README

本包提供作为服务提供者的 Saml2 集成。它使用 OneLogin API 连接到 IPD 并检索解析后的数据。代码已在 PHP 7.1 和 Laravel 5.5.28 的 Laravel Homestead 虚拟机上进行了测试。

安装

您可以使用 composer 命令安装此项目

composer require BasvanH/simplesaml

Laravel 配置

您需要更新以下代码以执行此包

1. 首先，确保您已运行 php artisan vendor:publish 命令。此命令将 saml2_settings.php 文件复制到配置文件夹。

2. 接下来，您希望更新此文件夹内的设置或向 .env 文件添加环境变量，例如 idp_host、sp_entityid、ipd_entityid 和 idp_x509。以下是一些示例设置

    #SAML2 Settings
    SAML2_IDP_HOST=https://developer.oktapreview.com
    SAML2_SP_ENTITYID=myapp
    SAML2_IDP_URI="/saml2/idp/ssoservice.php"
    SAML2_IDP_ENTITYID=http://www.okta.com/exkd9nlyw4oshZ4U80h8
    SAML2_IDP_x509="..."

1. 使用以下内容更新 config\app.php

    'aliases' => [
        ....
        'Saml2' => BasvanH\SimpleSaml\Facades\Saml2Auth::class,
    ];
    'providers' => [
        ....
        BasvanH\SimpleSaml\Providers\SimpleSamlServiceProvider::class,
    ];

1. 在 Kernel.php 中，您可能需要为 saml 正常工作设置以下几项：更新 middlewaregroup 块

        protected $middlewareGroups = [
            .....
            'saml2group' => [
                \App\Http\Middleware\EncryptCookies::class,
                \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
                \Illuminate\Session\Middleware\StartSession::class,
                \Illuminate\View\Middleware\ShareErrorsFromSession::class,
                \Illuminate\Routing\Middleware\SubstituteBindings::class,
            ],
        ];
    Also, add the following line to the routeMiddleware block:
        protected $routeMiddleware = [
            ....
            'saml2' => \BasvanH\SimpleSaml\Middleware\Saml2Middleware::class,
        ];

1. 使用以下内容更新 EventServiceProvider.php

    protected $listen = [
            ....
            'BasvanH\SimpleSaml\Events\Saml2LoginEvent' => [
                'App\Listeners\UserLoggedIn'],  
        ];

1. 最后，在 /Listeners 文件夹中创建 Listener 类，如下所示

    <?php

namespace App\Listeners;

use App\User;

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Queue\InteractsWithQueue;
use Illuminate\Contracts\Queue\ShouldQueue;
use BasvanH\SimpleSaml\Events\Saml2LoginEvent;

class UserLoggedIn
{
    /**
     * Create the event listener.
     *
     * @return void
     */
    public function __construct()
    {
        //
    }

    /**
     * Handle the event.
     *
     * @param  Saml2LoginEvent  $event
     * @return void
     */
    public function handle(Saml2LoginEvent $event)
    {
        if (!$event->getSaml2Auth()->isAuthenticated()) {
            Log::info('The user is not authenticated');
            return redirect(config('saml2_settings.logoutRoute'));
        }

        $samlUser = $event->getSaml2User();
       
        $attributes = $samlUser->getAttributes();
        
        //check if email already exists and fetch user
        $user = \App\User::where('email', $attributes['email'][0])->first();
        
        //if email doesn't exist, create new user
		if ($user === null)
		{		
			$user = new \App\User;
            $user->email = $attributes['email'][0];
            $user->firstname = $attributes['firstname'][0];
            $user->lastname = $attributes['lastname'][0];
			$user->save();
		}

        if (count($attributes) >= 4) {
            //Add values to PHP and Laravel Session
            session()->put('email', $attributes['email'][0]);
            session()->put('firstname', $attributes['firstname'][0]);
            session()->put('lastname', $attributes['lastname'][0]);
            
            //The below block is useful if your application host both laravel and non-larvel code in one domain.
            session_start();
            $_SESSION['email'] = $user->email;
            $_SESSION['shortname'] = $user->shortname;
            $_SESSION['firstname'] = $user->firstname;
            $_SESSION['lastname'] = $user->lastname;
        }
        
        session()->save();

        Auth::login($user, true);
    }
}

鸣谢：此项目基于 aacotrnoeo/laravel-saml2 包。