition, copy the file /var/simplesamlsimplesamlphp/modules/sanitycheck/config-templates/config-sanitycheck.php to /var/simplesamlsimplesamlphp/config/.
Edit it to disable the cron check, if desired.
Once you've set up SimpleSAMLphp, check that it works by visiting https://mfsp.example.org/simplesaml. You should get a site that looks like this:
...
- Edit
config/authsources.phpin the in the SimpleSAMLphp root (/var/simplesamlphp). - The default config file has a lot of example code, for authentication against Google, Facebook, etc. We just want to have a username/password based admin login, and a SAML authentication source (which will be connected to SURFconext).
- All SAML requests to and from SURFconext will be signed using SSL. The SSL certificated used for this does not need to be signed by a CA. A key and certificate can be generated using the following OpenSSL command:
...
- The resulting private key (
saml.key) and certificate (saml.crt) need to be placed in thecert/subdirectory in the SimpleSAMLphp root (/var/simplesamlphp).
The
| Tooltip | ||||||||
|---|---|---|---|---|---|---|---|---|
|
...
Next, we need to add the SP to SURFconext. SURFnet doesn't allow just anyone to connect directly to its production platform. To register, put the metadata URL (https://mfsp.example.org/simplesaml/module.php/saml/sp/metadata.php/default-sp) in the SP Dashboard form, fill it out and publish the entity to TEST.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<?php
require_once('/var/simplesamlsimplesamlphp/lib/_autoload.php');
$as = new SimpleSAML_Auth_Simple('default-sp');
$as->requireAuth();
$attributes = $as->getAttributes();
?>
<html>
<head><title>My First Service Provider in PHP</title></head>
<body>
<h1>My First SP</h1>
<p>Hello world!</p>
<h2>Your attributes:</h2>
<pre><?php print_r($attributes); ?></pre>
</body></html>
|
...