How to configure multiple SP for a single IdP
908 views
Skip to first unread message
Martyn Bissett
Sep 29, 2014, 5:28:06 AM9/29/14
to simple...@googlegroups.com
I've been following along this tutorial:
http://www.worldgoneweb.com/2013/installing-simplesamlphp-and-use-it-as-sp-and-idp-for-development-env-only/
.... it has really helped to setup authentication between SP and IdP. However, when configuring the metadata/saml20-remote-sp.php file it tells me to copy and paste the contents of a box (SP: Federation > Show metadata > simpleSAMLphp flat file format box) to that file. I've done this, and it works great for a single SP - I just don't really know how to add another SP. I checked the documentation but it only shows minimum set required, and no mention/example of multiple SPs.
Below is my IdP's metadata/saml20-remote-sp.php with a single SP:
$metadata['http://local-ssoidp'] = array (
'SingleLogoutService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'http://local-mwqasys/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp',
),
),
'AssertionConsumerService' =>
array (
0 =>
array (
'index' => 0,
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'http://local-mwqasys/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
),
1 =>
array (
'index' => 1,
'Binding' => 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post',
'Location' => 'http://local-mwqasys/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp',
),
2 =>
array (
'index' => 2,
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
'Location' => 'http://local-mwqasys/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
),
3 =>
array (
'index' => 3,
'Binding' => 'urn:oasis:names:tc:SAML:1.0:profiles:artifact-01',
'Location' => 'http://local-mwqasys/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp/artifact',
),
),
);
How can I add additional SPs to this? I considered merging the arrays together (arrays given from each SP's show metadata page) but want to gain a little better understanding other than guesswork. Can anyone please advise on how this is done. Thanks.
http://www.worldgoneweb.com/2013/installing-simplesamlphp-and-use-it-as-sp-and-idp-for-development-env-only/
.... it has really helped to setup authentication between SP and IdP. However, when configuring the metadata/saml20-remote-sp.php file it tells me to copy and paste the contents of a box (SP: Federation > Show metadata > simpleSAMLphp flat file format box) to that file. I've done this, and it works great for a single SP - I just don't really know how to add another SP. I checked the documentation but it only shows minimum set required, and no mention/example of multiple SPs.
Below is my IdP's metadata/saml20-remote-sp.php with a single SP:
$metadata['http://local-ssoidp'] = array (
'SingleLogoutService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'http://local-mwqasys/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp',
),
),
'AssertionConsumerService' =>
array (
0 =>
array (
'index' => 0,
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'http://local-mwqasys/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
),
1 =>
array (
'index' => 1,
'Binding' => 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post',
'Location' => 'http://local-mwqasys/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp',
),
2 =>
array (
'index' => 2,
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
'Location' => 'http://local-mwqasys/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
),
3 =>
array (
'index' => 3,
'Binding' => 'urn:oasis:names:tc:SAML:1.0:profiles:artifact-01',
'Location' => 'http://local-mwqasys/simplesaml/module.php/saml/sp/saml1-acs.php/default-sp/artifact',
),
),
);
How can I add additional SPs to this? I considered merging the arrays together (arrays given from each SP's show metadata page) but want to gain a little better understanding other than guesswork. Can anyone please advise on how this is done. Thanks.
Peter Schober
Sep 29, 2014, 6:09:30 AM9/29/14
to simple...@googlegroups.com
* Martyn Bissett <marty...@gmail.com> [2014-09-29 11:28]:
any other fancy business.
The default metadata files should contain commented out examples for
that.
-peter
> I just don't really know how to add another SP.
You'd add as many $metadata[$entityID] arrays as needed. No merging or
any other fancy business.
The default metadata files should contain commented out examples for
that.
-peter
Jaime Pérez Crespo
Sep 29, 2014, 6:13:39 AM9/29/14
to simple...@googlegroups.com
Hi Martyn,
On 29 Sep 2014, at 11:28 am, Martyn Bissett <marty...@gmail.com> wrote:
> I've been following along this tutorial:
>
> http://www.worldgoneweb.com/2013/installing-simplesamlphp-and-use-it-as-sp-and-idp-for-development-env-only/
Take a look at the official documentation:
https://simplesamlphp.org/docs/stable/simplesamlphp-idp
> .... it has really helped to setup authentication between SP and IdP. However, when configuring the metadata/saml20-remote-sp.php file it tells me to copy and paste the contents of a box (SP: Federation > Show metadata > simpleSAMLphp flat file format box) to that file. I've done this, and it works great for a single SP - I just don't really know how to add another SP. I checked the documentation but it only shows minimum set required, and no mention/example of multiple SPs.
If you follow the documentation, you will reach this:
https://simplesamlphp.org/docs/stable/simplesamlphp-reference-sp-remote
I’ll quote here for your convenience the very first paragraph of that page, which contains an example for what you are asking:
—8<—
This is a reference for metadata options available for metadata/saml20-sp-remote.php and metadata/shib13-sp-remote.php. Both files have the following format:
<?php
/* The index of the array is the entity ID of this SP. */
$metadata['entity-id-1'] = array(
/* Configuration options for the first SP. */
);
$metadata['entity-id-2'] = array(
/* Configuration options for the second SP. */
);
/* ... */
—>8—
Also consider that all configurations are PHP files. Therefore, you can do whatever you want with the configuration if you write your own code in there.
--
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
On 29 Sep 2014, at 11:28 am, Martyn Bissett <marty...@gmail.com> wrote:
> I've been following along this tutorial:
>
> http://www.worldgoneweb.com/2013/installing-simplesamlphp-and-use-it-as-sp-and-idp-for-development-env-only/
https://simplesamlphp.org/docs/stable/simplesamlphp-idp
> .... it has really helped to setup authentication between SP and IdP. However, when configuring the metadata/saml20-remote-sp.php file it tells me to copy and paste the contents of a box (SP: Federation > Show metadata > simpleSAMLphp flat file format box) to that file. I've done this, and it works great for a single SP - I just don't really know how to add another SP. I checked the documentation but it only shows minimum set required, and no mention/example of multiple SPs.
https://simplesamlphp.org/docs/stable/simplesamlphp-reference-sp-remote
I’ll quote here for your convenience the very first paragraph of that page, which contains an example for what you are asking:
—8<—
This is a reference for metadata options available for metadata/saml20-sp-remote.php and metadata/shib13-sp-remote.php. Both files have the following format:
<?php
/* The index of the array is the entity ID of this SP. */
$metadata['entity-id-1'] = array(
/* Configuration options for the first SP. */
);
$metadata['entity-id-2'] = array(
/* Configuration options for the second SP. */
);
/* ... */
—>8—
Also consider that all configurations are PHP files. Therefore, you can do whatever you want with the configuration if you write your own code in there.
--
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
Reply all
Reply to author
Forward
0 new messages