Versions Compared

Old Version 6

changes.mady.by.user Wenche Backman-Kamila

Saved on

compared with

New Version 7

changes.mady.by.user Wenche Backman-Kamila

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You should see an output like {"href":"./","http://letswifi.app/api#2": if the webserver is running OK internally. You should also be able to reach your server with a browser. Next, try to check the metadata with https://YOUR-ADDRESS/simplesamlphp/module.php/saml/sp/metadata.php/default-sp?output=xhtml. At this point, please obtain and install a server certificate for your web server. The configuration file is named letswifi-portal.conf.

...

In config.php you may need to change 'baseurlpath' from 'simplesaml/' to 'simplesamlphp/'. In /usr/share/letswifi-portal/etc/letswifi.conf.php the 'autoloadInclude' needs to be changed to point to the correct SimpleSAMLphp version. Please also comment out the 'idpList' value if present, it is not needed with federation metadata. Do a web server restart.. Do a web server restart.

Next, connect your SimpleSAMLphp to your federation. More extensive guidelines can be found here and here. In case you need certificates for signing and encryption, you can generate them with:

Code Block
openssl req -newkey rsa:3072 -new -x509 -days 3652 -nodes -out saml-geteduroam.crt -keyout saml-geteduroam.key

In /etc/simplesamlphp/authsources.php, under ’default-sp’, please insert the following


Code Block
'certificate' => '/PATH/TO/saml-geteduroam.crt',
'privatekey' => '/PATH/TO/saml-geteduroam.key',
'redirect.sign' => true,
'redirect.validate' => true,


You should see the changes in https://YOUR-ADDRESS/simplesamlphp/module.php/saml/sp/metadata.php/default-sp?output=xhtml. If needed, enable automatic metadata refresh, extensive guidelines can be found here. In the module section of /SIMPLESAMLPHP/config/config.php you need


Code Block
'module.enable' => [
         'cron' => true,
         'metarefresh' => true,
         'core' => true,
         'saml' => true
 ],


instead of 'exampleauth'.

Please copy the necessary templates with


Code Block
cp modules/cron/config-templates/*.php /etc/simplesamlphp/
cp modules/metarefresh/config-templates/*.php /etc/simplesamlphp/

From /modules/metarefresh/bin you can test with 

Code Block
./metarefresh.php -s https://PATH/TO/your-metadata.xml