niif / shib-auth-bundle
基于Shibboleth(联合SAML)的用户身份验证捆绑包
v1.2.8
2020-03-04 08:28 UTC
Requires (Dev)
- symfony/framework-bundle: ^5.0
- symfony/routing: ^5.0
- symfony/security-guard: ^5.0
- dev-master
- v1.2.8
- v1.2.7
- v1.2.6
- v1.2.5
- v1.2.4
- v1.2.3
- v1.2.2
- 1.2.1
- 1.2.0
- v1.1.1
- v1.1.0
- v1.0.0
- dev-dependabot/composer/symfony/http-kernel-5.1.11
- dev-dependabot/composer/symfony/security-core-5.2.8
- dev-dependabot/composer/symfony/security-guard-5.2.8
- dev-dependabot/composer/symfony/security-http-5.1.11
- dev-dependabot/composer/symfony/http-foundation-5.0.7
This package is auto-updated.
Last update: 2024-08-29 22:12:52 UTC
README
该捆绑包为通过Shibboleth SP apache实现进行身份验证的用户提供身份验证安全令牌。
然后您可以根据symfony的方式实现访问控制。
您必须实现自己的用户提供者,没有它们此捆绑包无法工作。
安装
使用composer安装捆绑包
composer require niif/shib-auth-bundle
更新app/AppKernel.php
$bundles = array( ... new Niif\ShibAuthBundle\NiifShibAuthBundle(), ... );
配置shibboleth捆绑包。
更新您的app/config/config.yml
... niif_shib_auth: ~ # niif_shib_auth: # baseURL: "%shib_auth_base_url%" # optional, have default value: /Shibboleth.sso/ # sessionInitiator: "%shib_auth_session_initiator%" # optional, have default value: Login # logoutPath: "%shib_auth_logout_path%" # optional, have default value: Logout # logoutReturnPath: "%shib_auth_logout_return_path%" # optional, have default value: "/" you should use absolute url, or named symfony route too. # usernameAttribute: "%shib_auth_username_attribute%" # optional, have default value: REMOTE_USER # moduleAttribute: "%shib_auth_module_attribute%" # optional, the name of the server variable for ensure shibboleth session exist default: HTTP_SHIB_APPLICATION_ID ...
然后在app/config/security.yml
中添加新的防火墙规则
... providers: ... shibboleth: id: shibboleth.user.provider ... ... firewalls: ... main: guard: authenticators: - niif_shib_auth.shib_authenticator logout: path: /logout target: / invalidate_session: true success_handler: niif_shib_auth.shib_authenticator ...
您应该在任何控制器中创建一个简单的注销操作
/** * @Route("/logout") * @Template() * @return \Symfony\Component\HttpFoundation\RedirectResponse */ public function logoutAction() { return $this->redirect($this->generateUrl('logged_out')); }
模拟
认证器支持模拟功能。
... providers: ... shibboleth: id: shibboleth.user.provider in_memory: memory: ~ ... ... firewalls: ... switch_user: { provider: in_memory } main: guard: authenticators: - niif_shib_auth.shib_authenticator logout: path: /logout target: / invalidate_session: true success_handler: niif_shib_auth.shib_authenticator ...
在开发环境中模拟shibboleth身份验证
在开发应用程序时,您应该无论如何模拟shibboleth身份验证。您可以在apache配置中这样做,在启用headers和env模块后。
Alias /my_app /home/me/my_app/web
<Directory /home/me/my_app/web>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
SetEnv Shib-Person-uid myuid
SetEnv Shib-EduPersonEntitlement urn:oid:whatever
RequestHeader append Shib-Identity-Provider "fakeIdPId"
RequestHeader append eppn "myeppn"
</Directory>