This document give instructions for installing the simpleSAMLphp framework. simpleSAMLphp is an alternative to using the Internet2 Shibboleth service provider software. This means that if you want to use simpleSAMLphp, then you do not have to install the Internet2 shibd software.
This document was written for simpleSAMLphp 1.6.2. If you notice significant difference between it and the version you are trying to install, please let us know.
Apache has to know where SimpleSAMLphp is located. So, in ssl.conf add the following in the VirtualHost section:
The restart Apache:
See the "Configuring the SP" section of the following doc:
After you generate the X509 cert, edit config/authsources.php and make 'default-sp' section look like this:
Set Admin Password and Contact Info
Convert MyAccess Metadata
Use the following URL to convert the MyAccess IdP metadata to simpleSAMLphp metadata: /admin/metadata-converter.php
Once parsed, you want the saml20-idp-remote metadata. Copy this and replace the contents of the following file:
Don't forget to put <?php at the top!
Also, for the SingleLogoutService, change it to look like this:
PHP needs to have mcrypt enabled, to do this, do the following (assuming you are on a Linux RedHat or CentOS system):
Integrate With MyAccess
At this point you are ready to integrate with MyAccess. You should open up a service ticket with ITS (http://help.ucsf.edu/ then click on "Submit a ticket for ITS or School of Nursing IT") and include the following information:
Subject indicating that the request is for "MyAccess Shibboleth test or production"
Attributes you want to get back from their IdP (and if you want ones that were not covered above, then you need to ask them for the OID for the attribute and configure it in attribute-map.xml)
URL for your metadata (so that they can download the metadata, or attach the metadata file to the ticket)
Indicate which attributes you would like to receive from MyAccess
To get the metadata for your simpleSAMLphp installation, go to the following URL (you will have to authenticate to simpleSAMLphp using the password you used in the configuration when installing simpleSAMLphp):