trejjam
commented
6 years ago Sure, but be familiar with fact that this extension library is really light weight, so most of config is on you.
- You should copy&edit default configurations from
vendor/simplesamlphp/simplesamlphp/*-templatesinto directory specified in extension. Mine contains this structure:simpleSAML\ config\ authsources.php config.php metadata\ saml20-idp-hosted.php saml20-sp-remote.php -
Configure paths&config in config in copied files
Myconfig.phpstarts with:[ 'baseurlpath' => 'sso/', 'certdir' => __DIR__ . '/../../../certs', 'loggingdir' => __DIR__ . '/../../../../log/simplesaml', 'datadir' => 'data/', // I am not sure if I really need this part 'tempdir' => __DIR__ . '/../../../../temp/simplesaml', ...authsources.php:'myAuth' => [ App\Model\SSO\Auth::class, // extends \sspmod_core_Auth_UserPassBase ],saml20-idp-hosted.php// <FILL ME> should be domain of your server, I have more that block each for environment (dev, stage, prod, ...) $metadata['https://<FILL ME>/sso/metadata'] = [ 'host' => '<FILL ME>', /* X.509 key and certificate. Relative to the cert directory. */ 'privatekey' => 'server.pem', 'certificate' => 'server.crt', /* * Authentication source to use. Must be one that is configured in * 'config/authsources.php'. */ 'auth' => 'myAuth', 'saml20.sendartifact' => TRUE, ];saml20-sp-remote.php// Read: https://simplesamlphp.org/docs/stable/simplesamlphp-reference-sp-remote $metadata['moodle-local'] = [ 'AssertionConsumerService' => 'https://elearning.<FILL ME>/saml/module.php/saml/sp/saml2-acs.php/moodle-local', 'SingleLogoutService' => 'https://elearning.<FILL ME>/auth/saml/index.php?logout', 'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', 'simplesaml.nameidattribute' => 'uid', ]; - Generate certificates for IdP
- Own presenter composing parts from
vendor/simplesamlphp/simplesamlphp/www/saml2/idp(This endpoints you will configure in Sp application, it is Moodle in my case)
Could you provide some example of basic configuration? It would help me. Thanks