1.   Open a Terminal window

2.   Run the following commands to install apache and php on your machine. When asked to continue in the installation of the applications type 'Y'

- Sudo apt-get update

- Sudo apt-get install apache2

- Sudo apt-get install php5

• If this command fails try to run: sudo apt-get install php5 --fix-missing
• It may also say that certain library files are unavailable (this is fine)

- Sudo apt-get install libapache2-mod-php5

- Sudo /etc/init.d/apache2 restart

This warning for installing / starting / restarting apache is fine:

- Sudo apt-get install php5-mcrypt

- Sudo apt-get install php5-Idap

- Sudo dpkg --list | grep php

• This will return a list of packages installed for php

- Check that libapache2-mod-php5 is installed

- Check that php5-mcrypt is installed

- Check that php5-Idap is installed

3.   Make a new file called “phpinfo.php” in the directory /var/www

• This is the default apache web route (May vary if already installed)
• If you don't have permissions to a file of direction the following command will grant you access:

- Sudo chmod a+rwx /Path/Directory(or file)

- In this case: Sudo chmod a+rwx /var/www)

• Inside this document add in the code:

4.   Open the php config file located in /etc/php5/apache2/php.ini

• Inside this file move to the 'Dynamic Extensions' section
• Add the mcrypt extension to the bottom of the section
• Add this as the extension:

• Copy the mcrypt.ini file from the directory /etc/php5/cont.d to /etc/php5/mods-available
• In the terminal run the following commands:

- Sudo php5enmod mcrypt

• May return error if mcrypt.ini is not in the correct directory

- Sudo service apache2 restart

5.   Go to your browser and go to the page localhost\phpinfo.php

• Inside this page check that there are sections for: date, dom, hash, libxml, mcrypt, openssl, pcre, SPL, zlib

6.   Install simplesamlphp

• In the terminal run the following command:

- Sudo apt-get install simplesamlphp

- Sudo apt-get update

7.   Create server certificates

• Make a new folder in the \var directory called certs
• In the terminal run the following command:

- Sudo openssl req -newkey rsa:2048 -new -x509 -days 1460 -nodes -out /var/certs/simplesaml.crt -keyout /var/certs/simplesaml.pem

• You will be asked to fill out credentials for the certificate. FIll them out as best as possible.

- Sudo openssl x509 -inform PEM -in /var/certs/simplesamlphp.crt > /var/certs/simplesamlpublic.crt

- Check the /var/certs directory. You should see all three files there

• Simplesaml.crt : Certificate for use in simplesamlphp
• Simplesaml.pem : Certificates private key for use in simplesamlphp
• Simplesamlpublic.crt : Certificates public key to upload to Cezanne

8.   Configure apache

• Open the apache2.conf file located in /etc/apache2
• Add the Alias tag below the items with the <Directory> tags

• Create a new folder in the /usr/share/simplesamlphp/www called mysimplesaml
• In the terminal run the following and restart the apache service

- Sudo a2enconf simplesamlphp

- Cd /usr/share/simplesamlphp/

- Sudo touch modules/exampleauth/enable

- Sudo service apache2 restart

• In your browser go to localhost/simplesamlphp and you should see the simplesamlphp installation page

9.   Configure simplesamlphp config.php

• Open the config.php in the directory /etc/simplesamlphp
• Change the 'certdir' path to '/var/certs/'
• Uncomment and change the 'auth.adminpassword'
• Uncomment and change the 'secretsalt'

In the terminal to get a new secret salt run: sudo tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' </dev/urandom | dd bs=32 count=1 2>/dev/null;echo

• Change the technical contact name and e-mail addresses.
• Change the 'enable.saml20-idp' setting to true (You will need to enable this for other forms of authentication you may want to use).
• Change the 'enable.http_post' to True.

10.   Configure simplesamlphp authsources.php

• Open the authsources.php in the directory /etc/simplesamlphp
• Uncomment the section for 'example-userpass'
• Edit that section until it looks like the code below:

• Exampleusername and examplepassword can be set to anything for testing purposes.
• Go to localhost/simplesamlphp in your browser and choose the authentication tab, then click the 'test configured authentication sources' option.

• Choose 'example-userpass' from the next list.

• Test the username and password you created above in this window.

11.   Configure simplesamlphp saml20-idp-hosted.php

• Create a file called saml20-idp-hosted.php in the directory /etc/simplesamlphp/metadata
• Add the below code to set up the identity provider

12.Configure simplesamlphp saml20-sp-remote.php

• Create a file called saml20-sp-remote.php in the directory /etc/simplesamlphp/metadata

• <<companyidentifier>> is unique to each client

• Log in to Cezanne as an HR Professional.
• Navigate to: System Setup >> Security Settings >> Single Sign-On Configuration.
• Check SAML 2.0 and select the advanced configuration option beside it.
• Click Add New.

• Enter 'SimpleSAML' as the Display Name.
• Change the SAML Binding to 'Redirect'.
• Enter 'uid' in the User ID Attribute Name.
• The Entity Identifier should be one of the following two options:

- http://SERVERNAME/simplesamlphp/saml2/idp/metadata.php

- http://LOCALIPADDRESS/simplesamlphp/saml2/idp/metadata.php

• The Security Token Service Endpoint should be one of the following two options:

- http://SERVERNAME/simplesamlphp/saml2/idp/SSOService.php

- http://LOCALIPADDRESS/simplesamlphp/saml2/idp/SSOService.php

• Also upload the Public Key Certificate that was made earlier (simplesamlpublic.crt).
• Select Save and Close.

• Search for a user you wish to set up for Single Sign-On
• Navigate to: System Setup >> Manage Users >> User Settings >> Single Sign-On tab:

• Select Add New in the SAML 2.0 Identifiers area
• Choose 'SimpleSAML' for the Identity Provider and enter 'exampleusername' as the User Identifier (This links to the user we made in section 10)
• Select Save.
• Log out of Cezanne.

• Navigate to the Login page for Cezanne.
• Click the Enterprise button.

• This should redirect to the simplesamlphp authentication page:

• Log in as the 'exampleusername' created earlier
• You should now be logged into Cezanne and setup for single sign-on using simplesamlphp!