在同一个框中配置SimpleSamlPHP IdP和SP

时间:2017-05-22 07:25:21

标签: saml saml-2.0 simplesamlphp

只是想知道是否可以在同一台机器上配置simplesamlphp IdP和SP。如果是这样,如果有相同的

的配置步骤,那将是很好的

以上是原帖。经过几个小时的工作,下面是simplesamlphp的工作配置,SP和IdP在同一台机器上(在不同的文件夹下):

  • SP配置
    • IP地址:10.209.122.151
    • 文件夹:/ var / simplesamlphp(通过Alias / var / simplesaml访问)
    • 配置:

config/config.php: 

'baseurlpath' => 'simplesaml/',
'certdir' => '/etc/ssl/certs',
'loggingdir' => 'log/',
'datadir' => 'data/',
'auth.adminpassword' => 'somepass',
'secretsalt' => 'somesalt',`
'enable.saml20-sp' => true,

config/authsources.php: 

'admin' => array (
    'core:AdminPassword',
),

'default-sp' => array (
    'saml:SP',
    'entityID' => null,
    'idp' => null,
    'discoURL' => null,

metadata/saml20-sp-hosted.php: 

<?php 

$metadata['https://10.209.122.151/simplesaml'] = array(
    'saml:SP',
    'host' => '10.209.122.151',
    'privatekey' => 'simplesamlphp.pem',
    'certificate' => 'simplesamlphp.crt',
)

?>

metadata/saml20-idp-remote.php: 

<?php    $metadata['https://10.209.122.151/simplesamlidp/saml2/idp/metadata.php'] = array(
    'name' => array(
            'en' => 'Remote IdP',
            'no' => 'Suchindra Chandrahas',
    ),
    'description'          => 'SP and IdP in the same machine',

    'SingleSignOnService'  => 'https://10.209.122.151/simplesamlidp/saml2/idp/SSOService.php',
    'SingleLogoutService'  => 'https://10.209.122.151/simplesamlidp/saml2/idp/SingleLogoutService.php',
    'certificate' => 'simplesamlphp.crt'
);
?>
  • IDP配置:
    • IP地址:10.209.122.151
    • 文件夹:/ var / simplesamlphpidp(通过Alias / var / simplesamlidp访问)

config/config.php: 

'baseurlpath' => 'simplesamlidp/',
'certdir' => '/etc/ssl/certs',
'loggingdir' => 'log/',
'datadir' => 'data/',
'auth.adminpassword' => 'somepass',
'secretsalt' => 'somesalt',
'enable.saml20-idp' => true,

config/authsources.php: 

'example-userpass' => array(
    'exampleauth:UserPass',
    'student:studentpass' => array(
        'uid' => array('student'),
        'eduPersonAffiliation' => array('member', 'student'),
    ),
    'employee:employeepass' => array(
        'uid' => array('employee'),
        'eduPersonAffiliation' => array('member', 'employee'),
    ),
),

metadata/saml20-idp-hosted.php:      

$metadata['__DYNAMIC:1__'] = array(
    'host' => '__DEFAULT__',
    'privatekey' => 'simplesamlphp.pem',
    'certificate' => 'simplesamlphp.crt',
    'auth' => 'example-userpass',
);
?>

metadata/saml20-sp-remote.php: 

<?php

 $metadata['https://10.209.122.151/simplesaml/module.php/saml/sp/metadata.php/default-sp'] = array(
    'AssertionConsumerService'  => 'https://10.209.122.151/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp',
    'SingleLogoutService' => 'https://10.209.122.151/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp',
);

以上配置以及下面补丁中提到的更改对我有用:

https://github.com/simplesamlphp/simplesamlphp/files/278540/SSP-typing.patch.txt

我没有看到未处理的例外情况&#39;和其他消息

1 个答案:

答案 0 :(得分:0)

使用工作配置更新了初始帖子

相关问题
最新问题