定制 razorbacks/laravel-shibboleth 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

razorbacks/laravel-shibboleth

Composer 安装命令:

composer require razorbacks/laravel-shibboleth

包简介

Enable basic Shibboleth support for Laravel 5.x

README 文档

README

This package provides Shibboleth authentication for Laravel.

For development, it can emulate an IdP (via mrclay/shibalike).

Build Status Code Climate Code Coverage

Pre-Requisites

In order to use this plugin, we assume you already have a pre-existing Shibboleth SP and Shibboleth IdP configured. This does not (and will not) go into explaining how to set that up.

However, this might be helpful: https://github.com/razorbacks/ubuntu-authentication/tree/master/shibboleth

Installation

Use composer to require the latest release into your project:

composer require razorbacks/laravel-shibboleth

If you're running Laravel >= 5.5, then you can skip this step, otherwise you will need to manually register the service provider in your config/app.php file within the Providers array.

StudentAffairsUwm\Shibboleth\ShibbolethServiceProvider::class,

If you you would like to use the emulated IdP via shibalike, then you will need to manually register it on any version - this is not automatically loaded even in Laravel 5.5.

StudentAffairsUwm\Shibboleth\ShibalikeServiceProvider::class,

Note that the password is the same as the username for shibalike.

Publish the default configuration file:

php artisan vendor:publish --provider="StudentAffairsUwm\Shibboleth\ShibbolethServiceProvider"

Optionally, you can also publish the views for the shibalike emulated IdP login:

php artisan vendor:publish --provider="StudentAffairsUwm\Shibboleth\ShibalikeServiceProvider"

University of Arkansas Users:

To also logout with the IdP, set the the following in config/shibboleth.php

'idp_logout' => '/Shibboleth.sso/Logout?return=https%3A%2F%2Fidp.uark.edu%2Fidp%2Fexit.jsp',

Change the driver to shibboleth in your config/auth.php file.

'providers' => [
    'users' => [
        'driver' => 'shibboleth',
        'model'  => App\User::class,
    ],
],

Now users may login via Shibboleth by going to https://example.com/shibboleth-login and logout using https://example.com/shibboleth-logout so you can provide a custom link or redirect based on email address in the login form.

@if (Auth::guest())
    <a href="/shibboleth-login">Login</a>
@else
    <a href="/shibboleth-logout">
        Logout {{ Auth::user()->name }}
    </a>
@endif

You may configure server variable mappings in config/shibboleth.php such as the user's first name, last name, entitlements, etc. You can take a look at them by reading what's been populated into the $_SERVER variable after authentication.

<?php print_r($_SERVER);

Mapped values will be synced to the user table upon successful authentication.

Declare Login Route

By convention, laravel assumes a route named login exists to redirect unauthenticated requests.

This package names its route shibboleth-login because it's designed to work alongside other authentication providers, such as the default scaffolding provided by artisan. But if this is the only authentication provider, then that name will need to be manually declared. e.g.

Route::name('login')->get('/login', '\\'.Route::getRoutes()->getByName('shibboleth-login')->getActionName());

or more readable, but with a redirect:

Route::redirect('/login', '/shibboleth-login')->name('login');

See also: #10

Authorization

You can check for an entitlement string of the current user statically:

$entitlement = 'urn:mace:uark.edu:ADGroups:Computing Services:Something';

if (Entitlement::has($entitlement)) {
    // authorize something
}

Now you can draft policies and gates around these entitlements.

Local Users

This was designed to work side-by-side with the native authentication system for projects where you want to have both Shibboleth and local users. If you would like to allow local registration as well as authenticate Shibboleth users, then use laravel's built-in auth system.

php artisan make:auth

JWTAuth Tokens

If you're taking advantage of token authentication with tymon/jwt-auth then set this variable in your .env

JWTAUTH=true

razorbacks/laravel-shibboleth 适用场景与选型建议

razorbacks/laravel-shibboleth 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1.41k 次下载、GitHub Stars 达 10, 最近一次更新时间为 2017 年 06 月 06 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 razorbacks/laravel-shibboleth 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 razorbacks/laravel-shibboleth 我们能提供哪些服务?
定制开发 / 二次开发

基于 razorbacks/laravel-shibboleth 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 1.41k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 10
  • 点击次数: 8
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 10
  • Watchers: 3
  • Forks: 40
  • 开发语言: PHP

其他信息

  • 授权协议: Unknown
  • 更新时间: 2017-06-06