1.2. SimpleSAMLphp som SP
This guide describes how to configure SimpleSAMLphp as a service provider (SP).
Configure SimpleSAMLphp
Change to the SimpleSAMLphp home directory
cd /var/simplesamlphp
Authsource
Edit config/authsources.php. Change 'privatekey', 'certificate' and the AttributeConsumingService configuration.
'certificate' => 'server.crt',
'privatekey' => 'server.key',
'name' => array(
'en' => 'FooBar',
'sv' => 'FooBar',
),
'attributes' => array(
'eduPersonPrincipalName' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',
'mail' => 'urn:oid:0.9.2342.19200300.100.1.3',
'givenName' => 'urn:oid:2.5.4.42',
'sn' => 'urn:oid:2.5.4.4',
'norEduOrgNIN' => 'urn:oid:1.3.6.1.4.1.2428.90.1.12',
'sisSchoolUnitCode' => 'urn:oid:1.2.752.194.10.2.4',
),
'attributes.required' => array (
'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',
'urn:oid:0.9.2342.19200300.100.1.3',
),
'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
Metadata
Get the metadata describing the SP. Change the hostnamn. --no-check-certificate is only needed if the HTTPS certificate is self-signed.
wget --no-check-certificate -O metadata-sp.xml https://myhost.example.com/simplesaml/module.php/saml/sp/metadata.php/default-sp
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://myhost.example.com/simplesaml/module.php/saml/sp/metadata.php/default-sp" ID="pfxf2a19aa6-3e7a-c207-e204-dadb7f60f06d"><ds:Signature>
<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#pfxf2a19aa6-3e7a-c207-e204-dadb7f60f06d"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>5e1aPfjVtC1Tfd6oZuXcST9gPZE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>oLGrNErO4FgoPMFTuMTPN6AC6geTEIjvR23HJQoZIJFg5pJxbpzrSezvaZJvX0mhic3KLgKD/kTXU35+JrxAht5WlFBPNsbRjZYjwgRuqD4ixN9qbckeoSGwSZP6igNA3WF1x87umhqUjiNi2+y3bE2IlFTs4C6EbBtqbxNWbj/fXxEbUeKFmX8dmHlNGez3ENaT/IAce84kTsRr13L+I+pKHrgKXRq5Dfitj5hV+HS92FiNcVZSQqyMWaA8/9lt5JTCFR+zY3z53WH4uyl0pqyL5uSGjlwtzmJw//GFZQw4dwXDevKTiEXW1fyd3eqQ7b1eRhP3qSpj4IX6q+EPFg==</ds:SignatureValue>
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDYTCCAkmgAwIBAgIJAMXIIbRdVsS8MA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDAeFw0xNTAyMDYxNDU0MDlaFw0yMDAyMDYxNDU0MDlaMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLTkRr8MNJTgstjgiR7i2JGTigMFs8Eo6ZV6lx9OTjvBfIWHUoYFyEz1DfcCVhRzgqGzkcixYR/akLU1yNgANSJXtnYIqx7EcMFpjSSst/Sys93svSbtknIxT6GuQYaRtqKVBx9t+uChRPbeMSAq51dgEC/P6w1tl2SmNqV1JTH3LgldcidUHbWB3p+2VaUyev1H+GcDH/PBMmEzPmuIgQtKdMe7WtfTHdx6fm8KN71UOquhHhoJhaMcOTqXIjAS+6HUaV69+CRMgZDzCla2NnP9PtBSgdfNneSTkCgdQN/4TzbtZ1Jjhfp4Owd5gMcx1UhKXPD8hNxEIHnzbA4ee8CAwEAAaNQME4wHQYDVR0OBBYEFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMB8GA1UdIwQYMBaAFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALqoR3hnFmBK4wHCgOTKTCUeqnAYq0g/3gMB+NGJ4qvTPeVB9L3aJWI+jPLxekEt/2dYrrA1ZeOfE90ylxoHBAVvOB7JEsiVNbPSAroUlz1Sx9WzPzYjnu8+u6MldzgMX2jGR9eWKvPdPOrz7HJZF+XuC/iUTeXkUl6grKlFU17/Cud9AGPs3J1dV6YHrbbnlIbmosMTgM+wG1iBrYN4i/E06CkjLEaNVfhelho7CcSRXnDDbBsExzqeRKau+ny6ozoz+57CtEgbfC99qD62eTgbN3q39O7rFNmMeKPBoMeALDJWlQuHsFoOgmtIXaD7l31vv2moWycHn4Z8nTvcIG8=