Over a million developers have joined DZone.

WSO2 Identity Server SAML2 IdP with SimpleSAMLphp Service Provider

DZone's Guide to

WSO2 Identity Server SAML2 IdP with SimpleSAMLphp Service Provider

· Integration Zone ·
Free Resource

The new Gartner Critical Capabilities report explains how APIs and microservices enable digital leaders to deliver better B2B, open banking and mobile projects.

This blog post explains how to configure WSO2 Identity Server SAML2 IdP with SimpleSAMLphp Service Provider.

Let's first setup SimpleSAMLphp as a service provider. The steps below are tested with Ubuntu.

1.  Install Apache

# apt-get install apache2  

2.  Install PHP and related extensions

    # apt-get install php5  
    # apt-get install php5-cli  
    # apt-get install php5-common  
    # apt-get install php5-curl  
    # apt-get install php-pear  
    # apt-get install php5-mcrypt  

3.  Install SimpleSAMLphp

# cd /var/simplesamlphp/  
# wget http://simplesamlphp.googlecode.com/files/simplesamlphp-1.11.0.tar.gz  
# tar xvf simplesamlphp-1.11.0.tar.gz  
# mv simplesamlphp-1.11.0 simplesamlphp  
# cd simplesamlphp  
# cp -r metadata-templates/*.php metadata/  
# cp -r config-templates/*.php config

4. Configure  SimpleSAMLphp web in Apache.

    # cd /var/www  
    # ln -s /var/simplesamlphp/simplesamlphp/www simplesaml   

5.  Start Apache

# apachectl start 

6.  Access  SimpleSAMLphp web app


7.  SimpleSAMLphp administrator login configuration.

# cd /var/simplesamlphp/simplesamlphp  
# vi config/config.php 

Look for 'auth.adminpassword' and change its value from the default and save the file.

8. Click on 'Login as administrator' from the web page http://localhost/simplesaml

9.  Adding a Service Provider to SimpleSAMLphp

    # cd /var/simplesamlphp/simplesamlphp  
    # vi config/authsources.php  

Add the following section to the file and save.

    'wso2-sp' => array(  
    // The entity ID of this SP.  
    // Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.  
    'entityID' => 'simplesaml',  
    // The entity ID of the IdP this should SP should contact.  
    // Can be NULL/unset, in which case the user will be shown a list of available IdPs.  
    'idp' => 'https://localhost:9443/samlsso',  
    // The URL to the discovery service.  
    // Can be NULL/unset, in which case a builtin discovery service will be used.  
    'discoURL' => NULL,  

Here we assume WSO2 IS is running in localhost on 9443.

10. Adding Identity Provider metadata.

    # cd /var/simplesamlphp/simplesamlphp  
    #  vi metadata/saml20-idp-remote.php  

Add the following section to the file and save.

    $metadata['https://localhost:9443/samlsso'] = array(  
    'name' => array(  
    'en' =>  'WSO2 IS',  
    'no' =>  'WSO2 IS',  
    'description'   =>  'Login with WSO2 IS SAML2 IdP.',  
    'SingleSignOnService'  =>  'https://localhost:9443/samlsso',  
    'SingleLogoutService'  => 'https://localhost:9443/samlsso',  
    'certFingerprint'      => '6bf8e136eb36d4a56ea05c7ae4b9a45b63bf975d'  

Note that,  metadata['https://localhost:9443/samlsso'] should match value of 'idp' in step-8.

6bf8e136eb36d4a56ea05c7ae4b9a45b63bf975d is the thumbprint of the default certificate ships with WSO2 IS. SAML2 Response is signed with this certificate.

11.  Install WSO2 Identity Server 4.5.0. For the moment you can test with M2 build of WSO2 IS 4.5.0 which is available here.

12.  Start WSO2 Identity Server and add a Service Provider under SAML SSO.

Issuer : simplesaml

Assertion Consumer Url :http://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/wso2-sp

Enable Assertion Signing : True

Keep the defaults for the rest.

13.  Test SimpleSAMLphp

Go to http://localhost/simplesaml and then to "Authentication" and click on "Test configured authentications sources"

Pick, "wso2-sp" - now you will be redirected to WSO2 IS SAML2 IdP for login.

The new Gartner Critical Capabilities for Full Lifecycle API Management report shows how CA Technologies helps digital leaders with their B2B, open banking, and mobile initiatives. Get your copy from CA Technologies.


Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}