Howto register AWS SAML metadata in SimpleSAMLphp

Posted byKonstantin VlasenkoPosted inAWSTags:,
  1. There is the page Configuring a Relying Party and Adding Claims. It explains how to get AWS metadata https://signin.aws.amazon.com/static/saml-metadata.xml
  2. Go to you SimpleSAMLphp Federation tab
  3. Click on XML to simpleSAMLphp metadata converter link
    XMLtoMetadata
  4. Copy content of https://signin.aws.amazon.com/static/saml-metadata.xml
  5. Paste it into Metadata parser window. Click Parse button.
  6. Copy Converted metadata content
  7. Paste into Noteapd
  8. Add Auth Procc Filter (mentioned at https://groups.google.com/forum/#!topic/simplesamlphp/AgHEy-5vHdA)

    ‘authproc’ => array(
    10 => array(
    ‘class’ => ‘core:AttributeAdd’,
    https://aws.amazon.com/SAML/Attributes/Role‘ => array(‘arn:aws:iam::<account_number_without_spaces>:role/<role_name>,arn:aws:iam::<account_number_without_spaces>:saml-provider/<’saml_provider_name)
    ),
    20 => array(
    ‘class’ => ‘core:AttributeAdd’,
    https://aws.amazon.com/SAML/Attributes/RoleSessionName‘ => array(‘uid’)
    ),
    ),

  9. Open /var/simplesamlphp/metadata/saml20-sp-remote.php file
  10. Replace its content by content from Notepad
Advertisement

One thought on “Howto register AWS SAML metadata in SimpleSAMLphp

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: