php-saml-sp

Simple and Secure SAML Service Provider

Using php-saml-sp you can create your own services that are using SAML for authentication. This software only implements the Service Provider (SP) part. In order for this to function you need one or more Identity Providers (IdPs) to link to it. There are a number of other projects that implement a SAML SP, see Why for the reasons this project exists. You can also read about the supported features. In november 2020, a code audit was performed by Cure53. This project is currently used by some eduVPN servers as explained in this blog post.

Installation

The software is provided in the form of distribution packages. Currently we have packages for:

Fedora / Enterprise Linux

Install the repository signing key:

$ sudo rpm --import https://repo.php-saml-sp.eu/fkooman+repo@tuxed.net.asc

Add the repository configuration:

$ cat << 'EOF' | sudo tee /etc/yum.repos.d/php-saml-sp_v2.repo
[php-saml-sp_v2]
name=Repository for php-saml-sp
baseurl=https://repo.php-saml-sp.eu/v2/rpm/fedora-$releasever-$basearch
gpgcheck=1
enabled=1
EOF

For Enterprise Linux:

$ cat << 'EOF' | sudo tee /etc/yum.repos.d/php-saml-sp_v2.repo
[php-saml-sp_v2]
name=Repository for php-saml-sp
baseurl=https://repo.php-saml-sp.eu/v2/rpm/alma+epel-9-$basearch
gpgcheck=1
enabled=1
EOF

For Rocky Linux 9 you can replace alma+epel-9-$basearch with rocky+epel-9-$basearch in baseurl.

After this, follow the installation instructions for Fedora here, or on your system in /usr/share/doc/php-saml-sp/README.rpm.md.

Debian / Ubuntu

Install the repository signing key:

$ curl -s https://repo.php-saml-sp.eu/v2/deb/fkooman+repo@tuxed.net.gpg | sudo tee /usr/share/keyrings/fkooman+repo@tuxed.net.gpg >/dev/null

Add the repository configuration:

$ echo "deb [signed-by=/usr/share/keyrings/fkooman+repo@tuxed.net.gpg] https://repo.php-saml-sp.eu/v2/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/php-saml-sp_v2.list >/dev/null

After this, follow the installation instructions for Debian / Ubuntu here, or on your system in /usr/share/doc/php-saml-sp/README.Debian.

Configuration

All configuration takes place under the /etc/php-saml-sp directory. You can modify the config.php file in this directory. See the examples and comments in this file for more information. The original template can be found here in case you already made some modifications.

We have additional documentation on how to configure the metadata of the IdPs you want to give access. See the Metadata documentation for more information.

API

Check out the API documentation on how to use php-saml-sp from your application.

Contact

Options to contact me can be found here.