PHPackages                             cornell-custom-dev/laravel-cu-auth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. cornell-custom-dev/laravel-cu-auth

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

cornell-custom-dev/laravel-cu-auth
==================================

A Laravel package for authentication and identity management at Cornell University

v1.3.0(1mo ago)0238MITPHPPHP ^8.3

Since Oct 14Pushed 1mo agoCompare

[ Source](https://github.com/CornellCustomDev/CD-LaravelCUAuth)[ Packagist](https://packagist.org/packages/cornell-custom-dev/laravel-cu-auth)[ RSS](/packages/cornell-custom-dev-laravel-cu-auth/feed)WikiDiscussions main Synced today

READMEChangelog (5)Dependencies (10)Versions (9)Used By (0)

CUAuth
======

[](#cuauth)

Middleware for authorizing Laravel users.

- [CUAuth SSO](#cuauth) - Single sign-on and authorization middleware
    - SAML PHP Toolkit integration
    - Apache mod\_shib integration
- [AppTesters](#apptesters) - Limit access to users in the `APP_TESTERS` environment variable
- [Local Login](#local-login) - Allow Laravel users to log in with a local username and password
- [Livewire Auth](#livewire-auth) - Block unauthenticated Livewire update requests

Use Cases
---------

[](#use-cases)

- **Single Sign-On**: Protect routes with SSO (mod\_shib or PHP SAML)
    - Optionally log in SSO users to app user accounts
- **AppTesters**: Limit access on non-production sites to users in the `APP_TESTERS` environment variable

Single Sign-On
--------------

[](#single-sign-on)

### Usage

[](#usage)

```
// File: routes/web.php
use CornellCustomDev\LaravelStarterKit\CUAuth\Middleware\CUAuth;

Route::group(['middleware' => [CUAuth::class]], function () {
    // Protected routes here
    Route::get('profile', [UserController::class, 'show']);
});
```

```
# File: .env
# apache-shib (default) | php-saml
CU_AUTH_IDENTITY_MANAGER=apache-shib
```

See [Authorization](#identity-and-authorization) for details on how to log in remote users for local authorization.

> *See also: [shibboleth configuration](SHIBBOLETH.md).*

---

### Routing

[](#routing)

Any pages protected by middleware are automatically redirected to SSO. To directly trigger log in or log out, use the following routes (parameters are optional and will default to `'/'`):

- Login: `route('cu-auth.sso-login', ['redirect_url' => '/home'])`
- Logout: `route('cu-auth.sso-logout', ['return' => '/'])`

### Certs and Metadata (php-saml)

[](#certs-and-metadata-php-saml)

For using the PHP SAML Toolkit, the SAML keys and certs can be generated with the following command:

```
  php artisan cu-auth:generate-keys
```

It is possible to have composer automatically install the keys on `composer install` by adding the following to the `scripts` section of `composer.json`, which will only install the keys if they do not already exist:

```
"scripts": {
    "post-install-cmd": [
        "@php artisan cu-auth:generate-keys"
    ]
}
```

The default location for the SAML keys and certs is in `storage/app/keys`. This location is configurable in the `config/cu-auth.php` file or by setting the `SAML_CERT_PATH` in `.env`.

---

### Local Testing (apache-shib)

[](#local-testing-apache-shib)

For local testing where mod\_shib is not available, the `REMOTE_USER` environment variable can be set to simulate Shibboleth authentication. Note that `APP_ENV` must be set to "local" for this to work and the config cache must be cleared when `REMOTE_USER` is changed.

```
# File: .env
APP_ENV=local
REMOTE_USER=abc123
```

Identity and Authorization
--------------------------

[](#identity-and-authorization)

Once authenticated via SSO, the user's identity is available via the `IdentityManager`, which can be accessed via the app container.

```
use CornellCustomDev\LaravelStarterKit\CUAuth\Managers\IdentityManager;

$remoteIdentity = app(IdentityManager::class)->getIdentity();
$netid = $remoteIdentity->id(); // NetID | CWID

// If provided with SSO attributes:
$email = $remoteIdentity->email(); // Primary email (i.e. netid@cornell.edu)
$name = $remoteIdentity->name(); // Display name
```

The SAML attributes available are based on the CIT-documented list: .

### User authorization

[](#user-authorization)

If the site should manage authorization for users in the application, set `config('cu-auth.require_local_user')` to true:

```
# File: config/cu-auth.php
'require_local_user' => env('REQUIRE_LOCAL_USER', true),
```

Requiring a local user triggers the `CUAuthenticated` event when a user is authenticated via single sign-on. The site must [register a listener](https://laravel.com/docs/11.x/events#registering-events-and-listeners) for the `CUAuthenticated` event. This listener should look up the user in the database and log them in or create a user as needed.

