SAML toolkit for Laravel based on OneLogin's SAML PHP Toolkit.
composer require overtrue/laravel-saml
php artisan vendor:publish --tag=saml-config
This command will add the file config/saml.php
. This config is handled almost directly by OneLogin so you may get further references there, but will cover here what's really necessary. There are some other config about routes you may want to check, they are pretty straightforward.
If your application is only used to log in to one specified IdP, you just need to configure idp
section in config/saml.php
.
In order to support multiple IdP, you need to configure the following method to get the configuration of the IdP.
Saml::configureIdpUsing(function($idpName): array {
return [...];
});
You need to return the configuration array for IdP, see the idp
section in config/saml.php
for the structure.
You can create a controller to perform SAML integration:
$ php artisan make:controller SamlController
Then we prepare the following 5 necessary methods.
<?php
namespace App\Http\Controllers;
use Overtrue\LaravelSaml\Saml;
class SamlController extends Controller
{
public function login() {}
public function acs() {}
public function logout() {}
public function sls() {}
public function metadata() {}
}
Then configure the routes at routes/web.php
:
Method | URI | Name |
---|---|---|
GET | {routesPrefix}/login |
saml.login |
POST | {routesPrefix}/acs |
saml.acs |
GET | {routesPrefix}/logout |
saml.logout |
GET | {routesPrefix}/sls |
saml.sls |
GET | {routesPrefix}/metadata |
saml.metadata |
You are free to use your preferred routing prefix, for example, we use saml
as the routing prefix:
use App\Http\Controllers\SamlController;
Route::get('saml/login', [SamlController::class, 'login'])->name('saml.login');
Route::get('saml/logout', [SamlController::class, 'logout'])->name('saml.logout');
Route::post('saml/acs', [SamlController::class, 'acs'])->name('saml.acs');
Route::get('saml/sls', [SamlController::class, 'sls'])->name('saml.sls');
Route::get('saml/metadata', [SamlController::class, 'metadata'])->name('saml.metadata');
Initiates the SSO process, creates an AuthnRequest, returns a laravel redirect response.
//<...>
public function login(Request $request)
{
// Use the default idp in the configuration
return Saml::redirect();
// Or specify the idp name
return Saml::idp($request->get('idp'))->redirect();
}
This method is used to handle the IdP authorization callback, SamlAuth::getAuthenticatedUser
will validation the request and return a Overtrue\LaravelSaml\SamlUser
object.
//<...>
public function acs(Request $request)
{
// Overtrue\LaravelSaml\SamlUser
$samlUser = Saml::getAuthenticatedUser();
// Or specify the idp name
//$samlUser = Saml::idp($request->get('idp'))->getAuthenticatedUser();
$samlUserId = $samlUser->getNameId();
// SamlUser to app User
// $user = User::FirstOrCreate(['email' => $samlUser->getNameId()]);
Auth::set($user);
return redirect('/home')
}
Create a redirect response to IdP logout service.
//<...>
public function logout(Request $request)
{
// Use the default IdP in the configuration
return Saml::redirectToLogout();
// Or specify the IdP name
return Saml::idp($request->get('idp'))->redirectToLogout();
}
The IdP will return the Logout Response through the user's client to the Single Logout Service of the SP (route saml/sls
).
This code handles the Logout Request and the Logout Responses.
//<...>
public function sls(Request $request)
{
$auth = Saml::handleLogoutRequest();
// Or specify the IdP name
//$auth = Saml::idp($request->get('idp'))->handleLogoutRequest();
Auth::logout();
return redirect('/home')
}
This code will provide the XML metadata file of our SP, based on the info that we provided in the settings files.
//<...>
public function metadata(Request $request)
{
if ($request->has('download')) {
return Saml::getMetadataXMLAsStreamResponse();
// or specify a filename to the xml file:
// return Saml::getMetadataXMLAsStreamResponse('sp-metadata.xml');
}
return Saml::getMetadataXML();
}
For more information on configuration and usage please see the source code or read onelogin/php-saml.
如果你喜欢我的项目并想支持它,点击这里 ❤️
Many thanks to Jetbrains for kindly providing a license for me to work on this and other open-source projects.
You can contribute in one of three ways:
- File bug reports using the issue tracker.
- Answer questions or fix bugs on the issue tracker.
- Contribute new features or update the wiki.
The code contribution process is not very formal. You just need to make sure that you follow the PSR-0, PSR-1, and PSR-2 coding guidelines. Any new code contributions must be accompanied by unit tests where applicable.
想知道如何从零开始构建 PHP 扩展包?
请关注我的实战课程,我会在此课程中分享一些扩展开发经验 —— 《PHP 扩展包实战教程 - 从入门到发布》
MIT