The installation of this modules is very easy, just unzip them at simplesamlphp_root_dir/modules directory.
The getSession module is necessary for the integration, the attributeValueChooser is optional, and useful if your users are belonging to more than one OpenNebula groups. If you use any SAML VO solution you probably get it useful.
getSession module
With this module you get the following URL:
https://www.example.com/simplesaml/module.php/getSession/index.php?sessid=<sessionid>
In the response you will get the session datas in JSON format, like the session validity and user attributes.
There is no configuration just enable or disable this module.
It's recommended to limit the access to this location (url) in web server via host allow declarations.
attributeValueChooser moduleOpenNebula can not handle when a user is belonging to more than one groups.
After login the user has to make a decision in a form what group he wants to belong to over the session. The module also handles attribute mapping for the application.
The configuration is in the simplesamlphp_root_dir/config/config.php authproc.sp array. Configuration example:
'authproc.sp' => array(
/* .... */
11 => array(
'class' => 'attributeValueChooser:attributeValueChooser',
'attributename' => 'eduPersonEntitlement',
'mapping' => array(
'urn:geant:niif.hu:sztaki:felho:oneadmin' =>'oneadmin',
'urn:geant:niif.hu:sztaki:felho:users' => 'users',
),
/* .... */
),
| 
