This is an example PHP application that makes use of the SimpleSAMLphp library support Single Sign-On with SAML.
This example application depends on SimpleSAMLphp being installed in "../simplesamlphp". Meaning, this example expects SimpleSAMLphp to be installed one level up from this example in a folder called "simplesamlphp".
Before you can configure your application SimpleSAMLphp you will need to set up an Okta "chiclet" (application icon) that enables an Okta user to sign in to your to your application with SAML and SimpleSAMLphp.
To set up Okta to connect to your application, follow the setting up a SAML application in Okta guide. As noted in the instructions, there are two steps to change:
In step #6:
Use "SimpleSAMLphp Example" instead of "Example SAML application".
In step #7:
When entering the URL
http://example.com/saml/sso/example-okta-com
instead, use the following:
For "Single sign on URL" use:
http://PATH_TO_INSTALL_DIRECTORY/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/example
For "Audience URI (SP Entity ID)" use:
http://PATH_TO_INSTALL_DIRECTORY/simplesamlphp/www/module.php/saml/sp/metadata.php/example
For "Default RelayState" use:
http://PATH_TO_INSTALL_DIRECTORY/okta-simplesamlphp-example/?saml_sso=example
Note: "PATH_TO_INSTALL_DIRECTORY" is the full path to the directory where SimpleSAMLphp and this application reside. It might look like: "example.com" or might contain a path like "example.com/path". This will depend on how your webserver is set up.
-
Use `git clone` to pull down this git repository.
-
Copy the `saml-autoconfig.php` file to the directory for SimpleSAMLphp. Assuming that you cloned this repository to the same level as SimpleSAMLphp, this is the command you will use to do this:
$ cp okta-simplesamlphp-example/saml-autoconfig.php simplesamlphp/
-
In the 'simplesamlphp' directory, edit the `config/authsources.php` and `metadata/saml20-idp-remote.php` files and add the line below to each file:
require(dirname(__FILE__).'/../saml-autoconfig.php');
-
Finally, open the `saml-autoconfig.php` file in your favorite text editor. In the `$metadata_url_for\` array, add an entry where the key is a string like "example" and the value is the metadata URL you got from the "Setting up Okta" section above. It should look like this:
$metadata_url_for = array( 'example' => 'https://example.okta.com/app/abc0de1fghIjKlMNo2p3/sso/saml/metadata', );
- Load the URL for `okta-simplesamlphp-example/index.php` in your web browser. Try to log in to the 'example' IdP.
- In Okta, try clicking on the "SimpleSAMLphp Example" chiclet.
Updates or corrections to this document are very welcome. Feel free to send me pull requests with suggestions.
Additionally, please send me comments or questions via email: joel.franusic@okta.com