EasySSO SAML with SimpleSAMLphp

Describes configuration necessary to integrate EasySSO with SimpleSAMLphp using SAML 

SimpleSAMLphp side

EasySSO needs to be configured as a service provider in SimpleSAMLphp. This involves editing a couple of the files in SimpleSAMLphp.

The main thing to do is to add SP metadata for EasySSO to SimpleSAMLphp. This is done by editing the saml20-sp-remote.php in SimpleSAMphpL's config directory.

Add a metadata block like the one below. Depending on how you have configured SimpleSAMLphp as an IdP this metadata may change, but this example if for a relatively straightforward situation.

You'll need to replace occurrences of "http://kotetsu.local:2990/jira" with the base URL of your application.

$metadata['http://kotetsu.local:2990/jira/plugins/servlet/easysso/saml'] = array (
  'entityid' => 'http://kotetsu.local:2990/jira/plugins/servlet/easysso/saml',
  'contacts' => 
  array (
  ),
  'metadata-set' => 'saml20-sp-remote',
  'AssertionConsumerService' => 
  array (
    0 => 
    array (
      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
      'Location' => 'http://kotetsu.local:2990/jira/plugins/servlet/easysso/saml',
      'index' => 0,
    ),
  ),
  'SingleLogoutService' => 
  array (
  ),
  'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
  'simplesaml.nameidattribute' => 'uid',
  'simplesaml.attributes' => TRUE,
  'saml20.sign.assertion' => true,
);

The authsources.php file may need to be modified so that it provides attributes needed for EasySSO to work described below:

For EasySSO to work it needs to receive the following attributes at minimum:

    • User ID: The UID attribute EasySSO looks for is configurable as described in the EasySSO with SAML - Configuration. This will become their application username
    • Email Address: urn:oid:0.9.2342.19200300.100.1.1. This will become their application email address

Optionally you will also want to provide Display name using the following attributes:

    • Full Name: urn:oid:2.16.840.1.113730.3.1.241
    • First Name: urn:oid:2.5.4.42
    • Last Name: urn:oid:2.5.4.4

EasySSO side

Follow the details given on EasySSO with SAML - Configuration

Configuring Users

For users to successfully log in, they must also have permission to access the application. See EasySSO SAML JIT User Provisioning for more details.


EasySSO articles

Try for free

EasySSO for Jira, Confluence, Bamboo, Bitbucket and Fisheye/Crucible

Try for free