SETUP GUIDE FOR SIMPLESAML AS IdP

STEP 1: In config/config.php, make sure that 'enable.saml20-idp' is true. Example:

'enable.saml20-idp' => true

STEP 2: In metadata/saml20-idp-hosted.php, configure SimpleSAML as an Identity Provider like this:

 $metadata['__DYNAMIC:1__'] = array(
	'host' => '__DEFAULT__',
	/* X.509 key and certificate. Relative to the cert directory. (Create a cert directory in SimpleSAML root folder and place you 
	 certificates there.)*/
	'privatekey' => '<YOUR_PRIVATE_KEY_FILE_NAME>', // eg. RSA_Private_Key.pem
	'certificate' => '<YOUR_PUBLIC_KEY_FILE_NAME>', // eg. RSA_Public_Key.cer
	/*Authentication source to use. Must be one that is configured in config/authsources.php. This Auth Source is used for 
	 authenticating your users.*/
	'auth' => '<YOUR_AUTH_SOURCE_NAME>',
 );

STEP 3: In metadata/saml20-sp-remote.php, register your Servider Provider like this:

 $metadata['<SP-EntityID / Issuer from Step1 of the plugin under Identity Provider Tab.>'] = array(
	'AssertionConsumerService' => '<ACS (AssertionConsumerService) URL from Step1 of the plugin under Identity Provider Tab.>',
	'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
	'simplesaml.nameidattribute'=> 'mail', // This is your user's Email attribute name
	'simplesaml.attributes' => true, // Set this to false if you do not want to send attributes in SAML response
	'attributes' => array('mail', 'firstName', 'lastName'), // Provide comma separated list of attribute names
 );
  /*NOTE: 'NameIDFormat' & 'simplesaml.nameidattribute' are important for returning user's Email in SAML Response.*/
 

STEP 4: In miniOrange SAML plugin, go to Service Provider tab and enter the following details: