-
Add SP to
authsources.php
'default-sp' => array( 'saml:SP', 'entityID' => 'https://svwiki.cloudapp.net', 'discoURL' => NULL, 'privatekey' => 'saml.pem', 'certificate' => 'saml.crt', 'idp' => 'https://sts.windows.net/b32e24cb-f139-4db7-bf8b-af9fe64d1bf2/', 'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', 'simplesaml.nameidattribute' => 'eduPersonTargetedID', ),
-
Goto AD application page and click
View endpoints
a download metadata to clipboard 2.1. Copy to clipboard https://login.windows.net/b32e24cb-f139-4db7-bf8b-af9fe64d1bf2/federationmetadata/2007-06/federationmetadata.xml -
Goto https://svwiki.cloudapp.net/simplesamlphp/admin/metadata-converter.php
-
Add converted content to
metadata/saml20-idp-remote.php
.
Name = svwiki Sign on url = https://svwiki.cloudapp.net/simplesamlphp/module.php/core/authenticate.php App id url = https://svwiki.cloudapp.net Reply url 1 = https://svwiki.cloudapp.net/simplesamlphp/module.php/saml/sp/saml2-acs.php/default-sp Reply url 2 = https://svwiki.cloudapp.net/simplesamlphp/module.php/core/authenticate.php
Goto https://svwiki.cloudapp.net/simplesamlphp/module.php/core/authenticate.php to test sp
Response:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname some
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname one
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name [email protected]
http://schemas.microsoft.com/identity/claims/tenantid b32e24cb-f139-4db7-bf8b-af9fe64d1bf2
http://schemas.microsoft.com/identity/claims/objectidentifier ecc50ca8-0864-4252-80c2-870164463743
http://schemas.microsoft.com/identity/claims/identityprovider https://sts.windows.net/b32e24cb-f139-4db7-bf8b-af9fe64d1bf2/
groups
users
members
@varunchopraWB
Use the metadata-converter.php on your own simplesamlphp installation.
This article is easier to follow:
https://www.lewisroberts.com/2015/09/05/single-sign-on-to-azure-ad-using-simplesamlphp/