Versions Compared

Old Version 17

changes.mady.by.user user-5a0d9

Saved on

compared with

New Version 18

changes.mady.by.user user-5a0d9

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added link to pre-configured repo

...

  • Hashing function
  • zlib
  • openssl
  • SimpleXML
  • XML DOM
  • Regex support

Quick Installation

You can clone a version of simplesamlphp configured for Cornell Shibboleth (basically most of the work done below is already done) here. I can't promise that this will be kept up to date, but you should be able to drop it into /var/ on a RHEL/CentOS box, make a few edits and be on your way.

Full Installation

Follow the instructions for installing simpleSAMLphp:

...

Go to the "Authentication" tab and click on "Test configured authentication services" and "default-sp". If it is all working you should see output. You'll probably want to set the default-sp to avoid the intermediary screen: http://simplesamlphp.org/docs/stable/simplesamlphp-sp#section_3. For Cornell, change:

Code Block

                // The entity ID of the IdP this should SP should contact.
                // Can be NULL/unset, in which case the user will be shown a list of available IdPs.
                'idp' => NULL,

To:

Code Block

                // The entity ID of the IdP this should SP should contact.
                // Can be NULL/unset, in which case the user will be shown a list of available IdPs.
                'idp' => 'https://shibidp.cit.cornell.edu/idp/shibboleth',

...

Attribute mapping: By default, attributes map to the OID string and not something friendly like EduPersonName, etc. To use friendly attribute names, edit your <simplesaml_installdir>/config/config.php and change:

Code Block

         'authproc.sp' => array(
                /*
                10 => array(
                        'class' => 'core:AttributeMap', 'removeurnprefix'
                ),
                */

To:

Code Block

         'authproc.sp' => array(
                
                10 => array(

                        'class' => 'core:AttributeMap', 'oid2name'
                ),

...

Datastore: The simpleSAMLphp Drupal module requires using a datastore other than the default phpsession. Other options are memcache and SQL - below is a sample config for using sqlite3 on a *nix machine (using no username/password):

Code Block


/*
         * Configure the datastore for simpleSAMLphp.

         *

         * - 'phpsession': Limited datastore, which uses the PHP session.

         * - 'memcache': Key-value datastore, based on memcache.

         * - 'sql': SQL datastore, using PDO.

         *

         * The default datastore is 'phpsession'.

         *

         * (This option replaces the old 'session.handler'-option.)
*/


        'store.type' => 'sql',

        /*

         * The DSN the sql datastore should connect to.

         *

         * See http://www.php.net/manual/en/pdo.drivers.php for the various

         * syntaxes.

         */

        'store.sql.dsn' => 'sqlite:/tmp/saml.db',

        /*

         * The username and password to use when connecting to the database.

         */

        'store.sql.username' => NULL,

        'store.sql.password' => NULL,

        /*

         * The prefix we should use on our tables.

         */

        'store.sql.prefix' => 'simpleSAMLphp',