Вы находитесь на странице: 1из 8

World Gone Web

RSS Twitter
Home
Tips
Web clippings
Archives
Lightroom4 Smart Collection : photos without collections
Martin Scorseses open letter to his daughter
Sublime Text : check PHP syntax on build
SVN AUTO UPDATING A DEV SERVER ON COMMIT
Run CAS Server on OS X
Notify readers of a private tumblr blog by email
Pear, pecl and php-oauth on OS X
Listing the days reminders using Apple Script
Use Alfred to rip a DVD to an iso
Samsung Slim External DVD Drive region free on OS X
Alexis on Installing OpenSSH on Windows 7
ARVIND on Installing SimpleSAMLphp and use it as SP and IdP (for development env. only)
shalfon on Create a NAS with a DD-WRT router
Bill on Create a NAS with a DD-WRT router
shalfon on Yamaha DTXplorer, Rock Band 3 and the Midi Adapter on XBox360
.Net api apple apple script aptitude backup bash C# console drive Drums DTXPlorer DVD firmware git Guitar
Hero IDE iPhone iterm kde4 lenny linux macports music mysql oauth pear Rock Band server subversion
svn Sync terminal textmate tumblr twitter usb Yamaha zend Zend Server

Just watched Season 1&2 of Longmire, waiting for more
Hey, I found Starbuck !
Just one more for now
Since boyfriend is binging Breakind Bad I get to tumble some...
Just watched the Lincoln Lawyer (somehow starring the same...
Just watched Dallas Buyers Club by Jean Marc La Valle (2013) A...
Her responding made my day. Thanks
Just watched Nebraska by Alexander Payne (2013) I heard of it...
Just watched The Wolf of Wall Street by Martin Scorsese...
Still hooked
Jan
4
Installing SimpleSAMLphp and use it as SP and IdP (for development en... http://www.worldgoneweb.com/2013/installing-simplesamlphp-and-use...
1 di 8 09/Jul/2014 5:13 PM
January 4, 2013 | 14 Comments
Tweet
3
The goal of this walk through is to install SimpleSAML twice to work on a SAML authentication between two
systes.
We could have an application on one side using SimpleSAML SP and a LDAP, AD, CAS, etc plugged in
SimpleSAML configure as an IdP.
Installing SimpleSAMLphp and use it as SP and IdP (for development en... http://www.worldgoneweb.com/2013/installing-simplesamlphp-and-use...
2 di 8 09/Jul/2014 5:13 PM
Download simplesaml.
Untar the package in a folder of your application, for example /var/www/myapp/library/simplesaml
Edit your apps Virtual Host so that /simplesaml is accessible
1
2
3
4
5
Alias /simplesaml /Users/samo/Workspace/simplesamlphp/www
<Directory "/Users/samo/Workspace/simplesamlphp/www">
Order deny,allow
Allow from all
</Directory>
Restart Apache if necessary
Edit SimpleSAMLs config file in config/config.php Set the debug to TRUE Set an admin password
auth.adminpassword to the password of your choice Set the secretsalt Define technicalcontact_name and
technicalcontact_email
Untar the simple package again, this time, in another folder for example /var/www/simplesaml
Choose a URL for your IdP for example http://auth.saml.net and add this to your hosts file
Create a virtual host for your IdP, it will look something like
1
2
3
4
5
6
7
8
9
10
11
12
13
<VirtualHost *:80>
ServerAdmin <your_email>
ServerName auth.saml.net
AddDefaultCharset UTF-8
DocumentRoot /var/www/simplesaml
Alias /simplesaml /var/www/simplesaml/www
<Directory /var/www/simplesaml/www>
Options Indexes FollowSymlinks multiViews
AllowOverride None
Order deny,allow
allow from all
</Directory>
</VirtualHost>
Again, begin by editing the SimpleSAML config file and repeat the steps listed above This time, you must also
set enable.saml20-idp to true
Since all this is just for development and test purposes, I setup my IdP to an exampleauth. The login / password
will be matched against a plain list of accounts defined in the authources.php file. First, you need to enable the
exempleauth module by doing touch /var/www/simplesaml/modules/exampleauth/enable Second, edit your
authsources.php file (in the config directory) and create your users based on the following example :
1
Installing SimpleSAMLphp and use it as SP and IdP (for development en... http://www.worldgoneweb.com/2013/installing-simplesamlphp-and-use...
3 di 8 09/Jul/2014 5:13 PM
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
'example-userpass' => array(
'exampleauth:UserPass',
'user1:pwd' => array(
'uid' => array('user1'),
'mail' => 'user1@test.com',
'first_name' => 'User',
'last_name' => 'One'
),
'user2:pwd' => array(
'uid' => array('user2'),
'mail' => 'user2@test.com',
'first_name' => 'User',
'last_name' => 'Two'
)
),

