{"id":19794124,"url":"https://github.com/simplesamlphp/simplesamlphp-module-oidc","last_synced_at":"2025-04-04T10:05:29.087Z","repository":{"id":40481376,"uuid":"131253673","full_name":"simplesamlphp/simplesamlphp-module-oidc","owner":"simplesamlphp","description":"A SimpleSAMLphp module for OIDC OP support.","archived":false,"fork":false,"pushed_at":"2025-04-03T11:40:45.000Z","size":4266,"stargazers_count":46,"open_issues_count":15,"forks_count":24,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-04-03T11:52:44.201Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/simplesamlphp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-04-27T06:14:59.000Z","updated_at":"2025-04-02T12:47:51.000Z","dependencies_parsed_at":"2024-05-20T15:31:19.569Z","dependency_job_id":"88695a53-c96b-443f-8194-928215bb1967","html_url":"https://github.com/simplesamlphp/simplesamlphp-module-oidc","commit_stats":{"total_commits":210,"total_committers":15,"mean_commits":14.0,"dds":"0.29047619047619044","last_synced_commit":"28679773dbc795756d7980006b58e2599701ad53"},"previous_names":[],"tags_count":38,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simplesamlphp%2Fsimplesamlphp-module-oidc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simplesamlphp%2Fsimplesamlphp-module-oidc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simplesamlphp%2Fsimplesamlphp-module-oidc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simplesamlphp%2Fsimplesamlphp-module-oidc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/simplesamlphp","download_url":"https://codeload.github.com/simplesamlphp/simplesamlphp-module-oidc/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247156412,"owners_count":20893197,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-12T07:12:09.895Z","updated_at":"2025-04-04T10:05:29.062Z","avatar_url":"https://github.com/simplesamlphp.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# simplesamlphp-module-oidc\n\u003e A SimpleSAMLphp module for OIDC OP support.\n\nThis module adds support for OpenID Provider role from the OpenID Connect protocol\nthrough a SimpleSAMLphp module installable through Composer. It is based on \n[Oauth2 Server from the PHP League](https://oauth2.thephpleague.com/) \n\nCurrently supported flows are:\n* Authorization Code flow, with PKCE support (response_type 'code')\n* Implicit flow (response_type 'id_token token' or 'id_token')\n* Refresh Token flow\n\n[![Build Status](https://github.com/simplesamlphp/simplesamlphp-module-oidc/actions/workflows/test.yaml/badge.svg)](https://github.com/simplesamlphp/simplesamlphp-module-oidc/actions/workflows/test.yaml) \n[![Coverage Status](https://codecov.io/gh/simplesamlphp/simplesamlphp-module-oidc/branch/master/graph/badge.svg)](https://app.codecov.io/gh/simplesamlphp/simplesamlphp-module-oidc)\n[![SimpleSAMLphp](https://img.shields.io/badge/simplesamlphp-2.3-brightgreen)](https://simplesamlphp.org/)\n\n![Main screen capture](docs/oidc.png)\n\n### Note on OpenID Federation (OIDF) support\n\nOpenID Federation support is in \"draft\" phase, as is the\n[specification](https://openid.net/specs/openid-federation-1_0) itself. This means that you can expect braking changes\nin future releases related to OIDF capabilities. You can enable / disable OIDF support at any time in module\nconfiguration.\n\nCurrently, the following OIDF features are supported:\n* automatic client registration using a Request Object (passing it by value)\n* federation participation limiting based on Trust Marks\n* endpoint for issuing configuration entity statement (statement about itself)\n* fetch endpoint for issuing statements about subordinates (registered clients)\n* subordinate listing endpoint\n\nOIDF support is implemented using the underlying [SimpleSAMLphp OpenID library](https://github.com/simplesamlphp/openid).