SimpleSAMLphp / quick&ez

Background: For about 5 years at my place of work we have used a software called SimpleSAMLphp to help offer identity solutions to TVE (TV Everywhere) customers. In essence I have been one of a team of 20th century cable people.

This software, in it’s current version has been heavily customized to offer quick deployment solutions for new customers. All I can say is that it’s awesome running an Identity Stack with 50+ IdPs and 5000+ SPs.

I decided to see how quick I could set up a SAML SP -> IdP relationship between two Centos 7 Virtual Computers:

2 hosts, sspsp ( and sspidp (

Minimal install, static IPs and DNS set on OS installation

yum update
systemctl stop firewalld
systemctl disable firewalld
/etc/sysconfig/selinux, SELINUX=permissive
yum install httpd mod_ssl
systemctl start httpd
systemctl enable httpd
shutdown -r now

Install PHP7+ on Centos 7 following

sudo yum install epel-release yum-utils
sudo yum install
sudo yum-config-manager --enable remi-php73
sudo yum install php php-common php-opcache php-mcrypt php-cli php-gd php-curl php-mysqlnd
shutdown -r now


echo -e "<?php\nphpinfo();" > /var/www/html/index.php

Install SimpleSAMLphp from tars on

yum install wget
wget ''
mv download\?latest simplesamlphp-1.19.0-rc1.tar.gz
tar -xzf simplesamlphp-1.19.0-rc1.tar.gz
mv simplesamlphp-1.19.0-rc1 /var/www/html/simplesamlphp
chown -R apache:apache /var/www/html/simplesamlphp

vi /etc/httpd/conf.d/ssl.conf
DocumentRoot "/var/www/html/simplesamlphp/www"

vi /var/www/html/simplesamlphp/config/config.php
'baseurlpath' => '',
'secretsalt' => 'salt',
'auth.adminpassword' => 'admin',
'enable.saml20-idp' => true,

yum install php-xml php-ldap php-pecl-memcache
systemctl restart httpd

Set up Identity Provider on

cd /var/www/html/simplesamlphp/cert
openssl req -newkey rsa:3072 -new -x509 -days 3652 -nodes -out saml-idp.crt -keyout saml-idp.pem
cd /var/www/html/simplesamlphp/metadata

vi saml20-idp-hosted.php
$metadata[''] = [
        'auth' => 'blankPage',
        'certificate' => 'saml-idp.crt',
        'privatekey' => 'saml-idp.pem',
        'name' => 'blankPage-on-77',
        'entityid' => '',
        'host' => '',

cd /var/www/html/simplesamlphp/config

vi authsources.php
    'blankPage' => [

Additionally with the Identity Provider I installed my simplesamlphp-modules-blank module so I can just pass-through back to the SP.

Set up Service Provider on

cd /var/www/html/simplesamlphp/cert
openssl req -newkey rsa:3072 -new -x509 -days 3652 -nodes -out saml-sp.crt -keyout saml-sp.pem

vi /var/www/html/simplesamlphp/config/authsources.php
    'seventysix' => [
      'idp' => null,
      'name' => [ 'en' => ' SAML' ],
      'privatekey' => 'saml-sp.pem',
      'certificate' => 'saml-sp.crt',

Now, we do the metadata exchange!

Add IdP Metadata from to SP’s metadata/saml20-idp-remote.php and change ‘idp’ => ‘’,

Add SP Metadata from to IdPs metadata/saml20-sp-remote.php.

And now I test:


Leave a Reply