SAML#

This document describes how to configure SAML authentication for deployed systems. We assume you used the deploy_${DIST}.sh script to deploy the software.

There are three, yeah I know, options for configuring SAML for your VPN server:

1. Shibboleth
2. mod_auth_mellon
3. php-saml-sp

Which one to choose depends…

Shibboleth is the most complete, but also most complicated implementation and is recommended only when you have people available in your organization to help you with its configuration. We do provide basic documentation, but that is only the bare minimum to get it working, usually not sufficient for a production deployment.

A simple implementation is mod_auth_mellon which is recommended if you have a single IdP you want to connect, e.g. only your institute’s IdP and do not want to make your service part of any SAML federation.

The easiest to deploy is php-saml-sp. This one is recommended if you are not very familiar with SAML and do not have (a lot of) local support for configuring Shibboleth. Our team can directly help you with issues related to php-saml-sp.

In order to make a particular user an “administrator” in the portal, see Portal Admin.