Configuring multiple sub-domains in single SP

569 views
Skip to first unread message

Dineshkumar B

unread,
Feb 10, 2012, 9:43:27 AM2/10/12
to simpleSAMLphp
Hi Olav,

I'm implementing SAML for multiple sub-domains using single SP, I have
several hundereds of sub-domains which needs to be authenticated
through SAML IdP.

Is there a way I can use wildcard entry like *.englishcafe.com so that
I can use single metadat for SP in IdP?

I'm referring this URL:
http://groups.google.com/group/simplesamlphp/browse_thread/thread/893c61605348c7f7/cf47d339758de121?lnk=gst&q=multiple+sub+domains+in+sp#cf47d339758de121

Thanks,
Dinesh.

Dick Visser

unread,
Feb 10, 2012, 6:00:44 PM2/10/12
to simple...@googlegroups.com
The saml20-sp-remote.php configuration file is PHP, so you could
iterate over a list of subdomains like this:

$vhosts = array('urnreg.terena.org', 'putin.terena.org', 'refeds.org');

foreach($vhosts as $vhost) {
$metadata["https://$vhost/simplesaml/module.php/saml/sp/metadata.php/default-sp"]
= array (
'AssertionConsumerService' =>
"https://$vhost/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp",
'SingleLogoutService' =>
"https://$vhost/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp",
'certFingerPrint' =>
'EB:8C:81:AF:4E:AC:86:C0:A5:A7:96:ED:C3:AE:12:47:76:16:E2:A0',
'authproc' => array(
),
);
}


If you can somehow get the list of available subdomains into PHP, then
this would be a simple solution.
So the question is: do you have access to such a list from PHP?

Dick

> --
> You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.
> To post to this group, send email to simple...@googlegroups.com.
> To unsubscribe from this group, send email to simplesamlph...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/simplesamlphp?hl=en.
>

--
Dick Visser
System & Networking Engineer
TERENA Secretariat
Singel 468 D, 1017 AW Amsterdam
The Netherlands

Fil Baumanis

unread,
Apr 24, 2014, 5:03:46 PM4/24/14
to simple...@googlegroups.com
Bringing this very old thread to life -- I have a service that wants to run on multiple domains, and have been trying this in saml20-sp-remote.php:

$metadata['https://'.$_SERVER["SERVER_NAME"].'/simplesaml/module.php/saml/sp/metadata.php/default-sp'] = array(

'AssertionConsumerService' => 'https://'.$_SERVER["SERVER_NAME"].'/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',

'SingleLogoutService'      => 'https://'.$_SERVER["SERVER_NAME"].'/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp',

);


Anyone here have some thoughts on why this would not work? -- granted I'm v green to this, so I'm probably missing something elsewhere, 

Thanks..

F
Reply all
Reply to author
Forward
0 new messages