Using php-saml-sp you can create your own services that are using SAML for authentication. This software only implements the Service Provider (SP) part. In order for this to function you need one or more Identity Providers (IdPs) to link to it. There are a number of other projects that implement a SAML SP, see Why for the reasons this project exists. You can also read about the supported features. In november 2020, a code audit was performed by Cure53. This project is currently used by some eduVPN servers as explained in this blog post.
Installation
The software is provided in the form of distribution packages. Currently we have packages for:
- Fedora
- 39
- 40
- 41
- Debian
- 11 (bullseye)
- 12 (bookworm)
- Ubuntu
- 20.04 LTS (focal)
- 22.04 LTS (jammy)
- 24.04 LTS (noble)
- Enterprise Linux
- Red Hat Enterprise Linux 9
- AlmaLinux 9
- Rocky Linux 9
Fedora / Enterprise Linux
Install the repository signing key:
$ sudo rpm --import https://repo.php-saml-sp.eu/fkooman+repo@tuxed.net.asc
Add the repository configuration:
$ cat << 'EOF' | sudo tee /etc/yum.repos.d/php-saml-sp_v2.repo [php-saml-sp_v2] name=Repository for php-saml-sp baseurl=https://repo.php-saml-sp.eu/v2/rpm/fedora-$releasever-$basearch gpgcheck=1 enabled=1 EOF
For Enterprise Linux:
$ cat << 'EOF' | sudo tee /etc/yum.repos.d/php-saml-sp_v2.repo [php-saml-sp_v2] name=Repository for php-saml-sp baseurl=https://repo.php-saml-sp.eu/v2/rpm/alma+epel-9-$basearch gpgcheck=1 enabled=1 EOF
For Rocky Linux 9 you can replace
alma+epel-9-$basearch
with rocky+epel-9-$basearch
in baseurl
.
After this, follow the installation instructions for Fedora
here, or on your system in /usr/share/doc/php-saml-sp/README.rpm.md
.
Debian / Ubuntu
Install the repository signing key:
$ curl -s https://repo.php-saml-sp.eu/v2/deb/fkooman+repo@tuxed.net.gpg | sudo tee /usr/share/keyrings/fkooman+repo@tuxed.net.gpg >/dev/null
Add the repository configuration:
$ echo "deb [signed-by=/usr/share/keyrings/fkooman+repo@tuxed.net.gpg] https://repo.php-saml-sp.eu/v2/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/php-saml-sp_v2.list >/dev/null
After this, follow the installation instructions for Debian / Ubuntu
here, or on your system in /usr/share/doc/php-saml-sp/README.Debian
.
Configuration
All configuration takes place under the /etc/php-saml-sp
directory. You can modify the config.php
file in this directory. See the examples and comments in this file for more information. The original template can be found here in case you already made some modifications.
We have additional documentation on how to configure the metadata of the IdPs you want to give access. See the Metadata documentation for more information.
API
Check out the API documentation on how to use php-saml-sp from your application.
Contact
Options to contact me can be found here.