定制 kchinkesh/laravel-saml 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

kchinkesh/laravel-saml

Composer 安装命令:

composer require kchinkesh/laravel-saml

包简介

A Laravel Package to Implement SAML based SSO Service Provider

README 文档

README

A Laravel package for Saml2 integration as a SP (service provider) based on OneLogin toolkit, which is much lighter and easier to install. It doesn't need separate routes or session storage to work!

The aim of this library is to be as simple as possible. We won't mess with Laravel users, auth, session... We prefer to limit ourselves to a concrete task. Ask the user to authenticate at the IDP and process the response. Same case for SLO requests.

Installation - Composer

You can install the package via composer:

composer require kchinkesh/laravel-saml

Then publish the config files with

php artisan vendor:publish --tag=saml-config

This will add the files app/config/samlidp_settings.php, which you will need to customize.

Configure laravel-saml to know about IDP

SAML_IDP_ENTITYID=''
SAML_IDP_SSO_URL=''
SAML_IDP_SLO_URL=''
SAML_IDP_x509=''

Usage

When you want your user to login, just redirect to the login route configured for the particular IDP, route('saml_login').

Just remember that it does not use any session storage, so if you ask it to login it will redirect to the IDP whether the user is already logged in or not. For example, you can change your authentication middleware.

public function handle($request, Closure $next)
{
    if ($this->auth->guest())
    {
        if ($request->ajax())
        {
            return response('Unauthorized.', 401);
        }
        else
        {
            return redirect('saml_login')
        }
    }
    return $next($request);
}

After login is called, the user will be redirected to the IDP login page. Then the IDP, which you have configured with an endpoint the library serves, will call back. That will process the response and fire an event when ready. The next step for you is to handle that event. You just need to login the user or refuse.

Event::listen(function (\Kchinkesh\LaravelSaml\Events\SamlLoginEvent $event) {
    $user = $event->getSamlUser();
    $userData = [
        'id' => $user->getUserId(),
        'attributes' => $user->getAttributes(),
        'assertion' => $user->getRawSamlAssertion()
    ];
    $laravelUser = User::where('email',$user->getUserId())->first();
    //find user by ID or attribute
    //if it does not exist create it and go on  or show an error message
    Auth::login($laravelUser);
});

Auth persistence

Be careful about necessary Laravel middleware for Auth persistence in Session. Add the saml middleware to middleware groups For exemple, it can be:

# in App\Http\Kernel
protected $middlewareGroups = [
        'web' => [
            ...
        ],
        'api' => [
            ...
        ],
        'saml' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
        ],

Log out

Now there are two ways the user can log out.

  • 1 - By logging out in your app: In this case you 'should' notify the IDP first so it closes global session.
  • 2 - By logging out of the global SSO Session. In this case the IDP will notify you on /idp/slo endpoint (already provided), if the IDP supports SLO

For case 1, initiate a logout by redirecting the user to the saml2_logout route (route('saml_logout')). Do not close the session immediately as you need to receive a response confirmation from the IDP (redirection). That response will be handled by the library at the sls route, and it will fire a SamlLogoutEvent event that you can use to complete the logout in the same way as with case 2 below.

For case 2 you will only receive the event. Both cases 1 and 2 receive the same SamlLogoutEvent event.

Note that for case 2, you may have to manually save your session to make the logout stick (as the session is saved by middleware, but the OneLogin library will redirect back to your IDP before that happens)

Event::listen(function (\Kchinkesh\LaravelSaml\Events\SamlLoginEvent $event) {
    Auth::logout();
    Session::save();
});

Note : This Packaged is an Updated Version on aacotroneo/laravel-saml2 which works with PHP 8.0

kchinkesh/laravel-saml 适用场景与选型建议

kchinkesh/laravel-saml 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 6 次下载、GitHub Stars 达 0, 最近一次更新时间为 2022 年 02 月 06 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 kchinkesh/laravel-saml 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 kchinkesh/laravel-saml 我们能提供哪些服务?
定制开发 / 二次开发

基于 kchinkesh/laravel-saml 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 6
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 0
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 1
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2022-02-06