> [AuthorizeUser](Listeners/AuthorizeUser.php) is provided as a starting point for handling the CUAuthenticated event. It is simplistic and should be replaced with a site-specific implementation in the site code base. It demonstrates retrieving user data via the [IdentityManager](Managers/IdentityManager.php) and creating a user if they do not exist.

Configuration
-------------

[](#configuration)

See [config/cu-auth.php](../../config/cu-auth.php) for configuration options, all of which can be set with environment variables.

To modify the default configuration, publish the configuration file:

```
  php artisan vendor:publish --tag=starterkit:cu-auth-config
```

To modify the PHP SAML Toolkit configuration, publish the configuration file:

```
  php artisan vendor:publish --tag=starterkit:php-saml-toolkit-config
```

AppTesters
----------

[](#apptesters)

Limits non-production access to users in the `APP_TESTERS` environment variable.

### Usage

[](#usage-1)

```
// File: routes/web.php
use CornellCustomDev\LaravelStarterKit\CUAuth\Middleware\AppTesters;
use CornellCustomDev\LaravelStarterKit\CUAuth\Middleware\CUAuth;

Route::group(['middleware' => [CUAuth::class, AppTesters::class], function () {
    Route::get('profile', [UserController::class, 'show']);
});
```

```
# File: .env
APP_TESTERS=abc123,def456
```

On non-production sites, the [AppTesters](Middleware/AppTesters.php) middleware checks the "APP\_TESTERS" environment variable for a comma-separated list of users. If a user is logged in and not in the list, the middleware will return an HTTP\_FORBIDDEN response.

The field used for looking up users is `netid` by default. It is configured in [config/cu-auth.php](../../config/cu-auth.php) file as `app_testers_field`.

Local Login
-----------

[](#local-login)

For testing purposes, the environment variable "ALLOW\_LOCAL\_LOGIN" can be set to true to bypass the middleware for a currently authenticated user.

```
# File: .env
ALLOW_LOCAL_LOGIN=true
```

Livewire Auth
-------------

[](#livewire-auth)

Blocks unauthenticated POST requests to `/livewire/update`, preventing anonymous users from interacting with Livewire components.

### Usage

[](#usage-2)

```
# File: .env
REQUIRE_LIVEWIRE_AUTH=true
```

###  Health Score

45

—

FairBetter than 91% of packages

Maintenance93

Actively maintained with recent releases

Popularity13

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity56

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~57 days

Total

5

Last Release

33d ago

PHP version history (2 changes)v1.0.0PHP ^8.2

v1.3.0PHP ^8.3

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/5258410?v=4)[Eric Woods](/maintainers/woodseowl)[@woodseowl](https://github.com/woodseowl)

![](https://avatars.githubusercontent.com/u/5116057?v=4)[Irina Naydich](/maintainers/inaydich)[@inaydich](https://github.com/inaydich)

---

Top Contributors

[![woodseowl](https://avatars.githubusercontent.com/u/5258410?v=4)](https://github.com/woodseowl "woodseowl (42 commits)")

###  Code Quality

TestsPHPUnit

Code StyleLaravel Pint

### Embed Badge

![Health badge](/badges/cornell-custom-dev-laravel-cu-auth/health.svg)

```
[![Health](https://phpackages.com/badges/cornell-custom-dev-laravel-cu-auth/health.svg)](https://phpackages.com/packages/cornell-custom-dev-laravel-cu-auth)
```

###  Alternatives

[directorytree/ldaprecord-laravel

LDAP Authentication &amp; Management for Laravel.

5752.3M18](/packages/directorytree-ldaprecord-laravel)[illuminate/auth

The Illuminate Auth package.

10528.2M1.2k](/packages/illuminate-auth)[scaler-tech/laravel-saml2

SAML2 Service Provider integration for Laravel applications, based on OneLogin toolkit

282109.9k](/packages/scaler-tech-laravel-saml2)[hasinhayder/tyro

Tyro - The ultimate Authentication, Authorization, and Role &amp; Privilege Management solution for Laravel 12 &amp; 13

6804.7k6](/packages/hasinhayder-tyro)[masterix21/laravel-licensing

Laravel licensing package with polymorphic assignment to any model, activation keys, expirations/renewals, and seat control via LicenseUsage. Supports offline verification with public-key–signed tokens, a CLI to generate/rotate/revoke keys, and an extensible architecture via config and contracts.

1563.1k4](/packages/masterix21-laravel-licensing)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
