SAML 2.0 with Docker test-saml-idp & Microsoft Azure Active Directory

In this post we will use the following docker container: https://hub.docker.com/r/kristophjunge/test-saml-idp/
Also check Microsoft Document for SAML: https://docs.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol

First, create an Enterprise Application en Azure AD

Then, create our docker container

docker run --name=testsamlidp_idp \

-p 80:80 \

-p 443:443 \

-e SIMPLESAMLPHP_SP_ENTITY_ID=http://site123.com \

-e SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE="COPY URL FROM App Federation Metadata Url"

-e SIMPLESAMLPHP_SP_SINGLE_LOGOUT_SERVICE="COPY URL FROM Logout URL" \

-d kristophjunge/test-saml-idp

Open ports in Linux

sudo firewall-cmd --zone=public --add-port=80/tcp --permanent

sudo firewall-cmd --zone=public --add-port=443/tcp --permanent

After container is installed, check it

docker ps

...

56f6309b2e16        kristophjunge/test-saml-idp   "docker-php-entrypoi…"   7 days ago          Up 45 minutes       0.0.0.0:80->80/tcp, 80/tcp, 0.0.0.0:443->443/tcp   testsamlidp_idp

...

Open http://site123.com/simplesaml and go to Federation tab. Tools. XML to SimpleSAMLphp metadata converter

Copy from Azure Ad metadata xml. You can Download the file from Federation Metadata XML or open it in a browser App Federation Metadata Url and copy

Click parse

Copy parsed metadata ro file in  saml20-idp-remote.php

You will need to log into container

docker exec -it 56f6309b2e16 bash

Update your container and install vim

apt-get update

apt-get install vim

root@56f6309b2e16:/var/www/simplesamlphp/metadata# pwd

/var/www/simplesamlphp/metadata

root@56f6309b2e16:/var/www/simplesamlphp/metadata# ls -las

total 44

0 drwxr-xr-x. 1 root root   34 Feb  4  2018 .

0 drwxr-xr-x. 1 root root   18 Feb  4  2018 ..

4 -rw-r--r--. 1 root root  296 Jan 31  2018 adfs-idp-hosted.php

4 -rw-r--r--. 1 root root  268 Jan 31  2018 adfs-sp-remote.php

4 -rw-r--r--. 1 root root 2374 Jan 31  2018 saml20-idp-hosted.php

4 -rw-r--r--. 1 root root  216 Jan 31  2018 saml20-idp-remote.php

4 -rw-r--r--. 1 root root  376 Feb  4  2018 saml20-sp-remote.php

4 -rw-r--r--. 1 root root  620 Jan 31  2018 shib13-idp-hosted.php

4 -rw-r--r--. 1 root root  385 Jan 31  2018 shib13-idp-remote.php

4 -rw-r--r--. 1 root root  232 Jan 31  2018 shib13-sp-hosted.php

4 -rw-r--r--. 1 root root  418 Jan 31  2018 shib13-sp-remote.php

4 -rw-r--r--. 1 root root  225 Jan 31  2018 wsfed-idp-remote.php

4 -rw-r--r--. 1 root root  167 Jan 31  2018 wsfed-sp-hosted.php

root@56f6309b2e16:/var/www/simplesamlphp/metadata# cp saml20-idp-remote.php saml20-idp-remote.php.bak

vi saml20-idp-remote.php

Copy parsed metadata

Go to config

root@56f6309b2e16:/var/www/simplesamlphp/config# pwd

/var/www/simplesamlphp/config

root@56f6309b2e16:/var/www/simplesamlphp/config# ls -las

total 44

 0 drwxr-xr-x. 1 root root    29 Feb  4  2018 .

 0 drwxr-xr-x. 1 root root    22 Feb  4  2018 ..

 4 -rw-r--r--. 1 root root  1577 Jan 31  2018 acl.php

 4 -rw-r--r--. 1 root root  2143 Jan 31  2018 authmemcookie.php

 4 -rw-r--r--. 1 root root   519 Feb  4  2018 authsources.php

32 -rw-r--r--. 1 root root 30170 Feb  4  2018 config.php

Backup  authsources.php

root@56f6309b2e16:/var/www/simplesamlphp/config# cp authsources.php authsources.php.bak

Add the following

    'default-sp' => array(

        'saml:SP',

        'entityID' => 'https://site123.com',

        'idp' => '"COPY URL FROM Azure AD Identifier"/',

        'discoURl' => null,

        'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',

        'simplesaml.nameidattribute' => 'eduPersonTargetedID',

    ),

In Azure AD go to App Registration and add redirect URI

Test your SSO going to https://site123.com/simplesaml 

Go to Authentication

default-sp

Microsoft Login Screen appears

Log In

Install Docker on CentOS 7

Create Docker User
groupadd docker
useradd -g docker docker
passed xxxxxxx

Change to user docker
su - docker

Install Packages
sudo yum install -y yum-utils device-mapper-persistent-data lvm2

Add Docker Repo
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

Install Docker
sudo yum install docker-ce docker-ce-cli containerd.io

Start and Enable Docker
sudo systemctl start docker
sudo systemctl enable docker

Docker Info docker info
Client:
 Debug Mode: false

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 19.03.8
 Storage Driver: overlay2
  Backing Filesystem: <unknown>
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-1062.18.1.el7.x86_64
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 7.638GiB
 Name: CentOS7Docker
 ID: 3YJD:HCHM:5MAU:IXRO:4SP7:BTNB:XMYA:OV73:F5U2:JLYC:AQAJ:7N3V
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false


Docker processes
docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES


Verify Docker
docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
0e03bdcc26d7: Pull complete 
Digest: sha256:8e3114318a995a1ee497790535e7b88365222a21771ae7e53687ad76563e8e76
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly
.......