Using these instructions, you should be able to install the simpleSAMLphp service provider into a specific directory on a web server running PHP 5.2 or newer. 

Prerequisites: PHP 5.2>= with


Follow the instructions for installing simpleSAMLphp:

Cornell Configuration

Configure for remote SP

Follow the directions for Service Provider QuickStart

Generating metadata

You'll need to populate saml20-idp-remote.php with Cornell specific info. This can be done by going to the "Federation" tab and using the "XML to simpleSAMLphp metadata converter". Be sure to add "<?php" and "?>" to the beginning / end of the generated file.

Testing Configuration

Go to the "Authentication" tab and click on "Test configured authentication services" and "default-sp". If it is all working you should see output.  You'll probably want to set the default-sp to avoid the intermediary screen:

Known Issues

Attribute mapping: By default, attributes map to the OID string and not something friendly like EduPersonName, etc. To use friendly attribute names, edit your <simplesaml_installdir>/config/config.php and change:

         'authproc.sp' => array(
                10 => array(
                        'class' => 'core:AttributeMap', 'removeurnprefix'


         'authproc.sp' => array(
                10 => array(

                        'class' => 'core:AttributeMap', 'oid2name'

See comments here for more context:

*Datastore: *The simpleSAMLphp Drupal module requires using a datastore other than the default phpsession. Other options are memcache and SQL - below is a sample config for using sqlite3 on a *nix machine (using no username/password):


         * Configure the datastore for simpleSAMLphp.


         * - 'phpsession': Limited datastore, which uses the PHP session.

         * - 'memcache': Key-value datastore, based on memcache.

         * - 'sql': SQL datastore, using PDO.


         * The default datastore is 'phpsession'.


         * (This option replaces the old 'session.handler'-option.)


        'store.type' => 'sql',


         * The DSN the sql datastore should connect to.


         * See for the various

         * syntaxes.


        //'store.sql.dsn' => 'sqlite:/path/to/sqlitedatabase.sq3',

        'store.sql.dsn' => 'sqlite:/tmp/saml.db',


         * The username and password to use when connecting to the database.


        'store.sql.username' => NULL,

        'store.sql.password' => NULL,


         * The prefix we should use on our tables.


        'store.sql.prefix' => 'simpleSAMLphp',