Simple SAML PHP

From GFIPM Implementation Wiki
Revision as of 17:58, 10 September 2015 by Jeff.Krug (Talk | contribs)

Jump to: navigation, search

About

This page enumerates some configuration methodologies for Simple SAML PHP when trying to configure for use as a GFIPM/NIEF Identity Provider.

Attributes

Attribute Filers

Simple SAML PHP supports filtering attributes sent to Relying Parties based on the attributes they have requested via Trust Fabric / SAML2 Metadata. This is a great feature, but by default this filtering can happen before the attributes have been derived from local attributes. To alter this behavior you need to change the filter priority. Do this by editing config/config.php updating this line within the 'authproc.idp' array: 

       50 => 'core:AttributeLimit',

to have a much lower priority (higher number): 

       999 => 'core:AttributeLimit',

NIEF / GFIPM Attributes

It is necessary to map existing attributes into NIEF/GFIPM attributes. While this can be done within the main config, it most naturally should be done within the metadata/saml20-idp-hosted.php file.

SAML Metadata / Importing New Entities

TBD - Using metarefresh

Persistent Name Identifiers

Unsolicited SSO (aka IDP Initiated SSO)

TBD - Link to simple saml docs about doing IDP Initiated SSO

Retrieved from "https://impl.gfipm.net/mwiki/index.php?title=Simple_SAML_PHP&oldid=1196"