This documentation is for WSO2 Identity Server 5.0.0. View documentation for the latest release.
Page Comparison - SAML2 IdP with SimpleSAMLphp Service Provider (v.8 vs v.9) - Identity Server 5.0.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Install Apache.

    Code Block
    # apt-get install apache2 
  2. Install PHP and related extensions.

    Code Block
    # apt-get install php5  
      
    # apt-get install php5-cli  
      
    # apt-get install php5-common  
      
    # apt-get install php5-curl  
      
    # apt-get install php-pear  
      
    # apt-get install php5-mcrypt 
    Info

    For Ubuntu users, please install the following extension as well: # apt-get install php5-json

  3. Install SimpleSAMLphp using the following commands.

    Code Block
    # cd /var/simplesamlphp/  
      
    # wget httphttpshttps://simplesamlphpgithub.googlecode.com/filessimplesamlphp/simplesamlphp/releases/download/simplesamlphp-1.11.0/simplesamlphp-1.11.0.tar.gz
      
    # tar xvf simplesamlphp-1.11.0.tar.gz  
      
    # mv simplesamlphp-1.11.0 simplesamlphp  
      
    # cd simplesamlphp  
      
    # cp -r metadata-templates/*.php metadata/  
      
    # cp -r config-templates/*.php config 
  4. Configure SimpleSAMLphp web in Apache.

    Code Block
    # cd /var/www/html
      
    # ln -s /var/simplesamlphp/simplesamlphp/www simplesaml 
  5. Start Apache.

    Code Block
    # apachectl start  
  6. Access the SimpleSAMLphp web app from the following location: http://localhost/simplesaml.
  7. Set the SimpleSAMLphp administrator login configuration as follows:

    Code Block
    # cd /var/simplesamlphp/simplesamlphp  
      
    # vi config/config.php  
  8. Look for 'auth.adminpassword' and change its value from the default and save the file.
  9. Click on 'Login as administrator' from the web page http://localhost/simplesaml.
  10. Add a Service Provider to SimpleSAMLphp.

    Code Block
    # cd /var/simplesamlphp/simplesamlphp  
      
    # vi config/authsources.php 
  11. Add the following section to the file and save.

    Code Block
    'wso2-sp' => array(  
      
    'saml:SP',  
      
    // The entity ID of this SP.  
      
    // Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.  
      
    'entityID' => 'simplesaml',  
      
    // The entity ID of the IdP this should SP should contact.  
      
    // Can be NULL/unset, in which case the user will be shown a list of available IdPs.  
      
    'idp' => 'https://localhost:9443/samlsso',  
      
    // The URL to the discovery service.  
      
    // Can be NULL/unset, in which case a builtin discovery service will be used.  
      
    'discoURL' => NULL,  
      
    ),

    Here we assume WSO2 IS is running in localhost on 9443.

  12. Add the Identity Provider metadata.

    Code Block
    # cd /var/simplesamlphp/simplesamlphp  
      
    #  vi metadata/saml20-idp-remote.php 
  13. Add the following section to the file and save.

    Code Block
    $metadata['https://localhost:9443/samlsso'] = array(  
      
    	'name' => array(  
      
    	'en' =>  'WSO2 IS',  
      
    	'no' =>  'WSO2 IS',  
      
    ),  
      
    	'description'   =>  'Login with WSO2 IS SAML2 IdP.',  
      
    	'SingleSignOnService'  =>  'https://localhost:9443/samlsso',  
      
    	'SingleLogoutService'  => 'https://localhost:9443/samlsso',  
      
    	'certFingerprint'      => '6bf8e136eb36d4a56ea05c7ae4b9a45b63bf975d'  
      
    );
  14. Note that metadata ['https://localhost:9443/samlsso'] should match value of 'idp' in step 11.

    Panel

    6bf8e136eb36d4a56ea05c7ae4b9a45b63bf975d is the thumbprint of the default certificate ships with WSO2 IS. SAML2 Response is signed with this certificate.

  15. Install WSO2 Identity Server. The WSO2 Identity Server is available for download here.
  16. Start WSO2 Identity Server and add a Service Provider under SAML SSO.

    Panel

    Issuer: simplesaml

    Assertion Consumer URL: http://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/wso2-sp

    Enable Assertion Signing: True

    Enable Single Logout: True

    Logout URL: http://localhost/simplesamlphp/www/module.php/saml/sp/saml2-logout.php/wso2-sp

    Keep the defaults for the rest.

  17. In the Main menu of the management console, click List under Identity Providers. Then click Resident Identity Provider.

  18. On the page that appears, open the SAML2 Web SSO Configuration section under Inbound Authentication Configuration.
  19. The ID value of the identity provider should be the SAML endpoint of the Identity Server: https://{yourhost}:{port}/samlsso
  20. Test SimpleSAMLphp.
  21. Go to http://localhost/simplesaml and then to "Authentication" and click on "Test configured authentications sources"
  22. Pick "wso2-sp". You are redirected to WSO2 IS SAML2 IdP for login.

...