New SimpleSAMLphp Documentation Site

I’m happy to announce that today we are launching a new documentation site for SimpleSAMLphp.

This page will also hold a future version of the simpleSAMLphp home page.

If you want to link to the documentation index of the latest stable release of simplesamlphp; use this link:

Most of the old documentation is linked correctly over to the new portal. If you encounter some links on rnd.feide.no that is not redirecting; let me know, and I’ll fix it.

Notice that documentation is now proper versioned; which means that you will be able to view all documents in revision 1.4, 1.5 and trunk, and easily switch between the revisions on a list on the upper right.

The search field is not yet working; we are waiting for google to index the new site. It should automatically start working in days or hours. We are using google custom search.

The new site should be snappy; I’m sorry for the inconvenience of the sluggish old site.

The new site is probably full of bugs; if you encounter some let me know.

The new site is automatically updated from subversion once an hour.

Identity Provider in a box

SurfNet has created a easy to setup virtual image of a SimpleSAMLphp Identity Provider, with a webbased UI configuration frontend.

arnes has a SimpleSAMLphp in a box solution as well (with eduroam support):

How to configure Shibboleth as VO Identity Provider of a VO Platform

  • $Id: gn3-switchvo-idp.txt 311 2010-02-24 10:56:35Z andreas $
  • Author: Lukas Hämmerle, SWITCH

This document describes how to configure a Shibboleth Identity Provider to be used as Virtual Organization Platform Identity Provider.

Setup

It is assumed the Shibboleth Identity Provider is fully deployed and that there is a MySQL? database on the same host as the IdP? (this is not required but will be assumed in the examples below). It might be necessary to install the jdbc drivers manually so that the Identity Provider can use them.

Prerequisites

It is assumed that there is a MySQL? database called "gmt" and therein a table called "GroupMembers". This table should contain at least the colums "uniqueID" and "group". A MySQL? user "gmtUser" identified by password "12345678" should have access to this t...

How to configure Shibboleth as VO SP

  • $Id: gn3-switchvo-sp.txt 311 2010-02-24 10:56:35Z andreas $
  • Author: Lukas Hämmerle, SWITCH

This document describes how to configure a Shibboleth Service Provider to be used as Virtual Organization Service Provider. In short, Simple(Attribute)Aggregation has to be configured.

Setup

It is assumed that there is a VO Platform consisting of a Shibboleth Identity Provider, an attribute storage (e.g. a database or LDAP server) and a VO administration interface (e.g. SWITCH Group Management Tool, Grouper, etc) to manage the membership of VO users.

Prerequisites

It is assumed that you have a fully working Shibboleth Service Provider configured for one or more federations. Configuring VO support while the Service Provider is not yet working in general, is not a good idea.

General procedure

Make sur...

Dynamic SAML

Dynamic SAML is an approach to completely distributed metadata management.

This draft is far from being completed. Consider it as a presentation of an idea. Feedback is welcome!

Requirements notation

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [[RFC2119][]].

Self-provisioning of SAML Metadata

A dynamic SAML enabled entity MUST have an EntityID equals to an URL where metadata for that entity can be obtained. Access to the URL should be unprotected and metadata should available for retrieval ...

SimpleSAMLphp Release Plan

  • Accepted Not yet started
  • Started Work in progress
  • Fixed Completed

Release 1.6 (February 2010)

Release 1.7 (May 2010)

Release 2.0 (Late 2010)

SimpleSAMLphp Dictionaries and Translation

  • Version: $Id: simplesamlphp-translation.txt 2206 2010-03-08 10:14:12Z andreassolberg $

SimpleSAMLphp supports multiple languages.

  • The SimpleSAMLphp Translation Portal
  • Language definition file
  • Translation file

How translated terms are referred from a template

Here is an example of how two terms are included in a template from dictionary files:

<h2><?php echo $this->t('{core:frontpage:about_header}'); ?></h2>
    <p><?php echo $this->t('{core:frontpage:about_text}'); ?></p>

In this example, two translated terms are included: about_header and about_text. Both these terms are found in a dictionary file named frontpage, inside the module named core.

Note: An imp...

HTML Table of Contents with PHP

Just in case you need a code sniplet to extract table of contents out of HTML:


function tocr(&$s, $level = 1) {
	$headersOnLevel = array();
	$previous = NULL;
	while(!empty($s) && $s[0][1] >= $level ) {

		if ($s[0][1] == $level) {
			$headersOnLevel[$s[0][2]] = NULL;
			array_shift($s);
		} else {
			$headersOnLevel[reset(array_reverse(array_keys($headersOnLevel)))] = tocr(&$s, $level+1);
		}

	}
	return $headersOnLevel;			
}

function tocprint($toc) {
	$html = '<ul>';
	foreach($toc AS $header => $children) {
		$html .= '<li>' . $header;		
		if (is_array($children)) $html .= tocprint($children);
		$html .= '</li>';
	}
	$html .= '</ul>';
	return $html;
}

function toc($html) {
	preg_match_all('|<h([1-6])[^>]*>(.*)</h[1-6]>|m', $html, $matches, PREG_SET_ORDER);	
	$toc = tocr($matches);
	return tocprint($toc);
}

Connecting to the Feide RnD SVN Repository using Versions

Click to add a repository:

Fill in this url:

  • https://svn.rnd.feide.no/docs/trunk/geant

and then type in your username and password from Feide OpenIdP. Your username on the short form, like ‘andreas’.

Then click on the GÉANT bookmark in the left pane, next click on the first line on the right pane, and then click Checkout button.

Find a suitable place for your work copy, in example inside your Documents folder:

And you now have a working work copy:

Now, you may add files, edit files.

  • To update others changes into your working copy: click Update.
  • To provide your changes back to the repository (for others): click Commit.

Proof of concept test report: Virtual Organizations with GMT integration

Goal

The goal was to find out if and to which extent the PoC would technically work in an interfederation environment with different implementations of SPs and IdPs.

Another point that we wanted to check was whether the PoC could also handle other attributes like the eduPersonPrincipalName instead of the swissEduPersonUnique attribute (only used in Switzerland) as shared identifier for the attribute query to the VO platform.

As described below, using eduPersonPrincipalName/swissEduPersonUnique/email as sharedID is only an intermediate step because the end goal should be to use the eduPersonTargetedID, which cannot yet be used as of today because there is one feature missing required...