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDYTCCAkmgAwIBAgIJAMXIIbRdVsS8MA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDAeFw0xNTAyMDYxNDU0MDlaFw0yMDAyMDYxNDU0MDlaMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLTkRr8MNJTgstjgiR7i2JGTigMFs8Eo6ZV6lx9OTjvBfIWHUoYFyEz1DfcCVhRzgqGzkcixYR/akLU1yNgANSJXtnYIqx7EcMFpjSSst/Sys93svSbtknIxT6GuQYaRtqKVBx9t+uChRPbeMSAq51dgEC/P6w1tl2SmNqV1JTH3LgldcidUHbWB3p+2VaUyev1H+GcDH/PBMmEzPmuIgQtKdMe7WtfTHdx6fm8KN71UOquhHhoJhaMcOTqXIjAS+6HUaV69+CRMgZDzCla2NnP9PtBSgdfNneSTkCgdQN/4TzbtZ1Jjhfp4Owd5gMcx1UhKXPD8hNxEIHnzbA4ee8CAwEAAaNQME4wHQYDVR0OBBYEFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMB8GA1UdIwQYMBaAFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALqoR3hnFmBK4wHCgOTKTCUeqnAYq0g/3gMB+NGJ4qvTPeVB9L3aJWI+jPLxekEt/2dYrrA1ZeOfE90ylxoHBAVvOB7JEsiVNbPSAroUlz1Sx9WzPzYjnu8+u6MldzgMX2jGR9eWKvPdPOrz7HJZF+XuC/iUTeXkUl6grKlFU17/Cud9AGPs3J1dV6YHrbbnlIbmosMTgM+wG1iBrYN4i/E06CkjLEaNVfhelho7CcSRXnDDbBsExzqeRKau+ny6ozoz+57CtEgbfC99qD62eTgbN3q39O7rFNmMeKPBoMeALDJWlQuHsFoOgmtIXaD7l31vv2moWycHn4Z8nTvcIG8=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDYTCCAkmgAwIBAgIJAMXIIbRdVsS8MA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDAeFw0xNTAyMDYxNDU0MDlaFw0yMDAyMDYxNDU0MDlaMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLTkRr8MNJTgstjgiR7i2JGTigMFs8Eo6ZV6lx9OTjvBfIWHUoYFyEz1DfcCVhRzgqGzkcixYR/akLU1yNgANSJXtnYIqx7EcMFpjSSst/Sys93svSbtknIxT6GuQYaRtqKVBx9t+uChRPbeMSAq51dgEC/P6w1tl2SmNqV1JTH3LgldcidUHbWB3p+2VaUyev1H+GcDH/PBMmEzPmuIgQtKdMe7WtfTHdx6fm8KN71UOquhHhoJhaMcOTqXIjAS+6HUaV69+CRMgZDzCla2NnP9PtBSgdfNneSTkCgdQN/4TzbtZ1Jjhfp4Owd5gMcx1UhKXPD8hNxEIHnzbA4ee8CAwEAAaNQME4wHQYDVR0OBBYEFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMB8GA1UdIwQYMBaAFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALqoR3hnFmBK4wHCgOTKTCUeqnAYq0g/3gMB+NGJ4qvTPeVB9L3aJWI+jPLxekEt/2dYrrA1ZeOfE90ylxoHBAVvOB7JEsiVNbPSAroUlz1Sx9WzPzYjnu8+u6MldzgMX2jGR9eWKvPdPOrz7HJZF+XuC/iUTeXkUl6grKlFU17/Cud9AGPs3J1dV6YHrbbnlIbmosMTgM+wG1iBrYN4i/E06CkjLEaNVfhelho7CcSRXnDDbBsExzqeRKau+ny6ozoz+57CtEgbfC99qD62eTgbN3q39O7rFNmMeKPBoMeALDJWlQuHsFoOgmtIXaD7l31vv2moWycHn4Z8nTvcIG8=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://myhost.example.com/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://myhost.example.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp" index="0"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://myhost.example.com/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp" index="1"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://myhost.example.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp" index="2"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://myhost.example.com/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp/artifact" index="3"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
In the following metadata DiscoveryResponse (row 8), NameID (row 24, 25), Organisation and ContacPerson (row 42-73) have been added. NOTE: This is an example and can't be uploaded to the federation. Read more about how to publish metadata on the federation website.
