Skip to content
Snippets Groups Projects
Commit eba188de authored by Olav Morken's avatar Olav Morken
Browse files

Documentation for artifact on the SP.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2308 44740490-163a-0410-bde0-09ae8108e29a
parent 06b1088b
No related branches found
No related tags found
No related merge requests found
Using HTTP-Artifact from a simpleSAMLphp SP
===========================================
This document describes how to use the HTTP-Artifact binding to receive authentication responses from the IdP.
Which binding the IdP should use when sending authentication responses is controlled by the `ProtocolBinding` in the SP configuration.
To make your Service Provider (SP) request that the response from the IdP is sent using the HTTP-Artifact binding, this option must be set to the HTTP-Artifact binding.
In addition to selecting the binding, you must also add a private key and certificate to your SP.
This is used for SSL client authentication when contacting the IdP.
To generate a private key and certificate, you may use the `openssl` commandline utility:
openssl req -new -x509 -days 3652 -nodes -out sp.example.org.crt -keyout sp.example.org.pem
You can then add the private key and certificate to the SP configuration.
When this is done, you can add the metadata of your SP to the IdP, and test the authentication.
Example configuration
---------------------
'artifact-sp' => array(
'saml:SP',
'ProtocolBinding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
'privatekey' => 'sp.example.org.pem',
'certificate' => 'sp.example.org.crt',
),
See the [SP configuration reference](./saml:sp) for a description of the options.
......@@ -136,9 +136,21 @@ The following SAML 2.0 SP options are available:
`privatekey_pass`
: The passphrase for the private key, if it is encrypted. If the private key is unencrypted, this can be left out.
`ProtocolBinding`
: The binding that should be used for SAML2 authentication responses.
This option controls the binding that is requested through the AuthnRequest message to the IdP.
By default the HTTP-Redirect binding is used.
`RelayState`
: The page the user should be redirected to after an IdP initiated SSO.
`saml.SOAPClient.certificate`
: A file with a certificate _and_ private key that should be used when issuing SOAP requests from this SP.
If this option isn't specified, the SP private key and certificate will be used.
`saml.SOAPClient.privatekey_pass`
: The passphrase of the privatekey in `saml.SOAPClient.certificate`.
`SingleLogoutService`
: Override the default URL for the SingleLogoutService for this SP. This is an absolute URL. The default value is `<simpleSAMLphp-root>/saml2/sp/SingleLogoutService.php`.
......
......@@ -230,6 +230,20 @@ Options
: *Note*: SAML 2 specific.
`ProtocolBinding`
: The binding that should be used for SAML2 authentication responses.
This option controls the binding that is requested through the AuthnRequest message to the IdP.
By default the HTTP-Redirect binding is used.
: *Note*: SAML 2 specific.
`saml.SOAPClient.certificate`
: A file with a certificate _and_ private key that should be used when issuing SOAP requests from this SP.
If this option isn't specified, the SP private key and certificate will be used.
`saml.SOAPClient.privatekey_pass`
: The passphrase of the privatekey in `saml.SOAPClient.certificate`.
`saml1.useartifact`
: Request that the IdP returns the result to the artifact binding.
The default is to use the POST binding, set this option to TRUE to use the artifact binding instead.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment