JA T3 Framework

Fast. Flexible. Powerful

Contact

How to connect EZproxy to SimpleSAMLphp using SAML2

This guide will show you how to connect EZproxy as a SP using SAML 2 to a SimpleSAMLphp (SSP) SAML2 IdP. The guide shows how to connect an EZproxy to SSP in the setup used at WAYF and is therefore not guaranteed to work on other setups.

Connection EZproxy to SSP

For this to work you need EZproxy version 5.1b GA or later and SimpleSAMLphp varsion 1.4 or later.

PHP

The first thing you need to do is to install and/or enable the 'mcryp' module in your PHP installation.

EZproxy

Next follow the Shibboleth 2.0 guide to Ezproxy on how to set up EZproxy as an Shibboleth 2.0 SP. The guide can be found at http://www.oclc.org/support/documentation/ezproxy/usr/shibboleth.htm. EZproxy should be set up with SSL. The guide on how to set up EZproxy to use SSL can be found at http://www.oclc.org/support/documentation/ezproxy/cfg/ssl/.

SSP

There are to things you need to do to make EZproxy work with SSP. EZproxy requires that the entire response is signed, not just the assertion. Thesecond thing is that EZproxy will only work if you excrypt the assertion. So after you have set up EZproxy, you need to add the following configuration to your SP metadata. In ''saml20-sp-remote.php'' you need to set the following:

"signresponse" => TRUE,
"assertion.encryption" => TRUE

When the SAML2 response is signed, instead of only the assertion, and the assertion is encrypted, then the EZproxy will accept SAML2 response from your SAML 2 IdP.

Debugging

If you are having trouble connecting, setting the following options in ''config.txt'' will increase logging:

Option X-Shibboleth
XDebug 6

Questions related to this issue can be directed to Henrik Larsen ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ), University Library of Southern Denmark.

WAYF – Where Are You From
Asmussens Allé, Building 305
DK-2800 Lyngby
Denmark

www.wayf.dk
sekretariat@wayf.dk

line
You are here: