JA T3 Framework

Fast. Flexible. Powerful

Kontakt

Integration af en SimpleSAMLphp-SP i Kalmar2

Kalmar2-konfiguration for serviceudbyder (på Ubuntu-12.04):

Udfør følgende kommandoer:

# cd /var/www/simplesamlphp 
# mkdir tmp 
# mkdir log 
# mkdir data 
# touch modules/metarefresh/enable 
# mkdir metadata/federation 
# chown www-data:www-data metadata/federation tmp log data 

Rediger filerne config/config.php, config/config-metarefresh.php, config/authsources.php, så de matcher nedenstående. Bemærk at [CONFIGURE] skal ændres. Sæt eventuelt også et cronjob op som nedenfor eller via SimpleSAMLphp's cron-mekanisme.

config/config.php:

<?php 
$config = array ( 
    'baseurlpath' => 'simplesamlphp/', 
    'certdir' => '/etc/apache2/ssl/', 
    'loggingdir' => 'log/', 
    'datadir' => 'data/', 
    'tempdir' => 'tmp/', 
    'debug' => FALSE, 
    'showerrors' => TRUE, 
    'debug.validatexml' => FALSE, 
    'auth.adminpassword' => '[CONFIGURE]', 
    'admin.protectindexpage' => false, 
    'admin.protectmetadata' => false, 
    'secretsalt' => '[CONFIGURE]', 
    'technicalcontact_name' => '[CONFIGURE]', 
    'technicalcontact_email' => '[CONFIGURE]', 
    'timezone' => NULL, 
    'logging.level' => SimpleSAML_Logger::DEBUG, 
    'logging.handler' => 'file', 
    'logging.facility' => defined('LOG_LOCAL5') ? constant('LOG_LOCAL5') : LOG_USER, 
    'logging.processname' => 'simplesamlphp', 
    'logging.logfile' => 'simplesamlphp.log', 
    'statistics.out' => array( 
    ), 
    'enable.saml20-idp' => false, 
    'enable.shib13-idp' => false, 
    'enable.adfs-idp' => false, 
    'enable.wsfed-sp' => false, 
    'enable.authmemcookie' => false, 
    'session.duration' => 8 * (60*60), 
    'session.datastore.timeout' => (4*60*60), 
    'session.state.timeout' => (60*60), 
    'session.cookie.name' => 'SimpleSAMLSessionID', 
    'session.cookie.lifetime' => 0, 
    'session.cookie.path' => '/', 
    'session.cookie.domain' => NULL, 
    'session.cookie.secure' => FALSE, 
    'session.disable_fallback' => FALSE, 
    'enable.http_post' => FALSE, 
    'session.phpsession.cookiename' => null, 
    'session.phpsession.savepath' => null, 
    'session.phpsession.httponly' => FALSE, 
    'session.authtoken.cookiename' => 'SimpleSAMLAuthToken', 
    'language.available' => array('en', 'no', 'nn', 'se', 'da', 'de', 'sv', 'fi', 'es', 'fr', 'it', 'nl', 'lb', 'cs', 'sl', 'lt', 'hr', 'hu', 'pl', 'pt', 'pt-br', 'tr', 'ja', 'zh', 'zh-tw', 'ru', 'et', 'he', 'id', 'sr', 'lv'), 
    'language.rtl' => array('ar','dv','fa','ur','he'), 
    'language.default' => 'en', 
    'language.parameter.name' => 'language', 
    'language.parameter.setcookie' => TRUE, 
    'language.cookie.name' => 'language', 
    'language.cookie.domain' => NULL, 
    'language.cookie.path' => '/', 
    'language.cookie.lifetime' => (60*60*24*900), 
    'attributes.extradictionary' => NULL, 
    'theme.use' => 'default', 
    'default-wsfed-idp' => 'urn:federation:pingfederate:localhost', 
    'idpdisco.enableremember' => TRUE, 
    'idpdisco.rememberchecked' => TRUE, 
    'idpdisco.validate' => TRUE, 
    'idpdisco.extDiscoveryStorage' => NULL, 
    'idpdisco.layout' => 'dropdown', 
    'shib13.signresponse' => TRUE, 
    'authproc.idp' => array( 
        30 => 'core:LanguageAdaptor', 
        45 => array( 
            'class' => 'core:StatisticsWithAttribute', 
            'attributename' => 'realm', 
            'type' => 'saml20-idp-SSO', 
        ), 
        50 => 'core:AttributeLimit', 
        99 => 'core:LanguageAdaptor', 
    ), 
    'authproc.sp' => array( 
        60 => array('class' => 'core:GenerateGroups', 'eduPersonAffiliation'), 
        61 => array('class' => 'core:AttributeAdd', 'groups' => array('users', 'members')), 
        90 => 'core:LanguageAdaptor', 
    ), 
    'metadata.sources' => array( 
        array('type' => 'flatfile'), 
        array('type' => 'flatfile', 'directory' => 'metadata/federation'), 
    ), 
    'store.type' => 'phpsession', 
    'store.sql.dsn' => 'sqlite:/path/to/sqlitedatabase.sq3', 
    'store.sql.username' => NULL, 
    'store.sql.password' => NULL, 
    'store.sql.prefix' => 'simpleSAMLphp', 
    'memcache_store.servers' => array( 
        array( 
            array('hostname' => 'localhost'), 
        ), 
    ), 
    'memcache_store.expires' => 36 * (60*60), 
    'metadata.sign.enable' => FALSE, 
    'metadata.sign.privatekey' => NULL, 
    'metadata.sign.privatekey_pass' => NULL, 
    'metadata.sign.certificate' => NULL, 
    'proxy' => NULL, 
    'redirect.trustedsites' => NULL, 
); 

config/config-metarefresh.php:

<?php 
$config = array( 
    'sets' => array( 
        'kalmar' => array( 
            'sources' => array( 
                array( 
                    'src' => 'http://kalmar2.org/simplesaml/module.php/aggregator/?id=kalmarcentral2&set=saml20-idp-remote&mimetype=application/xml&#39;, 
                    'template' => array( 
                        'tags' => array('kalmar'), 
                        'authproc' => array( 
                            51 => array('class' => 'core:AttributeMap', 'oid2name'), 
                        ), 
                    ), 
                ), 
            ), 
            'expireAfter' => 60*60*24*4, 'outputDir' => 'metadata/federation/', 
            'outputFormat' => 'flatfile', 
        ), 
    ), 
); 

config/authsources.php:

<?php 
$config = array( 
    'default-sp' => array( 
        'saml:SP', 
        'redirect.sign' => true, 
        'entityID' => 'https://[CONFIGURE - typisk hostnavn]', 
        'privatekey' => '[CONFIGURE - blot filnavn]', 
        'certificate' => '[CONFIGURE - blot filnavn]', 
        'discoURL' => 'https://kalmar2.org/simplesaml/module.php/discopower/disco.php', 
    ), 
    'Admin' => array( 
        'core:AdminPassword', 
    ), 
); 

/etc/cron.d/kalmar2metarefresh:

19 */2 * * * www-data /var/www/simplesamlphp/modules/metarefresh/bin/metarefresh.php "http://kalmar2.org/simplesaml/module.php/aggregator/?id=kalmarcentral2&set=saml20-idp-remote&mimetype=application/xml" -o=metadata/federation/ 

WAYF – Where Are You From
Asmussens Allé, bygning 305
2800 Kgs. Lyngby

www.wayf.dk
sekretariat@wayf.dk

line
You are here