...
- Download and unpack SimpleSAMLphp into
/var/simplesamlsimplesamlphp
(step 4) - Configure Apache (step 6)
- Configure SimpleSAMLphp (step 7)
...
In addition, copy the file /var/simplesamlsimplesamlphp/modules/sanitycheck/config-templates/config-sanitycheck.php
to /var/simplesamlsimplesamlphp/config/
.
Edit it to disable the cron check, if desired.
Once you've set up SimpleSAMLphp, check that it works by visiting https://mfsp.example.org/simplesaml
. You should get a site that looks like this:
...
- Edit
config/authsources.php
in the in the SimpleSAMLphp root (/var/simplesaml
php). - The default config file has a lot of example code, for authentication against Google, Facebook, etc. We just want to have a username/password based admin login, and a SAML authentication source (which will be connected to SURFconext).
- All SAML requests to and from SURFconext will be signed using SSL. The SSL certificated used for this does not need to be signed by a CA. A key and certificate can be generated using the following OpenSSL command:
...
- The resulting private key (
saml.key
) and certificate (saml.crt
) need to be placed in thecert/
subdirectory in the SimpleSAMLphp root (/var/simplesaml
php).
The
Tooltip | ||||||||
---|---|---|---|---|---|---|---|---|
|
...
Next, we need to add the SP to SURFconext. SURFnet doesn't allow just anyone to connect directly to its production platform. To register, put the metadata URL (https://mfsp.example.org/simplesaml/module.php/saml/sp/metadata.php/default-sp
) in the SP Dashboard form, fill it out and publish the entity to TEST.
...
Code Block | ||||
---|---|---|---|---|
| ||||
<?php require_once('/var/simplesamlsimplesamlphp/lib/_autoload.php'); $as = new SimpleSAML_Auth_Simple('default-sp'); $as->requireAuth(); $attributes = $as->getAttributes(); ?> <html> <head><title>My First Service Provider in PHP</title></head> <body> <h1>My First SP</h1> <p>Hello world!</p> <h2>Your attributes:</h2> <pre><?php print_r($attributes); ?></pre> </body></html> |
...