SimpleSAMLphp

I was wondering from which countries I have most readers. Here is a map: And here is the top 10 list: Norway United States France Spain United Kingdom Denmark Croatia Germany Italy Netherlands

I've been experimenting a bit with how simple you can make a complex SAML 2.0 Federation Registry System, for registration of SPs and IdPs and generation of metadata. As I am using drupal for the Feide RnD portal, I looked into the possibilities of ... [More] using the drupal framework for the task. There may be some minimalistic federations based on simpleSAMLphp showing up in the world that would need a registry system as simple as simpleSAMLphp. Here it is. I added a new custom content type, named "Feide Service". For customizing it you need to CCK (Content Creation Kit) module installed, and some appropriate fields modules. Here is a screenshot from a create new service page: Next, you need the workflow module to handle requests from new services, moderation queues, pre-prod versus production environment etc. You need the Action module to define actions to send federation admins mail each time a new service is added or modified. Permissions are set to let your Feide admin ack the change and let it be automaticly adapted into the federation metadata trust store (by some nifty perl/php scripts). read more [Less]

Finally I have added OpenID Provider support in simpleSAMLphp. What does that mean? Now you can use simpleSAMLphp for the following: If you have already configured an IdP with simpleSAMLphp, all the users may now use their account at the IdP with ... [More] OpenID. They link to the simpleSAMLphp in the meta headers of their blog and then have SSO between the SPs configured with simpleSAMLphp as well as all possible OpenID services, as in example Jyte and Pibb. If you have an existing Shibboleth 1.3 or SAML 2.0 IdP (using simpleSAMLphp or some other software), you can setup a new simpleSAMLphp OpenID <-> SAML 2.0 or OpenID <-> Shib 1.3 bridge. Note: The OpenID code is currently not very well tested, it is checked into subversion but not reached it into a final release. I have not written documentation on how to use it either. It is probably mostly self-explainable, but if you want to test it before I document it and have questions just ask on the mailinglist. Here are some screenshots from simpleSAMLphp OpenID. read more [Less]

Next week the EuroCAMP conference is held in Dubrovnik, Croatia. I will hold two speaks. Integrating Identity Federations like Feide with OpenID, and Federating wikis - using DokuWiki and simpleSAMLphp More about EuroCAMP 2007 (with programme)

I did setup the new Feide RnD portal with postgreSQL at first, because I prefer postgreSQL over MySQL. Unfortuneatly I soon realized how poorly postgreSQL was supported in third party drupal modules, so I had no choice but migrating over to MySQL. ... [More] And migrating databases is really really booring work... You know, dumping the database as INSERT statements, then regex-ing the syntax to be legal mysql syntax, then deciding the dependencies and the sequence you need to load things in, and then decide what content should be imported and what was inserted during installation, and so on... But finally it seems to work OK now, but if you discover some strange abnormalities, then let me know. [Less]

I'll try to summarize all the links to things written about Sun Federated Access Manager 8.0, and I noticed a blog over at Sun called Virtual Daniel. There you'll find two blog entries with interesting information about the features and roadmap The ... [More] main feature of FAM 8.0 seems to be: Simplification! Simplification! Simplification!. I could not agree more about the importance of that, so I really look forward to take a closer look at (download, install and play) FAM 8.0. read more [Less]

Yesterday SURFfederatie went into production. That means Netherlands are about to have a SAML 2.0 federation in production. Even if the SAML2 part will arrive one month later, we are happy to see Netherlands joins our party. From the SURFfederatie ... [More] homepage: The following organizations are connected to the production environment (SP=Service Provider, IDP=Identity Provider): SURFdiensten (SP) UvT (IDP) Saxion Hogescholen (IDP/SP) Marnix Academie (IDP/SP) SURFnet (IDP/SP) This list will soon be extended with Elsevier (SP), EBSCO (SP), OCLC/PICA (SP), Ellips (SP), RUG (IDP) en TU Delft (IDP/SP). As of December 1, the production environment will be extended with SAML 2.0 and ADFS functionality, to allow for easier and faster connectivity to even more organizations. Visit the SURFfederatie home page to read more [Less]

I have added alot of new content as well as new features on Feide RnD. Check out the document and slides archives, the federation section and the new homepage of simpleSAMLphp. All available from the navigation meny on the left side. I have tried to ... [More] add redirects from all existing pages to the new location, but I may have failed. If you encouter a bad link to rnd.feide.no, I would be very happy if you contacted me about it, and I'll add a redirection to the new page. This new site went live 1. November 2007 at 15:00. [Less]

I've started working on logging in simpleSAMLphp. I've decided to use syslog, because it is integrated in PHP, and also we use a standardized log format, and utilizes the filtering capabilities of syslog servers. We also get the possibility to log to ... [More] a centralized log server for free. I just checked in a starting point. I've added logging for the existing authentication module I've added logging of the SAML 2.0 IdP and I've added logging of the SAML 2.0 SP In the configuration template you now see there is two variables, the debug level and the syslog facility. Attached is an example output from a login from both an SP and an IdP. The logs are extremely grep-friendly. I've added trackIDs in each line. A trackID follows a user's session. So by grepping after a trackID you will filter out all relevant log messages for tha user's session! The trackID will also be used in a command line utility I will make to aggregate these syslog event logs into session logs. A session log will contain one line for each session, and statistics on the use of the SP or IdP. I will also make session log analysis tools that provide statistics reports on in example: distribution of time between each time a user SSOs into a service How many percent of users that Login will SSO to another service read more [Less]

I’ve started working on logging in simpleSAMLphp. I’ve decided to use syslog, because it is integrated in PHP, and also we use a standardized log format, and utilizes the filtering capabilities of syslog servers. We also get the possibility to log to a centralized log server for free. I just checked in a starting point. I’ve added logging [...]