diff --git a/extra/simplesamlphp.spec b/extra/simplesamlphp.spec
new file mode 100644
index 0000000000000000000000000000000000000000..2ffbcafc80b99dd80c46d262ea969776d33b60e8
--- /dev/null
+++ b/extra/simplesamlphp.spec
@@ -0,0 +1,96 @@
+%define name      simplesamlphp
+%define summary   SAML IDP/SP written in PHP
+%define version   1.13.2
+%define release   11
+%define license   LGPL 2.1
+%define group     Networking/WWW
+%define source    %{name}-%version.tar.gz
+%define url       https://simplesamlphp.org
+%define vendor    UNINETT AS
+%define buildroot %{_tmppath}/%{name}-root
+%define _prefix   /var/lib/
+
+Name:      %{name}
+Summary:   %{summary}
+Version:   %{version}
+Release:   %{release}
+License:   %{license}
+Group:     %{group}
+Source0:   %{source}
+BuildArch: noarch
+Requires:  httpd, mod_ssl, mod_php, php-ldap, php-mcrypt, php-xml
+Requires(pre): shadow-utils
+Provides:  %{name}
+URL:       %{url}
+Buildroot: %{buildroot}
+
+%description
+SimpleSAMLphp is an award-winning application written in native PHP that deals with authentication. The project is led by UNINETT, has a large user base, a helpful user community and a large set of external contributors. The main focus of SimpleSAMLphp is providing support for:
+
+    SAML 2.0 as a Service Provider (SP)
+    SAML 2.0 as an Identity Provider (IdP)
+
+For further information, see the documentation at https://simplesamlphp.org/docs/.
+
+%prep
+
+%setup
+
+%build
+
+%install
+mkdir -p %{buildroot}%{_prefix}simplesamlphp/log
+mkdir -p %{buildroot}%{_prefix}simplesamlphp/data
+mkdir -p %{buildroot}%{_prefix}simplesamlphp/cert
+install -d %{buildroot}%{_prefix}
+
+tar cf - . | (cd %{buildroot}%{_prefix}simplesamlphp; tar xfp -)
+
+%pre
+   semanage fcontext -a -t httpd_sys_content_t '/var/lib/simplesamlphp(/.*)?'
+   semanage fcontext -a -t httpd_sys_rw_content_t '/var/lib/simplesamlphp/data(/.*)?'
+   semanage fcontext -a -t httpd_sys_rw_content_t '/var/lib/simplesamlphp/log(/.*)?'
+
+%post
+   restorecon -R /var/lib/simplesamlphp
+
+
+%postun
+# keep the labels, as uninstall + restorecon
+# may result in admin revealing sensitive data by mistake.
+#    semanage fcontext -d -t httpd_sys_content_t '/var/lib/simplesamlphp(/.*)?'
+#    semanage fcontext -d -t httpd_sys_rw_content_t '/var/lib/simplesamlphp/data(/.*)?'
+#    semanage fcontext -d -t httpd_sys_rw_content_t '/var/lib/simplesamlphp/log(/.*)?'
+
+%preun
+
+
+%files
+%defattr(-,root,root)
+/var/lib/simplesamlphp/
+%dir %attr(0750, root,apache) /var/lib/simplesamlphp/config
+%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/config/config.php
+%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/config/config-login-feide.php
+%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/config/authmemcookie.php
+%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/config/translation.php
+%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/config/authsources.php
+%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/config/acl.php
+%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/config/ldapmulti.php
+%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/config/cas-ldap.php
+%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/config/config-login-auto.php
+%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/config/ldap.php
+%dir %attr(0750, root,apache) /var/lib/simplesamlphp/metadata
+%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/metadata/shib13-sp-hosted.php
+%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/metadata/shib13-sp-remote.php
+%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/metadata/shib13-idp-remote.php
+%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/metadata/saml20-sp-remote.php
+%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/metadata/saml20-idp-hosted.php
+%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/metadata/adfs-idp-hosted.php
+%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/metadata/adfs-sp-remote.php
+%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/metadata/wsfed-idp-remote.php
+%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/metadata/shib13-idp-hosted.php
+%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/metadata/saml20-idp-remote.php
+%config(noreplace) %attr(0640, root,apache) /var/lib/simplesamlphp/metadata/wsfed-sp-hosted.php
+%dir %attr(0770, root, apache) /var/lib/simplesamlphp/log
+%dir %attr(0770, root, apache) /var/lib/simplesamlphp/data
+%dir %attr(0750, root, apache) /var/lib/simplesamlphp/cert