Skip to content

Enable authentication against SAML identity providers for your Laravel application

License

Notifications You must be signed in to change notification settings

lukasmu/laravel-samlite

Repository files navigation

Enable authentication against SAML identity providers for your Laravel application

Latest Version on Packagist tests StyleCI Total Downloads Coverage Status

This package can be used to quickly add authentication against SAML2 identity providers to your Laravel application. This package thus makes your Laravel application a SAML2 service provider.

Please note that this package is based on onelogin/php-saml. It is similar to aacotroneo/laravel-saml2 but as easy to use as laravel/socialite. It also tries to resemble the default Laravel authentication under the hood.

Installation

You can install the package via composer:

composer require lukasmu/laravel-samlite

Usage

After installing the package make sure to set some environmental variables. For example, when you want to use Microsoft Azure as identity provider, please set up the following environmental variables:

SAML_IDP_AZURE_AD_IDENTIFIER=
SAML_IDP_AZURE_LOGIN_URL=
SAML_IDP_AZURE_LOGOUT_URL=
SAML_IDP_AZURE_CERT=

If your environmental file does not yet contain the variables SAML_SP_PRIVATE_KEY and SAML_SP_CERT also run:

php artisan saml:setup

You then want to create a Controller that extends the authentication controller that ships with this package. Here is an example.

<?php

namespace App\Http\Controllers;

use LukasMu\Samlite\Http\Controllers\SamlController;
use LukasMu\Samlite\SamlAuth;

class AuthenticationController extends SamlController
{
    
    public function loginUser(SamlAuth $saml_auth)
    {
        $mail = $saml_auth->getAttribute('http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress')[0];
        $name = $saml_auth->getAttribute('http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname')[0];
        $user = User::where('email', $mail)->first();
        if (!$user) {
            $user = new User;
            $user->name = $name;
            $user->email = $mail;
            $user->password = md5(rand(1,10000));
            $user->save();
        }
        $this->guard()->loginUsingId($user->id);
    }

}

Finally, register your controller by placing another environmental variable:

SAML_CONTROLLER="App\Http\Controllers\AuthenticationController"

Customization

You can publish the config file with:

php artisan vendor:publish --provider="LukasMu\Samlite\SamlServiceProvider" --tag="config"

Feel free to set the appropriate environmental variables (or edit the config file) in order to add your preferred identity providers.

Testing

You can run all tests via composer as well:

composer test

Changelog

Please see CHANGELOG for more information what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email [email protected] instead of using the issue tracker.

Postcardware

You are free to use this package, but if it makes it to your production environment we highly appreciate you sending us a postcard from your hometown. The address is: Lukas Müller, Dirklangendwarsstraat 5, 2611HZ Delft, The Netherlands.

License

The MIT License (MIT). Please see LICENSE for more information.

About

Enable authentication against SAML identity providers for your Laravel application

Resources

License

Stars

Watchers

Forks

Languages