\n\n## Version compatibility\n\nMinor versions of SimpleSAMLphp noted below means that the module has been tested with that version of SimpleSAMLphp\nduring module development. SimpleSAMLphp started following semantic versioning for its API from version 2.0. This means,\nfor example, that v5.* of the oidc module should work on any v2.* of SimpleSAMLphp. However, do mind that there were\nPHP version requirement changes in minor releases for SimpleSAMLphp.\n\n| OIDC module | Tested SimpleSAMLphp |  PHP   | Note                        |\n|:------------|:---------------------|:------:|-----------------------------|\n| v6.\\*       | v2.3.\\*              | \\\u003e=8.2 | Recommended                 |\n| v5.\\*       | v2.1.\\*              | \\\u003e=8.1 |                             |\n| v4.\\*       | v2.0.\\*              | \\\u003e=8.0 |                             |\n| v3.\\*       | v2.0.\\*              | \\\u003e=7.4 | Abandoned from August 2023. |\n| v2.\\*       | v1.19.\\*             | \\\u003e=7.4 |                             |\n\n### Upgrading?\n\nIf you are upgrading from a previous version, make sure to check the [upgrade guide](UPGRADE.md).\n\n## Installation\n\nInstallation can be as easy as executing:\n\n    composer require simplesamlphp/simplesamlphp-module-oidc\n\n### Configure the module\n\nCopy the module config template file to the SimpleSAMLphp config directory:\n\n    cp modules/oidc/config/module_oidc.php.dist config/module_oidc.php\n\nThe options are self-explanatory, so make sure to go through the file and edit them as appropriate.\n\n### Configure the database\n\nThis module uses a default SimpleSAMLphp database feature to store access/refresh tokens, user data, etc.\nIn order for this to work, edit your `config/config.php` and check 'database' related configuration. Make sure\nyou have at least the following parameters set:\n\n    'database.dsn' =\u003e 'mysql:host=server;dbname=simplesamlphp;charset=utf8',\n    'database.username' =\u003e 'user',\n    'database.password' =\u003e 'password',\n\n\u003e [!NOTE]  \n\u003e The module has been tested against and supports the SQLite, PostgreSQL and MySQL databases.\n\n### Create Protocol / Federation RSA key pairs\n\nDuring the authentication flow, generated ID Token and Access Token will be in a form of signed JSON Web token (JWS).\nBecause of the signing part, you need to create a public/private RSA key pair. This public/private RSA key pair\nis referred to as \"OIDC protocol\" keys. On the other hand, if you will be using OpenID Federation capabilities,\nyou should create separate key pair dedicated for OpenID Federation operations, like signing Entity Statement JWS.\nBelow are sample commands to create key pairs with default file names, both \"protocol\" and \"federation\" version.\n\nTo generate the private key, you can run this command in the terminal:\n\n    openssl genrsa -out cert/oidc_module.key 3072\n    openssl genrsa -out cert/oidc_module_federation.key 3072\n\nIf you want to provide a passphrase for your private key, run this command instead:\n\n    openssl genrsa -passout pass:myPassPhrase -out cert/oidc_module.key 3072\n    openssl genrsa -passout pass:myPassPhrase -out cert/oidc_module_federation.key 3072\n\nNow you need to extract the public key from the private key:\n\n    openssl rsa -in cert/oidc_module.key -pubout -out cert/oidc_module.crt\n    openssl rsa -in cert/oidc_module_federation.key -pubout -out cert/oidc_module_federation.crt\n\nor use your passphrase if provided on private key generation:\n\n    openssl rsa -in cert/oidc_module.key -passin pass:myPassPhrase -pubout -out cert/oidc_module.crt\n    openssl rsa -in cert/oidc_module_federation.key -passin pass:myPassPhrase -pubout -out cert/oidc_module_federation.crt\n\nIf you use different files names or a passphrase, make sure to configure it in the `module_oidc.php` config file.