Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • cesnet_simplesamlphp-1.19.8
  • elixir_simplesamlphp-1.19.8
  • simplesamlphp-1.19.8
  • cesnet_simplesamlphp-1.19.5
  • simplesamlphp-2.0
  • feature/assets
  • feature/rac-source-selector
  • cleanup/remove-base64-attributes
  • simplesamlphp-1.19
  • elixir_simplesamlphp-1.19.5
  • aarc_idp_hinting
  • feature/validate-authstate-before-processing
  • feature/build-two-tarballs
  • dependabot/composer/twig/twig-3.4.3
  • tvdijen-patch-1
  • unchanged-acs-url-no-www-script
  • feature/translation-improvements
  • symfony6
  • move_tests
  • v1.19.9
  • v2.1.3
  • v2.0.10
  • v2.1.2
  • v2.0.9
  • v2.1.1
  • v2.0.8
  • v2.1.0
  • v2.0.7
  • v2.1.0-rc1
  • v2.0.6
  • v2.0.5
  • 2.0.4-alpha.1
  • v2.0.4-alpha.1
  • v2.0.4
  • v2.0.3
  • v2.0.2
  • v2.0.1-alpha.1
  • v2.0.1
  • v1.19.8
40 results
Blame Permalink
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
simplesamlphp-advancedfeatures.xml 2.57 KiB 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<article>
  <title>simpleSAMLphp advanced features</title>

  <section>
    <title>Bridging between protocols</title>

    <para>To setup a bridge between two protocols, you need to would need to
    setup an installation with both an IdP and an SP, and then connect them
    together. If you want to setup a bridge that allows a SAML 2.0 SP talk to
    a Shibboleth IdP, you would need to setup a simpleSAMLphp bridge and
    configure a SAML 2.0 IdP and a Shibboleth SP. Next you configure the SAML
    2.0 IdP to use the Shibboleth 1.3 SP for authentication. This is
    configured in the IdP hosted metadata, and is controlled by the auth and
    the authority parameters.</para>

    <example>
      <title>Example of bridge configuration</title>

      <para>A bridge with a configured SAML 2.0 IdP and a Shibboleth 1.3 SP:
      in the saml20-idp-hosted.php metadata you configure the authentication
      to use Shibboleth 1.3 SP like this:</para>

      <programlisting>'auth' =&gt; 'shib13/sp/initSSO.php',
'authority' =&gt; 'shib13'
</programlisting>

      <para>As no specific Shibboleth IdP is specified to the initSSO.php
      script, the discovery service page will be shown. If you want to connect
      the SAML 2.0 IdP to a specific Shibboleth 1.3 IdP, specify the entity id
      as a parameter to the initSSO script.</para>

      <programlisting>'auth' =&gt; 'shib13/sp/initSSO.php?idpentityid=shib13idp.example.org',
'authority' =&gt; 'shib13'
</programlisting>
    </example>
  </section>

  <section>
    <title>Attribute control</title>

    <para></para>

    <section>
      <title>Attribute filtering</title>

      <para></para>
    </section>

    <section>
      <title>Attribute name mapping</title>

      <para></para>
    </section>

    <section>
      <title>Attribute alter functions</title>

      <para></para>

      <example>
        <title>Example of alter script</title>

        <para>This example injects a realm attribute that is generated from
        the eduPersonPrincipalName.</para>

        <programlisting>function attributealter_realm(&amp;$attributes, $spentityid = null, $idpentityid = null) {

	if (array_key_exists('eduPersonPrincipalName', $attributes)) {
		$eduppn = $attributes['eduPersonPrincipalName'][0];
		$splitted = explode('@', $eduppn);
		if (count($splitted) &gt; 1) {
			$attributes['realm'] = array($splitted[1]);
		}
	}

}</programlisting>
      </example>
    </section>
  </section>
</article>