univlorraine/symfony-cas-bundle
Composer 安装命令:
composer require univlorraine/symfony-cas-bundle
包简介
Symfony 5.4+ bundle for CAS Authentication wrapping phpCAS lib from Apereo
README 文档
README
This bundle provides a CAS authentication client for Symfony 5.4+, wrapping the phpCAS library from Apereo (https://www.apereo.org/projects/cas).
Requirements
- PHP 7.4 or greater
- Symfony 5.4 or greater
Installation
- Require the bundle using Composer:
composer require univlorraine/symfony-cas-bundle
- Declare the bundle in Symfony Kernel if it's not already in (should be added automatically). In config/bundles.php:
<?php return [ ... UnivLorraine\Bundle\SymfonyCasBundle\UnivLorraineSymfonyCasBundle::class => ['all' => true], ... ];
Configuration
Create the config file config/packages/univ_lorraine_symfony_cas.yaml, and add these settings:
univ_lorraine_symfony_cas: cas_url: my-cas-server-url.domain.tld # required cas_context: ~ # optional (eg: /cas) cas_port: 443 # optional (default: 443) cas_service_base_url: https://yourapp.domain.com # required cas_ca_cert: ~ # optional cas_login_redirect: / # optional (default: /) cas_logout_redirect: ~ # optional (must be a public area) cas_version: "3.0" # optional (default: 2.0) public_access_regex : ~ # a regex that match publicly accessible URLs but give user if authenticated
- cas_url: CAS server url (HTTP(S) scheme is not required).
- cas_context: possible additional path to access CAS Server if not root (eg: my-cas.cas.com/cas).
- cas_port: server port. If not set, the bundle will use default 443 port.
- cas_service_base_url: Url of the running app
- cas_ca_cert: path to the SSL CA Certificate.
- cas_login_redirect: the path the user will be redirected to after he logged in successfully. (It is only triggered when the user goes through the /login url, otherwise he will be automatically redirected to the url he requested, after he logged in).
- cas_logout_redirect: the path or url the user will be redirected to after he logged out. If not set, the user will be redirected to the CAS Server success logout page.
- cas_version: the version of the CAS Server used.
- public_access_regex: a regex with public_access URls declared in security.yaml for which you want to retrieve the user (if authenticated)
Routes configuration
The bundle provides 2 routes :
- /login
- /logout
For adding these routes to your app, create the file config/routes/univ_lorraine_symfony_cas.yaml, and add these settings:
_symfony_cas: resource: '@UnivLorraineSymfonyCasBundle/Resources/config/routes.yaml' prefix: /auth-cas
Feel free to use a different name as prefix, just remember it for the next security part.
Security Configuration
Update the security config file config/packages/security.yaml.
- Enable custom authenticator:
security: enable_authenticator_manager: true ...
- Create / update your secure area to use CAS authentication:
security: ... firewalls: ... secure: pattern: ^/secure provider: #feel free to use the User provider of your choice security: true custom_authenticators: - univ_lorraine_symfony_cas.authenticator ... main: lazy: true ...
- Create public access for the login route (if behind secure area):
security: ... access_control: - { path: ^/auth-cas/login$, roles: PUBLIC_ACCESS } ...
SSO Logout
This bundle is configured to logout from Symfony AND from the CAS.
Additional user attributes
The CAS Server can return additional attributes in addition to the main attributes (uid). When the user is authenticated, it is possible to get these attributes through the security token of Symfony:
use Symfony\Bundle\SecurityBundle\Security; public function myFunction (Security $security) { $user_attributes = $security->getToken()->getAttributes(); }
Customize error pages
The bundle triggers an event (named univ_lorraine_symfony_cas.authentication_failure) during authentication failure, with 2 different error codes:
- 403 FORBIDDEN : when the user provider cannot find the authenticated user
- 401 UNAUTHORIZED: when an error occurs during the CAS authentication
You can use this event to customize the error pages.
- Create an Event Listener (eg: src/Event/AuthenticationFailureListener.php):
<?php namespace App\Event; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\Routing\Router; use UnivLorraine\Bundle\SymfonyCasBundle\Event\CASAuthenticationFailureEvent; class AuthenticationFailureListener { private Router $router; public function __construct(Router $router) { $this->router = $router; } public function onAuthenticationFailureResponse(CASAuthenticationFailureEvent $event): void { switch ($event->getResponse()->getStatusCode()) { case Response::HTTP_UNAUTHORIZED: $event->setResponse(new RedirectResponse($this->router->generate('auth_fail'))); break; case Response::HTTP_FORBIDDEN: $event->setResponse(new RedirectResponse($this->router->generate('access_denied'))); break; } } }
- Register your listener in the services. In config/services.yaml:
... services: ... App\Event\AuthenticationFailureListener: tags: - { name: kernel.event_listener, event: univ_lorraine_symfony_cas.authentication_failure, method: onAuthenticationFailureResponse } arguments: [ '@router' ]
License
See the LICENSE file for copyrights and limitations (CeCILL 2.1).
univlorraine/symfony-cas-bundle 适用场景与选型建议
univlorraine/symfony-cas-bundle 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1.04k 次下载、GitHub Stars 达 4, 最近一次更新时间为 2022 年 07 月 07 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「symfony」 「Authentication」 「SSO」 「cas」 「Université de Lorraine」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 univlorraine/symfony-cas-bundle 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 univlorraine/symfony-cas-bundle 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 univlorraine/symfony-cas-bundle 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Automatically logs-in users if they are already authenticated by a remote source. (e.g. environment variable REMOTE_USER)
GraphQL authentication for your headless Craft CMS applications.
The bundle for easy using json-rpc api on your project
Laravel middleware to restrict a site or specific routes using HTTP basic authentication
Email Toolkit Plugin for CakePHP
Bundle Symfony DaplosBundle
统计信息
- 总下载量: 1.04k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 4
- 点击次数: 16
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: CECILL-2.1
- 更新时间: 2022-07-07