SimpleSAMLphp IdP/SP Configuration¶
SimpleSAMLphp v.2+ IdP¶
1. Retrieve the Federation certificate¶
Retrieve the Federation Certificate used to verify signed metadata:
sudo wget https://mdx.idem.garr.it/idem-mdx-service-crt.pem -O /var/simplesamlphp/cert/idem-mdx-service-crt.pem
2. Check the certificate validity¶
-
SHA1:
will give:
(sha1: 46:FC:EB:7B:D0:67:46:EA:0C:B1:B2:61:4C:DC:37:DA:BD:B4:8A:95)
-
MD5:
will give:
(md5: 5D:19:CC:AA:1E:63:E9:50:9D:C7:BE:99:60:0F:1F:96)
3. Edit the configuration¶
Edit config.php
opportunely:
by changing the SimpleSAMLphp metadata.sources
configuration to load the new metadata provider,
commenting/uncommenting the server
value depending on the Metadata flow used:
'metadata.sources' => [
['type' => 'flatfile'],
['type' => 'mdq',
// IDEM Production Federation
//'server' => 'https://mdx.idem.garr.it/idem',
// IDEM Test Federation
'server' => 'https://mdx.idem.garr.it/idem-test',
// eduGAIN
//'server' => 'https://mdx.idem.garr.it/edugain',
'validateCertificate' => '/var/simplesamlphp/cert/idem-mdx-service-crt.pem',
'cachedir' => '/var/simplesamlphp/mdq-cache',
'cachelength' => 3600],
],
Warning: The metarefresh
module needs to be disabled and the file
saml20-idp-hosted.php*
needs to be the only file in the /metadata
folder.
4. Cache folder creation¶
Create the mdq-cache
folder:
-
bash sudo mkdir /var/simplesamlphp/mdq-cache
-
bash chown www-data /var/simplesamlphp/mdq-cache
5. Manage unnecessary files¶
- Removing files:
- Moving files:
SimpleSAMLphp v.1.14-1.19.9 IdP (Deprecated)¶
1. Edit the configuration¶
Edit config.php
opportunely:
by changing the SimpleSAMLphp metadata.sources
configuration to load the new metadata provider,
commenting/uncommenting the server
value depending on the Metadata flow used:
'metadata.sources' => [
['type' => 'flatfile'],
['type' => 'mdq',
// IDEM Production Federation
//'server' => 'https://mdx.idem.garr.it/idem',
// IDEM Test Federation
'server' => 'https://mdx.idem.garr.it/idem-test',
// eduGAIN
//'server' => 'https://mdx.idem.garr.it/edugain',
'validateFingerprint' => '46:FC:EB:7B:D0:67:46:EA:0C:B1:B2:61:4C:DC:37:DA:BD:B4:8A:95',
'cachedir' => '/var/simplesamlphp/mdq-cache',
'cachelength' => 3600],
],
Warning: The metarefresh
module needs to be disabled and the file
saml20-idp-hosted.php*
needs to be the only file in the /metadata
folder.
2. Cache folder creation¶
Create the mdq-cache
folder:
-
bash sudo mkdir /var/simplesamlphp/mdq-cache
-
bash chown www-data /var/simplesamlphp/mdq-cache
3. Manage unnecessary files¶
- Removing files:
- Moving files:
SimpleSAMLphp v.2+ SP¶
1. Retrieve the Federation certificate¶
Retrieve the Federation Certificate used to verify signed metadata:
sudo wget https://mdx.idem.garr.it/idem-mdx-service-crt.pem -O /var/simplesamlphp/cert/idem-mdx-service-crt.pem
2. Check the certificate validity¶
-
SHA1:
will give:
(sha1: 46:FC:EB:7B:D0:67:46:EA:0C:B1:B2:61:4C:DC:37:DA:BD:B4:8A:95)
-
MD5:
will give:
(md5: 5D:19:CC:AA:1E:63:E9:50:9D:C7:BE:99:60:0F:1F:96)
3. Edit the configuration¶
Edit config.php
opportunely:
by changing the SimpleSAMLphp metadata.sources
configuration to load the new metadata provider,
commenting/uncommenting the server
value depending on the Metadata flow used:
'metadata.sources' => [
['type' => 'mdq',
// IDEM Production Federation
//'server' => 'https://mdx.idem.garr.it/idem',
// IDEM Test Federation
'server' => 'https://mdx.idem.garr.it/idem-test',
// eduGAIN
//'server' => 'https://mdx.idem.garr.it/edugain',
'validateCertificate' => '/var/simplesamlphp/cert/idem-mdx-service-crt.pem',
'cachedir' => '/var/simplesamlphp/mdq-cache',
'cachelength' => 3600],
['type' => 'flatfile'],
],
Warning: The metarefresh
module needs to be disabled and the file
saml20-idp-hosted.php*
needs to be the only file in the /metadata
folder.
4. Cache folder creation¶
Create the mdq-cache
folder:
-
bash sudo mkdir /var/simplesamlphp/mdq-cache
-
bash chown www-data /var/simplesamlphp/mdq-cache
SimpleSAMLphp v.1.14-1.19.9 SP (Deprecated)¶
1. Edit the configuration¶
Edit config.php
opportunely:
by changing the SimpleSAMLphp metadata.sources
configuration to load the new metadata provider,
commenting/uncommenting the server
value depending on the Metadata flow used:
'metadata.sources' => [
['type' => 'mdq',
// IDEM Production Federation
//'server' => 'https://mdx.idem.garr.it/idem',
// IDEM Test Federation
'server' => 'https://mdx.idem.garr.it/idem-test',
// eduGAIN
//'server' => 'https://mdx.idem.garr.it/edugain',
'validateFingerprint' => '46:FC:EB:7B:D0:67:46:EA:0C:B1:B2:61:4C:DC:37:DA:BD:B4:8A:95',
'cachedir' => '/var/simplesamlphp/mdq-cache',
'cachelength' => 3600],
['type' => 'flatfile'],
],
Warning: The metarefresh
module needs to be disabled and the file
saml20-idp-hosted.php*
needs to be the only file in the /metadata
folder.
2. Cache folder creation¶
Create the mdq-cache
folder:
-
bash sudo mkdir /var/simplesamlphp/mdq-cache
-
bash chown www-data /var/simplesamlphp/mdq-cache