Page tree
Skip to end of metadata
Go to start of metadata

This page provides information about how to setup Service Provider (SP) by using SimpleSAMLphp


  • Some webserver capable of executing PHP scripts.
  • PHP version >= 5.6
  • Support for the following PHP extensions:
    • Always required: datedomhashlibxmlopensslpcreSPLzlibjsonmbstring
    • When automatically checking for latest versions, and used by some modules: cURL
    • When using native PHP session handler: session
    • When saving session information to a memcache server: memcache
  • When using databases:
    • Always: PDO
    • Database driver: (mysqlpgsql, ...)
  • Support for the following PHP packages:
  • When saving session information to a Redis server: predis

What actual packages are required for the various extensions varies between different platforms and distributions.


Installation Steps

1. Install the Prerequisites Extensions


CentOS 6 users can follow the following tutorial to install php7:

The web server shall use a production-grade SSL certificate (e.g. Let's encrypt) and shall be install and configured prior to the installation of the SimpleSAMLphp.

Even though this tutorial uses CentOS as the base, you could also use another Linux distribution such as Debian/Ubuntu. You just need to adjust step 1,3 and 4 to follow the standard practice in your Linux distribution.

2. Download and Extract the SimpleSAMLphp installer

3. Create an HTTPD Configuration File

Alias /sso /var/www/simplesamlphp/www
<Directory /var/www/simplesamlphp/www>
  <IfModule !mod_authz_core.c>
 	# For Apache 2.2:
    Order allow,deny
    Allow from all
  <IfModule mod_authz_core.c>
    # For Apache 2.4:
    Require all granted

4. Restart the HTTPD Service


5. Generate SSL Certificate



6. Edit SimpleSAMLphp Configuration File


You can use the following command to generate a random string for the secretsalt:


LC_CTYPE=C tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' </dev/urandom | dd bs=32 count=1 2>/dev/null;echo


  • Find auth.adminpassword , set the admin password.
  • Find baseurlpath , set to 'sso/'
  • Find secretsalt , set the key for the salt.
  • Find admin.protectindexpage , set to true.
  • Find technicalcontact_name and technicalcontact_email , set them with appropriate values. Use a service email address rather than a personal email.
  • Find timezone , set with a preferred time zone from this list of timezones for PHP . For example: 'Etc/UTC'


  • No labels