Page History
...
But if PHP code can still be run in such environments SimpleSAMLphp might be a viable alternative. (Whether running security software in such environments – e.g. cheap PHP mass-hosting or public PaaS – is a good idea is another question.)
Getting started
Install and configure SimpleSAMLphp as per the documentation. Also make a plan right now how you will be keeping the software current and up-to-date, esp. if you don't install from vendor- or OS distribution-supported packages. In almost all cases this will involve use of an alternative location of SimpleSAMLphp's configuration files (see section "Location of configuration files" in the install documentation) by making use of the SIMPLESAMLPHP_CONFIG_DIR environment variable (as documented in sections 4.1 and throughout section 5 in . (This is also being demonstrated in section "Configuring Apache" of the installation documentation.).
| Note |
|---|
This documentation is a work in progress. Use the community mailing list or contact us for any questions wrt use of this SAML implementation. |
Metadata
Use the metarefresh module and its documentation to configure automated loading and verification of the eduID.at Metadata.
...
By default there's no easy way to process persistent SAML NameIDs the same way as SAML attributes. Using an authproc filter like the one below fixes this:
...
You could then add the created persistent-id internal attribute to a list of attributes to check for a usable identifier within a SmartID authproc filter, recreating something like the Shibboleth Service Providers's REMOTE_USER precedence list. Also note that a similar approach to the filter above could be used to support other NameID formats, e.g. emailAddress. Use of these formats is not recommended, though, so this is illustrated elsewhere.
Overview
Content Tools
Tasks