php-saml-sp

Simple and Secure SAML Service Provider

Using php-saml-sp you can create your own services that are using SAML for authentication. This software only implements the Service Provider (SP) part. In order for this to function you need one or more Identity Providers (IdPs) to link to it. There are a number of other projects that implement a SAML SP, see Why for the reasons this project exists. You can also read about the supported features. In november 2020, a code audit was performed by Cure53. This project is currently used by some eduVPN servers as explained in this blog post.

Installation

The software is provided in the form of distribution packages. Currently we have packages for CentOS 7, all supported releases of Fedora and Debian >= 9.

CentOS / Fedora

Install the PGP key and enable the repository as shown below. After that, follow the installation instructions for CentOS and Fedora here.

Import the PGP key that is used to sign the RPM packages:

$ sudo rpm --import https://repo.php-saml-sp.eu/fkooman+repo@tuxed.net.asc

Next, add the repository configuration to your system.

CentOS

cat << 'EOF' | sudo tee /etc/yum.repos.d/php-saml-sp.repo
[php-saml-sp]
name=Repository for php-saml-sp
baseurl=https://repo.php-saml-sp.eu/v1/rpm/epel-7-$basearch
gpgcheck=1
enabled=1
EOF

Fedora

cat << 'EOF' | sudo tee /etc/yum.repos.d/php-saml-sp.repo
[php-saml-sp]
name=Repository for php-saml-sp
baseurl=https://repo.php-saml-sp.eu/v1/rpm/fedora-$releasever-$basearch
gpgcheck=1
enabled=1
EOF

Debian

TBD.

Configuration

All configuration takes place under the /etc/php-saml-sp directory. You can modify the config.php file in this directory. See the examples and comments in this file for more information. The original template can be found here in case you already made some modifications.

We have additional documentation on how to configure the metadata of the IdPs you want to give access. See the Metadata documentation for more information.

API

Check out the API documentation on how to use php-saml-sp from your application.