I don't know if what I would like to do is possible. I'm trying to integrate the authentication mechanism of my university in an android application which uses Laravel as backend. I've decoded the SAMLResponse and in the XML file I found this
'SPNameQualifier' = 'https://URL/shibboleth',
'NameQualifier' = 'https://URL/idp/shibboleth'
which are the SP and IdP URI I think. In my Android app I want that users login without register because they can use their university account. In the SAMLResponse I've also the SignatureValue, X509Certificate and other data but I can't figure out how to configure everything.
Searching on Google, I found those packages laravel-saml2 and php-saml. Are those packages good to fit my problem? Can you help me to understand how to configure everything?
I'd look at SimpleSAMLphp. You application will be a "service provider" or SP. You'll need to generate metadata for your application, which you'll need to share with the IdP administrators at your university to enable the integration. The SSP quickstart link provided above gives details on obtaining metadata for your SP, and how to convert the Identity Provider-supplied XML metadata into a format that's readable by the SSP libraries.
Only after the exchange of metadata occurs and your application is trusted can you being to exchange SAML responses. SSP makes this process easy, as you'll just end up calling a few lines of code any time a resource needs to be protected, i.e.
require_once('../../lib/_autoload.php');
$as = new \SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth();
$attributes = $as->getAttributes();
That's all that's needed to make sure the SAML flies back and forth... but integrating is a different story. There are surely policies and procedures that your university imposes that you'll need to follow, and you can't just integrate with the University without following their integration procedures, i.e. a proper IdP isn't going to provide a SAML assertion to just any old application that asks for it.