kchinkesh/laravel-saml
Composer 安装命令:
composer require kchinkesh/laravel-saml
包简介
A Laravel Package to Implement SAML based SSO Service Provider
README 文档
README
A Laravel package for Saml2 integration as a SP (service provider) based on OneLogin toolkit, which is much lighter and easier to install. It doesn't need separate routes or session storage to work!
The aim of this library is to be as simple as possible. We won't mess with Laravel users, auth, session... We prefer to limit ourselves to a concrete task. Ask the user to authenticate at the IDP and process the response. Same case for SLO requests.
Installation - Composer
You can install the package via composer:
composer require kchinkesh/laravel-saml
Then publish the config files with
php artisan vendor:publish --tag=saml-config
This will add the files app/config/samlidp_settings.php, which you will need to customize.
Configure laravel-saml to know about IDP
SAML_IDP_ENTITYID='' SAML_IDP_SSO_URL='' SAML_IDP_SLO_URL='' SAML_IDP_x509=''
Usage
When you want your user to login, just redirect to the login route configured for the particular IDP,
route('saml_login').
Just remember that it does not use any session storage, so if you ask it to login it will redirect to the IDP whether the user is already logged in or not. For example, you can change your authentication middleware.
public function handle($request, Closure $next) { if ($this->auth->guest()) { if ($request->ajax()) { return response('Unauthorized.', 401); } else { return redirect('saml_login') } } return $next($request); }
After login is called, the user will be redirected to the IDP login page. Then the IDP, which you have configured with an endpoint the library serves, will call back. That will process the response and fire an event when ready. The next step for you is to handle that event. You just need to login the user or refuse.
Event::listen(function (\Kchinkesh\LaravelSaml\Events\SamlLoginEvent $event) { $user = $event->getSamlUser(); $userData = [ 'id' => $user->getUserId(), 'attributes' => $user->getAttributes(), 'assertion' => $user->getRawSamlAssertion() ]; $laravelUser = User::where('email',$user->getUserId())->first(); //find user by ID or attribute //if it does not exist create it and go on or show an error message Auth::login($laravelUser); });
Auth persistence
Be careful about necessary Laravel middleware for Auth persistence in Session. Add the saml middleware to middleware groups For exemple, it can be:
# in App\Http\Kernel protected $middlewareGroups = [ 'web' => [ ... ], 'api' => [ ... ], 'saml' => [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, ],
Log out
Now there are two ways the user can log out.
- 1 - By logging out in your app: In this case you 'should' notify the IDP first so it closes global session.
- 2 - By logging out of the global SSO Session. In this case the IDP will notify you on /idp/slo endpoint (already provided), if the IDP supports SLO
For case 1, initiate a logout by redirecting the user to the saml2_logout route (route('saml_logout')). Do not close the session immediately as you need to receive a response confirmation from the IDP (redirection). That response will be handled by the library at the sls route, and it will fire a SamlLogoutEvent event that you can use to complete the logout in the same way as with case 2 below.
For case 2 you will only receive the event. Both cases 1 and 2 receive the same SamlLogoutEvent event.
Note that for case 2, you may have to manually save your session to make the logout stick (as the session is saved by middleware, but the OneLogin library will redirect back to your IDP before that happens)
Event::listen(function (\Kchinkesh\LaravelSaml\Events\SamlLoginEvent $event) { Auth::logout(); Session::save(); });
Note : This Packaged is an Updated Version on aacotroneo/laravel-saml2 which works with PHP 8.0
kchinkesh/laravel-saml 适用场景与选型建议
kchinkesh/laravel-saml 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 6 次下载、GitHub Stars 达 0, 最近一次更新时间为 2022 年 02 月 06 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 kchinkesh/laravel-saml 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 kchinkesh/laravel-saml 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 6
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 0
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2022-02-06