We support connecting to a SAML 2.0 compliant Identity Provider (IdP). Your university must host the SAML 2.0 IdP and properly set the conﬁguration options to grant our Service Provider (SP) access. We can also work with ADFS, Azure AD and Google-specific configurations.
1) Step one for SAML integration is for Pharos360 to configure you in our list of remote identity providers (IDPs). The easiest way to accomplish this is to provide us with a link to your metadata e.g.https://openidp.feide.no/simplesaml/saml2/idp/metadata.php. Alternatively you may provide us with the following fields manually:
The base URL to your SAML implementation, e.g.
The location for a single sign on service (and a binding value for shibboleth installations), e.g.
array ( 'Binding' => 'urn:mace:shibboleth:1.0:profiles:AuthnRequest', 'Location' => 'https://idp2.example.edu/idp/profile/Shibboleth/SSO', )
- An artefact resolution service if you have one, e.g.
array ( 'Binding' => 'urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding', 'Location' => 'https://example.edu:8443/idp/profile/SAML1/SOAP/ArtifactResolution' )
- An SSL certificate, e.g.
array ( 'type' => 'X509Certificate', 'X509Certificate' => ' A very large block of base64 encoded text goes here', )
2) Once we have your IDP configured you can configure us as a Service Provider (SP). We will either provide you with a link to the metadata for your SP, or the values for the following fields manually (shown here formatted for simplesamlphp):
FALSE, //This can be set to true to help determine a valid nameidattribute
large base64 encoded string
Please note that both nameIDFormat and nameidattribute will need to be configured based on your university's Active Directory setup. Ideally nameidattibute will correspond with the user ID selected for the Student_Data.csv and Employee_Data.csv files.
For ADFS or Azure AD configurations, you will also need to create a claim rule. Please set the following details:
- LDAP Attribute => `Employee ID`
- Outgoing Claim Type = `Name ID`
See below for an example of this claim rule:
Azure AD: For step-by-step instructions, visit Microsoft Azure's documentation.