-
Notifications
You must be signed in to change notification settings - Fork 0
Registering with JANUS
To be able to authenticate with wayf, you have to register your service (your private blog) with WAYF. We do that with the self service tool called JANUS. This is where everything about your simplesaml installation (your metadata) has to be stored, and updated, when you make changes to your installation.
We need to be able to share the metadata of your simpleSAMLphp installation. Simply go to http://mws.org/blog/simplesaml/module.php/saml/sp/metadata.php/default-sp?output=xhtml. This is a good page to keep open because you might need the data several times, throughout this process.
Start by logging in to JANUS and click on the Connections tab. In there you want to create a new connection. In the connection ID, you put the dedicated url for this metadata, it should look like this.
https://wfs.org/blog/simplesaml/module.php/saml/sp/metadata.php/default-sp
And in the XML you put the xml from your metadata page. For brevity, it will not be pasted here.
Don't forget to choose SAML 2.0 SP as the type of the connection.
Click the metadata tab and verify that your data is correct. If it is not correct, go to the import metadata tab and paste your XML again, or paste the url to your XML and make JANUS fetch your metadta for you. Repeat until metadata is valid.
In the authentication page, https://wfs.org/blog/simplesaml/module.php/core/frontpage_auth.php you can now test your connection by clicking on default-sp. Most tutorials and documentation tell you this:
If you have followed this tutorial by the letter, everything works and you should see this success message.
But not here. With WAYF and simpleSAMLphp there are multiple ways of failing and I personally, have experienced a few. Many of the error messages are not descriptive, not helpful and sometimes not related to the actual error. So what we suggest is, read through the log errors, consult google, look at the FEL, contact the simpleSAMLphp forum.
However, if you could by some stroke of immeasurable genius, got a successful login authentication with WAYF's test IdP, I congratulate you.