Administration Guide : Set Up to Use SAML 2.0-based Single Sign On (SSO) for Linux : Configure SAML for Pilot (on Linux)

Configure SAML for Pilot (on Linux)
Follow these steps to set up a Pilot site to use SAML. Some steps will look familiar if you have already successfully enabled a regular Portal site for SAML. Take careful note of the location differences between the Portal site and Pilot.
Remove the login.tmpl.html file
Remove the login.tmpl.html file from the templates folder in the Pilot site in /usr/etc/portal/PORTAL/pilot/templates.
Install a new startup.php file
Replace the startup.php file in /usr/etc/portal/PORTAL/pilot/ with the Xinet-provided SAML-startup.php file.
For example,
> cp startup.php startup.php.orig
> cp SAML-startup.php startup.php
Install a new index.php file
Back up the existing index.php file and replace it with provided SAML-index.php.
For example,
> cp index.php index.php.orig
> cp SAML-index.php index.php
Install the CUSTOM_AUTH.inc.php file
Copy the Xinet-provided CUSTOM_AUTH.inc.php to /usr/etc/portal/PORTAL/libs/.
Add CUSTOM_AUTH entries to config.inc.php
Edit config.inc.php in /usr/etc/portal/PORTAL/pilot/. Within the <?php ... ?> tags, edit or add the following lines:
$CUSTOM_AUTH = true;
$CUSTOM_AUTH_DEBUG = false;
Create entity IDs for Pilot
Create an entity ID for Pilot. These must be unique and we recommend only alphanumeric characters and the period, and no other special characters.
Update the IdP
The mellon_create_metadata.sh should have been run to create the entry for the Xinet server.
(SimpleSAML)
The saml20-sp-remote.php file is in /var/simplesamlphp/metadata/ on the IdP server. In it, copy the $metadata entry made for the Xinet Server earlier in this document and add it as a new entry. You should now have two entries that are identical.
Edit the following lines in the copied entry only using your specific values for entity ID, Portal IP address or hostname. All other lines remain unchanged:
$metadata['<entity ID>'] = array (
'entityid' => '<entity ID>',
'Location' => 'http://<Portal IPaddress or hostname>/PORTAL/pilot/startup.php',
'Location' => 'http://<Portal IPaddress or hostname>/PORTAL/LOGOUT.php',
(Google IdP)
Google IdP requires a new App entry specifically for Pilot. It must be added similar to the settings used for the Marquee site above, but note the different URLs for Pilot, as shown in the following examples:
ACS URL: https://saml.xinet.com/PORTAL/pilot/startup.php
Entity ID: AWS.XinetServerTest.pilot.Marquee
Start URL: http://saml.xinet.com/PORTAL/pilot
Create a Files Entry on the Xinet server
1.
Edit httpd.conf on the Xinet server. Make sure to edit so that you are using the values specific to your machine. The entries should follow this format and you will need to supply the entity ID, and the IP address or hostname of the Portal server. These lines need to go in the <Directory /usr/etc/webnative> section of the file and should be placed just before the final </Directory> line.
This is slightly different for Pilot as you just use "pilot" as your site name:
<Files portal.pilot>
MellonSPentityId "<Entity ID>"
MellonEndpointPath "/webnative/portal.pilot/mellon"
MellonProxySAMLDest "http://<Portal Server IP Address or hostname>/PORTAL/pilot/startup.php"
</Files>
2.
> apachectl restart