giak/shibboleth-bundle

从 Unicecil bundle authentication for Symfony 4+ 分支而来

维护者

详细信息

github.com/adidash/shibboleth-bundle

来源

问题

安装: 3

依赖: 0

建议者: 0

安全性: 0

星星: 0

关注者: 1

分支: 0

公开问题: 0

类型:symfony-bundle

v1.0 2020-09-23 08:14 UTC

Requires

MIT ecb02ab8c4a546405b5fdc6a20a76a9775c2f749

  • giak <guillaume.giacomel.woop@gmail.com>

This package is auto-updated.

Last update: 2024-09-23 17:32:29 UTC

README

这是一个适用于 Symfony 4+ 的 Shibboleth 扩展包,使用 Guard 系统。

安装

通过运行以下命令使用 composer 安装扩展包:

composer require giak/shibboleth-bundle

在 app/AppKernel.php 中启用扩展包

<?php
// app/AppKernel.php

public function registerBundles()
{
    $bundles = array(
        // ...
        new Giak\ShibbolethBundle\GiakShibbolethBundle(),
        // ...
    );
}

修改您的 config.yml 文件以添加 Shibboleth 设置

giak_shibboleth:
    login_path: 'Shibboleth.sso/Login'  # The path used to call Shibboleth login authentication (default = 'Shibboleth.sso/Login')
    logout_path: 'Shibboleth.sso/Login'  # The path used to call Shibboleth logout (default = 'Shibboleth.sso/Logout')  
    username: 'eppn'  # The Shibboleth attribute that is used as username for the logged in user. The attribute must appear in the'attributes' parameter list (default = 'username')
    attributes: ['eppn', 'mail', 'givenName', 'sn']  # The list of attributes returned by Shibboleth Service Provider
    login_target : ''  # The route to which the user will be redirected after login. If this parameter is not filled, the user will be redirected to the page from which he comes. (default = null)
    logout_target : ''  # The route to which the user will be redirected after logout. If this parameter is not filled, the user will be redirected to the page from which he comes. (default = null)

修改您的 security.yml 文件以保护您的应用程序

security:
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            anonymous: ~
            logout: ~
            guard:
              authenticators:
                - Giak.shibboleth_authenticator

    access_control:
        - { path: ^/, roles: ROLE_USER }

配置您的应用程序 .htaccess 或 Apache 配置

AuthType shibboleth
ShibRequestSetting requireSession 0
ShibUseHeaders On
ShibRequestSetting applicationId engagement
Require shibboleth

用户和 UserProvider

创建您自己的 User 和 UserProvider 类

用户

namespace MyBundle\Security\User;

class User implements UserInterface
{
...
}

UserProvider

namespace MyBundle\Security\User;

use Giak\ShibbolethBundle\Security\User\ShibbolethUserProviderInterface;

class MyShibbolethUserProvider extends ShibbolethUserProviderInterface
{
    public function loadUser(array $credentials)
    {
        $user = new User();
        $user->setMail($credentials['mail']);
        ...
        return $user;
    }
    
    public function refreshUser(UserInterface $user)
    {
        return $user;
    }
}

将您的提供者添加到 security.yml 文件

security:
    providers:
        shibboleth:
            id: MyBundle\Security\User\MyShibbolethUserProvider