Settings for OneLogin

Updated on 28 Dec 2018

config

Settings.php

Here is the complete file for settings.php.

    $spBaseUrl = 'http://localhost/saml';

    $settingsInfo = array (
        'sp' => array (
            'entityId' => $spBaseUrl.'/php-saml/demo1/metadata.php',
            'assertionConsumerService' => array (
                'url' => $spBaseUrl.'/test2-thanks.php',
            ),
            'singleLogoutService' => array (
                'url' => $spBaseUrl.'/test2-logout-final.php',
            ),
            'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
        ),
        'idp' => array (
            'entityId' => 'https://app.onelogin.com/saml/metadata/123456',
            'singleSignOnService' => array (
                'url' => 'https://redacted.onelogin.com/trust/saml2/http-post/sso/123456',
            ),
            'singleLogoutService' => array (
                'url' => 'https://redacted.onelogin.com/trust/saml2/http-redirect/slo/123456',
            ),
            'x509cert' => '-----BEGIN CERTIFICATE-----
            ...
            -----END CERTIFICATE-----
            ',
        ),
    );

IDP settings - Identity Provider

Go to the SSO tab on your portal and copy the values from that screen to the idp section of the settings.php file (including the X.509 certificate that I have omitted for brevity sakes)

...
'idp' => array (
            'entityId' => 'https://app.onelogin.com/saml/metadata/123456',
            'singleSignOnService' => array (
                'url' => 'https://redacted.onelogin.com/trust/saml2/http-post/sso/123456',
            ),
            'singleLogoutService' => array (
                'url' => 'https://redacted.onelogin.com/trust/saml2/http-redirect/slo/123456',
            ),
            'x509cert' => '-----BEGIN CERTIFICATE-----
            ...
            -----END CERTIFICATE-----
            ',
        ),
    );

SP settings - Service Provider

Go to the configuration tab on your portal and copy the values from that screen to the sp section of the settings.php file.

    $spBaseUrl = 'http://localhost/saml';

    $settingsInfo = array (
        'sp' => array (
            'entityId' => $spBaseUrl.'/php-saml/demo1/metadata.php',
            'assertionConsumerService' => array (
                'url' => $spBaseUrl.'/test2-thanks.php',
            ),
            'singleLogoutService' => array (
                'url' => $spBaseUrl.'/test2-logout-final.php',
            ),
            'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
        ),
        ...

The assertionConsumerService is the url that gets called from the idenitity provider when we call $auth->login().

The singleLogoutService this setting doesn’t actually do anything. Maybe it is a bug?

The entityId I don’t know what this is… I just copy it from the demo application.