Are EasySSO Server Licenses Still Available to Purchase?
SimpleSAMLphp side
EasySSO needs to be configured as a service provider in SimpleSAMLphp. This involves editing a couple of the files in SimpleSAMLphp.
The main thing to do is to add SP metadata for EasySSO to SimpleSAMLphp. This is done by editing the saml20-sp-remote.php in SimpleSAMphpL's config directory.
Add a metadata block like the one below. Depending on how you have configured SimpleSAMLphp as an IdP this metadata may change, but this example if for a relatively straightforward situation.
You'll need to replace occurrences of "http://kotetsu.local:2990/jira" with the base URL of your application.
$metadata['http://kotetsu.local:2990/jira/plugins/servlet/easysso/saml'] = array (
'entityid' => 'http://kotetsu.local:2990/jira/plugins/servlet/easysso/saml',
'contacts' =>
array (
),
'metadata-set' => 'saml20-sp-remote',
'AssertionConsumerService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'http://kotetsu.local:2990/jira/plugins/servlet/easysso/saml',
'index' => 0,
),
),
'SingleLogoutService' =>
array (
),
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
'simplesaml.nameidattribute' => 'uid',
'simplesaml.attributes' => TRUE,
'saml20.sign.assertion' => true,
);
The authsources.php file may need to be modified so that it provides attributes needed for EasySSO to work described below:
For EasySSO to work it needs to receive the following attributes at minimum:
- User ID: The UID attribute EasySSO looks for is configurable as described in the EasySSO with SAML - Configuration. This will become their application username
- Email Address: urn:oid:0.9.2342.19200300.100.1.1. This will become their application email address
Optionally you will also want to provide Display name using the following attributes:
- Full Name: urn:oid:2.16.840.1.113730.3.1.241
- First Name: urn:oid:2.5.4.42
- Last Name: urn:oid:2.5.4.4
EasySSO side
Follow the details given on EasySSO with SAML - Configuration
Configuring Users
For users to successfully log in, they must also have permission to access the application. See EasySSO SAML JIT User Provisioning for more details.