Skip to content

Setup of SimpleSAML installation on the server

Jump to bottom
Stanislav Kutasevits edited this page Nov 30, 2020 · 2 revisions

SimpleSAML installation guide

This guide will describe the recommended way of handling SimpleSAML setup on the server.

1. Enable SimpleSAML module

drush en simplesamlphp_auth

2. Setup local SimpleSAML folder

Go to you project root folder.

Create empty folder that will keep SimpleSAML configuration:

mkdir simplesamlphp

Set up SimpleSAML folder structure:

cd simplesamlphp
mkdir cert
mkdir data
mkdir log
mkdir metadata
mkdir sqlite
mkdir config

2.1 Configure certificates

Place all your certificates into cert folder

creation of the certificates is omitted in this guide

2.2 Data folder permissions

Make sure data folder has write permissions for you www-data user

2.3 Log folder permissions

Make sure log folder has write permissions for you www-data user

2.4 Configure metadata

Place all your metadata files into metadata folder

creation of the metadata files is omitted in this guide

2.5 Create SQLite file

touch sqlite/sqlitedatabase.sq3

Make sure sqlite/sqlitedatabase.sq3 has write permissions for you www-data user

2.5 Create authsources.php file

Create your authsources.php and place it into config folder

creation of the authsources.php file is omitted in this guide

2.6 Create config.php file

Create your config.php and place it into config folder

Params in config.php template that need to be adjusted:

...
'baseurlpath' => 'simplesaml/',
'certdir' => '/var/www/simplesamlphp/cert/',
'loggingdir' => '/var/www/simplesamlphp/log/',
'datadir' => '/var/www/simplesamlphp/data/',
'tempdir' => '/tmp/simplesaml',
'technicalcontact_name' => 'Administrator',
'technicalcontact_email' => '[email protected]',
'timezone' => 'Europe/Copenhagen',
'enable.http_post' => false,
'logging.level' => SimpleSAML\Logger::NOTICE,
'logging.handler' => 'file',
'metadata.sources' => [
    ['type' => 'flatfile', 'directory' =>  '/var/www/simplesamlphp/metadata'],
],
'store.type' => 'sql',
'store.sql.dsn' => 'sqlite:/var/www/simplesamlphp/sqlite/sqlitedatabase.sq3',
...

3. Alter host file

3.1 Apache

Add the following line to your host file:

SetEnv SIMPLESAMLPHP_CONFIG_DIR /var/www/simplesamlphp/config
Alias /simplesaml /var/www/vendor/simplesamlphp/simplesamlphp/www

<Directory /var/www/vendor/simplesamlphp/simplesamlphp/www>
   <IfModule !mod_authz_core.c>
      # For Apache 2.2:
      Order allow,deny
      Allow from all
   </IfModule>
   <IfModule mod_authz_core.c>
      # For Apache 2.4:
      Require all granted
   </IfModule>
</Directory>

4. Test SimpleSAML using SimpleSAML webinterface

  1. Open https://[installation]/simplesaml
  2. Proceed with the login
  3. You should login successfully and see a list of the user attributes
Clone this wiki locally