Difference between revisions of "Simple SAML PHP"
(→Attributes) |
|||
Line 13: | Line 13: | ||
999 => 'core:AttributeLimit', | 999 => 'core:AttributeLimit', | ||
+ | |||
+ | === NIEF / GFIPM Attributes === | ||
+ | It is necessary to map existing attributes into NIEF/GFIPM attributes. While this can be done within the main config, it most naturally should be done | ||
+ | within the '''metadata/saml20-idp-hosted.php''' file. | ||
== SAML Metadata / Importing New Entities == | == SAML Metadata / Importing New Entities == |
Revision as of 17:58, 10 September 2015
Contents
About
This page enumerates some configuration methodologies for Simple SAML PHP when trying to configure for use as a GFIPM/NIEF Identity Provider.
Attributes
Attribute Filers
Simple SAML PHP supports filtering attributes sent to Relying Parties based on the attributes they have requested via Trust Fabric / SAML2 Metadata. This is a great feature, but by default this filtering can happen before the attributes have been derived from local attributes. To alter this behavior you need to change the filter priority. Do this by editing config/config.php updating this line within the 'authproc.idp' array:
50 => 'core:AttributeLimit',
to have a much lower priority (higher number):
999 => 'core:AttributeLimit',
NIEF / GFIPM Attributes
It is necessary to map existing attributes into NIEF/GFIPM attributes. While this can be done within the main config, it most naturally should be done within the metadata/saml20-idp-hosted.php file.
SAML Metadata / Importing New Entities
TBD - Using metarefresh
Persistent Name Identifiers
Unsolicited SSO (aka IDP Initiated SSO)
TBD - Link to simple saml docs about doing IDP Initiated SSO