PHPackages                             aherstein/laravel-saml2-post - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. aherstein/laravel-saml2-post

ActiveLibrary

aherstein/laravel-saml2-post
============================

A Laravel package for Saml2 integration as a SP (service provider) based on OneLogin toolkit, which is much lightweight than simplesamlphp

0.15.0(8y ago)22.2k5MITPHPPHP &gt;=5.4.0

Since Feb 4Pushed 8y agoCompare

[ Source](https://github.com/aherstein/laravel-saml2-post)[ Packagist](https://packagist.org/packages/aherstein/laravel-saml2-post)[ Docs](https://github.com/aherstein/laravel-saml2-post)[ RSS](/packages/aherstein-laravel-saml2-post/feed)WikiDiscussions master Synced 2mo ago

READMEChangelog (3)Dependencies (3)Versions (22)Used By (0)

Laravel 5 - Saml2
-----------------

[](#laravel-5---saml2)

[![Build Status](https://camo.githubusercontent.com/ff88c816f76239cb0af707049ab7fbfc1745189a6065446d02fb40328accf59a/68747470733a2f2f7472617669732d63692e6f72672f53616d6c506f73742f6c61726176656c2d73616d6c322e737667)](https://travis-ci.org/SamlPost/laravel-saml2)

A Laravel package for Saml2 integration as a SP (service provider) based on [OneLogin](https://github.com/onelogin/php-saml) toolkit, which is much lighter and easier to install than simplesamlphp SP. It doesn't need separate routes or session storage to work!

The aim of this library is to be as simple as possible. We won't mess with Laravel users, auth, session... We prefer to limit ourselves to a concrete task. Ask the user to authenticate at the IDP and process the response. Same case for SLO requests.

Installation - Composer
-----------------------

[](#installation---composer)

To install Saml2 as a Composer package to be used with Laravel 5, simply run:

```
composer require aherstein/laravel-saml2-post

```

Once it's installed, you can register the service provider in `config/app.php` in the `providers` array. If you want, you can add the alias saml2:

```
'providers' => [
        ...
    	SamlPost\Saml2\Saml2ServiceProvider::class,
]

'alias' => [
        ...
        'Saml2' => SamlPost\Saml2\Facades\Saml2Auth::class,
]
```

Then publish the config file with `php artisan vendor:publish`. This will add the file `app/config/saml2_settings.php`. This config is handled almost directly by [OneLogin](https://github.com/onelogin/php-saml) so you may get further references there, but will cover here what's really necessary. There are some other config about routes you may want to check, they are pretty straightforward.

Configuration and Setup
-----------------------

[](#configuration-and-setup)

### .env file

[](#env-file)

Most configuration settings are stored in your .env file. See below for required settings:

```
SAML_IDP_HOST=
SAML_IDP_ENTITY_ID=
SAML_IDP_SIGN_ON_URL=
SAML_IDP_SIGN_ON_BINDING=
SAML_IDP_LOG_OUT_URL=
SAML_IDP_LOG_OUT_BINDING=
SAML_IDP_X509CERT=

SAML_SP_X509CERT=
SAML_SP_PRIVATE_KEY=
SAML_SP_NAME_ID_FORMAT=

```

Once you publish your saml2\_settings.php to your own files, you need to configure your sp and IDP (remote server). The only real difference between this config and the one that OneLogin uses, is that the SP entityId, assertionConsumerService url and singleLogoutService URL are injected by the library. They are taken from routes 'saml\_metadata', 'saml\_acs' and 'saml\_sls' respectively.

Remember that you don't need to implement those routes, but you'll need to add them to your IDP configuration. For example, if you use simplesamlphp, add the following to /metadata/sp-remote.php

```
$metadata['http://laravel_url/saml2/metadata'] = array(
    'AssertionConsumerService' => 'http://laravel_url/saml2/acs',
    'SingleLogoutService' => 'http://laravel_url/saml2/sls',
    //the following two affect what the $Saml2user->getUserId() will return
    'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
    'simplesaml.nameidattribute' => 'uid'
);
```

You can check that metadata if you actually navigate to 'http://laravel\_url/saml2/metadata'

Make sure ConfigServiceProvider is properly injecting the correct singleSignOnService url setting for the IDP.

### Authentication Guard

[](#authentication-guard)

This library supports usage of Laravel's built-in authentication guards.

Add to `app/Providers/AuthServiceProvider.php` `boot()` method:

```
    public function boot()
    {
        $this->registerPolicies();

        Auth::extend('saml', function ($app, $name, array $config) {
            return new Saml2Guard(Auth::createUserProvider($config['provider']));
        });

        Auth::provider('samldriver', function ($app, array $config) {
            return new Saml2UserProvider();
        });
```

Add guard configuration to `config/auth.php`

```
'guards' => [

...

'saml' => [
    'driver' => 'session',
    'provider' => 'samlusers',
],

'providers' => [

...

'samlusers' => [
    'driver' => 'samldriver',
    'model' => SamlPost\Saml2\Saml2User::class,
],
```

### Listeners

[](#listeners)

Make sure to resgister the login and logout event listener in `app/Providers/EventServiceProvider.php`

```
    protected $listen = [
        'SamlPost\Saml2\Events\Saml2LoginEvent' => [
            'App\Listeners\LoginListener',
        ],
        'SamlPost\Saml2\Events\Saml2LogoutEvent' => [
            'App\Listeners\LogoutListener',
        ],
    ];
```

Usage
-----

[](#usage)

### Login View

[](#login-view)

You will need to include the following code in a view called `login`:

```

        @foreach ($samlParameters as $k => $v)

        @endforeach