Next, make sure that the content of metadata/saml2-idp-hosted.php is


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
$metadata['__DYNAMIC:1__'] = array(
/*
* The hostname of the server (VHOST) that will use this SAML entity.
*
* Can be '__DEFAULT__', to use this entry by default.
*/
'host' => '__DEFAULT__',
/* X.509 key and certificate. Relative to the cert directory. */
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
/*
* Authentication source to use. Must be one that is configured in
* 'config/authsources.php'.
*/
'auth' => 'example-userpass',
/* Uncomment the following to use the uri NameFormat on attributes. */
/*
'attributes NameFormat' => 'urn:oasis:names:tc:SAML:2 0:attrname format:uri'
Now, lets connect SP and IdP together. Browse to your IdP for example : auth.saml.net/simplesaml. Connect
using the admin password defined in your configuration Click on the Federation tab You should see a SAML 2.0
IdP Metadata line, click on [show metadata] below and copy the metadata URL which should look something
like http://auth.saml.net/simplesaml/saml2/idp/metadata.php
Back to the SP, edit the file config/authsources.php and add the declaration of your IdP based on this code
sample :
1
2
3
4
5
6
7
8

'default-sp' => array(


'saml:SP',
'entityID' => 'http://auth.saml.net',
'idp' => 'http://auth.saml.net/simplesaml/saml2/idp/metadata.php',
'ssoPortalUrl'=> 'http://auth.saml.net/simplesaml/saml2/idp/SSOService.php',
),

