SimpleSAMLphp Examples
Enterprise Authentication customers may elect to use SimpleSAMLphp as their Service Provider (SP) software.
The key functionality in SimpleSAMLphp is provided by the authorize Module. This module provides a user authorization filter based on attribute matching.
The below is an example only. The IAM Team does not warranty this example is the best method for implementing authorization nor that it will work for your web service/application. For additional assistance, please refer to the SimpleSAMLphp documentation.
The following code will restrict access to the specified UT EID.
60 => array( 'class' => 'authorize:Authorize', 'urn:oid:0.9.2342.19200300.100.1.1' => [ '/<your_eid_here>/' ] ),
The following code will restrict access to users with a staff affiliation.
60 => array( 'class' => 'authorize:Authorize', 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1' => [ '/staff/' ] ),
The following code will add contacts in order to help comply with our metadata requirements (more information is available at https://simplesamlphp.org/docs/development/simplesamlphp-reference-idp-hosted):
'contacts' => [
[
'contactType' => 'technical',
'emailAddress' => 'mailto:jdoe@example.org',
'givenName' => 'Jane',
'surName' => 'Doe',
'company' => 'Example Inc.',
],
[
'contactType' => 'other',
'emailAddress' => 'mailto:john@example.org',
'givenName' => 'John',
'surName' => 'Doe',
'company' => 'Example Inc.',
'attributes' => [
'xmlns:remd' => 'http://refeds.org/metadata',
'remd:contactType' => 'http://refeds.org/metadata/contactType/security',
],
],
[
'contactType' => 'support',
'emailAddress' => 'mailto:support@example.org',
'givenName' => 'Example Inc. IT Support Team',
],
],