singh/simplesaml

此包提供对 onelogin/php-saml 库的封装。

维护者

详细信息

bitbucket.org/jaswinder00/laravel5-saml2

主页

源代码

问题

安装: 149

依赖者: 0

建议者: 0

安全: 0

1.0.3 2018-01-23 20:52 UTC

Requires

MIT 90955b136fd3fd0d7b569a7b10153432808b7fcd

  • Jaswinder Singh <jaswinder.singh0011.woop@gmail.com>

SSOlaravelSAML2single sign-onokta

This package is auto-updated.

Last update: 2024-09-06 09:14:13 UTC

README

此包提供作为服务提供者的 Saml2 集成。它使用 OneLogin API 连接到 IPD 并检索解析后的数据。代码在 Laravel Homestead 虚拟机、PHP 7.1 和 Laravel 5.5.28 上进行了测试。

安装

您可以使用 composer 命令安装此项目

composer require singh/simplesaml

Laravel 配置

您需要更新以下代码以执行此包

  1. 首先确保您已运行 php artisan vendor:publish 命令。此命令将 saml2_settings.php 文件复制到 config 文件夹。

  2. 接下来,您想要更新此文件夹内的设置或向 .env 文件中添加环境变量以配置 idp_host、sp_entityid、ipd_entityid 和 idp_x509。以下是一些示例设置

     #SAML2 Settings
 SAML2_IDP_HOST=https://developer.oktapreview.com
 SAML2_SP_ENTITYID=myapp
 SAML2_IDP_URI="/saml2/idp/ssoservice.php"
 SAML2_IDP_ENTITYID=http://www.okta.com/exkd9nlyw4oshZ4U80h8
 SAML2_IDP_x509="..."

  3. 将以下内容更新到 config\app.php

     'aliases' => [
     ....
     'Saml2' => Singh\SimpleSaml\Facades\Saml2Auth::class,
 ];
 'providers' => [
     ....
     Singh\SimpleSaml\Providers\SimpleSamlServiceProvider::class,
 ];

  4. Kernel.php 内,您可能想要为 Saml 设置以下一些事情:更新 middlewaregroup 块

         protected $middlewareGroups = [
         .....
         'saml2group' => [
             \App\Http\Middleware\EncryptCookies::class,
             \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
             \Illuminate\Session\Middleware\StartSession::class,
             \Illuminate\View\Middleware\ShareErrorsFromSession::class,
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
         ],
     ];
 Also, add the following line to the routeMiddleware block:
     protected $routeMiddleware = [
         ....
         'saml2' => \Singh\SimpleSaml\Middleware\Saml2Middleware::class,
     ];

  5. 将以下内容更新到 EventServiceProvider.php

     protected $listen = [
         ....
         'Singh\SimpleSaml\Events\Saml2LoginEvent' => [
             'App\Listeners\UserLoggedIn'],  
     ];

  6. 最后,在 /Listeners 文件夹内创建 Listener 类如下

     <?php

namespace App\Listeners;

use App\User;

use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; use Illuminate\Queue\InteractsWithQueue; use Illuminate\Contracts\Queue\ShouldQueue; use Singh\SimpleSaml\Events\Saml2LoginEvent;

class UserLoggedIn {

/**
 * Create the event listener.
 *
 * @return void
 */
public function __construct()
{
    //
}

/**
 * Handle the event.
 *
 * @param  Saml2LoginEvent  $event
 * @return void
 */
public function handle(Saml2LoginEvent $event)
{
    if (!$event->getSaml2Auth()->isAuthenticated()) {
        Log::info('The user is not authenticated');
        return redirect(config('saml2_settings.logoutRoute'));
    }

    $samlUser = $event->getSaml2User();
   
    $attributes = $samlUser->getAttributes();
    
    //check if email already exists and fetch user
    $user = \App\User::where('email', $attributes['email'][0])->first();
    
    //if email doesn't exist, create new user
	if ($user === null)
	{		
		$user = new \App\User;
        $user->email = $attributes['email'][0];
        $user->firstname = $attributes['firstname'][0];
        $user->lastname = $attributes['lastname'][0];
		$user->save();
	}

    if (count($attributes) >= 4) {
        //Add values to PHP and Laravel Session
        session()->put('email', $attributes['email'][0]);
        session()->put('firstname', $attributes['firstname'][0]);
        session()->put('lastname', $attributes['lastname'][0]);
        
        //The below block is useful if your application host both laravel and non-larvel code in one domain.
        session_start();
        $_SESSION['email'] = $user->email;
        $_SESSION['shortname'] = $user->shortname;
        $_SESSION['firstname'] = $user->firstname;
        $_SESSION['lastname'] = $user->lastname;
    }
    
    session()->save();

    Auth::login($user, true);
}

}

### Credits: This project was based on aacotrnoeo/laravel-saml2 package.