Single Sign On (SSO) with SimpleSAMLPHP

The examples below were provided to TeamDynamix by clients who were able to successfully configure Single Sign On using SimpleSAMLPHP, or SimpleSAML for short. Please note that TeamDynamix does not have expertise in IdP configurations for SimpleSAML. It is best for you to speak with your internal technical team or a SimpleSAML professional for any issues or questions related to configuring Single Sign On in SimpleSAML.

Overview

This article covers how other TeamDynamix clients have configured SimpleSAMLPHP, or SimpleSAML, to allow Single Sign On authentication with TeamDynamix.

SimpleSAML Configuration

The steps below are what was needed to get the SAML config working for TeamDynamix in SimpleSAMLPHP:

  1. Obtain the TeamDynamix Metadata. See the related Obtaining TeamDynamix SP SAML Metadata article for obtaining this metadata. Use the InCommon download link in the related KB.
  2. Download the XML metadata.
  3. Go to SimpleSAML and login.
  4. Click the Federation tab.
  5. Under Tools, click XML to SimpleSAMLphp metadata converter.
  6. Copy the output from the saml20-sp-remote section.
  7. Paste that data in the bottom of the saml20-sp-remote.php file in SimpleSAML's metadata directory.
  8. Add the following lines, after the entityid line:
'name' => 'Team Dynamix',
'AttributeNameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
'simplesaml.attributes' => true,
'authproc' => array(
  50 => array( /* The AttributeMap converts attributes from the local name (like eduPersonPrincipalName) to the name format needed by TeamDynamix */
    'class' => 'core:AttributeMap',
    'eduPersonPrincipalName' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',
    'cn' => 'urn:oid:2.5.4.3',
    'givenName' => 'urn:oid:2.5.4.23',
    'displayName' => 'urn:oid:2.16.840.1.113730.3.1.241',
    'mail' => 'urn:oid:0.9.2342.19200300.100.1.3',
    'eduPersonPrimaryAffiliation' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.5', ),
  /* The AttributeLimit only provides the needed attributes, as listed by the name post-AttributeMap conversion*/
  60 => array (
    'class' => 'core:AttributeLimit',
    'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',
    'urn:oid:2.5.4.3',
    'urn:oid:2.5.4.23',
    'urn:oid:2.16.840.1.113730.3.1.241',
    'urn:oid:0.9.2342.19200300.100.1.3',
    'urn:oid:1.3.6.1.4.1.5923.1.1.1.5',
  ),
),

Details

Article ID: 15548
Created
Tue 8/2/16 12:13 PM
Modified
Wed 7/14/21 2:19 PM

Related Articles (3)

Accepted SAML SSO Attributes
The list of attributes and formats which TeamDynamix accepts for SAML 2.0 Single Sign On (SSO) authentication and self-registration processes.
Obtaining the TeamDynamix SP SAML Metadata
TeamDynamix SAML Metadata
Troubleshooting Single Sign On (SSO) Issues
This article will cover several common issues experienced by clients who utilize Single Sign On authentication in TeamDynamix and troubleshooting steps you can take to resolve them.