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://myhost.example.com/simplesaml/module.php/saml/sp/metadata.php/default-sp" ID="pfxf2a19aa6-3e7a-c207-e204-dadb7f60f06d"><ds:Signature>
<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#pfxf2a19aa6-3e7a-c207-e204-dadb7f60f06d"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>5e1aPfjVtC1Tfd6oZuXcST9gPZE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>oLGrNErO4FgoPMFTuMTPN6AC6geTEIjvR23HJQoZIJFg5pJxbpzrSezvaZJvX0mhic3KLgKD/kTXU35+JrxAht5WlFBPNsbRjZYjwgRuqD4ixN9qbckeoSGwSZP6igNA3WF1x87umhqUjiNi2+y3bE2IlFTs4C6EbBtqbxNWbj/fXxEbUeKFmX8dmHlNGez3ENaT/IAce84kTsRr13L+I+pKHrgKXRq5Dfitj5hV+HS92FiNcVZSQqyMWaA8/9lt5JTCFR+zY3z53WH4uyl0pqyL5uSGjlwtzmJw//GFZQw4dwXDevKTiEXW1fyd3eqQ7b1eRhP3qSpj4IX6q+EPFg==</ds:SignatureValue>
<ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDYTCCAkmgAwIBAgIJAMXIIbRdVsS8MA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDAeFw0xNTAyMDYxNDU0MDlaFw0yMDAyMDYxNDU0MDlaMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLTkRr8MNJTgstjgiR7i2JGTigMFs8Eo6ZV6lx9OTjvBfIWHUoYFyEz1DfcCVhRzgqGzkcixYR/akLU1yNgANSJXtnYIqx7EcMFpjSSst/Sys93svSbtknIxT6GuQYaRtqKVBx9t+uChRPbeMSAq51dgEC/P6w1tl2SmNqV1JTH3LgldcidUHbWB3p+2VaUyev1H+GcDH/PBMmEzPmuIgQtKdMe7WtfTHdx6fm8KN71UOquhHhoJhaMcOTqXIjAS+6HUaV69+CRMgZDzCla2NnP9PtBSgdfNneSTkCgdQN/4TzbtZ1Jjhfp4Owd5gMcx1UhKXPD8hNxEIHnzbA4ee8CAwEAAaNQME4wHQYDVR0OBBYEFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMB8GA1UdIwQYMBaAFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALqoR3hnFmBK4wHCgOTKTCUeqnAYq0g/3gMB+NGJ4qvTPeVB9L3aJWI+jPLxekEt/2dYrrA1ZeOfE90ylxoHBAVvOB7JEsiVNbPSAroUlz1Sx9WzPzYjnu8+u6MldzgMX2jGR9eWKvPdPOrz7HJZF+XuC/iUTeXkUl6grKlFU17/Cud9AGPs3J1dV6YHrbbnlIbmosMTgM+wG1iBrYN4i/E06CkjLEaNVfhelho7CcSRXnDDbBsExzqeRKau+ny6ozoz+57CtEgbfC99qD62eTgbN3q39O7rFNmMeKPBoMeALDJWlQuHsFoOgmtIXaD7l31vv2moWycHn4Z8nTvcIG8=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
<md:Extensions><idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" index="1" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://myhost.example.com/simplesaml/module.php/saml/sp/discoresp.php"/></md:Extensions>
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDYTCCAkmgAwIBAgIJAMXIIbRdVsS8MA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDAeFw0xNTAyMDYxNDU0MDlaFw0yMDAyMDYxNDU0MDlaMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLTkRr8MNJTgstjgiR7i2JGTigMFs8Eo6ZV6lx9OTjvBfIWHUoYFyEz1DfcCVhRzgqGzkcixYR/akLU1yNgANSJXtnYIqx7EcMFpjSSst/Sys93svSbtknIxT6GuQYaRtqKVBx9t+uChRPbeMSAq51dgEC/P6w1tl2SmNqV1JTH3LgldcidUHbWB3p+2VaUyev1H+GcDH/PBMmEzPmuIgQtKdMe7WtfTHdx6fm8KN71UOquhHhoJhaMcOTqXIjAS+6HUaV69+CRMgZDzCla2NnP9PtBSgdfNneSTkCgdQN/4TzbtZ1Jjhfp4Owd5gMcx1UhKXPD8hNxEIHnzbA4ee8CAwEAAaNQME4wHQYDVR0OBBYEFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMB8GA1UdIwQYMBaAFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALqoR3hnFmBK4wHCgOTKTCUeqnAYq0g/3gMB+NGJ4qvTPeVB9L3aJWI+jPLxekEt/2dYrrA1ZeOfE90ylxoHBAVvOB7JEsiVNbPSAroUlz1Sx9WzPzYjnu8+u6MldzgMX2jGR9eWKvPdPOrz7HJZF+XuC/iUTeXkUl6grKlFU17/Cud9AGPs3J1dV6YHrbbnlIbmosMTgM+wG1iBrYN4i/E06CkjLEaNVfhelho7CcSRXnDDbBsExzqeRKau+ny6ozoz+57CtEgbfC99qD62eTgbN3q39O7rFNmMeKPBoMeALDJWlQuHsFoOgmtIXaD7l31vv2moWycHn4Z8nTvcIG8=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDYTCCAkmgAwIBAgIJAMXIIbRdVsS8MA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDAeFw0xNTAyMDYxNDU0MDlaFw0yMDAyMDYxNDU0MDlaMEcxCzAJBgNVBAYTAlNWMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZUZW5zb3IxEjAQBgNVBAMMCVNBTUwgVGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLTkRr8MNJTgstjgiR7i2JGTigMFs8Eo6ZV6lx9OTjvBfIWHUoYFyEz1DfcCVhRzgqGzkcixYR/akLU1yNgANSJXtnYIqx7EcMFpjSSst/Sys93svSbtknIxT6GuQYaRtqKVBx9t+uChRPbeMSAq51dgEC/P6w1tl2SmNqV1JTH3LgldcidUHbWB3p+2VaUyev1H+GcDH/PBMmEzPmuIgQtKdMe7WtfTHdx6fm8KN71UOquhHhoJhaMcOTqXIjAS+6HUaV69+CRMgZDzCla2NnP9PtBSgdfNneSTkCgdQN/4TzbtZ1Jjhfp4Owd5gMcx1UhKXPD8hNxEIHnzbA4ee8CAwEAAaNQME4wHQYDVR0OBBYEFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMB8GA1UdIwQYMBaAFENI6TFj7DV3ZdT2Vx9fBqjwtuZYMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALqoR3hnFmBK4wHCgOTKTCUeqnAYq0g/3gMB+NGJ4qvTPeVB9L3aJWI+jPLxekEt/2dYrrA1ZeOfE90ylxoHBAVvOB7JEsiVNbPSAroUlz1Sx9WzPzYjnu8+u6MldzgMX2jGR9eWKvPdPOrz7HJZF+XuC/iUTeXkUl6grKlFU17/Cud9AGPs3J1dV6YHrbbnlIbmosMTgM+wG1iBrYN4i/E06CkjLEaNVfhelho7CcSRXnDDbBsExzqeRKau+ny6ozoz+57CtEgbfC99qD62eTgbN3q39O7rFNmMeKPBoMeALDJWlQuHsFoOgmtIXaD7l31vv2moWycHn4Z8nTvcIG8=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://myhost.example.com/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://myhost.example.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp" index="0"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://myhost.example.com/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp" index="1"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://myhost.example.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp" index="2"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://myhost.example.com/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp/artifact" index="3"/>
<md:AttributeConsumingService index="1">
<md:ServiceName xml:lang="en">FooBar DNP</md:ServiceName>
<md:ServiceName xml:lang="sv">FooBar DNP</md:ServiceName>
<md:RequestedAttribute FriendlyName="sisSchoolUnitCode" Name="urn:oid:1.2.752.194.10.2.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
<md:RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
<md:RequestedAttribute FriendlyName="givenName" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
<md:RequestedAttribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
<md:RequestedAttribute FriendlyName="displayName" Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
<md:RequestedAttribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
