Skip to content

Instantly share code, notes, and snippets.

@sverhoeven
Created June 24, 2014 10:23
Show Gist options
  • Save sverhoeven/e1b0c52a6f76359cd89f to your computer and use it in GitHub Desktop.
Save sverhoeven/e1b0c52a6f76359cd89f to your computer and use it in GitHub Desktop.
azure ad as idp + simplesamlphp as sp

Create sp in simplesamlphp

  1. Add SP to authsources.php

     'default-sp' => array(
             'saml:SP',
             'entityID' => 'https://svwiki.cloudapp.net',
             'discoURL' => NULL,
             'privatekey' => 'saml.pem',
             'certificate' => 'saml.crt',
             'idp' => 'https://sts.windows.net/b32e24cb-f139-4db7-bf8b-af9fe64d1bf2/',
             'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
             'simplesaml.nameidattribute' => 'eduPersonTargetedID',
     ),
    
  2. Goto AD application page and click View endpoints a download metadata to clipboard 2.1. Copy to clipboard https://login.windows.net/b32e24cb-f139-4db7-bf8b-af9fe64d1bf2/federationmetadata/2007-06/federationmetadata.xml

  3. Goto https://svwiki.cloudapp.net/simplesamlphp/admin/metadata-converter.php

  4. Add converted content to metadata/saml20-idp-remote.php.

In Azure AD register app

Name = svwiki Sign on url = https://svwiki.cloudapp.net/simplesamlphp/module.php/core/authenticate.php App id url = https://svwiki.cloudapp.net Reply url 1 = https://svwiki.cloudapp.net/simplesamlphp/module.php/saml/sp/saml2-acs.php/default-sp Reply url 2 = https://svwiki.cloudapp.net/simplesamlphp/module.php/core/authenticate.php

Test

Goto https://svwiki.cloudapp.net/simplesamlphp/module.php/core/authenticate.php to test sp

Response:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname	some
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname	one
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	[email protected]
http://schemas.microsoft.com/identity/claims/tenantid	b32e24cb-f139-4db7-bf8b-af9fe64d1bf2
http://schemas.microsoft.com/identity/claims/objectidentifier	ecc50ca8-0864-4252-80c2-870164463743
http://schemas.microsoft.com/identity/claims/identityprovider	https://sts.windows.net/b32e24cb-f139-4db7-bf8b-af9fe64d1bf2/
groups	

    users
    members
@simouel
Copy link

simouel commented Mar 7, 2023

I've recently created a new application in azure. Now you need to set an entityId (in an URL form). The metadata URL now contains a ?appid= query string. Hope it saves you some troubles.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment