This guide will show you how to connect EZproxy as a SP using SAML 2 to a SimpleSAMLphp (SSP) SAML2 IdP. The guide shows how to connect an EZproxy to SSP in the setup used at WAYF and is therefore not guaranteed to work on other setups.
For this to work you need EZproxy version 5.1b GA or later and SimpleSAMLphp varsion 1.4 or later.
The first thing you need to do is to install and/or enable the 'mcryp' module in your PHP installation.
Next follow the Shibboleth 2.0 guide to Ezproxy on how to set up EZproxy as an Shibboleth 2.0 SP. The guide can be found at http://www.oclc.org/support/documentation/ezproxy/usr/shibboleth.htm. EZproxy should be set up with SSL. The guide on how to set up EZproxy to use SSL can be found at http://www.oclc.org/support/documentation/ezproxy/cfg/ssl/.
There are to things you need to do to make EZproxy work with SSP. EZproxy requires that the entire response is signed, not just the assertion. Thesecond thing is that EZproxy will only work if you excrypt the assertion. So after you have set up EZproxy, you need to add the following configuration to your SP metadata. In ''saml20-sp-remote.php'' you need to set the following:
"signresponse" => TRUE, "assertion.encryption" => TRUE
When the SAML2 response is signed, instead of only the assertion, and the assertion is encrypted, then the EZproxy will accept SAML2 response from your SAML 2 IdP.
If you are having trouble connecting, setting the following options in ''config.txt'' will increase logging: