2017 Technology Exchange

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Establishing an IdP Proxy Service with SimpleSAMLphp Tutorial (Separate registration required)

Time 10/15/17 01:00PM-05:00PM

Room Pacific I

Session Abstract


Both Cirrus Identity and Unicon have significant experience with using SimpleSAMLphp as an IdP Proxy service. Cirrus' Social to SAML and other services are built on top of it, and Unicon has not only helped a number of clients setup SimpleSAMLphp-based IdP Proxy services for a variety of use cases, but also runs such an IdP Proxy for a client that ties many campuses to services such as HBO GO. Both companies have helped educate folks on IdP

Unicon has a Docker image with a deployed SimpleSAMLphp which will be used as a base for attendees to do hands-on work. The agenda would include:

- Overview of what a Proxy is

- Overview of SimpleSAML and why it works well in that Proxy role

- Basic installation of Simple SAML
- and how you install extensions/none standard modules

- Basic config overview of SimpleSAML and its config layout/"pieces"

- Metadata support, and what all can be controlled thru metadata and the "PHP form of metadata extended settings" that SimpleSAML has

- A brief look at the Admin GUI

- General process for extending it yourself

- Taking MultiAuth and creating a new module for your own auth module
(that's been the model for the deployments I've been involved with)

- Configuring against multiple, even "mixed" (protocol) sources

- the ?source= argument which creates "virtual SSO endpoints"

- UI/templates etc. We've added a Splash page to one deployment, added our own discovery (search box, lookahead, Ajax approach), etc.

- Extensions/modules for leveraging OpenID Connect, OAuth, etc. identity providers (e.g Google, Facebook, etc.)


Speaker Michael Grady Unicon, Inc.

Speaker Patrick Radtke Stanford University

Primary track Trust and Identity

Secondary tracks Information Security

gold Sponsors

bronze Sponsors