通过以下方式搜索 
desarrollo-cespi / dc-saml-plugin
使用SAML标准提供SSO认证和授权的symfony插件
dev-master
2013-12-30 00:24 UTC
Requires
- composer/installers: ~1.0
This package is not auto-updated.
Last update: 2024-09-24 01:56:25 UTC
README
介绍
此插件为基于[SAML]的symfony应用程序提供SSO认证和授权。
SAML提供的SSO允许开发人员专注于业务逻辑,将所有认证和授权工作委托给SAML身份管理器。
插件安装过程如以下所述一样简单。
另一个附加功能是,一旦用户在其中一个使用SAML的应用程序中认证,您将自动在其他应用程序中认证。
安装
- 使用 Composer 进行安装
{
"require": {
"desarrollo-cespi/dc-saml-plugin": "dev-master"
}
}
-
使用git从源代码安装
-
在项目配置中启用插件
// in config/ProjectConfiguration.class.php add: $this->enablePlugin("dcSamlPlugin");
- 清除缓存
配置
- 在app.yml中添加以下配置行
- 了解SAML的登录URL非常重要
- 了解SAML的注销URL非常重要
- SAML服务器x509证书
示例
all: ..... dc_saml_plugin: # Saml Server settings login_url: https:///simplesaml/saml2/idp/SSOService.php logout_url: https:///simplesaml/saml2/idp/initSLO.php?RelayState= certificate: <?php echo file_get_contents(sfConfig::get('sf_root_dir').'/saml.cert');?> # if you have a file with the saml certificate called saml.cert name_identifier_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistant" application_issuer: application-identification-name # The prefix to delete from the appliction credentials. # If you have this credentials for your application: # [application-identification-name.delete_something, application-identification-name.create_something] # the prefix should be "application-identification-name" remove_permission_prefix: prefix # Where do you want the plugin redirects you when login or logout success_signin_url: @homepage success_signout_url: @homepage # This module actions are if you want to redefine them. Do not recomended security_check_module: dcSamlAuth security_check_action: securityCheck # In this case, the permission attributes are like # array("permissions" => array("permission_name" => "prefix.permission")) attribute_name_of_the_credential_name: permission_name credentials_attribute_name: permissions
- 在settings.yml中启用
dcSamlAuth模块并更改
enabled_modules: [default, dcSamlAuth, .... ] login_module: dcSamlAuth login_action: signin
- 在routing.yml中添加以下路由规则
dc_saml_signin: url: /login param: { module: dcSamlAuth, action: signin } dc_saml_signout: url: /logout param: { module: dcSamlAuth, action: signout }
- 更改security filter: filters.yml
rendering: ~ security: class: dcSamlSecurityFilter
- 更改myUser.class.php的父类
class myUser extends dcSamlSecurityUser { }
- 请记住,在factories.yml中更改session_name非常重要
all: storage: class: sfSessionStorage param: session_name: saml-test