Skip to content

Saml2Test testapp with SimpleSAMLphp

Jump to bottom
Timothy Legge edited this page Feb 17, 2023 · 1 revision

Running SimpleSAMLphp

Setup a directory for your config

  1. mkdir ~/simplesamlphp-docker
  2. cd ~/simplesamlphp-docker
  3. mkdir -p ~/simplesamlphp-docker/config

Temporarily run the docker container to access required config

docker run -p 9080:8080 -p 9443:8443 --name simplesaml --rm -d kristophjunge/test-saml-idp

Copy config files from the running container

docker cp simplesaml:/var/www/simplesamlphp/config/authsources.php config/authsources.php
docker cp simplesaml:/var/www/simplesamlphp/metadata/saml20-sp-remote.php config/saml20-sp-remote.php

Convert Saml2Test testapp metadata.xml

  1. Connect to https://netsaml2-testapp.local and download the metadata.xml
  2. Connect to https://localhost:9443/simplesaml/admin/metadata-converter.php
  3. Login with username admin and password secret.
  4. Either copy the metadata content into the field or select the metadata.xml file and click parse
  5. Copy the output to a file until needed

Stop the temporary docker container

docker stop simplesaml

Update config/saml20-sp-remote.php with the converted metadata.xml

  1. vim config/saml20-sp-remote.php
  2. copy the entire converted metadata.xml to the end of the file
  3. add 'sign.logout' => true, after 'saml20.sign.assertion' => true,

Update config/ with the following patch

  1. add the following diff to a file named /tmp/authsources.php.diff
+++ b/config/authsources.php	2023-02-14 21:41:12.523344963 -0400
@@ -12,11 +12,21 @@
             'uid' => array('1'),
             'eduPersonAffiliation' => array('group1'),
             'email' => 'user1@example.com',
+            'FirstName' => 'User',
+            'LastName' => 'Name 1',
+            'Address' => '123 First Street',
+            'PhoneNumber' => '506-867-5309',
+            'EmployeeNumber' => '1001',
         ),
         'user2:user2pass' => array(
             'uid' => array('2'),
             'eduPersonAffiliation' => array('group2'),
             'email' => 'user2@example.com',
+            'FirstName' => 'User',
+            'LastName' => 'Name 2',
+            'Address' => '456 Second Street',
+            'PhoneNumber' => '709-867-5309',
+            'EmployeeNumber' => '1002',
         `),
     `),
  1. patch -p1 < /tmp/authsources.php.diff

Start the docker container using the following docker-compose.yml

  1. docker-compose -f docker-compose.yml up -d
version: '3'

services:

  opensaml:
    image: kristophjunge/test-saml-idp
    restart: always
    ports:
      - "9080:8080"
      - "9443:8443"
    `volumes:
      - ./config/authsources.php:/var/www/simplesamlphp/config/authsources.php:z
      - ./config/saml20-sp-remote.php:/var/www/simplesamlphp/metadata/saml20-sp-remote.php:z

Configure Saml2Test testapp

  1. cd ~/perl-Net-SAML2/xt/testapp
  2. mkdir -p IdPs/simplesamlphp
  3. curl --insecure https://localhost:9443/simplesaml/saml2/idp/metadata.php -o IdPs/simplesamlphp/metadata.xml
  4. curl --insecure https://localhost:9443/simplesaml/module.php/saml/idp/certs.php/idp.crt -o IdPs/simplesamlphp/cacert.pem
  5. Create the following file IdPs/simplesamlphp/mappings.yml
EmailAddress: "email"
FirstName: "FirstName"
LastName: "LastName"
Address: "Address"
PhoneNumber: "PhoneNumber"
EmployeeNumber: "EmployeeNumber"

Test whether you can login and logout of the Saml2Test testapp using simplesamlphp

  1. Access https://netsaml2-testapp.local
  2. Click simplesamlphp
  3. Login to simplesamlphp with username user1 and user1pass or user1 and user2pass
Clone this wiki locally