VidyoPortal SSP

Innen: KIFÜ Wiki
A lap korábbi változatát látod, amilyen Bajnokk(AT)niif.hu (vitalap | szerkesztései) 2015. október 14., 09:22-kor történt szerkesztése után volt. (Bajnokk(AT)niif.hu átnevezte a(z) VidyoProxy SSP lapot a következő névre: VidyoPortal SSP)

Since version 3.0, Vidyo has enabled support for SAML in VidyoPortal. They do not rely on existing SAML middleware (such as Shibboleth or SimpleSAMLphp) but they manage SAML directly.

At the time of writing, SAML is supported for a single tenant, ie. one single Identity Provider can be configured in VidyoPortal. This means that in order to make Vidyo as a federated service, a SAML gateway should be configured to provide access for institutional users. In this guide, SimpleSAMLphp will be used as a gateway.

Install SimpleSAMLphp

The installation of SimpleSAMLphp software is covered in its documentation.

You will need to configure SSP both as an IdP (in the direction of VidyoPortal) and an SP (for the federation).

Configure SSP IdP for VidyoPortal

Enable SAML2 IdP functionality in config/config.php:

'enable.saml20-idp' => true,

Generate a key and a long-living self-signed certificate for the IdP and place it in the cert directory as idp.key and idp.crt

cd cert
openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out idp.crt -keyout idp.pem

It is easier to configure VidyoPortal by using friendly attribute names instead of OIDs, therefore use the oid2name AttributeMap for the transformation of attribute names. Edit metadata/saml20-idp-hosted.php as the following:

'auth' => 'default-sp',
'privatekey' => 'idp.key',
'certificate' => 'idp.crt',
'authproc' => array(
   200 => array('class' => 'core:AttributeMap', 'oid2name'),
),

Retrieve VidyoPortal metadata from the portal administration interface and save it as metadata/vidyo-sp.xml. It needs to be referenced from config/config.php:

'metadata.sources' => array(
    ...
    array('type' => 'xml', 'file' => 'metadata/vidyo-sp.xml'), // vidyo sp
    ... ),

Configure VidyoPortal to use SAML

In the portal the following should be set:

VidyoAdmin1.png

Set Vidyo user parameters

Click on Edit IdP Attribute Mapping... for mapping the IdP attributes to Vidyo user parameters

The interface is pretty self-explanatory. You can edit which SAML IdP attributes can be mapped to certain Vidyo parameters.

VidyoAdmin2.png

For some attributes it is possible to define value mapping as well. It might be useful for group and type information. You can define static string matches here.

VidyoAdmin3.png

Configure SSP SP for your federation

In the IdP configuration, define an authsource called default-sp. This will direct the users to their home IdP. TODO: explain

You should register the SP metadata to your federation according to the federation rules. Use metarefresh for keeping the federation metadata up to date.