Skip to content

Instantly share code, notes, and snippets.

@sverhoeven

sverhoeven/README.md

Created June 24, 2014 10:23
Show Gist options
  • Star 10 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save sverhoeven/e1b0c52a6f76359cd89f to your computer and use it in GitHub Desktop.
Save sverhoeven/e1b0c52a6f76359cd89f to your computer and use it in GitHub Desktop.
Download ZIP
azure ad as idp + simplesamlphp as sp
Raw
README.md

Create sp in simplesamlphp

  1. Add SP to authsources.php

     'default-sp' => array(
         'saml:SP',
         'entityID' => 'https://svwiki.cloudapp.net',
         'discoURL' => NULL,
         'privatekey' => 'saml.pem',
         'certificate' => 'saml.crt',
         'idp' => 'https://sts.windows.net/b32e24cb-f139-4db7-bf8b-af9fe64d1bf2/',
         'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
         'simplesaml.nameidattribute' => 'eduPersonTargetedID',
 ),

  2. Goto AD application page and click View endpoints a download metadata to clipboard 2.1. Copy to clipboard https://login.windows.net/b32e24cb-f139-4db7-bf8b-af9fe64d1bf2/federationmetadata/2007-06/federationmetadata.xml

  3. Goto https://svwiki.cloudapp.net/simplesamlphp/admin/metadata-converter.php

  4. Add converted content to metadata/saml20-idp-remote.php.

In Azure AD register app

Name = svwiki Sign on url = https://svwiki.cloudapp.net/simplesamlphp/module.php/core/authenticate.php App id url = https://svwiki.cloudapp.net Reply url 1 = https://svwiki.cloudapp.net/simplesamlphp/module.php/saml/sp/saml2-acs.php/default-sp Reply url 2 = https://svwiki.cloudapp.net/simplesamlphp/module.php/core/authenticate.php

Test

Goto https://svwiki.cloudapp.net/simplesamlphp/module.php/core/authenticate.php to test sp

Response:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname	some
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname	one
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	someone@mememe.onmicrosoft.com
http://schemas.microsoft.com/identity/claims/tenantid	b32e24cb-f139-4db7-bf8b-af9fe64d1bf2
http://schemas.microsoft.com/identity/claims/objectidentifier	ecc50ca8-0864-4252-80c2-870164463743
http://schemas.microsoft.com/identity/claims/identityprovider	https://sts.windows.net/b32e24cb-f139-4db7-bf8b-af9fe64d1bf2/
groups	

    users
    members
@rendhon07
Copy link

am i only one here?

@back-2-95
Copy link

No, your not. This actually helped me to get it working =)

@rendhon07
Copy link

ooh thnx GOd.!! can you help me on how you did it bro from the start please.. 😄 . .thanx..!
where can i download the whole source code??

@varunchopraWB
Copy link

https://svwiki.cloudapp.net/simplesamlphp/admin/metadata-converter.php Does not seem to work?

@victorbush
Copy link

@varunchopraWB

Use the metadata-converter.php on your own simplesamlphp installation.

This article is easier to follow:
https://www.lewisroberts.com/2015/09/05/single-sign-on-to-azure-ad-using-simplesamlphp/

@advancedsoftwarecanada
Copy link

I cam here from https://channel9.msdn.com/Blogs/Open/Using-SimpleSAML-to-authenticate-PHP-applications-with-Azure-AD

Who directs us to this page. Very complicated work to set this up! The hardest part I found is actually getting your file structure in place. So many ../../../../'s it's nuts! I couldn't get SimpleSAML to extract and run on my Windows WAMP machine. Worked perfectly on the staging server.

Big library of code to work with, good luck!

@iamCristYe
Copy link

in 2020 you can simply use https://github.com/cirrusidentity/simplesamlphp-module-authoauth2 and https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app and you're good to go!

@simouel
Copy link

simouel commented Mar 7, 2023
edited

I've recently created a new application in azure. Now you need to set an entityId (in an URL form). The metadata URL now contains a ?appid= query string. Hope it saves you some troubles.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment