...
- Hashing function
- zlib
- openssl
- SimpleXML
- XML DOM
- Regex support
Quick Installation
You can clone a version of simplesamlphp configured for Cornell Shibboleth (basically most of the work done below is already done) here. I can't promise that this will be kept up to date, but you should be able to drop it into /var/ on a RHEL/CentOS box, make a few edits and be on your way.
Full Installation
Follow the instructions for installing simpleSAMLphp:
...
Go to the "Authentication" tab and click on "Test configured authentication services" and "default-sp". If it is all working you should see output. You'll probably want to set the default-sp to avoid the intermediary screen: http://simplesamlphp.org/docs/stable/simplesamlphp-sp#section_3. For Cornell, change:
Code Block |
---|
// The entity ID of the IdP this should SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
'idp' => NULL,
|
To:
Code Block |
---|
// The entity ID of the IdP this should SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
'idp' => 'https://shibidp.cit.cornell.edu/idp/shibboleth',
|
...
Attribute mapping: By default, attributes map to the OID string and not something friendly like EduPersonName, etc. To use friendly attribute names, edit your <simplesaml_installdir>/config/config.php and change:
Code Block |
---|
'authproc.sp' => array(
/*
10 => array(
'class' => 'core:AttributeMap', 'removeurnprefix'
),
*/
|
To:
Code Block |
---|
'authproc.sp' => array(
10 => array(
'class' => 'core:AttributeMap', 'oid2name'
),
|
...
Datastore: The simpleSAMLphp Drupal module requires using a datastore other than the default phpsession. Other options are memcache and SQL - below is a sample config for using sqlite3 on a *nix machine (using no username/password):
Code Block |
---|
/*
* Configure the datastore for simpleSAMLphp.
*
* - 'phpsession': Limited datastore, which uses the PHP session.
* - 'memcache': Key-value datastore, based on memcache.
* - 'sql': SQL datastore, using PDO.
*
* The default datastore is 'phpsession'.
*
* (This option replaces the old 'session.handler'-option.)
*/
'store.type' => 'sql',
/*
* The DSN the sql datastore should connect to.
*
* See http://www.php.net/manual/en/pdo.drivers.php for the various
* syntaxes.
*/
'store.sql.dsn' => 'sqlite:/tmp/saml.db',
/*
* The username and password to use when connecting to the database.
*/
'store.sql.username' => NULL,
'store.sql.password' => NULL,
/*
* The prefix we should use on our tables.
*/
'store.sql.prefix' => 'simpleSAMLphp',
|