<md:RequestedAttribute FriendlyName="norEduOrgNIN" Name="urn:oid:1.3.6.1.4.1.2428.90.1.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
</md:AttributeConsumingService>
</md:SPSSODescriptor>
<md:Organization>
<md:OrganizationName xml:lang="en">Example organization</md:OrganizationName>
<md:OrganizationName xml:lang="sv">Exempel organisation</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en">Example organization</md:OrganizationDisplayName>
<md:OrganizationDisplayName xml:lang="sv">Exempel organisation</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en">www.example.com</md:OrganizationURL>
<md:OrganizationURL xml:lang="sv">www.example.com</md:OrganizationURL>
</md:Organization>
<md:ContactPerson contactType="technical" xml:lang="sv">
<md:GivenName>Kalle</md:GivenName>
<md:SurName>Andersson</md:SurName>
<md:EmailAddress>kalle.andersson@example.com</md:EmailAddress>
<md:TelephoneNumber>+468123456</md:TelephoneNumber>
</md:ContactPerson>
<md:ContactPerson contactType="technical" xml:lang="en">
<md:GivenName>Kalle</md:GivenName>
<md:SurName>Andersson</md:SurName>
<md:EmailAddress>kalle.andersson@example.com</md:EmailAddress>
<md:TelephoneNumber>+468123456</md:TelephoneNumber>
</md:ContactPerson>
<md:ContactPerson contactType="support" xml:lang="sv">
<md:GivenName>Kalle</md:GivenName>
<md:SurName>Andersson</md:SurName>
<md:EmailAddress>kalle.andersson@example.com</md:EmailAddress>
<md:TelephoneNumber>+468123456</md:TelephoneNumber>
</md:ContactPerson>
<md:ContactPerson contactType="support" xml:lang="en">
<md:GivenName>Kalle</md:GivenName>
<md:SurName>Andersson</md:SurName>
<md:EmailAddress>kalle.andersson@example.com</md:EmailAddress>
<md:TelephoneNumber>+468123456</md:TelephoneNumber>
</md:ContactPerson>
</md:EntityDescriptor>
A SAML Protected website
Create a PHP script that the web server can access.
<?php
//Load SimpleSAMLphp.
require_once('/var/simplesamlphp/lib/_autoload.php');
//Initiate a SimpleSAML_Auth_Simple object.
$as = new SimpleSAML_Auth_Simple('default-sp');
//If the user is not authenticated, authenticate the user
$as->requireAuth();
//Get the users attributes and print them.
$attributes = $as->getAttributes();
print_r($attributes);
//Output the attributes to a file
$myFile = "/tmp/attributes.log";
$fh = fopen($myFile, 'a') or die("can't open file");
$stringData = print_r($attributes, true);
fwrite($fh, $stringData);
fclose($fh);
//Displays a Login and Logout link
$url_in = $as->getLoginURL();
$url_out = $as->getLogoutURL();
print('<br><a href="' . htmlspecialchars($url_in) . '">Login</a>');
print('<br><a href="' . htmlspecialchars($url_out) . '">Logout</a><br>');
//If using PHP sessions in SimpleSAMLphp cleanup the SimpleSAMLphp session to be able to use $_SESSION
$session = SimpleSAML_Session::getSessionFromRequest();
$session->cleanup();
//Display PHP information
phpinfo()
?>
</body>
</html>
Add Comment