Back to your browser, copy the content of the box SimpleSAMLphp flat file format and paste it in the file
Installing SimpleSAMLphp and use it as SP and IdP (for development en... http://www.worldgoneweb.com/2013/installing-simplesamlphp-and-use...
4 di 8 09/Jul/2014 5:13 PM
metadata/saml20-idp-remote.php of your SP.
Back to the browser, go to your applicationss SimpleSAML setup for example http://myapp.localhost.net
/simplesaml. Login using the password defined in the configuration file. Browse to the Federation tab and click
on the [show metadata] link for your default-sp/
Copy the content of the SimpleSAMLphp flat flie format box and paste it in the IdP metadata/saml20-
sp-remote.php file.
Test
That should be all for the setup, now you can test it by browsing to your SP side SimpleSAML for example
http://myapp.localhost.net/simplesaml
Login using the password defined in the admin and click on the authentication tab. Click on the link Test
configured authentication sources and click on your IdP declaration in the list of authsources. This will perform
a test SAML authentication process.
Congratulations !
If it failed, you should check the logs of both your SimpleSAML and try and get help on the SimpleSamlPHP
mailing list.
Now that everything works between the SP and the IdP it is time to integrate the SAML auth to your
application. You can do so by adding code similar to this to your authentication process :
1
2
3
4
require_once('/lib/simplesamlphp/lib/_autoload.php');
SimpleSAML_Configuration::setConfigDir('/lib/simplesaml/config/saml');
$authService = new SimpleSAML_Auth_Simple($selectedIdp);
$authService->requireAuth();
Thats it !
Filed under: Computing
Tagged with: idp, saml, simplesamlphp, sp, sso, web
Tweet it
Tweet 3
Subscribe to the RSS feed or sign up for the newsletter now.
Installing SimpleSAMLphp and use it as SP and IdP (for development en... http://www.worldgoneweb.com/2013/installing-simplesamlphp-and-use...
5 di 8 09/Jul/2014 5:13 PM
Comment by sulliwane on January 10, 2013 at 2:29 pm Reply
Thank you, great tutorial !
btw, did you ever try to manage auth of MediaWiki with SAML (and simpleSamlPhp) ?
I checked 3 different MW plugins, but never succeded so far
Comment by shalfon on December 10, 2013 at 9:45 pm Reply
Sorry, I didnt test with MediaWiki.
1.
Comment by Sindhura on May 6, 2013 at 1:45 pm Reply
Hi,
This tutorial is really helpful for me to start with SAML.
Can you please provide me with the same sort of tutorial ,if you have ,for installation and configuration of
simplesaml (SP,IDP,integration) for windows 7 IIS 7.5 server.
Thanks in advance!
Comment by shalfon on December 10, 2013 at 9:46 pm Reply
Actually Ive worked on this on a Windows environnement as well though it was to setup ADFS as
an IdP. I have no tutorial at this time for the SP part. Ill try and write up the IdP setup part
sometimes though
2.
Comment by SoundHunter on October 29, 2013 at 12:04 pm Reply
Thanks a lot mate!
I had huge trouble configuring SimpleSAMl as SP and IdP.
Now it works perfectly. Good tutorial, had to check a few things more than once, but I guess thats normal
for someone starting with SimpleSAML
Greets SoundHunter
3.
Comment by opensas on November 2, 2013 at 2:21 am Reply
Excellent tutorial, I will sure give it a try. I know its simple, but it would be great if you could include the
command to create the x.509 cert and key (I found this guide: http://www.microhowto.info/howto
/create_a_self_signed_ssl_certificate.html)
I would like to ask what would you modify for a production setup (besides using exampleauth, of
course)
Comment by shalfon on December 10, 2013 at 9:47 pm Reply
4.
Installing SimpleSAMLphp and use it as SP and IdP (for development en... http://www.worldgoneweb.com/2013/installing-simplesamlphp-and-use...
6 di 8 09/Jul/2014 5:13 PM
Thanks for sharing this information here.
For production you just need to not use the default certificates which come by default in simplesaml
but since you genereted your own, you should be ready to go
Comment by Andres on December 3, 2013 at 5:34 pm Reply
Im getting this error tring to do your tutorial men.
Parse error: syntax error, unexpected T_FUNCTION in C:\AppServ\www\ProveedorServicioSSO
\lib\simplesaml\modules\core\lib\Auth\Process\GenerateGroups.php on line 139
Can you tell me what going on? Thanks BTW
5.
Comment by Gongda on December 10, 2013 at 7:09 pm Reply
Great tutorial. Thanks for all the efforts.
Could you be more specific about how to test? Such as test admin and default-sp. As for default-sp, what
username and what password should I enter if I follow your example exactly?
Thanks,
Gong
Comment by shalfon on December 10, 2013 at 11:47 pm Reply
Sorry I do not understand the question. The user login and pass for the example auth are declared in
authsources.php
6.
Comment by Gongda on December 11, 2013 at 3:39 pm Reply
The Admin password is set. But what is the username and password for log in with default-sp option?
Thanks.
Comment by shalfon on December 11, 2013 at 4:23 pm Reply
OK, I see, the password is declared in the configuration file of simplesaml. Hope this helps
7.
Comment by Sourabh D on December 31, 2013 at 2:35 pm Reply
I have two machines connected by LAN. Using IP I have followed all your above steps and authenticated
properly. Now how do I check that login into one computer gets automatically logged to another and I
want to know how SSOService.php gets called from SP to IdP.
One more question In whole simplesaml lib, what would it affect if I redirect http://SSOService.php to
https://SSOService.php
8.
Comment by ARVIND on June 26, 2014 at 12:02 pm Reply
what is process of sso in php?
9.
Name (required)
Email (required)
Installing SimpleSAMLphp and use it as SP and IdP (for development en... http://www.worldgoneweb.com/2013/installing-simplesamlphp-and-use...
7 di 8 09/Jul/2014 5:13 PM
Website
Leave a Reply
Samantha Halfon
Software Engineer
blueKiwi software
Paris, France
I enjoy playing with my computer(s), listening to Bob Dylan (and related artists) and watching movies
(especially if they were directed by Martin Scorsese or John Cassavetes). Sometimes, I play a little
guitar... If not doing any of the above, I am either riding a small red bike around Paris, or, making videos.
About my videomaking please check out World Wide Angle and its blog.

2008 World Gone Web
Installing SimpleSAMLphp and use it as SP and IdP (for development en... http://www.worldgoneweb.com/2013/installing-simplesamlphp-and-use...
8 di 8 09/Jul/2014 5:13 PM