Using php-saml-sp you can create your own services that are using SAML for authentication. This software only implements the Service Provider (SP) part. In order for this to function you need one or more Identity Providers (IdPs) to link to it. There are a number of other projects that implement a SAML SP, see Why for the reasons this project exists. You can also read about the supported features. In november 2020, a code audit was performed by Cure53. This project is currently used by some eduVPN servers as explained in this blog post.
The software is provided in the form of distribution packages. Currently we have packages for CentOS 7, all supported releases of Fedora and Debian >= 9.
CentOS / Fedora
Install the PGP key and enable the repository as shown below. After that, follow the installation instructions for CentOS and Fedora here.
Import the PGP key that is used to sign the RPM packages:
$ sudo rpm --import https://email@example.com
Next, add the repository configuration to your system.
cat << 'EOF' | sudo tee /etc/yum.repos.d/php-saml-sp.repo [php-saml-sp] name=Repository for php-saml-sp baseurl=https://repo.php-saml-sp.eu/v1/rpm/epel-7-$basearch gpgcheck=1 enabled=1 EOF
cat << 'EOF' | sudo tee /etc/yum.repos.d/php-saml-sp.repo [php-saml-sp] name=Repository for php-saml-sp baseurl=https://repo.php-saml-sp.eu/v1/rpm/fedora-$releasever-$basearch gpgcheck=1 enabled=1 EOF
All configuration takes place under the
/etc/php-saml-sp directory. You can modify the
config.php file in this directory. See the examples and comments in this file for more information. The original template can be found here in case you already made some modifications.
We have additional documentation on how to configure the metadata of the IdPs you want to give access. See the Metadata documentation for more information.
Check out the API documentation on how to use php-saml-sp from your application.