so my question is, how can I configure authsources.php to allow adding the ProviderName to the request, since the IDP I'm connecting to has this requirement, despite the Issuer. SP configuration at authsources.php
'name-of-sp' => array(
'saml:SP',
'privatekey' => '/certs/privkey.pem',
'certificate' => '/certs/cert.pem',
'entityID' => 'my-entityid',
'idp' => 'idp-used',
'ProviderName' => 'I WANT TO SET THIS',
),
The above doesn't work. So how can I configure this to add ProviderName to the SP? If this is Standard SAML protocol or not, that is an whole other question, but this IDP is not under my control.
IDP remote metadata in case anyone is wondering is:
$metadata['idp-used'] = array(
'name' => array(
'en' => 'idp-used'
),
'description' => 'Here you can login with your account on idp-used',
'SingleSignOnService' => array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'https://idp-used-location/saml',
),),
'SingleLogoutService' => 'https://idp-used-location/saml/logout',
'redirect.sign' => TRUE,
'NameIDPolicy' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
);
Besides that, simplesamlPhp generates the request the following manner with current settings.
<samlp:AuthnRequest
AssertionConsumerServiceURL="http://localhost:8080/simplesaml/module.php/saml/sp/saml2-acs.php/name-of-idp"
Destination="IDP DESTINATION URL"
ID="_0946191c7de9389b04bd2c389af9a24c5fe5bb575f" IssueInstant="2018-03-12T12:48:47Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer>The Issuer</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_0946191c7de9389b04bd2c389af9a24c5fe5bb575f">
<ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>The Digest Value</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>The Signature</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>The Certificate</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature><samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/></samlp:AuthnRequest>
Regarding the request it should have the following structure, so I also need to have the
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">Issuer but with and xmlns:saml attribute</saml:Issuer>
Making the head of the request required to be the following manner:
<samlp:AuthnRequest
ID="_1e736a31-a41c-4c35-b17f-0f9ab4c741b3"
Version="2.0"
IssueInstant="2011-02-17T11:15:24Z"
Destination="DestinationURLOFIDP"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
AssertionConsumerServiceURL="ACS-URL"
ProviderName="Service Provider Name"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">ISSUER</saml:Issuer>
Is there any way to add ProviderName using saml authsources.php or idp-remote.php and set the attribute assertion from the authnrequest to the issuer?
This IDP doesn't expose a metadata.xml anywhere, unable to get full metadata.xml.
Thanks in advance
