Enterprise Integration Zone is brought to you in partnership with:

I am currently working as a Software Architect and a Senior Manager at WSO2. I have spoken in numerous conferences - OSCON 2009, ApacheCon 2009, WSO2Con 2010, WSO2 SOA Workshops and WSO2 Security Workshops. I am a graduate from University of Moratuwa, Sri Lanka and in 2008 I completed my Masters specialized in software architecture from the same University. I also gained professional qualifications in BCS and ACS as well as certifications in SCDJWS, SCJP, SCBCD, SCWCD, MCSD, OCA, and CCNA. Prabath is a DZone MVB and is not an employee of DZone and has posted 22 posts at DZone. You can read more from them at their website. View Full User Profile

WSO2 Identity Server SAML2 IdP with SimpleSAMLphp Service Provider

  • submit to reddit

This blog post explains how to configure WSO2 Identity Server SAML2 IdP with SimpleSAMLphp Service Provider.

Let's first setup SimpleSAMLphp as a service provider. The steps below are tested with Ubuntu.

1.  Install Apache

# apt-get install apache2  

2.  Install PHP and related extensions

    # apt-get install php5  
    # apt-get install php5-cli  
    # apt-get install php5-common  
    # apt-get install php5-curl  
    # apt-get install php-pear  
    # apt-get install php5-mcrypt  

3.  Install SimpleSAMLphp

# cd /var/simplesamlphp/  
# wget http://simplesamlphp.googlecode.com/files/simplesamlphp-1.11.0.tar.gz  
# tar xvf simplesamlphp-1.11.0.tar.gz  
# mv simplesamlphp-1.11.0 simplesamlphp  
# cd simplesamlphp  
# cp -r metadata-templates/*.php metadata/  
# cp -r config-templates/*.php config

4. Configure  SimpleSAMLphp web in Apache.

    # cd /var/www  
    # ln -s /var/simplesamlphp/simplesamlphp/www simplesaml   

5.  Start Apache

# apachectl start 

6.  Access  SimpleSAMLphp web app


7.  SimpleSAMLphp administrator login configuration.

# cd /var/simplesamlphp/simplesamlphp  
# vi config/config.php 

Look for 'auth.adminpassword' and change its value from the default and save the file.

8. Click on 'Login as administrator' from the web page http://localhost/simplesaml

9.  Adding a Service Provider to SimpleSAMLphp

    # cd /var/simplesamlphp/simplesamlphp  
    # vi config/authsources.php  

Add the following section to the file and save.

    'wso2-sp' => array(  
    // The entity ID of this SP.  
    // Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.  
    'entityID' => 'simplesaml',  
    // The entity ID of the IdP this should SP should contact.  
    // Can be NULL/unset, in which case the user will be shown a list of available IdPs.  
    'idp' => 'https://localhost:9443/samlsso',  
    // The URL to the discovery service.  
    // Can be NULL/unset, in which case a builtin discovery service will be used.  
    'discoURL' => NULL,  

Here we assume WSO2 IS is running in localhost on 9443.

10. Adding Identity Provider metadata.

    # cd /var/simplesamlphp/simplesamlphp  
    #  vi metadata/saml20-idp-remote.php  

Add the following section to the file and save.

    $metadata['https://localhost:9443/samlsso'] = array(  
    'name' => array(  
    'en' =>  'WSO2 IS',  
    'no' =>  'WSO2 IS',  
    'description'   =>  'Login with WSO2 IS SAML2 IdP.',  
    'SingleSignOnService'  =>  'https://localhost:9443/samlsso',  
    'SingleLogoutService'  => 'https://localhost:9443/samlsso',  
    'certFingerprint'      => '6bf8e136eb36d4a56ea05c7ae4b9a45b63bf975d'  

Note that,  metadata['https://localhost:9443/samlsso'] should match value of 'idp' in step-8.

6bf8e136eb36d4a56ea05c7ae4b9a45b63bf975d is the thumbprint of the default certificate ships with WSO2 IS. SAML2 Response is signed with this certificate.

11.  Install WSO2 Identity Server 4.5.0. For the moment you can test with M2 build of WSO2 IS 4.5.0 which is available here.

12.  Start WSO2 Identity Server and add a Service Provider under SAML SSO.

Issuer : simplesaml

Assertion Consumer Url :http://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/wso2-sp

Enable Assertion Signing : True

Keep the defaults for the rest.

13.  Test SimpleSAMLphp

Go to http://localhost/simplesaml and then to "Authentication" and click on "Test configured authentications sources"

Pick, "wso2-sp" - now you will be redirected to WSO2 IS SAML2 IdP for login.

Published at DZone with permission of Prabath Siriwardena, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)