Skip to content
Snippets Groups Projects
Commit f90955ea authored by Olav Morken's avatar Olav Morken
Browse files

docs: Document configuration of artifact on the IdP.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2304 44740490-163a-0410-bde0-09ae8108e29a
parent 0a29156b
No related branches found
No related tags found
No related merge requests found
Adding HTTP-Artifact support to the IdP
=======================================
This document describes the necessary steps to enable support for the HTTP-Artifact binding on a simpleSAMLphp IdP:
1. Configure simpleSAMLphp to use memcache to store the session.
2. Enable support for sending artifacts in `saml20-idp-hosted`.
3. Add the webserver certificate to the generated metadata.
Memcache
--------
To enable memcache, you must first install and configure memcache on the server hosting your IdP.
You need both a memcache server and a the PHP memcache client.
How this is done depends on the distribution.
If you are running Debian Lenny, you can install both by running:
aptitude install memcached php5-memcache
*Note*: For security, you must make sure that the memcache server is inaccessible to other hosts.
The default configuration on Debian Lenny is for the memcache server to be accessible to only the local host.
Once the memcache server is configured, you can configure simplesamlphp to use it to store sessions.
You can do this by setting the `session.handler` option in `config.php` to `memcache`.
If you are running memcache on a different server than the IdP, you must also change the `memcache_store.servers` option in `config.php`.
Enabling artifact on the IdP
----------------------------
To enable the IdP to send artifacts, you must add the `saml20.sendartifact` option to the `saml20-idp-hosted` metadata file:
$metadata['__DYNAMIC:1__'] = array(
[....]
'auth' => 'example-userpass',
'saml20.sendartifact' => TRUE,
);
Certificate in metadata
-----------------------
Some SPs validates the SSL certificate on the ArtifactResolutionService using the certificates in the metadata.
You may therefore have to add the webserver certificate to the metadata that your IdP generates.
To do this, you need to set the `https.certificate` option in the `saml20-idp-hosted` metadata file.
That option should refer to a file containing the webserver certificate.
$metadata['__DYNAMIC:1__'] = array(
[....]
'auth' => 'example-userpass',
'saml20.sendartifact' => TRUE,
'https.certificate' => '/etc/apache2/webserver.crt',
);
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment