How to Configure SimpleSAMLphp for Drupal 8Intuitive.
Simple.
Fast.
Giandonato GrecoBlockedUnblockFollowFollowingJan 15What is SAML ?Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.
As its name implies, SAML is an XML-based markup language for security assertions.
What do you need?• Drupal8 site• simpleSAMLphp Authentication module• Federation Metadata (XML)• SAML Signing Certificate• Composer• MemcachedHow can you install it?To install simpleSAMLphp is very simple, just add the new module to our composer.
json using the command:composer require drupal/simplesamlphp_author by installing it via URL, using the appropriate page ({URL}/admin/modules/install):https://ftp.
drupal.
org/files/projects/simplesamlphp_auth-8.
x-3.
0.
tar.
gzHow do you configure SimpleSAMLphp ?To access the management panel of SimpleSAMLphp, you will need to create the configuration file where you will set the various parameters useful for proper operation.
Create a folder called “saml” in the project directory.
Inside the folder, create a subfolder called “config” where you will copy the files “config.
php” and “authsources.
php”, which you find inside the vendor specifically in:/var/www/vendor/simplesamlphp/simplesamlphp/config-templatesAdd the key to set the path to the configuration folder inside the project “.
env” fileSIMPLESAMLPHP_CONFIG_DIR = /var/www/saml/configREDIRECT_SIMPLESAMLPHP_CONFIG_DIR = /var/www/saml/configChange your virtual host by adding the new access point.
{URL}/simplesaml is the default value within the configurationsAlias /simplesaml /var/www/vendor/simplesamlphp/simplesamlphp/www<Directory /var/www/vendor/simplesamlphp/simplesamlphp/www> Require all granted</Directory>After that, you can access the interface by visiting the URL, “{URL}/simplesaml”.
Img 1.
1How do you configure it ?The first step is to modify the previously copied file “config.
php”.
Modify the “secretsalt” key by entering a random string.
E.
g.
'secretsalt' => 'abdyausuduefwqd311giandog1711wqdvxyqvidyuvwiqaks'Set an administrator password that you will need later to access the panel previously seen, changing the key “auth.
adminpassword”.
(Img 1.
1) E.
g.
'auth.
adminpassword' => 'giandog17'Set up a contact email for technical problems by changing the “technicalcontact_email” key.
E.
g.
'technicalcontact_email' => 'info@giandog17.
com'Set the method of saving the session by changing the key “store.
type”.
You can use memcache, redis or sql.
E.
g.
'store.
type' => 'memcache'To create the metadata configuration file, create a subfolder called “metadata” inside the “saml” folder.
Change the value of the key “metadata.
sources” with:'metadata.
sources' => [ [ 'type' => 'flatfile', 'directory' => '/var/www/saml/metadata' ]]To import certificate, create a subfolder called “cert” inside the “saml” folder.
Change the value of the key “certdir” with:'certdir' => '/var/www/saml/certNext, go back to the address “{URL}/simplesaml” in the “Configuration” tab.
Check that the situation is the same as the following:Img 1.
2How do you configure Metadata ?Turn on the “{URL}/simplesaml” address within the “Federation” tab and click on “XML to SimpleSAMLphp metadata converter”.
Img 1.
3Copy the contents of your metadata file into the “XML Metadata” box or select a file.
Click on “Parse” to generate the php code to complete the configuration.
The result will be the following:Img 1.
4Img 1.
5Copy the files “saml20-sp-remote.
php” and “saml20-idp-remote.
php”, which you find inside the vendor specifically into:/var/www/vendor/simplesamlphp/simplesamlphp/metadata-templatesCopy the contents of the files with the results obtained by the parser.
Accessing the tab “Federation” the situation will be as follow:Img 1.
6Your XML has been imported correctly.
All you have to do is modify the file “authsources.
php” by adding a new authentication source.
‘urn:federation:accenture:stage’ => [ ‘saml:SP’, ‘privatekey’ => ‘server.
pem’, ‘certificate’ => ‘server.
cer’, ‘entityID’ => ‘urn:federation:giandog17:stage’, ‘idp’ => ‘urn:federation:giandog17:stage’, ‘discoURL’ => null, ‘NameIDFormat’ => ‘urn:oasis:names:tc:SAML:2.
0:nameid-format:persistent’, ‘simplesaml.
nameidattribute’ => ‘eduPersonTargetedID’]How do you configure Drupal ?To complete the configuration, access the “Extend” tab and install the “SimpleSAMLphp Authentication” module.
Go to the module configuration page and activate it by clicking on “Activate authentication via SimpleSAMLphp”.
Set as “Authentication source for this SP” the EntityId value displayed during metadata configuration (Img 1.
6).
Save the changes made.
Img 1.
7How do you test it?To test that everything works, go to the login page.
Below you will find the “Federated login” button.
By clicking on the button, you will be redirected to the SAML login page.
Img 1.
8Img 1.
9.. More details