SimpleSAML 2 . 0 local

Introduction

Once installed SAML Single Sign-On following the official documentation, we can use these steps to configure a local authentication.

Important: this local authentication is for testing purposes only, it is never recommended for use in production environments and it is recommended to revert step 1 and step 2 changes before moving to production.

Step 1: enabling exampleauth

The following configuration file is opened with your favorite text editor:

/opt/simplesamlphp/config/config.php

Find the block module.enable, then exampleauth, whose default value is false and change it to true.

Save and exit.

Step 2: creation of local authentication source

With your favorite text editor open the file:

/opt/simplesamlphp/config/authsources.php

A block must be created for the new authentication source, the easiest way is to create it just before the default-sp:

With a block similar to the following:

/opt/simplesamlphp/config/authsources.php

    // Example local authentication source  
    'example-pandora' => [
        'exampleauth:UserPass',
        'user:password' => [
            'uid' => ['user'],
            'mail' => ['[email protected]'],
            'givenName' => ['User One'],
            'Group' => ['All'],
            'Role' => ['admins'],
        ],
        'user2:password2' => [
            'uid' => ['user2'],
            'mail' => ['[email protected]'],
            'givenName' => ['User Two'],
            'Group' => ['network'],
            'Role' => ['operators'],
        ],
    ],

The result should be similar to:

The auth source named example-pandora contains 2 users:

user with the password password and user2 with the password password2.
Each user has a number of attributes such as uid, mail, givenName, Group and Role.
These attributes are defined in the array so you can change or add more attributes in order to perform further authentication tests.

Step 3: local authentication check

It is accessed through the URL https://pandora.local/simplesamlphp/admin/ (you must change pandora.local for the URL of the PFMS Web Console).

It must be accessed with HTTPS, as HTTP will fail authentication.

Enter the credentials for the admin user previously configured in SAML.

Click on the test tab which will display the new authentication source (example-pandora):

Click on example-pandora and it will ask for username and password, check with one of those defined in step 2 (shown for user):

Observe in Your attributes and compare with all the defined attributes, with this you can check that authentication using SAML works correctly and you can configure in Pandora FMS.