How to configure IDP AssertionConsumerService and SingleLogoutService

[bizmate]

As per IDP documentation, steps 7 shows how the metadata should be configured for instance in the metadata/saml20-sp-remote.php to add the SP details, like

<?php
$metadata['https://sp.example.org/simplesaml/module.php/saml/sp/metadata.php/default-sp'] = array(
    'AssertionConsumerService' => 'https://sp.example.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
    'SingleLogoutService'      => 'https://sp.example.org/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp',
);

My understanding is that this module wraps around the simple saml library and should handle the Assertions and Logouts in some sort of internal url?

maybe something like http://myMoodleDomain.com/auth/saml/index.php/something ?

Could you suggest how the metadata should be added here?

So far I get redirected by moodle to the IDP and after the login is successful in the IDP I end up in a page that moodle does not know/incorrect (404).

[pitbulk]

That module does not include the simpleSAMLphp instance, you may install and configure it , and later provide to the SAML module where the simpleSAMLphp instance is.. so can read SSP session.

[bizmate]

Thanks for the confirmation, I had the impression the module would wrap around the library since you have to tell in its config where the library code is.

I guess providing an example of a virtualhost alias would be great

Alias /simplesaml "/var/www/html/simplesaml/www"
    # simplesaml sp dir
    <Directory "/var/www/html/simplesaml/www">
        DirectoryIndex index.php
        Order allow,deny
        Allow from all
    </Directory>

now i need to fix the problem with

IdP returned a set of data that no contain the SAML username mapping field (eduPersonPrincipalName). This field is required to login

I will double check configuration to confirm how to do the mapping right. If you have an example for the above please let me know