Over a million developers have joined DZone.

WSO2 Identity Server SAML2 IdP with SimpleSAMLphp Service Provider

DZone's Guide to

WSO2 Identity Server SAML2 IdP with SimpleSAMLphp Service Provider

Free Resource

Learn how API management supports better integration in Achieving Enterprise Agility with Microservices and API Management, brought to you in partnership with 3scale

This blog post explains how to configure WSO2 Identity Server SAML2 IdP with SimpleSAMLphp Service Provider.

Let's first setup SimpleSAMLphp as a service provider. The steps below are tested with Ubuntu.

1.  Install Apache

# apt-get install apache2  

2.  Install PHP and related extensions

    # apt-get install php5  
    # apt-get install php5-cli  
    # apt-get install php5-common  
    # apt-get install php5-curl  
    # apt-get install php-pear  
    # apt-get install php5-mcrypt  

3.  Install SimpleSAMLphp

# cd /var/simplesamlphp/  
# wget http://simplesamlphp.googlecode.com/files/simplesamlphp-1.11.0.tar.gz  
# tar xvf simplesamlphp-1.11.0.tar.gz  
# mv simplesamlphp-1.11.0 simplesamlphp  
# cd simplesamlphp  
# cp -r metadata-templates/*.php metadata/  
# cp -r config-templates/*.php config

4. Configure  SimpleSAMLphp web in Apache.

    # cd /var/www  
    # ln -s /var/simplesamlphp/simplesamlphp/www simplesaml   

5.  Start Apache

# apachectl start 

6.  Access  SimpleSAMLphp web app


7.  SimpleSAMLphp administrator login configuration.

# cd /var/simplesamlphp/simplesamlphp  
# vi config/config.php 

Look for 'auth.adminpassword' and change its value from the default and save the file.

8. Click on 'Login as administrator' from the web page http://localhost/simplesaml

9.  Adding a Service Provider to SimpleSAMLphp

    # cd /var/simplesamlphp/simplesamlphp  
    # vi config/authsources.php  

Add the following section to the file and save.

    'wso2-sp' => array(  
    // The entity ID of this SP.  
    // Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.  
    'entityID' => 'simplesaml',  
    // The entity ID of the IdP this should SP should contact.  
    // Can be NULL/unset, in which case the user will be shown a list of available IdPs.  
    'idp' => 'https://localhost:9443/samlsso',  
    // The URL to the discovery service.  
    // Can be NULL/unset, in which case a builtin discovery service will be used.  
    'discoURL' => NULL,  

Here we assume WSO2 IS is running in localhost on 9443.

10. Adding Identity Provider metadata.

    # cd /var/simplesamlphp/simplesamlphp  
    #  vi metadata/saml20-idp-remote.php  

Add the following section to the file and save.

    $metadata['https://localhost:9443/samlsso'] = array(  
    'name' => array(  
    'en' =>  'WSO2 IS',  
    'no' =>  'WSO2 IS',  
    'description'   =>  'Login with WSO2 IS SAML2 IdP.',  
    'SingleSignOnService'  =>  'https://localhost:9443/samlsso',  
    'SingleLogoutService'  => 'https://localhost:9443/samlsso',  
    'certFingerprint'      => '6bf8e136eb36d4a56ea05c7ae4b9a45b63bf975d'  

Note that,  metadata['https://localhost:9443/samlsso'] should match value of 'idp' in step-8.

6bf8e136eb36d4a56ea05c7ae4b9a45b63bf975d is the thumbprint of the default certificate ships with WSO2 IS. SAML2 Response is signed with this certificate.

11.  Install WSO2 Identity Server 4.5.0. For the moment you can test with M2 build of WSO2 IS 4.5.0 which is available here.

12.  Start WSO2 Identity Server and add a Service Provider under SAML SSO.

Issuer : simplesaml

Assertion Consumer Url :http://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/wso2-sp

Enable Assertion Signing : True

Keep the defaults for the rest.

13.  Test SimpleSAMLphp

Go to http://localhost/simplesaml and then to "Authentication" and click on "Test configured authentications sources"

Pick, "wso2-sp" - now you will be redirected to WSO2 IS SAML2 IdP for login.

Unleash the power of your APIs with future-proof API management - Create your account and start your free trial today, brought to you in partnership with 3scale.


Published at DZone with permission of Prabath Siriwardena, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.


Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.


{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}