This is a fork of jnyryan/vagrant-simplesamlphp. The main purpose of this fork is to deploy SSP using an up-to-date LAMP stack + make it easier to deploy my existing SSP repos.
simpleSAMLphp installed on a vagrant virtual machine.
.. with the added bonus of also installing it on a Docker lightweight container... just for kicks
.. and i added some details on connecting it to ADFS as an IdP
I probably did too much in a single repository but i got a bit carried away.
##Introduction
This repo details 3 usages of SimpleSAMLphp
- This is a an out-of-the-box setup for simpleSAMLphp.
Once the Vagrant virtual machine is booted up all the software is installed by the provisioning script.
You can read the provision script to see all the installation.
-
The above, installed on a Docker Container
-
The above with configs altered to use ADFS as an Identity Provider
From the host machine the following ports are forwarded to the Vagrant VM.
- 50080
- 50443
- 58080
- 58443
To get to either the HTTP or HTTPS setup hit the following endpoints:
Vagrant Hosted:
Vagrant Hosted in a Docker Container :
These both require you to ssh to the vm and run the steps below
To access simpleSAMLphp from the browser:
username: admin
password: password
This setup uses VirtualBox and VagrantUp to instanciate the virtual machines
- Install VirtualBox
- Install VagrantUp
The following commands will download the Ubuntu Images and provision the virtual machine. All software will be installed and once completed SimpleSAMLphp will be ready to use.
git clone https://github.com/jnyryan/vagrant-simplesamlphp.git
cd vagrant-simplesamlphp
vagrant up
vagrant ssh
Docker is a lightweight container that I use to host simpleSAMLphp running under apache as an experiment. All the work down below is already done in the Vagrant setup, the details are included if you would like to further develop it.
- Install Docker
sudo apt-get install -y docker.io
sudo ln -sf /usr/bin/docker.io /usr/local/bin/docker
sudo sed -i '$acomplete -F _docker docker' /etc/bash_completion.d/docker.io
Rather than build it yourself, the full container is available on DockerHub
sudo docker pull jnyryan/simplesamlphp
sudo docker run -d -p 58080:80 -p 58443:443 jnyryan/simplesamlphp
To use your own configs stored on the host in /var/simplesamlphp
sudo docker run -d -p 58080:80 -p 58443:443 \
-v /var/simplesamlphp/config/:/var/simplesamlphp/config/ -v /var/simplesamlphp/metadata/:/var/simplesamlphp/metadata/ -v /var/simplesamlphp/cert/:/var/simplesamlphp/cert/ \
jnyryan/simplesamlphp
To access simpleSAMLphp from the host server:
http://localhost:50081/simplesaml/
username: admin
password: password
Build the package locally and push it to dockerhub
sudo docker login
sudo docker pull jnyryan/simplesamlphp
sudo docker build -t jnyryan/simplesamlphp /vagrant/.
sudo docker push jnyryan/simplesamlphp
This will clean up any old images built
sudo bash
docker stop $(docker ps -a -q)
docker rm $(docker ps -a -q)
docker rmi $(docker images -a -q)
exit
##ADFS Server Installation
These instructions provide a good ADFS set-up
installing-and-configuring-adfs-2-0
using-active-directory-federation-services-to-authenticate-authorize-node-js-apps-in-windows-azure
To play around with ADFS as a IdP i used the instructions below from here
SimpleSAML is installed on www.mysite.com
ADFS2 is installed on www.myadfs.com.
-
Open a browser and go to URL http://www.myadfs.com/Federationmetadata/2007-06/FederationMetadata.xml
-
Save as FederationMetadata.xml.
-
Open a browser and go to https://www.mysite.com/simplesaml/
-
Select Federation tab
-
Click on Convert XML Metadata to simpleSAML.php
-
Paste the content of the previous file (FederationMetadata.xml)
-
Click on Analyse
-
On saml20-idp-remote section, select all text and copy it
-
Edit the file <document_root>/simplesamlphp/metadata/saml20-idp-
-
remote.php (save a copy like saml20-idp-remote.bak)
-
Delete all text between (keep ""
-
Paste the previous selected text between ""
-
Under ‘entityid’ line, add following line: ‘sign.logout’ => TRUE,
-
Save saml20-idp-remote.php
Edit the file <document_root>/simplesamlphp/config/authsources.php in the $config array adds an entry like
'myauth' => array(
'saml:SP',
'idp' => 'http://www.myadfs.com/adfs/services/trust',
'privatekey' => '001-mysite.key',
'certificate' => '001-mysite.crt',
),
- On ADFS server, open the ADFS 2.0 consol
- Go to Approbation relationship, and Relaying party approbation.
- Click on Add approbation
- Click on Start
- Enter the following address: https://www.mysite.com/simplesaml/module.php/saml/sp/metadata.php/myauth
- Click on OK.
- Enter the application name.
- Click on Next.
- Click on Authorize user access to this relying party.
- Click on Next.
- Click on Next.
- Click on Close.
- Adds and configures all the rules you need.
- Click on OK.
- The new relaying party is added.
- Double click on it.
- On advanced tab, select algorithm hash to SHA-1.
- Click on OK.
simpleSAMLphp Installation and Configuration
How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu