Which config files are needed. Which ones are deployment specific, which ones are related to the connected entities? Which modules are needed?


Deployment specific configs:

Connected entities configs:

  • oidc clients are managed by oidc module, stored in a shared DB;
  • generate_oidc_config.php – extracting rulesets from shared DB;
  • module_metarefresh.php – contains metadata urls for saml entities (but config was updated externally, calling cron for metarefresh updates);

Modules needed:

  1. 'saml',
  2. 'admin',
  3. 'cron',
  4. 'metarefresh',
  5. ‘oidc',
  6. 'mymodule', – for custom html .twig templates


SP role enabled

If in the wizard the SP role is enabled, then in the config we should have the following: 

/* this comes in authsources.php */
$config = [
    'default-sp' => [
        'saml:SP',
        'entityID' => 'https://entityid.uri',
        'privatekey' => 'saml.pem',
        'certificate' => 'saml.crt',
    ], 
];

Adding IdPs to the SP

/* saml20-idp-remote.php */
<?php
$metadata['https://example.org/saml-idp'] = [
    'SingleSignOnService'  => 'https://example.org/simplesaml/saml2/idp/SSOService.php',
    'SingleLogoutService'  => 'https://example.org/simplesaml/saml2/idp/SingleLogoutService.php',
    'certificate'          => /**/,
];

We should think about how to mobilize the XML→ php converter of ssp itself to generate the 'remote' files.

  • No labels