Installation

  1. download WSO2 Identity Server from

  2. install prereqirements

  1. Oracle Java SE Development Kit (JDK)
  2. Apache ActiveMQ JMS Provider
  3. Apache Ant
  4. SVN Client
  5. Apache Maven
  6. LDAP
  7. Tomcat
  1. Set JAVA_HOME Enviroment variable
  2. Restart Computer
  3. Start server
./bin/wso2server.sh
  1. You can access user dashboard via bellow link
https://localhost:9443/dashboar

in this panel you can register new user or edit admin user with admin password
7. you can open management panel via bellow link

https://localhost:9443/carbon

8.

SAML2 IdP with SimpleSAMLphp Service Provider

This section explains how to configure the WSO2 Identity Server SAML2 IdP with the SimpleSAMLphp Service Provider. Initially it is necessary to setup SimpleSAMLphp as a service provider. The steps below are tested with Ubuntu.

To setup SimpleSAMLphp as a service provider

  1. Install Apache.
apt-get install apache2
  1. apt-get install apache2
apt-get install php5

apt-get install php5-cli

apt-get install php5-common

apt-get install php5-curl

apt-get install php-pear

apt-get install php5-mcrypt
  1. Install SimpleSAMLphp using the following commands.
cd /var/simplesamlphp/

wget http://simplesamlphp.googlecode.com/files/simplesamlphp-1.11.0.tar.gz

tar xvf simplesamlphp-1.11.0.tar.gz

mv simplesamlphp-1.11.0 simplesamlphp

cd simplesamlphp

cp -r metadata-templates/*.php metadata/

cp -r config-templates/*.php config
  1. Configure SimpleSAMLphp web in Apache.
cd /var/www/html

ln -s /var/simplesamlphp/simplesamlphp/www simplesaml
  1. Start Apache
apachectl start
  1. Access the SimpleSAMLphp web app from the following location: http://localhost/simplesaml.
  2. Set the SimpleSAMLphp administrator login configuration as follows:
cd /var/simplesamlphp/simplesamlphp

vi config/config.php
  1. Look for ‘auth.adminpassword’ and change its value from the default and save the file.
  2. Click on ‘Login as administrator’ from the web page http://localhost/simplesaml.
  3. Add a Service Provider to SimpleSAMLphp.
cd /var/simplesamlphp/simplesamlphp

vi config/authsources.php
  1. Add the following section to the file and save.
'wso2-sp' => array(

'saml:SP',

// The entity ID of this SP.

// Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.

'entityID' => 'simplesaml',

// The entity ID of the IdP this should SP should contact.

// Can be NULL/unset, in which case the user will be shown a list of available IdPs.

'idp' => 'https://localhost:9443/samlsso',

// The URL to the discovery service.

// Can be NULL/unset, in which case a builtin discovery service will be used.

'discoURL' => NULL,

),

Here we assume WSO2 IS is running in localhost on 9443.
12. Add the Identity Provider metadata.

cd /var/simplesamlphp/simplesamlphp

vi metadata/saml20-idp-remote.php
  1. Add the following section to the file and save
$metadata['https://localhost:9443/samlsso'] = array(

'name' => array(

'en' => 'WSO2 IS',

'no' => 'WSO2 IS',

),

'description' => 'Login with WSO2 IS SAML2 IdP.',

'SingleSignOnService' => 'https://localhost:9443/samlsso',

'SingleLogoutService' => 'https://localhost:9443/samlsso',

'certFingerprint' => '6bf8e136eb36d4a56ea05c7ae4b9a45b63bf975d'

);
  1. Enable SAML2.0
cd /var/simplesamlphp/simplesamlphp

vi metadata/config.php

change enable.saml20-idp to true
14. Note that metadata [‘https://localhost:9443/samlsso’] should match value of ‘idp’ in step 11.
15. Install WSO2 Identity Server. The WSO2 Identity Server is available for download here.
16. Start WSO2 Identity Server and add a Service Provider under SAML SSO.

Issuer: simplesaml
Assertion Consumer URL: http://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/wso2-sp
Enable Assertion Signing: True
Enable Single Logout: True
Logout URL: http://localhost/simplesamlphp/www/module.php/saml/sp/saml2-logout.php/wso2-sp
Keep the defaults for the rest.
  1. In the Main menu of the management console, click List under Identity Providers. Then click Resident Identity Provider.
  2. On the page that appears, open the SAML2 Web SSO Configuration section under Inbound Authentication Configuration.
  3. The ID value of the identity provider should be the SAML endpoint of the Identity Server: https://localhost:9443/samlsso
  4. Test SimpleSAMLphp.
  5. Go to http://localhost/simplesaml and then to “Authentication” and click on “Test configured authentications sources”
  6. Pick “wso2-sp”. You are redirected to WSO2 IS SAML2 IdP for login.

Resource

  1. SAML2 IdP with SimpleSAMLphp Service Provider
  2. Installation Prerequisites
Share:
Reading time: 3 min