While working with Federated Authentication platforms, I am always on the lookout for a good testing tool, instead of writing one or going through the whole installation and configuration before I can test something. Over few months I have been using something called “
SimpleSAMLphp“. This is a lightweight easy to setup web application that I can use for all testing like this. You can read more about it here:
https://simplesamlphp.org/
I run my installation on an “Ubuntu” Virtual Machine hosted in Windows Azure, makes it easy to get to and can use it when I need from anyway.
To set it up create your “Ubuntu” machine then make sure it is up to date by running the following command.
1 | sudo apt-get update && sudo apt-get upgrade |
We then need to make sure that the following prerequisites are installed.
1 | sudo apt-get install php5 apache2 |
You should then be able to browse to the default page from the Apache server on your instance, and it should render.
Within the command line we need to run the following command.
2 | sudo wget https://simplesamlphp.org/res/downloads/simplesamlphp-1.13.2.tar.gz |
Once it downloaded we need to extract the file using the “tar” command.
1 | sudo tar zxf simplesamlphp-1.13.2.tar.gz |
This extracts the files into a directory called “simplesamlphp-1.13.2“, we are going to rename this folder to just be “simplesamlphp“, by using the following command.
1 | sudo mv simplesamlphp-1.13.2.tar.gz simplesamlphp |
Now we need to move some files around from the newly created folder we created “simplesaml” using the following commands.
2 | sudo cp -r config-templates/*.php config/ |
3 | sudo cp -r metadata-templates/*.php metadata/ |
We also need to set access permissions on the folder using the following command.
1 | chown -R root:www-data /var/simplesamlphp |
Now we need to tell the Apache part of the server that we have some files we would like to setup as a Virtual Directory (using the Windows name) so we can actually access the site. This is done by using the “Alias” command within the configuration files. Simply open up“/etc/apache2/sites-available/000-default.conf” and add the following line just before the ending “</VirtualHost>” line.
1 | sudo nano /etc/apache2/sites-available/000-default.conf |
1 | Alias /simplesaml /var/simplesamlphp/www |
2 | <Directory /var/simplesamlphp/www /> |
Now we need to make a change to the core “SimpleSAMLphp” configuration, setting some basic values in the file “/var/simplesamlphp/config/config.php“.
1 | sudo nano /var/simplesamlphp/config/config.php |
Next we need to make a change to the “SecretSalt” property.
We do this by generating a new one and updating the “defaultsecretsalt” value to be the generated value.
1 | tr -c -d'0123456789abcdefghijklmnopqrstuvwxyz!@#$%^&amp;*()_+' </dev/urandom | dd bs=32 count=1 >/dev/null;echo |
Once done, you need to restart “Apache” using the following command.
1 | sudo service apache2 restart |
Now we have this setup we need to make a few more changes to the “config.php” file. First off we need to set the “Admin” account password to something other than the default which is “123“, we will leave the other settings as is.
Next we need to set the time zone value to what we need.
Now we need to make it run over SSL in order for the configuration to work as it should. This is done by using any of the normal SSL enabling tutorials out there for Apache. The short steps I used (not production and only used for this purpose):
Create the SSL Certificate using the following commands
1 | sudo openssl genrsa -des3 -out {Key Name}.key 4096 |
2 | sudo openssl rsa -in {Key Name}.key -out {Private Key Name}.pem |
3 | sudo openssl req -new -key {Key Name}.key -out {Certificate Request Name}.csr |
4 | sudo openssl x509 -req -days 9999 -in{Certificate Request Name}.csr -signkey {Key Name}.key -out {Final Certificate Name}.crt |
Make a directory in the “Apache2” folder called “ssl“, then move the certificate we just created to the new “ssl” folder
3 | sudo mv /var/certificate.key /etc/apache2/ssl |
4 | sudo mv /var/certificate.pem /etc/apache2/ssl |
5 | sudo mv /var/certificate.crt /etc/apache2/ssl |
6 | sudo mv /var/certificate.csr /etc/apache2/ssl |
Run the following command to enable the SSL module, then restart Apache.
2 | sudo service apache2 restart |
Now modify the file we used earlier “000-default.conf” and change as highlighted below
Next we enable the “ssl” settings by using two commands.
2 | sudo service apache2 restart |
The site should now load over SSL.
So there we have it, a basic configuration of “SimpleSAMLphp” ready to use with other providers for testing. Last step is to really check the installation, by accessing the site and choosing the “Configuration” page and seeing the checklist errors if any.
Mine was easy to resolve by running the following command, then restarting apache.
1 | sudo apt-get install php5-mcrypt php5-ldap php5-mysql |
I then updated the “Technical Contact Email” and I then had a clean setup
.
As a final test I was able to click the “Authentication” tab and choose the link for “Test configured authentication sources” and was then able to test the two options. The first one being the standard username and password one using the password we assigned earlier.
The second option sends us to an identity provider called “Feide OpenIdp” for testing, where you can register for an account, login and get redirected back to the your site authenticated.
Now that we have this working we are now able to connect other federated platforms to it, so we can see how they work and what attributes are returned. In the next post we will use Active Directory Federated Services connected to this to test.
Tidak ada komentar:
Posting Komentar