simpleSAMLphp on IIS from scratch (with AD FS)

Configure simpleSAMLphp to use AD FS as an IdP

Configure simpleSAMLphp to use AD FS as an IdP

First things first, we need the Federation Metadata XML file from your AD FS environment. This is normally located at https://myadfs.com/FederationMetadata/2007-06/FederationMetadata.xml. If you want to make sure about its location:

  • Open AD FS
  • Navigate to Service\Endpoints
  • Scroll down to Metadata
  • There it is:

Now download the XML file and we can start.

  1. Edit the just-downlaoded FederationMetadata XML file and copy its content to clipboard.
  2. Navigate to the simpleSAMLphp web page https://itdroplets.com/simpleSAMLphp/www, login and click on the Federation tab.
  3. Click on XML to SimpleSAMLphp metadata converter.
  4. Paste the content of the XML file you’ve copied on the first step.
  5. Click Parse.
  6. Now we have the metadata, converted in a PHP format. You’ll specifically see two parts:
    • saml20-sp-remote
    • saml20-idp-remote
  7. We’re only interested in saml20-idp-remote since we’re not going to use simpleSAMLphp as an indentity provider.
  8. Copy the content of saml20-idp-remote to clipboard.
  9. Edit C:\inetpub\wwwroot\simpleSAMLphp\metadata\saml20-idp-remote.php and paste the content copied above in there.
    • Note, that PHP file doesn’t have a PHP end tag (?>), keep it that way, so just copy it right under the commented text.
  10. Save the file.

Leave a Reply

Your email address will not be published. Required fields are marked *