通过以下方式搜索 
cadoles / phpback-saml
PHPBack 的 SAML 连接器
1.0
2017-01-04 15:49 UTC
Requires
- onelogin/php-saml: 2.10.*
This package is not auto-updated.
Last update: 2019-09-15 13:13:34 UTC
README
PHPBack 的 SAML 连接器
安装
步骤 1: 下载插件
此命令需要您的系统上安装了 composer。此外,还需要 openssl、php5-mcrypt、php5-gettext 和 php-xml 等库以支持此包的正常运行。
$ composer require cadoles/phpback-saml
$ composer run-script post-install-cmd -d ./vendor/cadoles/phpback-saml
步骤 2: 启用插件
<?php
// application/config/hooks.php
// ...
$hook['post_controller_constructor'][] = array(
'class' => 'SAMLHook',
'function' => 'interceptLogin',
'filename' => 'SAMLHook.php',
'filepath' => 'hooks',
'params' => array()
);
// ...
步骤 3: 启用插件支持
以下选项需要在配置文件中修改,该选项已存在,只需更改其值即可
<?php
// application/config/config.php
// ...
$config['enable_hooks'] = TRUE;
// ...
步骤 4: 配置插件
<?php
// application/hooks/SAMLConfig.php
// ...
// URL of the DS if you use one, false if not
$config['discoveryService'] = 'https://discovery.renater.fr/test';
// Path to the IPD metadata file. If you use a DS, this file is needed to get the informations for the chosen IDP
$config['metadata_path'] = 'metadata.xml';
// Activate SSO
$config['use_saml_login'] = true;
// Activate SLO
$config['use_saml_logout'] = false;
// Match a local friendly name with the id of the email attribute
$config['email_attribute_id'] = 'eduPersonPrincipalName';
// Match a local friendly name with the id of the givenName attribute
$config['name_attribute_id'] = 'displayName';
$config['saml_settings'] = array (
// Settings for the PHP-SAML toolkit.
// See documentation: https://github.com/onelogin/php-saml#settings
'strict' => true,
'debug' => false,
// the IDP part is only used if discoveryService is set to false
'idp' => array (
'entityId' => 'http://idp.domain/idp/shibboleth',
'singleSignOnService' => array (
'url' => 'http://idp.domain/idp/profile/SAML2/Redirect/SSO',
),
'singleLogoutService' => array (
'url' => 'http://idp.domain/idp/profile/SAML2/Redirect/SLO',
),
'x509cert' => '',
),
'sp' => array (
// Entity ID is usually the app root URL
'entityId' => 'http://app.domain',
'assertionConsumerService' => array (
// ACS endpoint, usually root URL + /saml/acs
'url' => 'http://app.domain/saml/acs',
'binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
),
// You can describe the attributes you want here and make them mandatory
"attributeConsumingService"=> array(
"ServiceName" => "SP PHPBack",
"serviceDescription" => "SP PHPBack",
"requestedAttributes" => array(
array(
"name" => "eduPersonPrincipalName",
"isRequired" => true,
"nameFormat" => "",
"friendlyName" => "",
"attributeValue" => array()
),
array(
"name" => "displayName",
"isRequired" => true,
"nameFormat" => "",
"friendlyName" => "",
"attributeValue" => array()
)
)
),
// SLS endpoint, usually root URL + /saml/sls
'singleLogoutService' => array (
'url' => 'http://app.domain/saml/sls',
),
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
// Generate your own x509 certificate and private key
'x509cert' => '',
'privateKey' => ''
),
// These advanced security parameters should match your federation security requirements
'security' => array (
'nameIdEncrypted' => false,
'authnRequestsSigned' => true,
'authnRequestsEncrypted' => true,
'logoutRequestSigned' => true,
'logoutResponseSigned' => true,
'signMetadata' => false,
'wantMessagesSigned' => false,
'wantAssertionsSigned' => true,
'wantAssertionsEncrypted' => true,
'wantNameIdEncrypted' => false,
)
);
// ...
更新
$ composer update cadoles/phpback-saml
$ composer run-script post-update-cmd -d ./vendor/cadoles/phpback-saml
使用 Discovery 服务
如果您启用了 Discovery 服务的使用,则需要获取 DS 所使用的 IDP 的元数据。您可以手动获取这些元数据,并在插件的配置中指定该文件的路径。
我们还提供了一款 PHP 库,可以用于获取此文件,同时会检查本地版本是否比线上版本旧。您可以通过在服务器上设置 CRON 任务来定期检查是否需要刷新数据。以下是一个用于获取 crous 联邦数据的示例命令:
$ php -r 'include "application/third_party/cadoles/LocalDataMirror.php"; $data = new LocalDataMirror("chemin/metadata.xml", "https://metadata.federation.renater.fr/cnous-crous-h98d/main/main-renater-cnous-crous-metadata.xml"); $data->refreshLocalData();'