Symantec SAML

Symantec SAML

by Farhan Karmali -
Number of replies: 4
Picture of Core developers Picture of Plugin developers Picture of Testers

Hi,

I have been asked by a client to connect Moodle with the symantec SAML (https://www.symantec.com/products/information-protection/vip-access-manager), I have been researching SAML and it seems there are different providers like OneLogin , simpleSAMLphp,ZiLink etc. I have however not come across anything related to Symantec SAML on the moodle community forums or plugins. What I would like to understand is, are there different SAML standards and how do we identify which one to use to connect to Symantec .


I have already installed this https://moodle.org/plugins/auth_saml2 but the configuration settings make little sense to me since I have not seen a SAML server . Also the client is requesting for  SP Entity D , ACS URL, target URL for the SAML configuration on his end. I would like to know where I can get this information.


Any help will be appreciated , thank you

Average of ratings: -
In reply to Farhan Karmali

Re: Symantec SAML

by Farhan Karmali -
Picture of Core developers Picture of Plugin developers Picture of Testers

Also , from this plugin's configuration page https://moodle.org/plugins/auth_saml2 .

I can see SP provider meta data , I can see the SP ID there and some urls with ACS but which one do I give them exactly ?

Average of ratings: -
In reply to Farhan Karmali

Re: Symantec SAML

by Brendan Heywood -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

The Sp metadata is the 'thing' you should provide, it contains everything to config it from the IdP's side. And vica versa, the IdP xml, or a urls where it can be found, is usually the only thing the SP needs.

Average of ratings: Useful (1)
In reply to Brendan Heywood

Re: Symantec SAML

by Farhan Karmali -
Picture of Core developers Picture of Plugin developers Picture of Testers

Thanks Brendan

So I need either the XML or the url from the lDp right ?

Average of ratings: -
In reply to Farhan Karmali

Re: Symantec SAML

by Brendan Heywood -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

An example, my dev box has moodle serving on:

http://moodle.local/

and I have a test simplesamlphp instance as an IdP serving on:

http://idp.local/simplesaml/

In Moodle, it is configured to trust the IdP's metadata in http://moodle.local/admin/auth_config.php?auth=saml2

http://idp.local/simplesaml/saml2/idp/metadata.php


And in the IdP it is configured to allow logins from the Moodle (SP) by this config/config.php

    'metadata.sources' => array(
        array('type' => 'flatfile'),
        array('type' => 'xml', 'url' => 'http://moodle.local/auth/saml2/sp/metadata.php'),
    ),

(Note this is for example only, SimpleSAMLPhp should be set up a bit better in production)


Now that they both mutually trust each other we can login via saml.

Average of ratings: -