A module that implements the WS-federation IDP

Installs: 5 285 400

Dependents: 4

Suggesters: 0

Security: 0

Stars: 5

Watchers: 7

Forks: 5

Open Issues: 1


v2.1.4 2024-04-30 19:34 UTC


Build Status Scrutinizer Code Quality Coverage Status Type coverage


Install with composer

    vendor/bin/composer require simplesamlphp/simplesamlphp-module-adfs


Next thing you need to do is to enable the module: in config.php, search for the module.enable key and set adfs to true:

    'module.enable' => [
         'adfs' => true,

View samples in metadata-templates for defining your idp and any relying parties/sps.

Tips for admins new to WS-Fed

  • A realm is similar to an entityId from SAML. adfs-sp-remote.php metadata array is based on realm. An IP STS is similar to an IdP.

  • Some WS-Fed Relying Party applications want the assertion lifetime to be longer than the application's session lifetime. If not, the application will send the user to the IdP to login again, hoping for a longer lived assertion. SSP's default assertion lifetime is 5 minutes while SharePoint, by default, wants 10 minutes. Use the assertion.lifetime in adfs-sp-remote.php to set the time greater than that set in SharePoint (which can be configured by adjusting LogonTokenCacheExpirationWindow)