unicesil / shibboleth-bundle

Symfony 5+ 的 Shibboleth 集成认证包

维护者

详细信息

github.com/Unice-SIL/ShibbolethBundle

源代码

问题

安装次数: 2,286

依赖关系: 0

建议者: 0

安全: 0

星标: 3

关注者: 1

分支: 4

公开问题: 3

类型:symfony-bundle

v6.4.0 2024-07-08 12:34 UTC

Requires

MIT ab0e372246ee075de3cebde67ff4a12f9bf98204

  • Frédéric Casazza <frederic.casazza.woop@unice.fr>

AuthenticationshibbolethUnice-SILUniceUNSsymfony 5symfony 6

This package is not auto-updated.

Last update: 2024-09-16 13:28:34 UTC

README

这是一个为 Symfony 3+ 设计的 Shibboleth 扩展包,使用了 Guard 系统。

安装

使用以下命令通过 composer 安装包:

composer require unicesil/shibboleth-bundle

如果您不使用 flex,请在 config/bundles.php 中启用该包

<?php

return [
    //...
    UniceSIL\ShibbolethBundle\UniceSILShibbolethBundle::class => ['all' => true]
];

修改 config/packages/unice_sil_shibboleth.yaml 文件以添加您的 Shibboleth 设置

unice_sil_shibboleth:
    login_path: 'Shibboleth.sso/Login'  # The path used to call Shibboleth login authentication (default = 'Shibboleth.sso/Login')
    logout_path: 'Shibboleth.sso/Logout'  # The path used to call Shibboleth logout (default = 'Shibboleth.sso/Logout')  
    username: 'eppn'  # The Shibboleth attribute that is used as username for the logged in user. The attribute must appear in the'attributes' parameter list (default = 'username')
    attributes: ['eppn', 'mail', 'givenName', 'sn']  # The list of attributes returned by Shibboleth Service Provider
    login_target : ''  # The route to which the user will be redirected after login. If this parameter is not filled, the user will be redirected to the page from which he comes. (default = null)
    logout_target : ''  # The route to which the user will be redirected after logout. If this parameter is not filled, the user will be redirected to the page from which he comes. (default = null)

并修改您的 security.yml 文件以保护您的应用程序

security:
    enable_authenticator_manager: true
    
    provider:
      shibboleth:
        id: Your\Shibboleth\User\Provider\Class
    
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        shibboleth:
            lazy: true
            provider: shibboleth
            custom_authenticators:
              - unicesil.shibboleth_authenticator
            logout: ~

    access_control:
        - { path: ^/, roles: ROLE_USER }

配置您的应用程序 .htaccess 或 Apache 配置

AuthType shibboleth
ShibRequestSetting requireSession 0
ShibUseHeaders On
ShibRequestSetting applicationId engagement
Require shibboleth

用户和 UserProvider

创建您自己的 User 和 UserProvider 类

用户

class User extends UserInterface
{
    //...

    public function getUserIdentifier() {
        // ...
    }
    
}

UserProvider

use UniceSIL\ShibbolethBundle\Security\Provider\AbstractShibbolethUserProvider;

class MyShibbolethUserProvider extends AbstractShibbolethUserProvider
{
    public function loadUserByIdentifier(string $identifier): UserInterface
    {
        $shibbolethUserAttributes = $this->getAttributes();
        
        // Return an instance of User
    }
}

注销

要正确通过 Shibboleth 断开用户的连接,请在 service.yaml 文件中按以下方式配置监听器。

unicesil.shibboleth_logout_event:
    class: UniceSIL\ShibbolethBundle\EventListener\LogoutEventListener
    arguments: ['%unice_sil_shibboleth%', "@router"]
    tags:
        - name: 'kernel.event_listener'
          event: 'Symfony\Component\Security\Http\Event\LogoutEvent'
          method: onLogout
          dispatcher: security.event_dispatcher.{YOUR_FIREWALL_NAME} # ex: security.event_dispatcher.main

在 security.yaml 中配置注销路由。

security:
    firewalls:
        shibboleth:
            logout:
              path: /logout

不要忘记在您的路由配置文件中声明注销路由。

logout:
    path: /logout