4

Just wanted to know if it is possible to configure simplesamlphp IdP and SP on the same machine. If so, it would be great if there are configuration steps for the same

Above is the original post. After a few hours of work, below is a working configuration of simplesamlphp with SP and IdP in the same machine (under different folders):

  • SP Configuration
    • IP Address: 10.209.122.151
    • Folder: /var/simplesamlphp (Accessed via Alias /var/simplesaml)
    • Configuration:

config/config.php:

'baseurlpath' => 'simplesaml/',
'certdir' => '/etc/ssl/certs',
'loggingdir' => 'log/',
'datadir' => 'data/',
'auth.adminpassword' => 'somepass',
'secretsalt' => 'somesalt',`
'enable.saml20-sp' => true,

config/authsources.php:

'admin' => array (
    'core:AdminPassword',
),

'default-sp' => array (
    'saml:SP',
    'entityID' => null,
    'idp' => null,
    'discoURL' => null,

metadata/saml20-sp-hosted.php:

<?php 

$metadata['https://10.209.122.151/simplesaml'] = array(
    'saml:SP',
    'host' => '10.209.122.151',
    'privatekey' => 'simplesamlphp.pem',
    'certificate' => 'simplesamlphp.crt',
)

?>

metadata/saml20-idp-remote.php:

<?php    $metadata['https://10.209.122.151/simplesamlidp/saml2/idp/metadata.php'] = array(
    'name' => array(
            'en' => 'Remote IdP',
            'no' => 'Suchindra Chandrahas',
    ),
    'description'          => 'SP and IdP in the same machine',

    'SingleSignOnService'  => 'https://10.209.122.151/simplesamlidp/saml2/idp/SSOService.php',
    'SingleLogoutService'  => 'https://10.209.122.151/simplesamlidp/saml2/idp/SingleLogoutService.php',
    'certificate' => 'simplesamlphp.crt'
);
?>
  • IDP Configuration:
    • IP Address: 10.209.122.151
    • Folder: /var/simplesamlphpidp (Accessed via Alias /var/simplesamlidp)

config/config.php:

'baseurlpath' => 'simplesamlidp/',
'certdir' => '/etc/ssl/certs',
'loggingdir' => 'log/',
'datadir' => 'data/',
'auth.adminpassword' => 'somepass',
'secretsalt' => 'somesalt',
'enable.saml20-idp' => true,

config/authsources.php:

'example-userpass' => array(
    'exampleauth:UserPass',
    'student:studentpass' => array(
        'uid' => array('student'),
        'eduPersonAffiliation' => array('member', 'student'),
    ),
    'employee:employeepass' => array(
        'uid' => array('employee'),
        'eduPersonAffiliation' => array('member', 'employee'),
    ),
),

metadata/saml20-idp-hosted.php: 

$metadata['__DYNAMIC:1__'] = array(
    'host' => '__DEFAULT__',
    'privatekey' => 'simplesamlphp.pem',
    'certificate' => 'simplesamlphp.crt',
    'auth' => 'example-userpass',
);
?>

metadata/saml20-sp-remote.php:

<?php

 $metadata['https://10.209.122.151/simplesaml/module.php/saml/sp/metadata.php/default-sp'] = array(
    'AssertionConsumerService'  => 'https://10.209.122.151/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
    'SingleLogoutService' => 'https://10.209.122.151/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp',
);

The above configuration, along with changes as mentioned in the patch below, works for me:

https://github.com/simplesamlphp/simplesamlphp/files/278540/SSP-typing.patch.txt

I don't see the 'Unhandled exception' and other messages

Rikkyp
  • 51
  • 5
  • Yes, that is possible. I remember setting up a site that was both Idp and SP at the same time using SimpleSamlPHP some years ago. I don't have access to the code for it anymore so am not able to find how I did it – rypskar May 22 '17 at 07:37
  • Thanks rypskar. Any internet resources that I can follow for setting it up? – Rikkyp May 22 '17 at 08:42
  • I think I only used the official documentation at https://simplesamlphp.org/docs/stable/ and did read the source code. It is several years since I last did any work with it so don't remember the details – rypskar May 22 '17 at 08:51
  • Thanks. Will look into that – Rikkyp May 22 '17 at 09:50

1 Answers1

1

Updated initial post with working configuration

Rikkyp
  • 51
  • 5