PHPackages almaviacx/ibexasamlbundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. almaviacx/ibexasamlbundle ActiveIbexa-bundle[Authentication & Authorization](/categories/authentication) almaviacx/ibexasamlbundle ========================= Bundle that add a way to connect to Ibexa using the SAML protocol 1.1.1(1y ago)06.5k↓30%MITPHPPHP ^7.3 || ^8.0 Since Mar 22Pushed 3mo ago2 watchersCompare [ Source](https://github.com/Novactive/AlmaviaCXIbexaSamlBundle)[ Packagist](https://packagist.org/packages/almaviacx/ibexasamlbundle)[ Docs](https://github.com/Novactive/AlmaviaCXIbexaSamlBundle)[ RSS](/packages/almaviacx-ibexasamlbundle/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (3)Dependencies (1)Versions (6)Used By (0) AlmaviaCX Ibexa SAML Bundle =========================== [](#almaviacx-ibexa-saml-bundle) Configuration ------------- [](#configuration) Add the following config to the routing config file ``` hslavich_saml_sp: resource: "@HslavichOneloginSamlBundle/Resources/config/routing.yml" ``` Add the following parameters to the security config file ``` ibexa_saml_front: pattern: /saml/(login|metadata|logout) security: false ibexa_front: ... saml: use_attribute_friendly_name: false check_path: saml_acs login_path: saml_login failure_path: saml_login default_target_path: /dashboard always_use_default_target_path: true user_factory: almaviacx.saml.user_factory # username_attribute: ``` The following variables are used to define the different parameters for the SAML endpoint communication ``` SAML_IDENTITY_PROVIDER_ENTITYID="..." SAML_IDENTITY_PROVIDER_LOGIN_URL="..." SAML_IDENTITY_PROVIDER_LOGIN_BINDING=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect SAML_IDENTITY_PROVIDER_LOGOUT_URL="..." SAML_IDENTITY_PROVIDER_LOGOUT_BINDING=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect SAML_IDENTITY_PROVIDER_EMAIL_ATTRIBUTE="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" SAML_IDENTITY_PROVIDER_X509_CERT="..." SAML_SERVICE_PROVIDER_URL=https://novabundles.ddev.site/admin SAML_SERVICE_PROVIDER_NAMEID_FORMAT='urn:oasis:names:tc:SAML:2.0:nameid-format:nameidentifier' SAML_SERVICE_PROVIDER_USER_GROUP_ID=sdf1sd61868sd1fdsvc env(SAML_IDENTITY_PROVIDER_EMAIL_ATTRIBUTE): ~ env(SAML_IDENTITY_PROVIDER_LOGIN_ATTRIBUTE): ~ ``` These variables are used to define the following global configuration : ``` idp: entityId: '%env(resolve:SAML_IDENTITY_PROVIDER_ENTITYID)%' singleSignOnService: url: '%env(resolve:SAML_IDENTITY_PROVIDER_LOGIN_URL)%' binding: '%env(resolve:SAML_IDENTITY_PROVIDER_LOGIN_BINDING)%' singleLogoutService: url: '%env(resolve:SAML_IDENTITY_PROVIDER_LOGOUT_URL)%' binding: '%env(resolve:SAML_IDENTITY_PROVIDER_LOGOUT_BINDING)%' x509cert: '%env(resolve:SAML_IDENTITY_PROVIDER_X509_CERT)%' sp: entityId: '%env(resolve:SAML_SERVICE_PROVIDER_URL)%/saml/metadata' assertionConsumerService: url: '%env(resolve:SAML_SERVICE_PROVIDER_URL)%/saml/acs' binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' singleLogoutService: url: '%env(resolve:SAML_SERVICE_PROVIDER_URL)%/saml/logout' binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' NameIDFormat: '%env(resolve:SAML_SERVICE_PROVIDER_NAMEID_FORMAT)%' baseurl: '%env(resolve:SAML_SERVICE_PROVIDER_URL)%/saml' debug: '%kernel.debug%' ``` To change the configuration based on siteaccess, it's possible to defined it under the folowing siteaccess aware parameter : `almaviacx.saml..auth_settings` The following parameters are also available to tweak the behavior ``` # Attribute used to