Skip to content

Log in to SimpleSAMLphp using MWARE IAM

This page guides you through using MWARE IAM to log in to SimpleSAMLphp.

Set up SimpleSAMLphp as a service provider

  1. Install Apache.

    # apt-get install apache2

  2. Install PHP and related extensions.

    # apt-get install php5  

# apt-get install php5-cli  

# apt-get install php5-common  

# apt-get install php5-curl  

# apt-get install php-pear  

# apt-get install php5-mcrypt

    Info

    If you are an Ubuntu user, install the following extension as well: # apt-get install php5-json

  3. Install SimpleSAMLphp using the following commands.

    # sudo mkdir /var/simplesamlphp/

# cd /var/simplesamlphp/  

# wget https://github.com/simplesamlphp/simplesamlphp/releases/download/simplesamlphp-1.11.0/simplesamlphp-1.11.0.tar.gz  

# tar xvf simplesamlphp-1.11.0.tar.gz  

# mv simplesamlphp-1.11.0 simplesamlphp  

# cd simplesamlphp  

# cp -r metadata-templates/*.php metadata/  

# cp -r config-templates/*.php config

  4. Configure SimpleSAMLphp web in Apache.

    # cd /var/www/html

# ln -s /var/simplesamlphp/simplesamlphp/www simplesaml

  5. Start Apache.

    # apachectl start

  6. Access the SimpleSAMLphp web app using the following URL: http://localhost/simplesaml.

  7. Set the SimpleSAMLphp administrator login configuration as follows:

    # cd /var/simplesamlphp/simplesamlphp  

# vi config/config.php
    1. Search for ' auth.adminpassword ' and change its value from the default and save the file.
    2. Click on ' Login as administrator ' from the web page http://localhost/simplesaml to test the configured value.

  8. Add a service provider to SimpleSAMLphp.

    # cd /var/simplesamlphp/simplesamlphp  

# vi config/authsources.php

    1. Add the following section to the file and save.

      'wso2-sp' => array(  

'saml:SP',  

// The entity ID of this SP.  

// Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.  

'entityID' => 'simplesaml',  

// The entity ID of the IdP this should SP should contact.  

// Can be NULL/unset, in which case the user will be shown a list of available IdPs.  

'idp' => 'https://localhost:9443/samlsso',  

// The URL to the discovery service.  

// Can be NULL/unset, in which case a builtin discovery service will be used.  

'discoURL' => NULL,  

),

      By default, MWARE IAM runs on localhost:9443. If you are using a different hostname or have configured a port offset, adjust the configurations above accordingly.

  9. Add the identity provider metadata.

    # cd /var/simplesamlphp/simplesamlphp  

# vi metadata/saml20-idp-remote.php

    1. Add the following section to the file and save.

      $metadata['https://localhost:9443/samlsso'] = array(  

    'name' => array(  

    'en' =>  'MWARE IAM',  

    'no' =>  'MWARE IAM',  

),  

    'description'   =>  'Login with MWARE IAM SAML2 IdP.',  

    'SingleSignOnService'  =>  'https://localhost:9443/samlsso',  

    'SingleLogoutService'  => 'https://localhost:9443/samlsso',  

    'certFingerprint'      => '6bf8e136eb36d4a56ea05c7ae4b9a45b63bf975d'  

);

    2. Note that metadata [' https://localhost:9443/samlsso '] should match the value of 'idp' in step 8.

    3. Note that "6bf8e136eb36d4a56ea05c7ae4b9a45b63bf975d" is the thumbprint of the default certificate shipped with MWARE IAM. The SAML2 Response is signed with this certificate.

Configure the service provider in MWARE IAM

To register your application as a service provider in the MWARE IAM:

  1. Log in to the MWARE IAM Management Console using administrator credentials.

  2. Go to Main > Identity > Service Providers > Add.

  3. Enter a Service Provider Name. Optionally, enter a Description.

  4. Click Register.

  5. Expand Inbound Authentication Configuration > SAML Configuration and click Configure.

  6. Enter the following details and keep the values of the rest of the fields as it is.

    • Issuer:simplesaml

    • Assertion Consumer URL: http://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/wso2-sp

    • Enable Single Logout: True

    • SLO Response URL: http://localhost/simplesamlphp/www/module.php/saml/sp/saml2-logout.php/wso2-sp

  7. Click Register

    simplesamlphp-sp.png

Configure a resident identity provider in MWARE IAM

  1. In the Main menu of the Management Console (https://<IS_HOST>:<PORT>/carbon), click Resident under Identity Providers.

  2. On the page that appears, open the SAML2 Web SSO Configuration section under Inbound Authentication Configuration.

  3. Make the value of the Identity Provider Entity ID field as same as the SAML endpoint of MWARE IAM: https://{yourhost}:{port}/samlsso

    simeplesamlphp-resident

Test SimpleSAMLphp

  1. Access http://localhost/simplesaml and then to Authentication and click on Test configured authentication sources.
  2. Choose " wso2-sp ". You are redirected to MWARE IAM SAML2 IdP for login.

For more information on SimpleSAMLphp, click https://simplesamlphp.org/docs/stable/

Related topics

Top