JA T3 Framework

Fast. Flexible. Powerful

Kontakt

Integration af en SimpleSAMLphp-SP i Kalmar2

Kalmar2-konfiguration for serviceudbyder (på Ubuntu-12.04):

Udfør følgende kommandoer:

# cd /var/www/simplesamlphp 
# mkdir tmp 
# mkdir log 
# mkdir data 
# touch modules/metarefresh/enable 
# mkdir metadata/federation 
# chown www-data:www-data metadata/federation tmp log data 

Rediger filerne config/config.php, config/config-metarefresh.php, config/authsources.php, så de matcher nedenstående. Bemærk at [CONFIGURE] skal ændres. Sæt eventuelt også et cronjob op som nedenfor eller via SimpleSAMLphp's cron-mekanisme.

config/config.php:

<?php 
$config = array ( 
        'baseurlpath' => 'simplesamlphp/', 
        'certdir' => '/etc/apache2/ssl/', 
        'loggingdir' => 'log/', 
        'datadir' => 'data/', 
        'tempdir' => 'tmp/', 
        'debug' => FALSE, 
        'showerrors' => TRUE, 
        'debug.validatexml' => FALSE, 
        'auth.adminpassword' => '[CONFIGURE]', 
        'admin.protectindexpage' => false, 
        'admin.protectmetadata' => false, 
        'secretsalt' => '[CONFIGURE]', 
        'technicalcontact_name' => '[CONFIGURE]', 
        'technicalcontact_email' => '[CONFIGURE]', 
        'timezone' => NULL, 
        'logging.level' => SimpleSAML_Logger::DEBUG, 
        'logging.handler' => 'file', 
        'logging.facility' => defined('LOG_LOCAL5') ? constant('LOG_LOCAL5') : LOG_USER, 
        'logging.processname' => 'simplesamlphp', 
        'logging.logfile' => 'simplesamlphp.log', 
        'statistics.out' => array( 
        ), 
        'enable.saml20-idp' => false, 
        'enable.shib13-idp' => false, 
        'enable.adfs-idp' => false, 
        'enable.wsfed-sp' => false, 
        'enable.authmemcookie' => false, 
        'session.duration' => 8 * (60*60), 
        'session.datastore.timeout' => (4*60*60), 
        'session.state.timeout' => (60*60), 
        'session.cookie.name' => 'SimpleSAMLSessionID', 
        'session.cookie.lifetime' => 0, 
        'session.cookie.path' => '/', 
        'session.cookie.domain' => NULL, 
        'session.cookie.secure' => FALSE, 
        'session.disable_fallback' => FALSE, 
        'enable.http_post' => FALSE, 
        'session.phpsession.cookiename' => null, 
        'session.phpsession.savepath' => null, 
        'session.phpsession.httponly' => FALSE, 
        'session.authtoken.cookiename' => 'SimpleSAMLAuthToken', 
        'language.available' => array('en', 'no', 'nn', 'se', 'da', 'de', 'sv', 'fi', 'es', 'fr', 'it', 'nl', 'lb', 'cs', 'sl', 'lt', 'hr', 'hu', 'pl', 'pt', 'pt-br', 'tr', 'ja', 'zh', 'zh-tw', 'ru', 'et', 'he', 'id', 'sr', 'lv'), 
        'language.rtl' => array('ar','dv','fa','ur','he'), 
        'language.default' => 'en', 
        'language.parameter.name' => 'language', 
        'language.parameter.setcookie' => TRUE, 
        'language.cookie.name' => 'language', 
        'language.cookie.domain' => NULL, 
        'language.cookie.path' => '/', 
        'language.cookie.lifetime' => (60*60*24*900), 
        'attributes.extradictionary' => NULL, 
        'theme.use' => 'default', 
        'default-wsfed-idp' => 'urn:federation:pingfederate:localhost', 
        'idpdisco.enableremember' => TRUE, 
        'idpdisco.rememberchecked' => TRUE, 
        'idpdisco.validate' => TRUE, 
        'idpdisco.extDiscoveryStorage' => NULL, 
        'idpdisco.layout' => 'dropdown', 
        'shib13.signresponse' => TRUE, 
        'authproc.idp' => array( 
                30 => 'core:LanguageAdaptor', 
                45 => array( 
                        'class' => 'core:StatisticsWithAttribute', 
                        'attributename' => 'realm', 
                        'type' => 'saml20-idp-SSO', 
                ), 
                50 => 'core:AttributeLimit', 
                99 => 'core:LanguageAdaptor', 
        ), 
        'authproc.sp' => array( 
                60 => array('class' => 'core:GenerateGroups', 'eduPersonAffiliation'), 
                61 => array('class' => 'core:AttributeAdd', 'groups' => array('users', 'members')), 
                90 => 'core:LanguageAdaptor', 
        ), 
        'metadata.sources' => array( 
                array('type' => 'flatfile'), 
                array('type' => 'flatfile', 'directory' => 'metadata/federation'), 
        ), 
        'store.type' => 'phpsession', 
        'store.sql.dsn' => 'sqlite:/path/to/sqlitedatabase.sq3', 
        'store.sql.username' => NULL, 
        'store.sql.password' => NULL, 
        'store.sql.prefix' => 'simpleSAMLphp', 
        'memcache_store.servers' => array( 
                array( 
                        array('hostname' => 'localhost'), 
                ), 
        ), 
        'memcache_store.expires' => 36 * (60*60), 
        'metadata.sign.enable' => FALSE, 
        'metadata.sign.privatekey' => NULL, 
        'metadata.sign.privatekey_pass' => NULL, 
        'metadata.sign.certificate' => NULL, 
        'proxy' => NULL, 
        'redirect.trustedsites' => NULL, 
); 

config/config-metarefresh.php:

<?php 
$config = array( 
        'sets' => array( 
                'kalmar' => array( 
                       'sources' => array( 
                                array( 
                                       'src' => 'http://kalmar2.org/simplesaml/module.php/aggregator/?id=kalmarcentral2&set=saml20-idp-remote&mimetype=application/xml&#39;, 
                                       'template' => array( 
                                                'tags' => array('kalmar'), 
                                                'authproc' => array( 
                                                        51 => array('class' => 'core:AttributeMap', 'oid2name'), 
                                                ), 
                                        ), 
                                ), 
                        ), 
                        'expireAfter' => 60*60*24*4, 'outputDir' => 'metadata/federation/', 
                        'outputFormat' => 'flatfile', 
                ), 
        ), 
); 

config/authsources.php:

<?php 
$config = array( 
        'default-sp' => array( 
                'saml:SP', 
                'redirect.sign' => true, 
                'entityID' => 'https://[CONFIGURE - typisk hostnavn]', 
                'privatekey' => '[CONFIGURE - blot filnavn]', 
                'certificate' => '[CONFIGURE - blot filnavn]', 
                'discoURL' => 'https://kalmar2.org/simplesaml/module.php/discopower/disco.php', 
        ), 
        'Admin' => array( 
                'core:AdminPassword', 
        ), 
); 

/etc/cron.d/kalmar2metarefresh:

19 */2 * * * www-data /var/www/simplesamlphp/modules/metarefresh/bin/metarefresh.php "http://kalmar2.org/simplesaml/module.php/aggregator/?id=kalmarcentral2&set=saml20-idp-remote&mimetype=application/xml" -o=metadata/federation/ 

WAYF – Where Are You From
Asmussens Allé, bygning 305
2800 Kgs. Lyngby

www.wayf.dk
sekretariat@wayf.dk

line
You are here