Overview

The IdentityProvider componentis  based on SimpleSamlPHP making use of the exampleAuth module that uses a static json file which describes the users, credentials and attributes.

An ansible script, based on https://github.com/surfnet-niels/simplesaml-idp, is used to handle the configuration inside the docker container.

The overall setup is part of the inacademia-dev repository: https://github.com/surfnet-niels/inacademia-dev/tree/master/ssp-idp

Directory structure

ssp-idp
   - config/
     - ansible
       - idp.yml
       - inventory
     - metadata/
       - saml20-idp-hosted.php
       - saml20-idp-remote.php
       - saml20-sp-remote.php
   - Dockerfile
   - build_ssp-idp.sh
   - run_ssp-idp.sh

The Dockerfile is the basis for the docker to be build. The build_ssp-idp.sh and run_ssp-idp.sh scripts will build and run the docker image respectively. The run_ssp-idp.sh script will test if the image exists, and if not, try to build it before running it.

In the config directory 2 subdirectories exist. The files in the ansible directory are copied into the contained just before the ansible deploy script is run. The inventory file sets the deploy target to be the localhost. The idp.yml contains basic configuration data for the IdP. Typically neither of these files need changes for a deploy.
The metadata directory contains the SAML metadata that the IdP needs to be able to talk to the SPs involved, in this case the InAcademia SaToSa based proxy.

Docker file

The docker file is completely self contained, so it will build the IdP based on the condig and by pulling relevant repositories if needed

FROM ubuntu:16.04

EXPOSE 443

RUN apt -y update && apt -y full-upgrade && apt -y autoremove && apt install -y sudo dnsutils git software-properties-common
RUN apt-add-repository -y ppa:ansible/ansible && apt install -y ansible

RUN git clone https://github.com/surfnet-niels/simplesaml-idp.git /tmp/ansible/simplesaml-idp
COPY config/ansible/inventory /tmp/ansible/simplesaml-idp/
COPY config/ansible/idp.yml /tmp/ansible/simplesaml-idp/group_vars/

RUN  ansible-playbook -i /tmp/ansible/simplesaml-idp/inventory /tmp/ansible/simplesaml-idp/simplesaml-idp.yml


COPY config/metadata /var/www/simplesamlphp/metadata 

ENTRYPOINT service apache2 start && /bin/bash

Now run the run script to build and run our docker based IdP

Using the IdP

Assuming your deploy went withput errors It should now have available trough: https://idp.inacademia.local/ and a login screen should be awaiting you

You can login with admin and the default password is "inac2play" as configured in the idp.yml file

To test the IdP itself is working you can now use the test authsources feature of simplesamlphp as is shown in the subsquent screens

Use one of the default users to login, e.g. "student1" with password "student1"

Success, you now have a working SAML2 IdP.


  • No labels