\n\n### Enabling the module\n\nAt this point we can enable the module by adding `'oidc' =\u003e true` to the list of enabled modules in the main\nSimpleSAMLphp configuration file, `config/config.php`. \n\n    'module.enable' =\u003e [\n        'exampleauth' =\u003e false,\n        'core' =\u003e true,\n        'admin' =\u003e true,\n        'saml' =\u003e true,\n        // enable oidc module\n        'oidc' =\u003e true,\n    ],\n\nOnce the module is enabled, the database migrations must be run.\n\n### Run database migrations\n\nThe module comes with some default SQL migrations which set up needed tables in the configured database. To run them,\nin the SimpleSAMLphp administration area go to `OIDC` \u003e `Database Migrations`, and press the available button.\n\nAlternatively, in case of automatic / scripted deployments, you can run the 'install.php' script from the command line:\n\n    php modules/oidc/bin/install.php\n\n### Protocol Artifacts Caching\n\nThe configured database serves as the primary storage for protocol artifacts, such as access tokens, authorization\ncodes, refresh tokens, clients, and user data. In production environments, it is recommended to also set up caching\nfor these artifacts. The cache layer operates in front of the database, improving performance, particularly during\nsudden surges of users attempting to authenticate. The implementation leverages the Symfony Cache component, allowing\nthe use of any compatible Symfony cache adapter. For more details on configuring the protocol cache, refer to the\nmodule configuration file.\n\n### Relying Party (RP) Administration\n\nThe module lets you manage (create, read, update and delete) approved RPs from the module user interface itself.\n\nOnce the database schema has been created, in the SimpleSAMLphp administration area go to `OIDC` \u003e\n`Client Registry`. \n\nNote that clients can be marked as confidential or public. If the client is not marked as confidential (it is public),\nand is using Authorization Code flow, it will have to provide PKCE parameters during the flow.\n\nClient ID and secret will be generated, and can be seen after the client creation by clicking on the 'show' button.\n\n### Cron hook\n\nIn order to purge expired tokens, this module requires [cron module](https://simplesamlphp.org/docs/stable/cron:cron)\nto be enabled and configured.\n\n### Endpoint locations\n\nOnce you deploy the module, in the SimpleSAMLphp administration area go to `OIDC` and then select the\nProtocol / Federation Settings page to see the available discovery URLs. These URLs can then be used to set up a\n`.well-known` URLs (see below).\n\n### Key rollover\n\nThe module supports defining additional (new) private / public key pair to be published on relevant JWKS endpoint\nor contained in relevant JWKS property. In this way, you can \"announce\" new public key which can then be fetched\nby RPs in order to prepare for the switch of the keys (until the switch of keys, all artifacts continue to be\nsigned with the \"old\" private key).\n\nIn this way, after RPs fetch new JWKS (JWKS with \"old\" and \"new\" key), you can do the switch of keys when you find\nappropriate.\n\n### Note when using Apache web server\n\nIf you are using Apache web server, you might encounter situations in which Apache strips of Authorization header\nwith Bearer scheme in HTTP requests, which is a known 'issue' (https://github.com/symfony/symfony/issues/19693). \nAlthough we handle this special situation, it has performance implications, so you should add one of the following\nApache configuration snippets to preserve Authorization header in requests:\n\n```apacheconf\nRewriteEngine On\nRewriteCond %{HTTP:Authorization} .+\nRewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]\n```\nor\n```apacheconf\nSetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n```\nChoose the one which works for you. If you don't set it, you'll get a warnings about this situation in your logs.