Re: simplesamlphp to authenticate multiple applications on same server
270 views
Skip to first unread message
Peter Schober
May 17, 2013, 7:00:53 AM5/17/13
to simple...@googlegroups.com
* J B. <elj...@gmail.com> [2013-05-17 11:02]:
> I need to implement SSO for all my apps using samplesaml against the same
> IdP. My question is, I need an instance of simplesamlphp for each
> applications? Thats mean, one installation of simplesaml for app1, one
> installation of simplesaml for app2.
Each will be a seperate logical SP so having completely seperate
installs (with their own config and credentials) would be the basic
thing to do.
Others may have been able to use a single installation (so there's no
redundant code laying around, to be kept up to date several times) and
just seperate the config and cerdentials.
If vhosting with SSP isn't part of the documentation (I'm not aware it
is) that might make for a good addition. Maybe someone can share
recipies.
-peter
> I need to implement SSO for all my apps using samplesaml against the same
> IdP. My question is, I need an instance of simplesamlphp for each
> applications? Thats mean, one installation of simplesaml for app1, one
> installation of simplesaml for app2.
Each will be a seperate logical SP so having completely seperate
installs (with their own config and credentials) would be the basic
thing to do.
Others may have been able to use a single installation (so there's no
redundant code laying around, to be kept up to date several times) and
just seperate the config and cerdentials.
If vhosting with SSP isn't part of the documentation (I'm not aware it
is) that might make for a good addition. Maybe someone can share
recipies.
-peter
J B.
May 17, 2013, 12:28:51 PM5/17/13
to simple...@googlegroups.com, peter....@univie.ac.at
Thx about the answer Peter.
Waiting for someone who share his/her experiences on separating the config and credentials. It will be a good idea because i need to connect at least 5 existent apps with idp.
Daniel Tsosie
May 17, 2013, 1:26:19 PM5/17/13
to simple...@googlegroups.com, peter....@univie.ac.at
I host several installations in an Enterprise environment and my advice is to have a pre-existing configured sp installation in source control. Assuming you are the only administrator, the only difference between the installations will be setting the log directory and cookie names/domains, otherwise the technical contact email and admin interface passwords.
I suggest this because should things change (it can't be predicted) and you will need to on-board third parties, you will usually not want to be shipping them your idp version of simple saml with sp trimmings on it.
IDP wise, you will have that in a separate area, and the only step for any new sp will be updating idp remote sp metadata.
In either event, run through this and create a step by step check list.
Then do it 4 more times and save the checklist in source or documentation. When all is said and done, your checklist wont take very long to complete and will in any event be easier than the process of setting up .net AD FS related trusts :)
-Dan Tsosie
I suggest this because should things change (it can't be predicted) and you will need to on-board third parties, you will usually not want to be shipping them your idp version of simple saml with sp trimmings on it.
IDP wise, you will have that in a separate area, and the only step for any new sp will be updating idp remote sp metadata.
In either event, run through this and create a step by step check list.
Then do it 4 more times and save the checklist in source or documentation. When all is said and done, your checklist wont take very long to complete and will in any event be easier than the process of setting up .net AD FS related trusts :)
-Dan Tsosie
J B.
May 20, 2013, 4:23:14 AM5/20/13
to simple...@googlegroups.com, peter....@univie.ac.at
Thx a lot Daniel !!
Reply all
Reply to author
Forward
0 new messages