php-sam | Basic SAMv3 implementation for I2P in PHP

Usually, you can find more detailed error messages when you take a look at the stack events in the CloudFormation console. In this case I got 2 errors for the ApplicationConfigurationTemplate resource:

1 No Solution Stack named '64bit Amazon Linux 2 v3.1.0 running PHP 7.3' found: The issue is that the version you specified was only valid until September 2, 2020. You can check the current platform versions here. So I had to update the SolutionStackName attribute: SolutionStackName: 64bit Amazon Linux 2 v3.1.1 running PHP 7.3

2 Configuration validation exception: Invalid option value: 'sg-xxx' (Namespace: 'aws:autoscaling:launchconfiguration', OptionName: 'SecurityGroups'): The security group 'sg-xxx' does not exist: This is related to the following code piece:

The VpcSecurityGroupIds should container SG group id, not sg name.

Thus, you should replace:

After looking through an example template it appears as though the configuration requires a VpcId, Subnets and ELBSubnets option to allow the EB setup to join a VPC rather than creating its own.

In addition you were using a previous version of SolutionStackName, it should be 64bit Amazon Linux 2018.03 v2.9.9 running PHP 7.2.

I also noticed your benefit can make use of AWS parameters for the VPC Id and Key name rather than hard coding which will improve the usability from the interface.

The below template fixes the above

I tried to verify the issue and deploy your template on my sandbox account.

I found that the deployment fails due to missing instance profile in ConfigurationTemplates:

Some properties can be modified by adding OptionSettings to your SampleEnvironment resource in CloudFormation. A list of these options are available here.

For other scenarios you should look at configuring the environment by using ebextensions inside your deployed application.

The error comes down to the following No Solution Stack named '64bit Amazon Linux 2015.03 v2.0.0 running PHP 7.3' found.

This is not a supported version of PHP. Instead you should use 64bit Amazon Linux 2 v3.0.3 running PHP 7.3 which is the closest for your problem.

I have updated the template below

You can set the value to "None" using ini_set. There's no check that the value is supported when that function is used:

I'd look at SimpleSAMLphp. You application will be a "service provider" or SP. You'll need to generate metadata for your application, which you'll need to share with the IdP administrators at your university to enable the integration. The SSP quickstart link provided above gives details on obtaining metadata for your SP, and how to convert the Identity Provider-supplied XML metadata into a format that's readable by the SSP libraries.

Only after the exchange of metadata occurs and your application is trusted can you being to exchange SAML responses. SSP makes this process easy, as you'll just end up calling a few lines of code any time a resource needs to be protected, i.e.

You can indeed have the SAML response encrypted, and it will need to be setup by your Onelogin administrator for your application. Encrypting the Response ( or the Assertion ) is mitigated by using TLS as you're already encrypted at the transport layer, and most applications I see don't encrypt Response or Assertion, but it's available in Onelogin if needed.