Open martinjinda opened 6 years ago
Sure, but be familiar with fact that this extension library is really light weight, so most of config is on you.
vendor/simplesamlphp/simplesamlphp/*-templates
into directory specified in extension. Mine contains this structure:
simpleSAML\
config\
authsources.php
config.php
metadata\
saml20-idp-hosted.php
saml20-sp-remote.php
Configure paths&config in config in copied files
My config.php
starts with:
[
'baseurlpath' => 'sso/',
'certdir' => __DIR__ . '/../../../certs',
'loggingdir' => __DIR__ . '/../../../../log/simplesaml',
'datadir' => 'data/', // I am not sure if I really need this part
'tempdir' => __DIR__ . '/../../../../temp/simplesaml',
...
authsources.php
:
'myAuth' => [
App\Model\SSO\Auth::class, // extends \sspmod_core_Auth_UserPassBase
],
saml20-idp-hosted.php
// <FILL ME> should be domain of your server, I have more that block each for environment (dev, stage, prod, ...)
$metadata['https://<FILL ME>/sso/metadata'] = [
'host' => '<FILL ME>',
/* X.509 key and certificate. Relative to the cert directory. */
'privatekey' => 'server.pem',
'certificate' => 'server.crt',
/*
* Authentication source to use. Must be one that is configured in
* 'config/authsources.php'.
*/
'auth' => 'myAuth',
'saml20.sendartifact' => TRUE,
];
saml20-sp-remote.php
// Read: https://simplesamlphp.org/docs/stable/simplesamlphp-reference-sp-remote
$metadata['moodle-local'] = [
'AssertionConsumerService' => 'https://elearning.<FILL ME>/saml/module.php/saml/sp/saml2-acs.php/moodle-local',
'SingleLogoutService' => 'https://elearning.<FILL ME>/auth/saml/index.php?logout',
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
'simplesaml.nameidattribute' => 'uid',
];
vendor/simplesamlphp/simplesamlphp/www/saml2/idp
(This endpoints you will configure in Sp application, it is Moodle in my case)
Could you provide some example of basic configuration? It would help me. Thanks