Settings for OneLogin
Updated on 28 Dec 2018
Settings.php
Here is the complete file for settings.php.
$spBaseUrl = 'http://localhost/saml';
$settingsInfo = array (
'sp' => array (
'entityId' => $spBaseUrl.'/php-saml/demo1/metadata.php',
'assertionConsumerService' => array (
'url' => $spBaseUrl.'/test2-thanks.php',
),
'singleLogoutService' => array (
'url' => $spBaseUrl.'/test2-logout-final.php',
),
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
),
'idp' => array (
'entityId' => 'https://app.onelogin.com/saml/metadata/123456',
'singleSignOnService' => array (
'url' => 'https://redacted.onelogin.com/trust/saml2/http-post/sso/123456',
),
'singleLogoutService' => array (
'url' => 'https://redacted.onelogin.com/trust/saml2/http-redirect/slo/123456',
),
'x509cert' => '-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
',
),
);
IDP settings - Identity Provider
Go to the SSO tab on your portal and copy the values from that screen to the idp section of the settings.php file (including the X.509 certificate that I have omitted for brevity sakes)
...
'idp' => array (
'entityId' => 'https://app.onelogin.com/saml/metadata/123456',
'singleSignOnService' => array (
'url' => 'https://redacted.onelogin.com/trust/saml2/http-post/sso/123456',
),
'singleLogoutService' => array (
'url' => 'https://redacted.onelogin.com/trust/saml2/http-redirect/slo/123456',
),
'x509cert' => '-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
',
),
);
SP settings - Service Provider
Go to the configuration tab on your portal and copy the values from that screen to the sp section of the settings.php file.
$spBaseUrl = 'http://localhost/saml';
$settingsInfo = array (
'sp' => array (
'entityId' => $spBaseUrl.'/php-saml/demo1/metadata.php',
'assertionConsumerService' => array (
'url' => $spBaseUrl.'/test2-thanks.php',
),
'singleLogoutService' => array (
'url' => $spBaseUrl.'/test2-logout-final.php',
),
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
),
...
The assertionConsumerService is the url that gets called from the idenitity provider when we call $auth->login()
.
The singleLogoutService this setting doesn’t actually do anything. Maybe it is a bug?
The entityId I don’t know what this is… I just copy it from the demo application.