Authentication plugin for SAML 2.0 based SSO integration. This uses the excellent SimpleSAMLPHP software as a Service Provider.
The plugin is shipped as part of core Mahara.
To use / test the plugin you will need to do the following:
- 1 Have a memcached server running
- 2 Have the php-memcached module installed
- 3 Update your config.php file so that it knows to use memcached for SAML sessions
- 4 Ensure the correct SSPHP files are present
- 5 Ensure the plugin is active in Mahara
- 6 Now we need to perform the institution level configuration
Have a memcached server running
And know what the IP address / port number you can use to connect on.
To install one locally (on linux) go
sudo apt-get install memcached
This should set you up with one running on port 11211 - to test that this is correct you can go
telnet 127.0.0.1 11211
and you should get a connection
Have the php-memcached module installed
To install it go
sudo apt-get install php-memcached sudo phpenmod memcached sudo service apache2 restart
Update your config.php file so that it knows to use memcached for SAML sessions
Add the following settings
$cfg->ssphpsessionhandler = 'memcached'; $cfg->memcacheservers = '127.0.0.1:11211'; // change if your memcached server is on different IP/port
Ensure the correct SSPHP files are present
If you are installing/using Mahara via git you will need to install the ssphp module via running the command in the parent to the htdocs directory (where the Makefile file lives)
make cleanssphp && make ssphp
This should remove any older version and install the latest version, via composer, for the Mahara version you are using
Ensure the plugin is active in Mahara
Under Administration menu (wrench icon) -> Extensions -> Plugin administration. See Manual - SAML config for more information
Click on the configuration for auth SAML (cog) icon to check that the plugin is set up correctly.
Follow the 'View metadata' link to fetch the Service Provider (SP) metadata that you will need to provide to the IdPs that you wish to authenticate against.
Now we need to perform the institution level configuration
Within each institution, add the SAML 2.0 Identity Provider:
See Manual - SAML institution config for more information