This site requires JavaScript to be enabled
Welcome|
Recent searches
IE BUMPER

SimpleSAMLphp Examples

Number of views : 16
Article Number : KB0017850
Published on : 2023-09-19
Last modified : 2023-09-19 18:56:00
Knowledge Base : IT Public Self Help

Enterprise Authentication customers may elect to use SimpleSAMLphp as their Service Provider (SP) software.

The key functionality in SimpleSAMLphp is provided by the authorize Module. This module provides a user authorization filter based on attribute matching.

The below is an example only. The IAM Team does not warranty this example is the best method for implementing authorization nor that it will work for your web service/application. For additional assistance, please refer to the SimpleSAMLphp documentation.

The following code will restrict access to the specified UT EID.

60 => array( 'class' => 'authorize:Authorize', 'urn:oid:0.9.2342.19200300.100.1.1' => [ '/<your_eid_here>/' ] ),

The following code will restrict access to users with a staff affiliation.

60 => array( 'class' => 'authorize:Authorize', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1' => [ '/staff/' ] ),

The following code will add contacts in order to help comply with our metadata requirements (more information is available at https://simplesamlphp.org/docs/development/simplesamlphp-reference-idp-hosted):

'contacts' => [
    [
        'contactType'       => 'technical',
        'emailAddress'      => 'mailto:jdoe@example.org',
        'givenName'         => 'Jane',
        'surName'           => 'Doe',
        'company'           => 'Example Inc.',
    ],
    [
        'contactType'       => 'other',
        'emailAddress'      => 'mailto:john@example.org',
        'givenName'         => 'John',
        'surName'           => 'Doe',
        'company'           => 'Example Inc.',
        'attributes'        => [
            'xmlns:remd'        => 'http://refeds.org/metadata',
            'remd:contactType'  => 'http://refeds.org/metadata/contactType/security',
        ],
    ],
    [
        'contactType'       => 'support',
        'emailAddress'      => 'mailto:support@example.org',
        'givenName'         => 'Example Inc. IT Support Team',
    ],
],

 

Thank You! Your feedback has been submitted.

Feedback