Generic PHP Website
Before we get started, you'll need to make sure you know what your Cloudwork identity provider's Entity ID is. To do this, log in to your Cloudwork Dashboard, and go to Single Sign On > Identity Provider. You'll need this Entity ID url a few times in the instructions below.
Download SimpleSAMLphp and place it on your server (OUTSIDE of your public_html directory - We recommend /var/simplesaml). You can then add the following snippet to your site config in apache to get SimpleSAMLphp working properly:
SetEnv SIMPLESAMLPHP_CONFIG_DIR /var/simplesamlphp/config Alias /simplesaml /var/simplesamlphp/www <Directory /var/simplesamlphp/www> <IfModule !mod_authz_core.c> # For Apache 2.2: Order allow,deny Allow from all </IfModule> <IfModule mod_authz_core.c> # For Apache 2.4: Require all granted </IfModule> </Directory>
Make sure to adjust the paths as necessary.
Next up, you'll need to get SimpleSAML configured. Edit the config/authsources.php file. Find the line 'idp' => null and replace null with your Entity ID, enclosed in quotation marks; for example
'idp' => "https://demo-login.cloudworkengine.net/saml2/idp/metadata.php"
Now, in a web browser, paste your entity ID into the URL bar and add `?output=xhtml` to the end of the URL. Find the code snippet under "In SimpleSAMLphp flat file format" and copy the code snippet. Edit metadata/saml20-idp-remote.php and and paste the contents of that snippet underneath the existing contents of that file.
Next, you need to get your new service configured in Cloudwork. In your web browser, go to [you_website]/simplesaml/module.php/saml/sp/metadata.php/default-sp and save the XML to a file. Log in to Cloudwork and go to Single Sign On > Add New Service > Upload an XML File and fill out the form using the XML file you just saved.
At this point, SSO is configured and you can start using it in your website.
The following code snippet is an example of how this SimpleSAMLphp installation can now be used to force a user to be authenticated via SSO, and also show you what data you have available to you regarding the authenticated user:
<?php require_once('/var/simplesamlphp/lib/_autoload.php'); $as = new \SimpleSAML\Auth\Simple('default-sp'); $as->requireAuth(); $attributes = $as->getAttributes(); print_r($attributes);