01e9
commented
7 years ago Hello @andacu Any results? I am especially interested how you managed to handle the attributes. I am struggling to understand how to require IdP to provide attributes (email, first name, last name). I did a lot of googling and code inspections but still no clear vision how it works.
Hi
I'm trying to integrate SSO for my Symfony 2 application. Our app should act as Service Provider and the authentication should be handled from our Active Directory ADFS server.
I already installed the latest bundle "lightsaml/sp-bundle":"^1.1" and configured the required classes as per the instruction.
So far the application is already redirecting to the /saml/login and /saml/discovery and the page displays all the available IDP's.
But I'm just confused on how/what to set the configuration based from the information that was gaven to me from our IDP. BTW our IDP I think is ADFS 2.0
Our IDP provided the following
Federation Metadata xml - which I downloaded and path it in the idp party config as follows;
Token signing certificate - where shoud I set use this in the config?
Entity ID URI - where should I set this in the config?
http://fs2.federation.net/adfs/services/trustLogin URL (For System Configuration)
https://fs2.federation.net/adfs/ls/idpinitiatedsignon.aspxLogin URL (Clickable, can be used for user login)
https://fs2.federation.net/adfs/ls/idpinitiatedsignon.aspx?logintorp=<YOUR-URN>Logout URL
https://fs2.federation.net/adfs/ls/?wa=wsignout1.0Now, they are also asking us to provide the following informations;
What federation protocol do you support? I choose "SAML 2.0" againts "WS-Federation".
Please list relying party Identifier’s. This may include a URN, URL or both. What shoud I provide to them? Our application base URL?
Please list any Claims (assertion attributes) which you will require from us. For example Email Address sent as NameID
Attribute | Set asThank You