SAML Server: Difference between revisions
Content added Content deleted
m (m) |
(→How to create a SAML server for Lab Testing: added NS) |
||
Line 1: | Line 1: | ||
[[Category:Lab]] |
[[Category:Lab]] |
||
= |
= Creating SAML Server = |
||
Source: [https://www.helloitsliam.com/2014/12/23/install-configure-and-test-simplesamlphp-for-authentication-testing/ helloitsliam.com],[https://support.citrix.com/article/CTX200271 support.citrix.com], [https://simplesamlphp.org/docs/stable/simplesamlphp-idp simplesamlphp.org], [https://www.citrix.com/blogs/2012/08/24/174193098/ citrix.com] |
Source: [https://www.helloitsliam.com/2014/12/23/install-configure-and-test-simplesamlphp-for-authentication-testing/ helloitsliam.com],[https://support.citrix.com/article/CTX200271 support.citrix.com], [https://simplesamlphp.org/docs/stable/simplesamlphp-idp simplesamlphp.org], [https://www.citrix.com/blogs/2012/08/24/174193098/ citrix.com] |
||
Line 59: | Line 59: | ||
*Now the page should be available over https: |
*Now the page should be available over https: |
||
https://<ip-address-of-server>/simplesamlphp |
https://<ip-address-of-server>/simplesamlphp |
||
= Integrating with SAML Server = |
|||
You need to have a [[SAML Server]] to achieve below setups: |
|||
== NetScaler as SP == |
|||
10.107.88.70 SAML Server saml.testlab.com |
|||
10.107.88.69 Netscaler VIP aaavip.testlab.com |
|||
10.107.88.79 Netscaler SNIP samlvip.testlab.com |
|||
10.107.88.93 Backend Server |
|||
10.107.88.80 LDAP Server |
|||
== NetScaler as IDP == |
|||
{{UC}} |
|||
Revision as of 18:13, 15 April 2017
Creating SAML Server
Source: helloitsliam.com,support.citrix.com, simplesamlphp.org, citrix.com
- Prerequisites:
Ubuntu Server - VM or Physical box Internet connectivity
- Update Ubuntu
sudo apt-get update sudo apt-get upgrade
- Install PHP, Apache2 & related libraries:
sudo apt-get install php7.0 apache2 php7.0-mcrypt php7.0-ldap php7.0-mysql libapache2-mod-php7.0 php-xml
- Installing SimpleSAMLphp binaries:
cd /var sudo wget https://github.com/simplesamlphp/simplesamlphp/releases/download/v1.14.12/simplesamlphp-1.14.12.tar.gz sudo tar zxf simplesamlphp-1.14.12.tar.gz cd simplesamlphp-1.14.12/ sudo mv simplesamlphp-1.14.12 simplesamlphp sudo rm -f simplesamlphp-1.14.12.tar.gz cd simplesamlphp/
- Configuring SimpleSAML php:
sudo nano /var/simplesamlphp/config/config.php sudo nano /var/simplesamlphp/config/authsources.php sudo nano /var/simplesamlphp/metadata/saml20-idp-hosted.php sudo nano /var/simplesamlphp/metadata/saml20-sp-remote.php
- Pointing Apache to SimpleSAMLphp
sudo nano /etc/apache2/sites-available/000-default.conf
- Now check if application is accessible over HTTP:
http://<ip-address-of-server>/simplesamlphp
- Enabling Secure (read SSL) access:
cd /etc/apache2/ sudo mkdir ssl
sudo openssl genrsa -des3 -out Certificate.key 4096 sudo openssl rsa -in Certificate.key -out Certificate.pem sudo openssl req -new -key Certificate.key -out Certificate.csr sudo openssl x509 -req -days 9999 -in Certificate.csr -signkey Certificate.key -out Certificate.crt
sudo a2enmod ssl sudo service apache2 restart
sudo nano /etc/apache2/sites-available/000-default.conf sudo a2ensite ssl sudo a2enmod ssl sudo service apache2 restart
sudo phpenmod mcrypt sudo service apache2 restart
- Now the page should be available over https:
https://<ip-address-of-server>/simplesamlphp
Integrating with SAML Server
You need to have a SAML Server to achieve below setups:
NetScaler as SP
10.107.88.70 SAML Server saml.testlab.com 10.107.88.69 Netscaler VIP aaavip.testlab.com 10.107.88.79 Netscaler SNIP samlvip.testlab.com 10.107.88.93 Backend Server 10.107.88.80 LDAP Server
NetScaler as IDP
This section is under construction. |
- References
{{#widget:DISQUS
|id=networkm
|uniqid=SAML Server
|url=https://aman.awiki.org/wiki/SAML_Server
}}