Installation & Configuration - achaux/simplesaml GitHub Wiki

Installation

I followed along the instructions provided on the simpleSAMLphp website. Here is a synopsis:

Download the latest version of the code from the simpleSAMLphp download page https://simplesamlphp.org/download

Unpack the tarball in the /var directory (you may need to sudo these commands depending on which user you are using at the terminal prompt):

cd /var

wget https://simplesamlphp.org/res/downloads/simplesamlphp-1.13.2.tar.gz

tar -xzf simplesamlphp-1.13.2.tar.gz

Rename the directory simplesamlphp-1.13.2 to simplesamlphp

mv simplesamlphp-1.13.2 simplesamlphp

At a minimum, you will have to set up a password for the simpleSAMLphp admin account. Edit the /var/simplesamlphp/config/config.php file and change the following values

...
'auth.adminpassword' => 'yourpassword',
...
'secretsalt' => 'enterarandomsaltshash',

The /var/simplesamlphp/www directory must be accessible by the web server. If you run the Apache web server with the apache user, change the owner and group to apache:

chown -R apache:apache /var/simplesamlphp/www

Apache Configuration

Next, configure Apache to recognize simpleSAMLphp. I run multiple sites on my local machine, and I use Zend Server Ce, so I will simply create a new VirtualHost configuration file in /usr/local/zend/apache2/conf.d/simplesamlphp.80.conf. You can add the configuration file to wherever your conf.d directory exists:

#### SimpleSAML sandbox ####
<VirtualHost *:80>
ServerName sp.local
    DocumentRoot /var/www/simplesaml
    LogFormat combined
    ErrorLog /var/www/log/simplesaml_error.log
    TransferLog /var/www/log/simplesaml_access.log
    <Directory "/var/www/simplesaml">
        Options All
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    
    # Optional: redirect all requests to https:
    Redirect "/" "https://sp.local/"
    
</VirtualHost>

Optionally, I also create a VirtualHost configuration file for https in /usr/local/zend/apache2/conf.d/simplesamlphp.443.conf. In order to set up HTTPS on a localhost, you need to generate a self-signed certificate and point to the certificate in the VirtualHost configuration:

#### SimpleSAML sandbox ####
<VirtualHost *:443>
ServerName sp.local
    DocumentRoot /var/www/simplesaml
    LogFormat combined
    ErrorLog /var/www/log/simplesaml_error.log
    TransferLog /var/www/log/simplesaml_access.log
    SSLEngine on
    SSLCertificateFile /usr/local/zend/apache2/conf/ssl.crt/d6.local.crt
    SSLCertificateKeyFile /usr/local/zend/apache2/conf/ssl.key/d6.local.key
    <Directory "/var/www/simplesaml">
        Options All
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

Make sure to add sp.local to the /etc/hosts file (and idp.local if you are going to set up a local IdP):

...
127.0.0.1	localhost
127.0.0.1	sp.local
127.0.0.1	idp.local
...

Create the document root directory /var/www/simplesaml

mkdir /var/www/simplesaml

Create the symbolic link to the /var/simplesamlphp/www directory

ln -s /var/simplesamlphp/www /var/www/simplesaml/simplesaml

Then create a simple index file to make sure you web server is working properly

echo "<?php echo 'SimpleSAML example'; ?>" > /var/www/simplesaml/index.php

Restart your web server, and you should see your basic simpleSAML page. Before proceeding any further, you should take the time to review your simpleSAMLphp config.php file as described on the simpleSAMLphp.org website. There are some default settings that should be changed right away.

simpleSAMLphp Configuration

Now that the Apache server is working, I am going to set up both a service provider (SP), which will display protected content if the user has successfully authenticated, and an identity provider (IdP), which will authenticate the user and redirect her back to the protected site.

Service provider setup

Identity provider setup

Add a custom footer
⚠️ **GitHub.com Fallback** ⚠️