Open in app

Sign in

Write

Sign in

How to Configure SimpleSAMLphp for Drupal 8

Intuitive. Simple. Fast.

Giandonato Greco
4 min readJan 15, 2019

What is SAML ?

Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. As its name implies, SAML is an XML-based markup language for security assertions.

What do you need?

• Drupal8 site
simpleSAMLphp Authentication module
• Federation Metadata (XML)
• SAML Signing Certificate
Composer
Memcached

How can you install it?

To install simpleSAMLphp is very simple, just add the new module to our composer.json using the command:

composer require drupal/simplesamlphp_auth

or by installing it via URL, using the appropriate page ({URL}/admin/modules/install):

https://ftp.drupal.org/files/projects/simplesamlphp_auth-8.x-3.0.tar.gz

How do you configure SimpleSAMLphp ?

To access the management panel of SimpleSAMLphp, you will need to create the configuration file where you will set the various parameters useful for proper operation.

Create a folder called “saml” in the project directory. Inside the folder, create a subfolder called “config” where you will copy the files “config.php” and “authsources.php”, which you find inside the vendor specifically in:

/var/www/vendor/simplesamlphp/simplesamlphp/config-templates

Add the key to set the path to the configuration folder inside the project “.env” file

SIMPLESAMLPHP_CONFIG_DIR = /var/www/saml/config
REDIRECT_SIMPLESAMLPHP_CONFIG_DIR = /var/www/saml/config

Change your virtual host by adding the new access point.

{URL}/simplesaml is the default value within the configurations

Alias /simplesaml /var/www/vendor/simplesamlphp/simplesamlphp/www<Directory /var/www/vendor/simplesamlphp/simplesamlphp/www>
    Require all granted
</Directory>

After that, you can access the interface by visiting the URL, “{URL}/simplesaml”.

Img 1.1

How do you configure it ?

The first step is to modify the previously copied file “config.php”.

Modify the “secretsalt” key by entering a random string. E.g.

'secretsalt' => 'abdyausuduefwqd311giandog1711wqdvxyqvidyuvwiqaks'

Set an administrator password that you will need later to access the panel previously seen, changing the key “auth.adminpassword”. (Img 1.1) E.g.

'auth.adminpassword' => 'giandog17'

Set up a contact email for technical problems by changing the “technicalcontact_email” key. E.g.

'technicalcontact_email' => 'info@giandog17.com'

Set the method of saving the session by changing the key “store.type”. You can use memcache, redis or sql. E.g.

'store.type' => 'memcache'

To create the metadata configuration file, create a subfolder called “metadata” inside the “saml” folder. Change the value of the key “metadata.sources” with:

'metadata.sources' => [
  [
    'type' => 'flatfile', 
    'directory' => '/var/www/saml/metadata'
  ]
]

To import certificate, create a subfolder called “cert” inside the “saml” folder. Change the value of the key “certdir” with:

'certdir' => '/var/www/saml/cert

Next, go back to the address “{URL}/simplesaml” in the “Configuration” tab. Check that the situation is the same as the following:

Img 1.2

How do you configure Metadata ?

Turn on the “{URL}/simplesaml” address within the “Federation” tab and click on “XML to SimpleSAMLphp metadata converter”.

Img 1.3

Copy the contents of your metadata file into the “XML Metadata” box or select a file. Click on “Parse” to generate the php code to complete the configuration. The result will be the following:

Img 1.4
Img 1.5

Copy the files “saml20-sp-remote.php” and “saml20-idp-remote.php”, which you find inside the vendor specifically into:

/var/www/vendor/simplesamlphp/simplesamlphp/metadata-templates

Copy the contents of the files with the results obtained by the parser.

Accessing the tab “Federation” the situation will be as follow:

Img 1.6

Your XML has been imported correctly. All you have to do is modify the file “authsources.php” by adding a new authentication source.

‘urn:federation:giandog17:stage’ => [
    ‘saml:SP’,
    ‘privatekey’ => ‘server.pem’,
    ‘certificate’ => ‘server.cer’,
    ‘entityID’ => ‘urn:federation:giandog17:stage’,
    ‘idp’ => ‘urn:federation:giandog17:stage’,
    ‘discoURL’ => null,
    ‘NameIDFormat’ => ‘urn:oasis:names:tc:SAML:2.0:nameid-format:persistent’,
    ‘simplesaml.nameidattribute’ => ‘eduPersonTargetedID’
]

How do you configure Drupal ?

To complete the configuration, access the “Extend” tab and install the “SimpleSAMLphp Authentication” module.

Go to the module configuration page and activate it by clicking on “Activate authentication via SimpleSAMLphp”. Set as “Authentication source for this SP” the EntityId value displayed during metadata configuration (Img 1.6). Save the changes made.

Img 1.7

How do you test it?

To test that everything works, go to the login page. Below you will find the “Federated login” button. By clicking on the button, you will be redirected to the SAML login page.

Img 1.8
Img 1.9

Who I am ?

Find me on LinkedIn or on my webSite

PHP
Saml
Drupal
Dev
Backend

--

--

Giandonato Greco

Written by Giandonato Greco

5 Followers

Application Development Senior Analyst https://tinyurl.com/y8ptloj3

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams