I'm having some difficulties to configure SimpleSamlPhp with ADFS.
Here is the procedure that I have followed:
SimpleSAML is installed and configured on my web server Apache (example.com) and ADFS2 is installed on your federation server (myadfs).
- Open a browser and go to URL
https://myadfs/Federationmetadata/2007-06/FederationMetadata.xml
- Save as
FederationMetadata.xml
. - Open a browser and go to
https://example.com/simplesaml
- Select Federation tab
- Click on Convert XML Metadata to simpleSAML.php
- Paste the content of the previous file (FederationMetadata.xml)
- Click on Analyse
- On saml20-idp-remote section, select all text and copy it
- Edit the file
<document_root>/simplesamlphp/metadata/saml20-idp-remote.php
(save a copy likesaml20-idp-remote.bak
) - Delete all text between
<?php … ?>
(keep the<?php
and?>
) - Paste the previous selected text between
<?php
and?>
- Under
entityid
line, add following line:'sign.logout' => TRUE,
Save
saml20-idp-remote.php
-
Edit the file
<document_root>/simplesamlphp/config/ authsources.php
. In the $config array add an entry like'myauth' => array( 'saml:SP', 'idp' => 'http://www.myadfs.com/adfs/services/trust', 'privatekey' => '001-mysite.key', 'certificate' => '001-mysite.crt', ),
Then I sent my Metadata to my network administrator for him to authorize my connection.
Unfortunately when I try to connect I directly get the ADFS error without being able to input my credentials.
My Network Administrator told me that the error was the following:
The data at the root level is invalid. Line 1, position 1.
Apparently he cannot read the certificate on a windows server but we have successfully installed Wordpress SSO on Microsoft Azure using a plugin that use this exact same PHP Plugin and it has been working fine.
Does someone have any idea how to fix it? Thanks!