get the email address from almaviacx.saml.identity.provider.email.attribute: '%env(resolve:SAML_IDENTITY_PROVIDER_EMAIL_ATTRIBUTE)%' # Attribute used to get the login from (null = nameId or what is defined for the "username_attribute" parameter) almaviacx.saml.identity.provider.login.attribute: '%env(resolve:SAML_IDENTITY_PROVIDER_LOGIN_ATTRIBUTE)%' # Method used to load existing users almaviacx.saml.config.default.user_load_method: !php/const AlmaviaCX\Bundle\IbexaSaml\Security\Saml\SamlUserProvider::LOAD_METHOD_LOGIN # Content Id or Remote Content Id of the user group where new users will be created almaviacx.saml.config.default.user_group_id: '%env(resolve:SAML_SERVICE_PROVIDER_USER_GROUP_ID)%' # Map user content type fields to the saml response attributes almaviacx.saml.config.default.user_attributes_mapping: first_name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name last_name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name ``` Load user by email instead of login ----------------------------------- [](#load-user-by-email-instead-of-login) Configure the following parameters : ``` # In security.yaml, configure the value for the following parameter : username_attribute: '%almaviacx.saml.identity.provider.email.attribute%' # As you don't want the email address to be used as login (Ibexa doesn't support special char in login), you need to configure this parameter : almaviacx.saml.identity.provider.login.attribute: # Change the user load method almaviacx.saml.config.default.user_load_method: !php/const AlmaviaCX\Bundle\IbexaSaml\Security\Saml\SamlUserProvider::LOAD_METHOD_EMAIL ``` ### Health Score 39 — LowBetter than 86% of packages Maintenance64 Regular maintenance activity Popularity23 Limited adoption so far Community10 Small or concentrated contributor base Maturity50 Maturing project, gaining track record Bus Factor1 Top contributor holds 88.9% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~119 days Total 3 Last Release 489d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/7bf781acfc713c38985bfb2e7bee5fd2decefdeed1df550643af57aa8e315db7?d=identicon)[Almaviacx](/maintainers/Almaviacx) --- Top Contributors [![erdnaxelaweb](https://avatars.githubusercontent.com/u/2130120?v=4)](https://github.com/erdnaxelaweb "erdnaxelaweb (8 commits)")[![mohamed-hamdani](https://avatars.githubusercontent.com/u/138455778?v=4)](https://github.com/mohamed-hamdani "mohamed-hamdani (1 commits)") --- Tags bundleibexa ### Embed Badge ![Health badge](/badges/almaviacx-ibexasamlbundle/health.svg) ``` [![Health](https://phpackages.com/badges/almaviacx-ibexasamlbundle/health.svg)](https://phpackages.com/packages/almaviacx-ibexasamlbundle) ``` ### Alternatives [web-token/jwt-framework JSON Object Signing and Encryption library for PHP and Symfony Bundle. 94818.9M77](/packages/web-token-jwt-framework)[league/oauth2-server-bundle Symfony bundle . 2344.7M6](/packages/league-oauth2-server-bundle)[web-auth/webauthn-framework FIDO2/Webauthn library for PHP and Symfony Bundle. 50570.7k1](/packages/web-auth-webauthn-framework)[web-token/jwt-library JWT library 2011.2M83](/packages/web-token-jwt-library)[web-auth/webauthn-symfony-bundle FIDO2/Webauthn Security Bundle For Symfony 63397.4k6](/packages/web-auth-webauthn-symfony-bundle)[spomky-labs/lexik-jose-bridge Bridge to allow the use of web-token/jwt-framework with the Lexik JWT Authentication Bundle 35444.0k](/packages/spomky-labs-lexik-jose-bridge) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)