Installation & Configuration - achaux/simplesaml GitHub Wiki
I followed along the instructions provided on the simpleSAMLphp website. Here is a synopsis:
Download the latest version of the code from the simpleSAMLphp download page https://simplesamlphp.org/download
Unpack the tarball in the /var directory (you may need to sudo these commands depending on which user you are using at the terminal prompt):
cd /var
wget https://simplesamlphp.org/res/downloads/simplesamlphp-1.13.2.tar.gz
tar -xzf simplesamlphp-1.13.2.tar.gz
Rename the directory simplesamlphp-1.13.2 to simplesamlphp
mv simplesamlphp-1.13.2 simplesamlphp
At a minimum, you will have to set up a password for the simpleSAMLphp admin account. Edit the /var/simplesamlphp/config/config.php file and change the following values
...
'auth.adminpassword' => 'yourpassword',
...
'secretsalt' => 'enterarandomsaltshash',
The /var/simplesamlphp/www directory must be accessible by the web server. If you run the Apache web server with the apache user, change the owner and group to apache:
chown -R apache:apache /var/simplesamlphp/www
Next, configure Apache to recognize simpleSAMLphp. I run multiple sites on my local machine, and I use Zend Server Ce, so I will simply create a new VirtualHost configuration file in /usr/local/zend/apache2/conf.d/simplesamlphp.80.conf. You can add the configuration file to wherever your conf.d directory exists:
#### SimpleSAML sandbox ####
<VirtualHost *:80>
ServerName sp.local
DocumentRoot /var/www/simplesaml
LogFormat combined
ErrorLog /var/www/log/simplesaml_error.log
TransferLog /var/www/log/simplesaml_access.log
<Directory "/var/www/simplesaml">
Options All
AllowOverride All
Order allow,deny
Allow from all
</Directory>
# Optional: redirect all requests to https:
Redirect "/" "https://sp.local/"
</VirtualHost>
Optionally, I also create a VirtualHost configuration file for https in /usr/local/zend/apache2/conf.d/simplesamlphp.443.conf. In order to set up HTTPS on a localhost, you need to generate a self-signed certificate and point to the certificate in the VirtualHost configuration:
#### SimpleSAML sandbox ####
<VirtualHost *:443>
ServerName sp.local
DocumentRoot /var/www/simplesaml
LogFormat combined
ErrorLog /var/www/log/simplesaml_error.log
TransferLog /var/www/log/simplesaml_access.log
SSLEngine on
SSLCertificateFile /usr/local/zend/apache2/conf/ssl.crt/d6.local.crt
SSLCertificateKeyFile /usr/local/zend/apache2/conf/ssl.key/d6.local.key
<Directory "/var/www/simplesaml">
Options All
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Make sure to add sp.local to the /etc/hosts file (and idp.local if you are going to set up a local IdP):
...
127.0.0.1 localhost
127.0.0.1 sp.local
127.0.0.1 idp.local
...
Create the document root directory /var/www/simplesaml
mkdir /var/www/simplesaml
Create the symbolic link to the /var/simplesamlphp/www directory
ln -s /var/simplesamlphp/www /var/www/simplesaml/simplesaml
Then create a simple index file to make sure you web server is working properly
echo "<?php echo 'SimpleSAML example'; ?>" > /var/www/simplesaml/index.php
Restart your web server, and you should see your basic simpleSAML page. Before proceeding any further, you should take the time to review your simpleSAMLphp config.php file as described on the simpleSAMLphp.org website. There are some default settings that should be changed right away.
Now that the Apache server is working, I am going to set up both a service provider (SP), which will display protected content if the user has successfully authenticated, and an identity provider (IdP), which will authenticate the user and redirect her back to the protected site.