PHPackages andychukse/laravel-saml - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. andychukse/laravel-saml ActiveLibrary[Authentication & Authorization](/categories/authentication) andychukse/laravel-saml ======================= SAML support to make a laravel application to both a SAML IDP and a SAML SP. 2662PHP Since May 11Pushed 5y agoCompare [ Source](https://github.com/andychukse/laravel-saml)[ Packagist](https://packagist.org/packages/andychukse/laravel-saml)[ RSS](/packages/andychukse-laravel-saml/feed)WikiDiscussions master Synced yesterday READMEChangelog (1)DependenciesVersions (1)Used By (0) Laravel SAML ============ [](#laravel-saml) Laravel-SAML implements a SAML2 IDP plugin to transform laravel into a SAML identity provider (IDP) beside the regular authentication. The package is forked from the original package to support laravel 8. The package is based on [Dustin Parham's guide to implement a SAML IDP with laravel](https://imbringingsyntaxback.com/implementing-a-saml-idp-with-laravel/). To get a better basic understanding for SAML in general, read [Cheung's SAML for Web Developers](https://github.com/jch/saml). Installation ------------ [](#installation) ### Basic package installation [](#basic-package-installation) Using `composer`: ``` composer require "andychukse/laravel-saml":"^1.1.0" ``` #### Lightsaml dependency problem [](#lightsaml-dependency-problem) In case you run in a current lightsaml dependency problem regarding symfony 4 (event dispatcher) you might consider [using a fork of lightsaml allowing to use symfony 4](https://github.com/kingstarter/laravel-saml/issues/8#issuecomment-366991715). #### Laravel 5.4 [](#laravel-54) Add the service provider to `config/app.php` ``` KingStarter\LaravelSaml\LaravelSamlServiceProvider::class, ``` #### Laravel 5.5+ [](#laravel-55) This package supports Laravel's Package Auto Discovery and should be automatically loaded when required using composer. If the package is not auto discovered run ``` php artisan package:discover ``` #### Configuration [](#configuration) There is one configuration file to publish and the config/filesystem.php file that needs to be extended. The command ``` php artisan vendor:publish --tag="saml_config" ``` will publish the config/saml.php file. #### SAML SP entries [](#saml-sp-entries) Within the saml.php config file the SAML Service Provider array needs to be filled. Subsequently an example from the config/saml.php file: ``` 'sp' => [ /** * Sample SP entry * The entry is identified by the base64 encoded URL. This example shows a possible entry for * a SimpleSamlPhp service provider running on localhost: * * Sample URL: https://localhost/samlsp/module.php/saml/sp/saml2-acs.php/default-sp * Base64 encoded URL: aHR0cHM6Ly9sb2NhbGhvc3Qvc2FtbHNwL21vZHVsZS5waHAvc2FtbC9zcC9zYW1sMi1hY3MucGhwL2RlZmF1bHQtc3A= */ 'aHR0cHM6Ly9sb2NhbGhvc3Qvc2FtbHNwL21vZHVsZS5waHAvc2FtbC9zcC9zYW1sMi1hY3MucGhwL2RlZmF1bHQtc3A=' => [ // The destination is the consuming SAML URL. This might be a SamlAuthController receiving the SAML response. 'destination' => 'https://localhost/samlsp/module.php/saml/sp/saml2-acs.php/default-sp', // Issuer could be anything, mostly it makes sense to pass the metadata URL // This is the IDP Entity ID that will be sent to the SP. 'issuer' => 'https://localhost', // OPTIONAL: Use a specific audience restriction value when creating the SAMLRequest object. // Default value is the assertion consumer service URL (the base64 encoded SP url). // This is a bugfix for Nextcloud as SP and can be removed for normal SPs. 'audience_restriction' => 'http://localhost', // OPTIONAL: Use to override the default email attribute to set a custom NameID value for a SP // The NameID attribute must be a property on the User model. 'nameID' => 'username', ], ], ``` You can generate the base\_64 encoded AssertionURL by using the following artisan command. ``` $ php artisan laravel-saml:encodeurl https://sp.webapp.com/saml/login -- URL Given: https://sp.webapp.com/saml/login Encoded AssertionURL:aHR0cHM6Ly9zcC53ZWJhcHAuY29tL3NhbWwvbG9naW4= ``` config/saml.php: ``` 'sp' => [ ... /** * New entry * * Sample URL: https://sp.webapp.com/saml/login * Base64 encoded URL: aHR0cHM6Ly9zcC53ZWJhcHAuY29tL3NhbWwvY29uc3VtZQ== */ 'aHR0cHM6Ly9zcC53ZWJhcHAuY29tL3NhbWwvY29uc3VtZQ==' => [ 'destination' => 'https://sp.webapp.com/saml/consume', 'issuer' => 'https://sp.webapp.com', ], ], ``` #### FileSystem configuration [](#filesystem-configuration) Within `config/filesystem.php` following entry needs to be added: ``` 'disks' => [ ... 'saml' => [ 'driver' => 'local', 'root' => storage_path().'/saml', ], ], ``` The package controllers are using the `storage/saml` path for retrieving both certificates and the metadata file. Create first the storage path, then either add or link the certificates. Add also a metadata file for the SAML IDP. For help generating an IDP metadata.xml file, see [https://www.samltool.com/idp\_metadata.php](https://www.samltool.com/idp_metadata.php). ``` mkdir -p storage/saml/idp touch storage/saml/idp/{metadata.xml,cert.pem,key.pem} ``` Add the contents to the metadata.xml, cert.pem and key.pem files for the IDP. ### Using the SAML package [](#using-the-saml-package) To use the SAML package, some files need to be modified. Within your login view, problably `resources/views/auth/login.blade.php` add a SAMLRequest field beneath the CSRF field (this is actually a good place for it): ``` {{-- The hidden CSRF field for secure authentication --}} {{ csrf_field() }} {{-- Add a hidden SAML Request field for SAML authentication --}} @if(isset($_GET['SAMLRequest'])) @endif ``` The SAMLRequest field will be filled automatically when a SAMLRequest is sent by a http request and therefore initiate a SAML authentication attempt. To initiate the SAML auth, the login and redirect functions need to be modified. Within `app/Http/Middleware/AuthenticatesUsers.php` add following lines to both the top and the authenticated function: (NOTE: you might need to copy it out from vendor/laravel/framework/src/Illuminate/Foundation/Auth/ to your Middleware directory) ```