simpleSAMLphp on IIS from scratch (with AD FS)

Configure simpleSAMLphp to use AD FS as an IdP

Configure simpleSAMLphp to use AD FS as an IdP

First things first, we need the Federation Metadata XML file from your AD FS environment. This is normally located at If you want to make sure about its location:

  • Open AD FS
  • Navigate to Service\Endpoints
  • Scroll down to Metadata
  • There it is:

Now download the XML file and we can start.

  1. Edit the just-downlaoded FederationMetadata XML file and copy its content to clipboard.
  2. Navigate to the simpleSAMLphp web page, login and click on the Federation tab.
  3. Click on XML to SimpleSAMLphp metadata converter.
  4. Paste the content of the XML file you’ve copied on the first step.
  5. Click Parse.
  6. Now we have the metadata, converted in a PHP format. You’ll specifically see two parts:
    • saml20-sp-remote
    • saml20-idp-remote
  7. We’re only interested in saml20-idp-remote since we’re not going to use simpleSAMLphp as an indentity provider.
  8. Copy the content of saml20-idp-remote to clipboard.
  9. Edit C:\inetpub\wwwroot\simpleSAMLphp\metadata\saml20-idp-remote.php and paste the content copied above in there.
    • Note, that PHP file doesn’t have a PHP end tag (?>), keep it that way, so just copy it right under the commented text.
  10. Save the file.

4 thoughts on “simpleSAMLphp on IIS from scratch (with AD FS)

  1. Great.
    Question you have the simplesaml install going to a application folder , i thought virtual directory under IIS was the preferred

    1. Thanks Dan! That’s why I wrote about it. It took me a while to get all of the pieces together and working out what config worked best.

Leave a Reply

Your email address will not be published. Required fields are marked *