We are testing use of simplesamlphp with ADFS/Shiboleth.
I have successfully used the 'vanilla' simplesamlphp. However we need to to work with symfony2 - namely this bundle: https://github.com/hslavich/SimplesamlphpBundle
We have configured but are getting no identity providers shown when trying to test the idp and sp (we are using the https://www.testshib.org/ idp) via simplesamlphp - 'Select your identity provider' page
We are getting no errors and sanity check runs fine, so all appears to be configured other than idp connection. The metadata was converted from the idp in simplesaml php as per docs on both github and simplesaml.
Hoping this is an obvious issue, any thoughts or suggestions for other symfony bundles welcome.
Cheers
authsouources.php
$config = array(
// This is a authentication source which handles admin authentication.
'admin' => array(
// The default is to use core:AdminPassword, but it can be replaced with
// any authentication source.
'core:AdminPassword',
),
// An authentication source which can authenticate against both SAML 2.0
// and Shibboleth 1.3 IdPs.
'default-sp' => array(
'saml:SP',
'privatekey' => '/etc/httpd/ssl/cert.key',
'certificate' => '/etc/httpd/ssl/key.crt',
// The entity ID of this SP.
// Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
'entityID' => 'https://idp.testshib.org/idp/shibboleth',
// The entity ID of the IdP this should SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
'idp' => null,
// The URL to the discovery service.
// Can be NULL/unset, in which case a builtin discovery service will be used.
'discoURL' => null,
)
);
saml20-idp-remote.php
<?php
$metadata['https://idp.testshib.org/idp/shibboleth'] = array (
'entityid' => 'https://idp.testshib.org/idp/shibboleth',
'description' =>
array (
'en' => 'TestShib Two Identity Provider',
),
'OrganizationName' =>
array (
'en' => 'TestShib Two Identity Provider',
),
'name' =>
array (
'en' => 'TestShib Test IdP',
),
'OrganizationDisplayName' =>
array (
'en' => 'TestShib Two',
),
'url' =>
array (
'en' => 'http://www.testshib.org/testshib-two/',
),
'OrganizationURL' =>
array (
'en' => 'http://www.testshib.org/testshib-two/',
),
'contacts' =>
array (
0 =>
array (
'contactType' => 'technical',
'givenName' => 'Nate',
'surName' => 'Klingenstein',
'emailAddress' =>
array (
0 => 'ndk@internet2.edu',
),
),
),
'metadata-set' => 'saml20-idp-remote',
'SingleSignOnService' =>
array (
0 =>
array (
'Binding' => 'urn:mace:shibboleth:1.0:profiles:AuthnRequest',
'Location' => 'https://idp.testshib.org/idp/profile/Shibboleth/SSO',
),
1 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'https://idp.testshib.org/idp/profile/SAML2/POST/SSO',
),
2 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO',
),
3 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
'Location' => 'https://idp.testshib.org/idp/profile/SAML2/SOAP/ECP',
),
),
'SingleLogoutService' =>
array (
),
'ArtifactResolutionService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding',
'Location' => 'https://idp.testshib.org:8443/idp/profile/SAML1/SOAP/ArtifactResolution',
'index' => 1,
),
1 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
'Location' => 'https://idp.testshib.org:8443/idp/profile/SAML2/SOAP/ArtifactResolution',
'index' => 2,
),
),
'NameIDFormats' =>
array (
0 => 'urn:mace:shibboleth:1.0:nameIdentifier',
1 => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
),
'keys' =>
array (
0 =>
array (
'encryption' => true,
'signing' => true,
'type' => 'X509Certificate',
'X509Certificate' => '
MIIEDjCCAvagAwIBAgIBADANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzEV
MBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMREwDwYD
VQQKEwhUZXN0U2hpYjEZMBcGA1UEAxMQaWRwLnRlc3RzaGliLm9yZzAeFw0wNjA4
MzAyMTEyMjVaFw0xNjA4MjcyMTEyMjVaMGcxCzAJBgNVBAYTAlVTMRUwEwYDVQQI
EwxQZW5uc3lsdmFuaWExEzARBgNVBAcTClBpdHRzYnVyZ2gxETAPBgNVBAoTCFRl
c3RTaGliMRkwFwYDVQQDExBpZHAudGVzdHNoaWIub3JnMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEArYkCGuTmJp9eAOSGHwRJo1SNatB5ZOKqDM9ysg7C
yVTDClcpu93gSP10nH4gkCZOlnESNgttg0r+MqL8tfJC6ybddEFB3YBo8PZajKSe
3OQ01Ow3yT4I+Wdg1tsTpSge9gEz7SrC07EkYmHuPtd71CHiUaCWDv+xVfUQX0aT
NPFmDixzUjoYzbGDrtAyCqA8f9CN2txIfJnpHE6q6CmKcoLADS4UrNPlhHSzd614
kR/JYiks0K4kbRqCQF0Dv0P5Di+rEfefC6glV8ysC8dB5/9nb0yh/ojRuJGmgMWH
gWk6h0ihjihqiu4jACovUZ7vVOCgSE5Ipn7OIwqd93zp2wIDAQABo4HEMIHBMB0G
A1UdDgQWBBSsBQ869nh83KqZr5jArr4/7b+QazCBkQYDVR0jBIGJMIGGgBSsBQ86
9nh83KqZr5jArr4/7b+Qa6FrpGkwZzELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBl
bm5zeWx2YW5pYTETMBEGA1UEBxMKUGl0dHNidXJnaDERMA8GA1UEChMIVGVzdFNo
aWIxGTAXBgNVBAMTEGlkcC50ZXN0c2hpYi5vcmeCAQAwDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQUFAAOCAQEAjR29PhrCbk8qLN5MFfSVk98t3CT9jHZoYxd8QMRL
I4j7iYQxXiGJTT1FXs1nd4Rha9un+LqTfeMMYqISdDDI6tv8iNpkOAvZZUosVkUo
93pv1T0RPz35hcHHYq2yee59HJOco2bFlcsH8JBXRSRrJ3Q7Eut+z9uo80JdGNJ4
/SJy5UorZ8KazGj16lfJhOBXldgrhppQBb0Nq6HKHguqmwRfJ+WkxemZXzhediAj
Geka8nz8JjwxpUjAiSWYKLtJhGEaTqCYxCCX2Dw+dOTqUzHOZ7WKv4JXPK5G/Uhr
8K/qhmFT2nIQi538n6rVYLeWj8Bbnl+ev0peYzxFyF5sQA==
',
),
),
'scope' =>
array (
0 => 'testshib.org',
),
'UIInfo' =>
array (
'DisplayName' =>
array (
'en' => 'TestShib Test IdP',
),
'Description' =>
array (
'en' => 'TestShib IdP. Use this as a source of attributes
for your test SP.',
),
'InformationURL' =>
array (
),
'PrivacyStatementURL' =>
array (
),
'Logo' =>
array (
0 =>
array (
'url' => 'https://www.testshib.org/testshibtwo.jpg',
'height' => 88,
'width' => 253,
),
),
),
);
