3. Configuration - derricksmith/phpsaml GitHub Wiki

Enter settings on the Plugin Page

General

Plugin Enforced

Force SSO login or allow visitors to login using internal GLPI authentication (useful for testing).

Strict

PHPSAML setting rejects unsigned or unencrypted messages and follows SAML standard strictly

If 'strict' is True, then the PHP Toolkit will reject unsigned or unencrypted messages if it expects them to be signed or encrypted. Also it will reject the messages if the SAML standard is not strictly followed: Destination, NameId, Conditions ... are validated too. Read More

Debug

Logs to the GLPI PHP log

Just In Time (JIT) Provisioning

Just in Time Provisioning adds the authenticated user to GLPI if it does not already exist

Service Provider Configuration

SP Certificate

Your webserver certificate. This field is required if using Strict mode or signing responses.

SP Certificate Key

Your webserver certificate private key. This field is required if using Strict mode or signing responses.

Name ID Format

NameID format required by your IdP. You can change the NameID that is sent from PHPSAML to the IdP or leave as unspecified. Unspecified will work in most cases but some IdPs expect a specific NameID format. Sending an incorrect NameID will result in a SAML Response error.

Identity Provider Configuration

Identity Provider Entity ID

Identity Provider Single Sign On Service URL

Identity Provider Single Logout Service URL

Identity Provider Public X509 Certificate

Security

Requested Authn Context

Requested Authn Comparison

Encrypt NameID

Sign Authn Requests

Sign Logout Requests

Sign Logout Response