\n\n## Additional considerations\n### Private scopes\n\nThis module support the basic OIDC scopes: openid, email, address, phone and profile.\nHowever, you can add your own private scopes in the `module_oidc.php` config file, for example:\n\n```php\n\u003c?php\n\n$config = [\n    \\SimpleSAML\\Module\\oidc\\ModuleConfig::OPTION_AUTH_CUSTOM_SCOPES =\u003e [\n        'private' =\u003e [\n            'description' =\u003e 'private scope',\n            'claim_name_prefix' =\u003e '', // Optional prefix for claim names\n            'are_multiple_claim_values_allowed' =\u003e false, // Allow or disallow multiple values for claims\n            'attributes' =\u003e ['national_document_id']\n        ],\n    ],\n];\n```\n\n### Attribute translation\n\nDefault translation table from SAML attributes to OIDC claims is based on\n[REFEDS wiki article: \"Mapping SAML attributes to OIDC Claims\"](https://wiki.refeds.org/display/GROUPS/Mapping+SAML+attributes+to+OIDC+Claims).\n\nYou can change or extend this table in the `module_oidc.php` config file, like in example below. Note that translation\nexamples use friendly attribute names. If other attribute name format is used, adjust configuration accordingly. \n\n```php\n\u003c?php\n\n$config = [\n    \\SimpleSAML\\Module\\oidc\\ModuleConfig::OPTION_AUTH_SAML_TO_OIDC_TRANSLATE_TABLE =\u003e [\n        // Overwrite default translation\n        'sub' =\u003e [\n            'uid', // added\n            'eduPersonPrincipalName',\n            'eduPersonTargetedID',\n            'eduPersonUniqueId',\n        ],\n        // Remove default translation\n        'family_name' =\u003e [\n        ],\n\n        // New claim created from SAML attribute\n        // Used in previus private scope\n        'national_document_id' =\u003e [\n            'schacPersonalUniqueId',\n        ],\n    ],\n];\n```\n\n### Auth Proc Filters\nThis module will not execute standard Auth Proc Filters which are used during regular SAML authN, reason being that \nnot all expected entities are participating in the authN process (most notably the Service Provider - SP). \nBecause of that, OIDC module provides its own 'authproc.oidc' configuration option which can be used to designate \nspecific Auth Proc Filters which will run only during OIDC authN. \n\nHowever, there are some considerations. OIDC authN state array will not contain all the keys which are \navailable during SAML authN, like Service Provider metadata. If you are using an existing filter, make sure it does \nnot rely on some non-existent state data. At the moment, only the following SAML authN data will be available:\n* \\['Attributes'\\]\n* \\['Authority'\\]\n* \\['AuthnInstant'\\]\n* \\['Expire'\\]\n\nSource and destination will have entity IDs corresponding to the OP issuer ID and Client ID respectively.\n* \\['Source'\\]\\['entityid'\\] - contains OpenId Provider issuer ID\n* \\['Destination'\\]\\['entityid'\\] - contains Relying Party (OIDC Client) ID\n\nIn addition to that, the following OIDC related data will be available in the state array:\n* \\['Oidc'\\]\\['OpenIdProviderMetadata'\\] - contains information otherwise available from the OIDC configuration URL.\n* \\['Oidc'\\]\\['RelyingPartyMetadata'\\] - contains information about the OIDC client making the authN request.\n* \\['Oidc'\\]\\['AuthorizationRequestParameters'\\] - contains relevant authorization request query parameters.\n\nAuth Proc processing has been tested with a variety of modules including ones that adjust attributes, log\nand redirect for user interaction.\n\nYou can add Auth Proc filters in the 'authproc.oidc' config option in the same manner as described in the [Auth Proc \ndocumentation](https://simplesamlphp.org/docs/stable/simplesamlphp-authproc).\n\n```php\n\u003c?php\n\n$config = [\n    \\SimpleSAML\\Module\\oidc\\ModuleConfig::OPTION_AUTH_PROCESSING_FILTERS =\u003e [\n        50 =\u003e [\n            'class' =\u003e 'core:AttributeAdd',\n            'groups' =\u003e ['users', 'members'],\n        ],\n    ],\n];\n```\n### Client registration permissions\n\nYou can allow users to register their own clients.