Installs and configures a SimpleSAMLphp Service Provider.
- Debian / Ubuntu and derivatives
- Chef 12.5+
These attributes need to be populated:
simplesamlphp['idp']['metadata']['url']
- url to your identity providers metadatasimplesamlphp['sp']['entityid']
- entity id of the service providersimplesamlphp['sp']['contact']
- support contact email
These attributes should be changed:
simplesamlphp['sp']['salt']
- salt string used by SimpleSAMLphp to generate a secure hash of a value.
This cookbook will look for the following data bag keys in the sp
data bag item within the simplesamlphp
data bag:
cert
- generated certificate for SimpleSAMLphp environmentidp-metadata
- remote metadata for identity provider This cookbook will look for the following data bag keys in thesp-secrets
encrypted data bag item within thesimplesamlphp
data bag:key
- generated private key for SimpleSAMLphp environmentadminpw
- password for the admin web interface
-
simplesamlphp['memcached']['enabled']
- defaults to true, php sessions will be used if this is disabled -
simplesamlphp['memcached']['search']['role']
- defaults to none, used to populate a list of memcache servers by searching nodes with the populated role -
simplesamlphp['installation']['path']
- defaults to /var/simplesamlphp, location of simplesamlphp install -
simplesamlphp['templates']
- defaults to this cookbook, custom templates from another cookbook can be used -
simplesamlphp['version']
- defaults to 1.14.14, if changed the checksum will need to be updated -
simplesamlphp['source']['url']
- defaults to simplesamlphp github download url -
simplesamlphp['source']['checksum']
- defaults to checksum for 1.14.14 -
simplesamlphp['saml20']['enabled']
- defaults to true, the only supported functionality right now -
simplesamlphp['idp']['metadata']['url']
- needs to be updated with your idp metadata url -
simplesamlphp['sp']['enabled']
- defaults to true, includes the service provider recipe -
simplesamlphp['sp']['entityid']
- needs to be updated with your service provider entityid -
simplesamlphp['sp']['contact']
- needs to be updated with your support contact email -
simplesamlphp['sp']['salt']
- should be updated with a unique salt string -
simplesamlphp['sp']['privatekey']['data_bag']
- defaults tosimplesamlphp
-
simplesamlphp['sp']['privatekey']['path']
- defaults to cert directory within the simplesamlphp directory -
simplesamlphp['sp']['certificate']['data_bag']
- defaults tosimplesamlphp
-
simplesamlphp['sp']['certificate']['path']
= defaults to cert directory within the simplesamlphp directory -
simplesamlphp['sp']['attribute']['map']['custom']
- defaults to false, can be enabled to use custom attribute maps -
simplesamlphp['sp']['idp-metadata']['path']
- defaults to metadata directory within the simplesamlphp directory -
simplesamlphp['cookie']['name']['auth']
- defaults toSimpleSAMLAuthToken
-
simplesamlphp['cookie']['name']['session']
- defaults toSimpleSAMLSessionID
-
simplesamlphp['cookie']['name']['php']['session']
- defaults toSimpleSAMLPHPSessionID
-
simplesamlphp['cookie']['lifetime']['session']
- defaults to 0 which lets the cookie live until the browser is closed
This cookbook can be used to setup a SimpleSAMLphp Service Provider. The session cache will default to a local memcache instance on the server if the simplesamlphp['memcached']['search']['role']
attribute is
left as the default value.
This cookbook requires data bags that contain a self signed certificate and key.
They can be generated the following command:
openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem
Author:: Dustin Lactin (dustin.lactin@gmail.com)
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.