cesnet/simplesamlphp-module-campususerpass

Use ECP to connect another identity provider as auth source

Maintainers

Details

gitlab.ics.muni.cz/perun/perun-proxyidp/simplesamlphp-module-campususerpass.git

Installs: 1 323

Dependents: 0

Suggesters: 0

Security: 0

Type:simplesamlphp-module

v2.0.0 2022-11-07 10:06 UTC

Requires

BSD-3-Clause 97a7600690cc910ce09837771bc2ea353c3ec8c7

  • Perun proxy AAI team <proxyidp.woop@cesnet.cz>

simplesamlphp

This package is auto-updated.

Last update: 2024-04-09 14:12:09 UTC

README

This module extends authsourceSimpleSAML\Module\core\Auth\UserPassBase. Thanks to this module, you can use ECP to log in the user. To achieve this, you just need to configure the authsource.

Authsources configuration

First, you need to define and configure the authsource in authsources.php file. An example configuration is shown below:

'campus-userpass' => [
    'campusUserPass:ECPAuth',

    'sp' => 'default-sp',
    'ecpIdpUrl' => 'https://ucn.id.muni.cz/ms-ucnmuni/saml2/idp/SSOService.php',
    'expectedIssuer' => 'https://ics.id.muni.cz/ms-ucnmuni/idp'
],

Let's look at the configuration options:

campusUserPass:ECPAuth defines which module and authentication source to use.

sp is an authsource with defined SP. It's needed to do the ECP request.

ecpIdpUrl is an ECP endpoint we want to call.

expectedIssuer is an expected issuer in the ECP response.

Of course, you also need to define sp authsource (default-sp in our case). When the configuration is done, the next step is to open saml20-idp-hosted.php file and set your authsource (campus-userpass in this example) as an authentication source (auth option).