\nThis is controlled through the `permissions` setting in `module_oidc.php`\n\nPermissions let the module expose functionality to specific users. In the\nbelow configuration, a user's eduPersonEntitlement attribute is examined.\nIf the user tries to do something that requires the `client` permission\n(such as registering their own client) then they will need one of the\neduPersonEntitlements from the `client` permission array.\n\nA permission can be disabled by commenting it out.\n\n```php\n     \\SimpleSAML\\Module\\oidc\\ModuleConfig::OPTION_ADMIN_UI_PERMISSIONS =\u003e [\n        // Attribute to inspect to determine user's permissions\n        'attribute' =\u003e 'eduPersonEntitlement',\n        // Which entitlements allow for registering, editing, delete a client. OIDC clients are owned by the creator\n        'client' =\u003e ['urn:example:oidc:manage:client'],\n    ],\n```\n\nUsers can visit the `https://example.com/simplesaml/module.php/oidc/clients/` to create and view their clients.\n\n## OIDC Discovery Endpoint\n\nThe module offers an OpenID Connect Discovery endpoint at URL:\n\n    https://yourserver/simplesaml/module.php/oidc/.well-known/openid-configuration\n\n## OpenID Federation Configuration Endpoint\n\nThe module offers an OpenID Federation configuration endpoint at URL:\n\n    https://yourserver/simplesaml/module.php/oidc/.well-known/openid-federation\n\n### .well-known URLs\n\nYou can configure you web server (Apache, Nginx) in a way to serve the mentioned URLs in a '.well-known'\nform. Below are some sample configurations for `openid-configuration`, but you can take the same approach for \n`openid-federation`.\n\n#### nginx \n    location = /.well-known/openid-configuration {\n        rewrite ^(.*)$ /simplesaml/module.php/oidc/.well-known/openid-configuration break;\n        proxy_pass https://localhost;\n    }\n\n#### Apache\n\n    RewriteEngine On\n    RewriteRule ^/.well-known/openid-configuration(.*) /simplesaml/module.php/oidc/.well-known/openid-configuration$1 [PT]\n\n## Using Docker\n\n### With current git branch.\n\nTo explore the module using docker run the below command. This will run an SSP image, with the current oidc module\nmounted in the container, along with some configuration files. Any code changes you make to your git checkout are\n\"live\" in the container, allowing you to test and iterate different things.\n\n```\ndocker run --name ssp-oidc-dev \\\n   --mount type=bind,source=\"$(pwd)\",target=/var/simplesamlphp/staging-modules/oidc,readonly \\\n  -e STAGINGCOMPOSERREPOS=oidc \\\n  -e COMPOSER_REQUIRE=\"simplesamlphp/simplesamlphp-module-oidc:@dev\" \\\n  -e SSP_ADMIN_PASSWORD=secret1 \\\n  --mount type=bind,source=\"$(pwd)/docker/ssp/module_oidc.php\",target=/var/simplesamlphp/config/module_oidc.php,readonly \\\n  --mount type=bind,source=\"$(pwd)/docker/ssp/authsources.php\",target=/var/simplesamlphp/config/authsources.php,readonly \\\n  --mount type=bind,source=\"$(pwd)/docker/ssp/config-override.php\",target=/var/simplesamlphp/config/config-override.php,readonly \\\n  --mount type=bind,source=\"$(pwd)/docker/ssp/oidc_module.crt\",target=/var/simplesamlphp/cert/oidc_module.crt,readonly \\\n  --mount type=bind,source=\"$(pwd)/docker/ssp/oidc_module.key\",target=/var/simplesamlphp/cert/oidc_module.key,readonly \\\n  --mount type=bind,source=\"$(pwd)/docker/apache-override.cf\",target=/etc/apache2/sites-enabled/ssp-override.cf,readonly \\\n   -p 443:443 cirrusid/simplesamlphp:v2.3.5\n```\n\nVisit https://localhost/simplesaml/ and confirm you get the default page.\nThen navigate to [OIDC screen](https://localhost/simplesaml/module.php/oidc/install.php)\nand you can add a client.