Skip to content

SimpleSAMLphp IdP/SP Configuration

SimpleSAMLphp v.2+ IdP

1. Retrieve the Federation certificate

Retrieve the Federation Certificate used to verify signed metadata:

sudo wget https://mdx.idem.garr.it/idem-mdx-service-crt.pem -O /var/simplesamlphp/cert/idem-mdx-service-crt.pem

2. Check the certificate validity

  • SHA1:

    openssl x509 -in /var/simplesamlphp/cert/idem-mdx-service-crt.pem -fingerprint -sha1 -noout
    

    will give:

    (sha1: 46:FC:EB:7B:D0:67:46:EA:0C:B1:B2:61:4C:DC:37:DA:BD:B4:8A:95)

  • MD5:

    openssl x509 -in /var/simplesamlphp/cert/idem-mdx-service-crt.pem -fingerprint -md5 -noout
    

    will give:

    (md5: 5D:19:CC:AA:1E:63:E9:50:9D:C7:BE:99:60:0F:1F:96)

3. Edit the configuration

Edit config.php opportunely:

vim /var/simplesamlphp/config/config.php

by changing the SimpleSAMLphp metadata.sources configuration to load the new metadata provider, commenting/uncommenting the server value depending on the Metadata flow used:

'metadata.sources' => [
    ['type' => 'flatfile'],
    ['type' => 'mdq',
        // IDEM Production Federation
        //'server' => 'https://mdx.idem.garr.it/idem',
        // IDEM Test Federation
        'server' => 'https://mdx.idem.garr.it/idem-test',
        // eduGAIN
        //'server' => 'https://mdx.idem.garr.it/edugain',
        'validateCertificate' => '/var/simplesamlphp/cert/idem-mdx-service-crt.pem',
        'cachedir' => '/var/simplesamlphp/mdq-cache',
        'cachelength' => 3600],
],

Warning: The metarefresh module needs to be disabled and the file saml20-idp-hosted.php* needs to be the only file in the /metadata folder.

4. Cache folder creation

Create the mdq-cache folder:

  • bash sudo mkdir /var/simplesamlphp/mdq-cache

  • bash chown www-data /var/simplesamlphp/mdq-cache

5. Manage unnecessary files

  • Removing files:
cd /var/simplesamlphp/metadata ; rm !(saml20-idp-hosted.php)
  • Moving files:
mkdir /var/simplesamlphp/metadata.old
mv /var/simplesamlphp/metadata/!(saml20-idp-hosted.php) /var/simplesamlphp/metadata.old

SimpleSAMLphp v.1.14-1.19.9 IdP (Deprecated)

1. Edit the configuration

Edit config.php opportunely:

vim /var/simplesamlphp/config/config.php

by changing the SimpleSAMLphp metadata.sources configuration to load the new metadata provider, commenting/uncommenting the server value depending on the Metadata flow used:

'metadata.sources' => [
    ['type' => 'flatfile'],
    ['type' => 'mdq',
        // IDEM Production Federation
        //'server' => 'https://mdx.idem.garr.it/idem',
        // IDEM Test Federation
        'server' => 'https://mdx.idem.garr.it/idem-test',
        // eduGAIN
        //'server' => 'https://mdx.idem.garr.it/edugain',
        'validateFingerprint' => '46:FC:EB:7B:D0:67:46:EA:0C:B1:B2:61:4C:DC:37:DA:BD:B4:8A:95',
        'cachedir' => '/var/simplesamlphp/mdq-cache',
        'cachelength' => 3600],
],

Warning: The metarefresh module needs to be disabled and the file saml20-idp-hosted.php* needs to be the only file in the /metadata folder.

2. Cache folder creation

Create the mdq-cache folder:

  • bash sudo mkdir /var/simplesamlphp/mdq-cache

  • bash chown www-data /var/simplesamlphp/mdq-cache

3. Manage unnecessary files

  • Removing files:
cd /var/simplesamlphp/metadata ; rm !(saml20-idp-hosted.php)
  • Moving files:
mkdir /var/simplesamlphp/metadata.old
mv /var/simplesamlphp/metadata/!(saml20-idp-hosted.php) /var/simplesamlphp/metadata.old

SimpleSAMLphp v.2+ SP

1. Retrieve the Federation certificate

Retrieve the Federation Certificate used to verify signed metadata:

sudo wget https://mdx.idem.garr.it/idem-mdx-service-crt.pem -O /var/simplesamlphp/cert/idem-mdx-service-crt.pem

2. Check the certificate validity

  • SHA1:

    openssl x509 -in /var/simplesamlphp/cert/idem-mdx-service-crt.pem -fingerprint -sha1 -noout
    

    will give:

    (sha1: 46:FC:EB:7B:D0:67:46:EA:0C:B1:B2:61:4C:DC:37:DA:BD:B4:8A:95)

  • MD5:

    openssl x509 -in /var/simplesamlphp/cert/idem-mdx-service-crt.pem -fingerprint -md5 -noout
    

    will give:

    (md5: 5D:19:CC:AA:1E:63:E9:50:9D:C7:BE:99:60:0F:1F:96)

3. Edit the configuration

Edit config.php opportunely:

vim /var/simplesamlphp/config/config.php

by changing the SimpleSAMLphp metadata.sources configuration to load the new metadata provider, commenting/uncommenting the server value depending on the Metadata flow used:

'metadata.sources' => [
    ['type' => 'mdq',
        // IDEM Production Federation
        //'server' => 'https://mdx.idem.garr.it/idem',
        // IDEM Test Federation
        'server' => 'https://mdx.idem.garr.it/idem-test',
        // eduGAIN
        //'server' => 'https://mdx.idem.garr.it/edugain',
        'validateCertificate' => '/var/simplesamlphp/cert/idem-mdx-service-crt.pem',
        'cachedir' => '/var/simplesamlphp/mdq-cache',
        'cachelength' => 3600],
    ['type' => 'flatfile'],
],

Warning: The metarefresh module needs to be disabled and the file saml20-idp-hosted.php* needs to be the only file in the /metadata folder.

4. Cache folder creation

Create the mdq-cache folder:

  • bash sudo mkdir /var/simplesamlphp/mdq-cache

  • bash chown www-data /var/simplesamlphp/mdq-cache

SimpleSAMLphp v.1.14-1.19.9 SP (Deprecated)

1. Edit the configuration

Edit config.php opportunely:

vim /var/simplesamlphp/config/config.php

by changing the SimpleSAMLphp metadata.sources configuration to load the new metadata provider, commenting/uncommenting the server value depending on the Metadata flow used:

'metadata.sources' => [
    ['type' => 'mdq',
        // IDEM Production Federation
        //'server' => 'https://mdx.idem.garr.it/idem',
        // IDEM Test Federation
        'server' => 'https://mdx.idem.garr.it/idem-test',
        // eduGAIN
        //'server' => 'https://mdx.idem.garr.it/edugain',
        'validateFingerprint' => '46:FC:EB:7B:D0:67:46:EA:0C:B1:B2:61:4C:DC:37:DA:BD:B4:8A:95',
        'cachedir' => '/var/simplesamlphp/mdq-cache',
        'cachelength' => 3600],
    ['type' => 'flatfile'],
],

Warning: The metarefresh module needs to be disabled and the file saml20-idp-hosted.php* needs to be the only file in the /metadata folder.

2. Cache folder creation

Create the mdq-cache folder:

  • bash sudo mkdir /var/simplesamlphp/mdq-cache

  • bash chown www-data /var/simplesamlphp/mdq-cache