[OpenID] Help Requested: Using simpleSAMLphp as a gateway between OpenID and SAML

Joni Brennan joni at ieee-isto.org
Wed Apr 15 21:11:03 UTC 2009


I am writing to you today on behalf of myself and a colleague, to ask you
for some feedback about simpleSAMLphp functionality.  We are working to
launch a confluence wiki deployment using a multi-protocol authentication
approach.  Our idea is to use simpleSAMLphp as a gateway between OpenID and
SAML. We are experiencing difficulty making the parts work together and we
thought there may be folks on these lists who could help.

We currently have confluence installed with shibboleth SP and wayf (the php
version from SWITCH) and want to allow people to login with OpenID via the
simpleSAMLphp gateway.

To achieve this we have installed simpleSAMLphp as IdP (further details
available off list). For the authentication method we have configured OpenID
(by creating the "enabled" file under simplesamlphp/modules/openid). So far
we are able to successfully login with our "myopenid" account. But it looks
like it is not passing the right attributes to our SP.

  We set up have the standard config:

         * These parameters are only relevant if you setup an OpenID
        'openid.userid_attributename' => 'eduPersonPrincipalName',

We believed that this would pass our OpenID id as the eduPersonPricipalName
(which is then mapped by the Shibboleth SP to eppn and to 'REMOTE_USER').
But it seem that it is not passing anything as eduPersonPricipalName - so we
must be missing something there.

Also we are not sure we understand what the 'openid.delegation_prefix'
parameter is for?

If any of you are able to help us, we can provide a test for the
authentication (which will give you a phpinfo() pages after logging in via

Thanks in advance for any guidance or support you may be able to share with

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090415/d9abbefc/attachment.htm>

More information about the general mailing list