From 8a782b8e3885293a12124c5716dd4f9c9847231e Mon Sep 17 00:00:00 2001 From: Wouter Adem Date: Tue, 30 May 2017 17:45:31 +0200 Subject: [PATCH 1/2] Adding SSL info for SimpleSAMLphp configuration. --- readme/simplesamlphp-setup.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/readme/simplesamlphp-setup.md b/readme/simplesamlphp-setup.md index ef9e440c5..138a71293 100644 --- a/readme/simplesamlphp-setup.md +++ b/readme/simplesamlphp-setup.md @@ -58,6 +58,20 @@ Request the remote IdP metadata (XML) from the customer. Note that each environm $config['admin.protectindexpage'] = TRUE; $config['admin.protectmetadata'] = TRUE; + 1. Optionally set the following values to prevent Varnish from interfering with SimpleSAMLphp. + + // Prevent Varnish from interfering with SimpleSAMLphp. + // SSL terminated at the ELB/balancer so we correctly set the SERVER_PORT + // and HTTPS for SimpleSAMLphp baseurl configuration. + $protocol = 'http://'; + $port = ':80'; + if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { + $_SERVER['SERVER_PORT'] = 443; + $_SERVER['HTTPS'] = 'true'; + $protocol = 'https://'; + $port = ':' . $_SERVER['SERVER_PORT']; + } + $config['baseurlpath'] = $protocol . $_SERVER['HTTP_HOST'] . $port . '/simplesaml/'; 1. Configure IdP Remote Metadata. @@ -124,3 +138,4 @@ Repeat the following steps for each environment that requires SAML authenticatio * [SAML Chrome Panel](https://chrome.google.com/webstore/detail/saml-chrome-panel/paijfdbeoenhembfhkhllainmocckace) extends the Chrome Developer Tools, adding support for SAML Requests and Responses to be displayed in the Developer Tools window. * [SAML tracer](https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/) for Firefox is a tool for viewing SAML messages sent through the browser during single sign-on and single logout. + From 6b49bd31b09a3b60b27dc6e1283fd0c65a509121 Mon Sep 17 00:00:00 2001 From: Wouter Adem Date: Fri, 2 Jun 2017 15:02:05 +0200 Subject: [PATCH 2/2] BLT-FIX: Documentation formatting fix. --- readme/simplesamlphp-setup.md | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/readme/simplesamlphp-setup.md b/readme/simplesamlphp-setup.md index 138a71293..7adfbea2f 100644 --- a/readme/simplesamlphp-setup.md +++ b/readme/simplesamlphp-setup.md @@ -58,20 +58,22 @@ Request the remote IdP metadata (XML) from the customer. Note that each environm $config['admin.protectindexpage'] = TRUE; $config['admin.protectmetadata'] = TRUE; + 1. Optionally set the following values to prevent Varnish from interfering with SimpleSAMLphp. - // Prevent Varnish from interfering with SimpleSAMLphp. - // SSL terminated at the ELB/balancer so we correctly set the SERVER_PORT - // and HTTPS for SimpleSAMLphp baseurl configuration. - $protocol = 'http://'; - $port = ':80'; - if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { - $_SERVER['SERVER_PORT'] = 443; - $_SERVER['HTTPS'] = 'true'; - $protocol = 'https://'; - $port = ':' . $_SERVER['SERVER_PORT']; - } - $config['baseurlpath'] = $protocol . $_SERVER['HTTP_HOST'] . $port . '/simplesaml/'; + // Prevent Varnish from interfering with SimpleSAMLphp. + // SSL terminated at the ELB/balancer so we correctly set the SERVER_PORT. + // and HTTPS for SimpleSAMLphp baseurl configuration. + $protocol = 'http://'; + $port = ':80'; + if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { + $_SERVER['SERVER_PORT'] = 443; + $_SERVER['HTTPS'] = 'true'; + $protocol = 'https://'; + $port = ':' . $_SERVER['SERVER_PORT']; + } + $config['baseurlpath'] = $protocol . $_SERVER['HTTP_HOST'] . $port . '/simplesaml/'; + 1. Configure IdP Remote Metadata.