```

To initiate a login, just include all paths you want to protect in the routes file:

```
Route::middleware(['auth:saml'])->group(function () {
    // Secured routes go here
});
```

The Saml2::login will redirect the user to the IDP and will came back to an endpoint the library serves at /saml2/acs. That will process the response and fire an event when ready. The next step for you is to handle that event by adding a login and logout event listener to `app/Listeners/`:

```
    public function handle(Saml2LoginEvent $event)
    {
        $user = $event->getSaml2User();
        $auth = $event->getSaml2Auth();

        // Store SAML response data in session
        $this->request->session()->put('isLoggedIn', $auth->isAuthenticated());
        $this->request->session()->put('samlData', $user);
        $this->request->session()->put('user', $user->getAttributes());
    }
```

### Log out

[](#log-out)

Now there are two ways the user can log out.

- 1 - By logging out in your app: In this case you 'should' notify the IDP first so it closes global session.
- 2 - By logging out of the global SSO Session. In this case the IDP will notify you on /saml2/slo endpoint (already provided)

For case 1 call `Saml2Auth::logout();` or redirect the user to the route 'saml\_logout' which does just that. Do not close the session inmediately as you need to receive a response confirmation from the IDP (redirection). That response will be handled by the library at /saml2/sls and will fire an event for you to complete the operation.

For case 2 you will only receive the event. Both cases 1 and 2 receive the same event.

Note that for case 2, you may have to manually save your session to make the logout stick (as the session is saved by middleware, but the OneLogin library will redirect back to your IDP before that happens)

```
public function handle(Saml2LogoutEvent $event)
{
    // Clear out SAML data from session
    $this->request->session()->put('isLoggedIn', false);
    $this->request->session()->put('samlData', null);
    $this->request->session()->put('user', null);
}
```

### License

[](#license)

Copyright (c) 2017 Adam Herstein

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

###  Health Score

31

—

LowBetter than 68% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity21

Limited adoption so far

Community19

Small or concentrated contributor base

Maturity57

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 71% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~54 days

Recently: every ~43 days

Total

21

Last Release

3016d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/ff7f0ceb1034fbfd3b78f8a88381dc9c3a3b8ff10eed01a49279b0a03d985209?d=identicon)[aherstein](/maintainers/aherstein)

---

Top Contributors

[![aacotroneo](https://avatars.githubusercontent.com/u/10578291?v=4)](https://github.com/aacotroneo "aacotroneo (71 commits)")[![aherstein](https://avatars.githubusercontent.com/u/7376801?v=4)](https://github.com/aherstein "aherstein (4 commits)")[![danmichaelo](https://avatars.githubusercontent.com/u/434495?v=4)](https://github.com/danmichaelo "danmichaelo (4 commits)")[![RobertBoes](https://avatars.githubusercontent.com/u/2871897?v=4)](https://github.com/RobertBoes "RobertBoes (4 commits)")[![s3sam](https://avatars.githubusercontent.com/u/25058465?v=4)](https://github.com/s3sam "s3sam (2 commits)")[![BrendanTWhite](https://avatars.githubusercontent.com/u/2833789?v=4)](https://github.com/BrendanTWhite "BrendanTWhite (2 commits)")[![snipe](https://avatars.githubusercontent.com/u/197404?v=4)](https://github.com/snipe "snipe (2 commits)")[![soltmar](https://avatars.githubusercontent.com/u/14175459?v=4)](https://github.com/soltmar "soltmar (2 commits)")[![olivM](https://avatars.githubusercontent.com/u/855?v=4)](https://github.com/olivM "olivM (1 commits)")[![Technowl](https://avatars.githubusercontent.com/u/76045592?v=4)](https://github.com/Technowl "Technowl (1 commits)")[![axis80](https://avatars.githubusercontent.com/u/6088477?v=4)](https://github.com/axis80 "axis80 (1 commits)")[![CWDN](https://avatars.githubusercontent.com/u/1649191?v=4)](https://github.com/CWDN "CWDN (1 commits)")[![garethellis36](https://avatars.githubusercontent.com/u/6451455?v=4)](https://github.com/garethellis36 "garethellis36 (1 commits)")[![HughVolpe](https://avatars.githubusercontent.com/u/7957245?v=4)](https://github.com/HughVolpe "HughVolpe (1 commits)")[![jmandrade](https://avatars.githubusercontent.com/u/1674999?v=4)](https://github.com/jmandrade "jmandrade (1 commits)")[![JoeyHoutenbos](https://avatars.githubusercontent.com/u/1810441?v=4)](https://github.com/JoeyHoutenbos "JoeyHoutenbos (1 commits)")[![jonathanwkelly](https://avatars.githubusercontent.com/u/453642?v=4)](https://github.com/jonathanwkelly "jonathanwkelly (1 commits)")

---

Tags

laravelsamlSAML2onelogin

### Embed Badge

![Health badge](/badges/aherstein-laravel-saml2-post/health.svg)

```
[![Health](https://phpackages.com/badges/aherstein-laravel-saml2-post/health.svg)](https://phpackages.com/packages/aherstein-laravel-saml2-post)
```

###  Alternatives

[aacotroneo/laravel-saml2

A Laravel package for Saml2 integration as a SP (service provider) for multiple IdPs, based on OneLogin toolkit which is much more lightweight than simplesamlphp.

5704.4M](/packages/aacotroneo-laravel-saml2)[scaler-tech/laravel-saml2

SAML2 Service Provider integration for Laravel applications, based on OneLogin toolkit

2737.5k](/packages/scaler-tech-laravel-saml2)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)