simpleSAMLphp has an abstraction layer for session management. That means it is possible to choose between different kind of session stores, as well as write new session store plugins.
SimpleSAMLphp has an abstraction layer for session management. That means it is possible to choose between different kind of session stores, as well as write new session store plugins.
The `store.type` configuration option in `config.php` allows you to select which method SimpleSAMLphp should use to store the session information. Currently, three session handlers are included in the distribution:
The `store.type` configuration option in `config.php` allows you to select which method SimpleSAMLphp should use to store the session information. Currently, three session handlers are included in the distribution:
* `phpsession` uses the built in session management in PHP. This is the default, and is simplest to use. It will not work in a load-balanced environement in most configurations.
* `phpsession` uses the built in session management in PHP. This is the default, and is simplest to use. It will not work in a load-balanced environment in most configurations.
* `memcache` uses the memcache software to cache sessions in memory. Sessions can be distributed and replicated among several memcache servers, enabling both load-balancing and fail-over.
* `memcache` uses the memcache software to cache sessions in memory. Sessions can be distributed and replicated among several memcache servers, enabling both load-balancing and fail-over.
* `sql` stores the session in an SQL database.
* `sql` stores the session in an SQL database.
...
@@ -39,7 +39,7 @@ To use the memcache session handler, set the `store.type` parameter in `config.p
...
@@ -39,7 +39,7 @@ To use the memcache session handler, set the `store.type` parameter in `config.p
'store.type' => 'memcache',
'store.type' => 'memcache',
memcache allows you to store multiple redudant copies of sessions on different memcache servers.
memcache allows you to store multiple redundant copies of sessions on different memcache servers.
The configuration parameter `memcache_store.servers` is an array of server groups. Every data item will be mirrored in every server group.
The configuration parameter `memcache_store.servers` is an array of server groups. Every data item will be mirrored in every server group.
...
@@ -68,9 +68,9 @@ Each server is an array of parameters for the server. The following options are
...
@@ -68,9 +68,9 @@ Each server is an array of parameters for the server. The following options are
Here are two examples of configuration of memcache session handling:
Here are two examples of configuration of memcache session handling:
**Example 1. Example of redudant configuration with load balancing**
**Example 1. Example of redundant configuration with load balancing**
Example of redudant configuration with load balancing: This configuration makes it possible to lose both servers in the a-group or both servers in the b-group without losing any sessions. Note that sessions will be lost if one server is lost from both the a-group and the b-group.
Example of redundant configuration with load balancing: This configuration makes it possible to lose both servers in the a-group or both servers in the b-group without losing any sessions. Note that sessions will be lost if one server is lost from both the a-group and the b-group.
'memcache_store.servers' => array(
'memcache_store.servers' => array(
array(
array(
...
@@ -112,7 +112,7 @@ Here is an example of this configuration parameter:
...
@@ -112,7 +112,7 @@ Here is an example of this configuration parameter:
#### Memcache PHP configuration
#### Memcache PHP configuration
Configure memcahce to not do internal failover. This parameter is
Configure memcache to not do internal failover. This parameter is
configured in `php.ini`.
configured in `php.ini`.
memcache.allow_failover = Off
memcache.allow_failover = Off
...
@@ -121,7 +121,7 @@ configured in `php.ini`.
...
@@ -121,7 +121,7 @@ configured in `php.ini`.
Setup a firewall restricting access to the memcache server.
Setup a firewall restricting access to the memcache server.
Because simpleSAMLphp uses a timestamp to check which session is most recent in a fail-over setup, it is very important to run syncrhonized clocks on all webservers where you run simpleSAMLphp.
Because SimpleSAMLphp uses a timestamp to check which session is most recent in a fail-over setup, it is very important to run synchronized clocks on all webservers where you run SimpleSAMLphp.
### Configuring SQL storage
### Configuring SQL storage
...
@@ -131,7 +131,7 @@ SimpleSAMLphp uses [PDO](http://www.php.net/manual/en/book.pdo.php) when accessi
...
@@ -131,7 +131,7 @@ SimpleSAMLphp uses [PDO](http://www.php.net/manual/en/book.pdo.php) when accessi
The DSN is stored in the `store.sql.dsn` option. See the [PDO driver manual](http://www.php.net/manual/en/pdo.drivers.php) for the DSN syntax used by the different databases.
The DSN is stored in the `store.sql.dsn` option. See the [PDO driver manual](http://www.php.net/manual/en/pdo.drivers.php) for the DSN syntax used by the different databases.
Username and password for accessing the database can be configured in the `store.sql.username` and `store.sql.password` options.
Username and password for accessing the database can be configured in the `store.sql.username` and `store.sql.password` options.
The required tables are created automatically. If you are storing data from multiple separate simpleSAMLphp installations in the same database, you can use the `store.sql.prefix` option to prevent conflicts.
The required tables are created automatically. If you are storing data from multiple separate SimpleSAMLphp installations in the same database, you can use the `store.sql.prefix` option to prevent conflicts.
## Logging and statistics
## Logging and statistics
...
@@ -154,7 +154,7 @@ Turn off PHPSESSID in query string.
...
@@ -154,7 +154,7 @@ Turn off PHPSESSID in query string.
Here are some checkpoints
Here are some checkpoints
1. Remove all entities in metadata files that you do not trust. It is easy to forget about some of the entities that were used for test.
1. Remove all entities in metadata files that you do not trust. It is easy to forget about some of the entities that were used for test.
2. If you during testing have been using a certificate that has been exposed (notably: the one found in the simpleSAMLphp distribution): Obtain and install a new one.
2. If you during testing have been using a certificate that has been exposed (notably: the one found in the SimpleSAMLphp distribution): Obtain and install a new one.
3. Make sure you have installed the latest security upgrades for your OS.
3. Make sure you have installed the latest security upgrades for your OS.
4. Make sure to use HTTPS rather than HTTP.
4. Make sure to use HTTPS rather than HTTP.
5. Block access to your servers on anything except port 443. simpleSAMLphp only uses plain HTTP(S), so there is no need to open ports for SOAP or other communication.
5. Block access to your servers on anything except port 443. simpleSAMLphp only uses plain HTTP(S), so there is no need to open ports for SOAP or other communication.
...
@@ -175,12 +175,12 @@ To add support for a new language, add your new language to the `language.availa
...
@@ -175,12 +175,12 @@ To add support for a new language, add your new language to the `language.availa
[language codes as specified in ISO-639-1](http://en.wikipedia.org/wiki/List_of_ISO_639-1_codes).
[language codes as specified in ISO-639-1](http://en.wikipedia.org/wiki/List_of_ISO_639-1_codes).
You also can set the default language. You should ensure that the default language is complete, as it is used as a fallback when a text is not available in the language selected by the user.
You also can set the default language. You should ensure that the default language is complete, as it is used as a fallback when a text is not available in the language selected by the user.
Translation of simpleSAMLphp is done through the SimpleSAMLphp translation portal. To translate simpleSAMLphp to a new language, please contact the authors at the mailinglist, and the new language may be added to the translation portal.
Translation of simpleSAMLphp is done through the SimpleSAMLphp translation portal. To translate SimpleSAMLphp to a new language, please contact the authors at the mailinglist, and the new language may be added to the translation portal.
* [Visit the SimpleSAMLphp translation portal](https://translation.rnd.feide.no/?aid=simplesamlphp)
* [Visit the SimpleSAMLphp translation portal](https://translation.rnd.feide.no/?aid=simplesamlphp)
...
@@ -204,7 +204,6 @@ Support
...
@@ -204,7 +204,6 @@ Support
If you need help to make this work, or want to discuss simpleSAMLphp with other users of the software, you are fortunate: Around simpleSAMLphp there is a great Open source community, and you are welcome to join! The forums are open for you to ask questions, contribute answers other further questions, request improvements or contribute with code or plugins of your own.
If you need help to make this work, or want to discuss simpleSAMLphp with other users of the software, you are fortunate: Around simpleSAMLphp there is a great Open source community, and you are welcome to join! The forums are open for you to ask questions, contribute answers other further questions, request improvements or contribute with code or plugins of your own.
@@ -13,7 +13,7 @@ The simpleSAMLphp statistics module
...
@@ -13,7 +13,7 @@ The simpleSAMLphp statistics module
## Configure your logs
## Configure your logs
It's recommended to use syslog for logging, then a separate loglevel is
It's recommended to use syslog for logging, then a separate loglevel is
dedicated to statistics. You need to get all statistics log entries
dedicated to statistics. You need to get all statistics log entries
in one log file. Here is how I do it in syslog.conf:
in one log file. Here is how I do it in syslog.conf:
...
@@ -36,7 +36,7 @@ With content that looks like this:
...
@@ -36,7 +36,7 @@ With content that looks like this:
Nov 15 13:16:39 www1 simplesamlphp-openwiki[2125]: 5 STAT [3493d5d87f] saml20-sp-SSO urn:mace:feide.no:services:no.feide.openwikicore sam.feide.no NA
Nov 15 13:16:39 www1 simplesamlphp-openwiki[2125]: 5 STAT [3493d5d87f] saml20-sp-SSO urn:mace:feide.no:services:no.feide.openwikicore sam.feide.no NA
Nov 15 13:37:27 www1 simplesamlphp-foodle[3146]: 5 STAT [77013b4b6e] AUTH-login-admin OK
Nov 15 13:37:27 www1 simplesamlphp-foodle[3146]: 5 STAT [77013b4b6e] AUTH-login-admin OK
Here you can see that I collect statistics in one file for several installations. You could easily separate each instance of simpleSAMLphp into separate files (your preference).
Here you can see that I collect statistics in one file for several installations. You could easily separate each instance of SimpleSAMLphp into separate files (your preference).
## Configure the statistics module
## Configure the statistics module
...
@@ -59,7 +59,7 @@ Make sure the stat dir is writable. SimpleSAMLphp will write data here:
...
@@ -59,7 +59,7 @@ Make sure the stat dir is writable. SimpleSAMLphp will write data here:
### Configuring the syntax of the logfile
### Configuring the syntax of the logfile
Syslog uses different date formats on different environments, so you need to do some manual tweaking to make sure that simpleSAMLphp knows how to interpret the logs.
Syslog uses different date formats on different environments, so you need to do some manual tweaking to make sure that SimpleSAMLphp knows how to interpret the logs.
There are three parameter values you need to make sure are correct.
There are three parameter values you need to make sure are correct.
At the Installation page there will be a link "show statistics", go there and if simpleSAMLphp finds the statistics files in the `statdir` generated from cron or the script you will see statistics. Enjoy.
At the Installation page there will be a link "show statistics", go there and if SimpleSAMLphp finds the statistics files in the `statdir` generated from cron or the script you will see statistics. Enjoy.
Support
Support
-------
-------
If you need help to make this work, or want to discuss simpleSAMLphp with other users of the software, you are fortunate: Around simpleSAMLphp there is a great Open source community, and you are welcome to join! The forums are open for you to ask questions, contribute answers other further questions, request improvements or contribute with code or plugins of your own.
If you need help to make this work, or want to discuss SimpleSAMLphp with other users of the software, you are fortunate: Around SimpleSAMLphp there is a great Open source community, and you are welcome to join! The forums are open for you to ask questions, contribute answers other further questions, request improvements or contribute with code or plugins of your own.
