[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A little question about ZXID and SimpleSAML



Andris_Roldan <andres.roldan@xxxxxxxxxxxxxxx> said:
> Hello,
> 
> I'm sorry if I bother you with this dumb question but I haven't found any

Support requests should be made on the zxid.user@xxxxxxxxxxxxx mailing list so that
others can learn from the answers.

> information on Internet on this regard. I'm trying to setup a simple
> scenario where a ZXID SP application is trying to use a SimpleSAML IdP. The
> ZXID application is basically the same as the code written in the file
> zxidhlo.pl of the ZXID distribution file.  I think I may be wrong with the
> configuration about the AssertionCustomerService needed by SimpleSAML:
> 
> $metadata["http://xxx/cgi-bin/zxidhlo.pl?o=B";] = array(
>         'AssertionConsumerService'   => "
> http://75.101.139.85/cgi-bin/zxidhlo.pl";,
> );

ZXID is configured using SAML metadata. You can see your metadata with
one of the following commands:

curl http://xxx/cgi-bin/zxidhlo.pl?o=B

or

zxcot -m

In the metadata you can locate the assertion consumer stanza (hint: the URL you
are looking for ends in o=P).

SAML metadata was specified so that configuration of IdP and SP can be made
more automatic, i.e. you should not have to edit any arrays in source code. Unfortunately
the simpleSAMLphp folks do not provide any metadata import tool. You should complain
to them. In zxid distribution the zxcot is that tool.

Or you can use zxididp (see zxid-idp.pd for documentation).

Cheers,
--Sampo

> Any little input is really greatly appreciated. If you require, I can send
> you the logs of the apache server.
> 
> Thank you in advance.
> 
> Andris Roldan
> Ingeniero de Proyectos
> DD - Official Debian Developer
> C|EH - Certified Ethical Hacker
> Fluidsignal Group S.A.
> Where security meets business
> http://www.fluidsignal.com/
> Telifono: +57 (4) 4442637
> Msvil: +57 313-6463678
> PGP Key-ID: 0xB29396EB