\n\nYou may view the OIDC configuration endpoint at `https://localhost/.well-known/openid-configuration`\n\n#### Local Testing with other DBs\n\nTo test local changes against another DB, such as Postgres, we need to:\n\n* Create a docker network layer\n* Run a DB container (and create a DB if one doesn't exist)\n* Run SSP and use the DB container\n\n```\n# Create the network\ndocker network create ssp-oidc-test\n```\n\n```\n# Run the db container\n    docker run --name oidc-db \\\n      --network ssp-oidc-test \\\n      -e POSTGRES_PASSWORD=oidcpass \\\n      -p 25432:5432 \\\n      -d  postgres:15\n```\n\nAnd then use the `docker run` command from  `With current git branch` with the following additions\n\n```\n    -e DB.DSN=\"pgsql:host=oidc-db;dbname=postgres\" \\\n    -e DB.USERNAME=\"postgres\" \\\n    -e DB.PASSWORD=\"oidcpass\" \\\n   --network ssp-oidc-test \\\n\n```\n\n#### Testing AuthProc filters\n\nTo perform manual testing of authproc filters, enable the authprocs in `module_oidc.php` that set firstname, sn and performs\na redirect for preprod warning. This setup shows that an authproc can do a redirect and then processing resumes.\nOnce adjusted, run docker while change the `COMPOSER_REQUIRE` line to\n\n    `-e COMPOSER_REQUIRE=\"simplesamlphp/simplesamlphp-module-oidc:@dev simplesamlphp/simplesamlphp-module-preprodwarning\" \\`\n\nYou can register a client from https://oidcdebugger.com/ to test.\n\n### Build Image to Deploy for Conformance Tests\n\nBuild an image that contains a pre-configured sqlite database.\n\n```bash\nGIT_BRANCH=$(git rev-parse --abbrev-ref HEAD)\n# Replace invalid tag characters when doing build\nIMAGE_TAG=$(tr '/' '_' \u003c\u003c\u003c $GIT_BRANCH)\ndocker build -t \"simplesamlphp/simplesamlphp-oidc:dev-$IMAGE_TAG\" \\\n  --build-arg OIDC_VERSION=dev-${GIT_BRANCH} \\\n  -f docker/Dockerfile .\n\ndocker run --name ssp-oidc-dev-image \\\n  -e SSP_ADMIN_PASSWORD=secret1 \\\n  -p 443:443 simplesamlphp/simplesamlphp-oidc:dev-$IMAGE_TAG\n\n```\n\nPublish the image somewhere you can retrieve it.\nTemporarily, this will occasionally get published into the cirrusid Docker namespace.\n\n```\ndocker tag \"simplesamlphp/simplesamlphp-oidc:dev-$IMAGE_TAG\" \"cirrusid/simplesamlphp-oidc:dev-$IMAGE_TAG\"\ndocker push \"cirrusid/simplesamlphp-oidc:dev-$IMAGE_TAG\"\n```\n\nThe database is not currently on a share volume, so any changes will get lost if the container restarts.\nYou may want to back it up.\nTo dump the database\n```bash\ndocker exec ssp-oidc-dev-image sqlite3  /var/simplesamlphp/data/mydb.sq3 '.dump' \u003e docker/conformance.sql\n```\n\nConformance tests are easier to run locally, see the `Docker compose` section and [CONFORMANCE_TEST.md](CONFORMANCE_TEST.md)\n\n### Docker compose\n\nDocker compose will run several containers to make it easier to test scenarios. It will build an image\nthat contains OIDC module. You may remove the ``--build`` argument if you want docker-compose to reuse\npreviously running container.\n\n```\n# Use the current branch/git checkout. Composer installs local checkout\nOIDC_VERSION=@dev docker-compose -f docker/docker-compose.yml --project-directory . up --build\n\n# Set OIDC_VERSION to a version that composer can install to use a different version of the module.\nOIDC_VERSION=dev-master docker-compose -f docker/docker-compose.yml --project-directory . up --build\n```\n\nVisit the [OP](https://op.local.stack-dev.cirrusidentity.com/simplesaml/) and confirm a few clients already exist.\n\nConformance tests are easier to run locally, see [CONFORMANCE_TEST.md](CONFORMANCE_TEST.md)\n\n## Running Conformance Tests\n\nSee [CONFORMANCE_TEST.md](CONFORMANCE_TEST.md)\n\n## Have more questions?\n\nCheck the [FAQ](FAQ.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimplesamlphp%2Fsimplesamlphp-module-oidc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsimplesamlphp%2Fsimplesamlphp-module-oidc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimplesamlphp%2Fsimplesamlphp-module-oidc/lists"}