Skip to content

Instantly share code, notes, and snippets.

@sverhoeven

sverhoeven/README.md

Created Jun 24, 2014
Embed
What would you like to do?
azure ad as idp + simplesamlphp as sp

Create sp in simplesamlphp

  1. Add SP to authsources.php

     'default-sp' => array(
             'saml:SP',
             'entityID' => 'https://svwiki.cloudapp.net',
             'discoURL' => NULL,
             'privatekey' => 'saml.pem',
             'certificate' => 'saml.crt',
             'idp' => 'https://sts.windows.net/b32e24cb-f139-4db7-bf8b-af9fe64d1bf2/',
             'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
             'simplesaml.nameidattribute' => 'eduPersonTargetedID',
     ),
    
  2. Goto AD application page and click View endpoints a download metadata to clipboard 2.1. Copy to clipboard https://login.windows.net/b32e24cb-f139-4db7-bf8b-af9fe64d1bf2/federationmetadata/2007-06/federationmetadata.xml

  3. Goto https://svwiki.cloudapp.net/simplesamlphp/admin/metadata-converter.php

  4. Add converted content to metadata/saml20-idp-remote.php.

In Azure AD register app

Name = svwiki Sign on url = https://svwiki.cloudapp.net/simplesamlphp/module.php/core/authenticate.php App id url = https://svwiki.cloudapp.net Reply url 1 = https://svwiki.cloudapp.net/simplesamlphp/module.php/saml/sp/saml2-acs.php/default-sp Reply url 2 = https://svwiki.cloudapp.net/simplesamlphp/module.php/core/authenticate.php

Test

Goto https://svwiki.cloudapp.net/simplesamlphp/module.php/core/authenticate.php to test sp

Response:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname	some
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname	one
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	someone@mememe.onmicrosoft.com
http://schemas.microsoft.com/identity/claims/tenantid	b32e24cb-f139-4db7-bf8b-af9fe64d1bf2
http://schemas.microsoft.com/identity/claims/objectidentifier	ecc50ca8-0864-4252-80c2-870164463743
http://schemas.microsoft.com/identity/claims/identityprovider	https://sts.windows.net/b32e24cb-f139-4db7-bf8b-af9fe64d1bf2/
groups	

    users
    members
@rendhon07

This comment has been minimized.

Copy link

@rendhon07 rendhon07 commented May 23, 2015

am i only one here?

@back-2-95

This comment has been minimized.

Copy link

@back-2-95 back-2-95 commented May 28, 2015

No, your not. This actually helped me to get it working =)

@rendhon07

This comment has been minimized.

Copy link

@rendhon07 rendhon07 commented May 29, 2015

ooh thnx GOd.!! can you help me on how you did it bro from the start please.. 😄 . .thanx..!
where can i download the whole source code??

@varunchopraWB

This comment has been minimized.

@victorbush

This comment has been minimized.

Copy link

@victorbush victorbush commented Jan 30, 2016

@varunchopraWB

Use the metadata-converter.php on your own simplesamlphp installation.

This article is easier to follow:
https://www.lewisroberts.com/2015/09/05/single-sign-on-to-azure-ad-using-simplesamlphp/

@AndyNormore

This comment has been minimized.

Copy link

@AndyNormore AndyNormore commented Nov 30, 2016

I cam here from https://channel9.msdn.com/Blogs/Open/Using-SimpleSAML-to-authenticate-PHP-applications-with-Azure-AD

Who directs us to this page. Very complicated work to set this up! The hardest part I found is actually getting your file structure in place. So many ../../../../'s it's nuts! I couldn't get SimpleSAML to extract and run on my Windows WAMP machine. Worked perfectly on the staging server.

Big library of code to work with, good luck!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.