Basic SAML 2.0 integration with AD FS in Moodle
1,336 views
Skip to first unread message
Bob
Jan 18, 2011, 4:21:43 PM1/18/11
to simpleSAMLphp
Hello,
I'm very new to simplesamlphp and SAML/ADFS in general and after
reading a lot of docs I still cannot get something to work.
I was able to make my moodle work together with the sample
openidp.feide.no server from the examples.
However, I need to make it work with the real identify provider, and
that one appears to be an AD FS 2.0.
There is a working configuration on that IDP for other applications,
but I don't succeed in making it work with simplesaml.
I set up the following in metadata/saml20-idp-remote.php:
'SingleSignOnService' => 'https://myserver/adfs/ls/
idpinitiatedsignon.aspx?logintorp=https://mymoodle'
To make it easy to begin with I didnt use any SSL certificates, so no
CertFingerprint or anything else is present in the config.
I have the feeling that it calls that url correctly and maybe does the
authentication.
BUT, I don't know what to configure as url in the AD FS configuration,
(endpoint). When I set the moodle page itself I just get a redirect
to the moodle without being logged in.
And if I provide the path with /simplesaml it won't work.
So I'm not sure what to set up as endpoint in AD FS.
I alse see that there is a module ADFS, but do I need this if I only
want a simple SAML 2.0 single sign on ?
Any pointers, examples or documentation that could help me to make
this work ?
Thanks in advance !
Nick
I'm very new to simplesamlphp and SAML/ADFS in general and after
reading a lot of docs I still cannot get something to work.
I was able to make my moodle work together with the sample
openidp.feide.no server from the examples.
However, I need to make it work with the real identify provider, and
that one appears to be an AD FS 2.0.
There is a working configuration on that IDP for other applications,
but I don't succeed in making it work with simplesaml.
I set up the following in metadata/saml20-idp-remote.php:
'SingleSignOnService' => 'https://myserver/adfs/ls/
idpinitiatedsignon.aspx?logintorp=https://mymoodle'
To make it easy to begin with I didnt use any SSL certificates, so no
CertFingerprint or anything else is present in the config.
I have the feeling that it calls that url correctly and maybe does the
authentication.
BUT, I don't know what to configure as url in the AD FS configuration,
(endpoint). When I set the moodle page itself I just get a redirect
to the moodle without being logged in.
And if I provide the path with /simplesaml it won't work.
So I'm not sure what to set up as endpoint in AD FS.
I alse see that there is a module ADFS, but do I need this if I only
want a simple SAML 2.0 single sign on ?
Any pointers, examples or documentation that could help me to make
this work ?
Thanks in advance !
Nick
Tom Scavo
Jan 18, 2011, 6:04:35 PM1/18/11
to simple...@googlegroups.com
On Tue, Jan 18, 2011 at 3:21 PM, Bob <ni...@intralink.be> wrote:
>
> Any pointers, examples or documentation that could help me to make
> this work ?
>
> Any pointers, examples or documentation that could help me to make
> this work ?
This may help you:
https://spaces.internet2.edu/display/SHIB2/MicrosoftInterop
In particular, there's an attachment to this page with some very
specific instructions (for Shibboleth, but they may apply in your
case, I don't know).
Tom
Reply all
Reply to author
Forward
0 new messages