Child pages
  • Installing a SimpleSAMLphp SP

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: sign logout messages

...

No Format
        "attribute_schachomeorganizationtype": {
                "en": "Home organization type"
        },
        "attribute_auedupersonsharedtoken": {
                "en": "Shared token"
        },

Configuring Persistent NameID

SimpleSAMLphp includes a NameIDPolicy in the SSO request sent to the IdP - and if not set, the requested format is urn:oasis:names:tc:SAML:2.0:nameid-format:transient.

To request the urn:oasis:names:tc:SAML:2.0:nameid-format:persistent NameIDFormat (used in place of the eduPersonTargetedID attribute), add the following line into the default-sp parameters in config/authsources.php :

Code Block
        'NameIDPolicy' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',

Configure signing of logout messages

As IdPs typically expect logout messages to be signed, configure SimpleSAMLphp to sign logout messages.

Add the following line into the default-sp parameters in config/authsources.php :

Code Block
        'sign.logout' => true,

Clean up SP configuration

...