GlueBox Technology

Simple SAML PHP Notes

Regenerate  private key and certificate for SSO without opening an upstream support ticket

https://ssoservice.ITC.gluebox.com/dashboard/metadata/manager/resolvers

Build Key and Certs
SAML Entity ID: "https://tools.gluebox.com/saml"

openssl req -new -x509 -days 365 -nodes -out 2024_utilities_gluebox_saml.crt -keyout 2024_utilities_gluebox_saml.key -subj "/CN=utilities.gluebox.com"

-rw-r--r--. 1 root  root     1180 Nov 21 07:33 2024_utilities_gluebox_saml.crt
-rw-------. 1 root  root     1704 Nov 21 07:33 2024_utilities_gluebox_saml.key

openssl req -new -x509 -days 365 -nodes -out 2024_utilities_upenn_saml.crt -keyout 2024_utilities_upenn_saml.key -subj "/CN=utilities.collegehouses.upenn.edu"

simplesamlphp/config/
acl.php.dist
authsources.php.dist
config.php.dist


authsources.php                                                      
<?PHP // set entityID to primary live domain
$primary_domain = 'gluebox.com';
$entity_id = 'https://' . $primary_domain . '/simplesaml/module.php/saml/sp/metadata.php/default-sp';
$sp_name = 'default-sp';
$config = array(       // This is a authentication source which handles admin authentication.
       'admin' => array(
               // The default is to use core:AdminPassword, but it can be replaced with
               // any authentication source.
       'core:AdminPassword',
       ),
       // An authentication source which can authenticate against both SAML 2.0
       // and Shibboleth 1.3 IdPs.
       'default-sp' => array(
   'saml:SP',
               'privatekey' => $sp_name . '.pem',
               'certificate' => $sp_name . '.crt',
               'entityID' => $entity_id,
       'NameIDPolicy' => [],
               'idp' => 'https://idp.nkey.n.edu/idp/shibboleth',
               'discoURL' => NULL,
               'authproc' => array(
                       50 => array( // map attributes to names rather than numeric ids
                               'class' => 'core:AttributeMap', 'oid2name'
                       ),
                       60 => array( // replace colons in group names
                               'class'   => 'core:AttributeAlter',
                               'subject' => 'eduPersonEntitlement',
                               'pattern' => '/:/',
                               'replacement' => '.'
                       ),
               ),
       ),
);

vendor/simplesamlphp/simplesamlphp/cert/
mkdir -p vendor/simplesamlphp/simplesamlphp/cert
chmod 700 vendor/simplesamlphp/simplesamlphp/cert
chmod 600 vendor/simplesamlphp/simplesamlphp/cert/*_saml.*




 

Affiliated Site
gluebox.com