This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
SAML2 IdP with SimpleSAMLphp Service Provider
- Former user (Deleted)
This section explains how to configure the WSO2 Identity Server SAML2 IdP with the SimpleSAMLphp Service Provider.
Initially it is necessary to setup SimpleSAMLphp as a service provider. The steps below are tested with Ubuntu.
To setup SimpleSAMLphp as a service provider:
Install Apache.
# apt-get install apache2
Install PHP and related extensions.
# apt-get install php5 # apt-get install php5-cli # apt-get install php5-common # apt-get install php5-curl # apt-get install php-pear # apt-get install php5-mcrypt
Install SimpleSAMLphp.
# cd /var/simplesamlphp/ # wget http://simplesamlphp.googlecode.com/files/simplesamlphp-1.11.0.tar.gz # tar xvf simplesamlphp-1.11.0.tar.gz # mv simplesamlphp-1.11.0 simplesamlphp # cd simplesamlphp # cp -r metadata-templates/*.php metadata/ # cp -r config-templates/*.php config
Configure SimpleSAMLphp web in Apache.
# cd /var/www # ln -s /var/simplesamlphp/simplesamlphp/www simplesaml
Start Apache.
# apachectl start
- Access the SimpleSAMLphp web app:Â
http://localhost/simplesaml. Set the SimpleSAMLphp administrator login configuration as follows:
# cd /var/simplesamlphp/simplesamlphp # vi config/config.php
- Look for 'auth.adminpassword' and change its value from the default and save the file.
- Click on 'Login as administrator' from the web page
http://localhost/simplesaml. Add a Service Provider to SimpleSAMLphp.
# cd /var/simplesamlphp/simplesamlphp # vi config/authsources.php
Add the following section to the file and save.
'wso2-sp' => array( 'saml:SP', // The entity ID of this SP. // Can be NULL/unset, in which case an entity ID is generated based on the metadata URL. 'entityID' => 'simplesaml', // The entity ID of the IdP this should SP should contact. // Can be NULL/unset, in which case the user will be shown a list of available IdPs. 'idp' => 'https://localhost:9443/samlsso', // The URL to the discovery service. // Can be NULL/unset, in which case a builtin discovery service will be used. 'discoURL' => NULL, ),
- Here we assume WSO2 IS is running in localhost on 9443.
Add the Identity Provider metadata.
# cd /var/simplesamlphp/simplesamlphp # vi metadata/saml20-idp-remote.php
Add the following section to the file and save.
$metadata['https://localhost:9443/samlsso'] = array( 'name' => array( 'en' => 'WSO2 IS', 'no' => 'WSO2 IS', ), 'description' => 'Login with WSO2 IS SAML2 IdP.', 'SingleSignOnService' => 'https://localhost:9443/samlsso', 'SingleLogoutService' => 'https://localhost:9443/samlsso', 'certFingerprint' => '6bf8e136eb36d4a56ea05c7ae4b9a45b63bf975d' );
Note that metadata ['
https://localhost:9443/samlsso'] should match value of 'idp' in step 11.6bf8e136eb36d4a56ea05c7ae4b9a45b63bf975d is the thumbprint of the default certificate ships with WSO2 IS. SAML2 Response is signed with this certificate.
- Install WSO2 Identity Server. The WSO2 Identity Server is available for download here.
Start WSO2 Identity Server and add a Service Provider under SAML SSO.
Issuer: simplesaml
Assertion Consumer URL: http://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/wso2-sp
Enable Assertion Signing: True
Keep the defaults for the rest.
- Test SimpleSAMLphp.
- Go to http://localhost/simplesaml and then to "Authentication" and click on "Test configured authentications sources"
- Pick, "wso2-sp". You are redirected to WSO2 IS SAML2 IdP for login.
Â