Administration Guide : Set Up to Use SAML 2.0-based Single Sign On (SSO) for Linux : Configure SAML for Portal Sites (on Linux)

Configure SAML for Portal Sites (on Linux)
First you must set up the Xinet server to use SAML.See:
Remove the login.tmpl.html file
Move the login.tmpl.html file out of the /var/www/html/<Portal Site>/templates folder. The name of the Portal site will vary depending on the name you chose when you create the Portal site.
For example,
> cd /var/www/html/Marquee/templates
> mv login.tmpl.html login.tmpl.html.orig
Rename the SAML startup.php file
Back up the startup.php in the base folder of the site and replace it with the Xinet-provided SAML-startup.php file. An example base site would look like /var/www/html/<Portal Site>.
For example,
> cp startup.php startup.php.orig
> cp SAML-startup.php startup.php
Rename SAML index.php file
Back up the existing index.php file and replace it with the provided SAML-index.php.
For example,
> cp index.php index.php.orig
> cp SAML-index.php index.php
Add CUSTOM_AUTH entries to
Edit in /var/www/html/<Portal Site>. Within the main <?php ... ?> tags, edit or add the following lines:
/* Enable Custom Authentication for SAML Support */
$CUSTOM_AUTH = true;
Install the file
Back up the existing and replace it with the provided found in /usr/etc/portal/PORTAL/libs/.
For example,
> cp
> cp
Create Entity IDs for each Portal site
The entity IDs must be unique and we recommend only alphanumeric characters and the period, and no other special characters. For example in the Xinet Setup page we selected the following:
Update the Metadata on the IdP
The should have been run to create the entry for the Xinet server.
The saml20-sp-remote.php file is in /var/simplesamlphp/metadata/ on the IdP server. In it, copy the $metadata entry made for the Xinet Server earlier in this document and add it as a new entry. You should now have two entries that are identical.
Edit the following lines in only the copied entry using your specific values for entity ID, Portal IP address or hostname, and Portal Site Name. All other lines remain unchanged.
The lines that need changes are the entity IDs in the first two lines, the 'Location' line under AssertionConsumerService, and the 'Location' line under SingleLogoutService:
$metadata['<entity ID>'] = array (
'entityid' => '<entity ID>',
'contacts' =>
array (
'metadata-set' => 'saml20-sp-remote',
'AssertionConsumerService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'http://<Portal Server IP Address or Hostname>/<Portal Site Name>/startup.php',
'index' => 0,
'SingleLogoutService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'http://<Portal Server IP Address or Hostname>/<Portal Site Name>',
(Google IdP)
Google IdP requires the following information, shown in the images after.
Create Files Entry on the Xinet server
Edit the <Directory /usr/etc/webnative> section of /etc/httpd/conf/httpd.conf on the Xinet server. Make sure to edit so that you are using the values specific to your machine. The entries should follow this format and you will need to supply the Portal Site Name, entity ID, and the IP address or hostname of the Portal server:
<Files portal.<Portal Site Name>>
    MellonSPentityId "<entity ID>"
    MellonEndpointPath "/webnative/portal.<Portal Site Name>/mellon"
    MellonProxySAMLDest "http://<Portal Server IP Address or hostname>/<Portal Site Name>/startup.php"
So, for example a site called Marquee configuration would look like this:
<Files portal.Marquee>
    MellonSPentityId "xinet.PortalServer.Marquee"
    MellonEndpointPath "/webnative/portal.Marquee/mellon"
    MellonProxySAMLDest ""
Restart Apache
Finally, restart Apache on the Xinet server:
> apachectl restart