PHPackages dfoxx/laravel-shibboleth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. dfoxx/laravel-shibboleth ActiveLibrary[Authentication & Authorization](/categories/authentication) dfoxx/laravel-shibboleth ======================== An opinionated Shibboleth authentication package for Laravel. 1.0.0(9y ago)2412[2 issues](https://github.com/dfoxx/laravel-shibboleth/issues)MITPHP Since Feb 7Pushed 1y ago1 watchersCompare [ Source](https://github.com/dfoxx/laravel-shibboleth)[ Packagist](https://packagist.org/packages/dfoxx/laravel-shibboleth)[ Docs](https://github.com/dfoxx/laravel-shibboleth)[ RSS](/packages/dfoxx-laravel-shibboleth/feed)WikiDiscussions dev Synced 2mo ago READMEChangelog (1)Dependencies (1)Versions (3)Used By (0) laravel-shibboleth ================== [](#laravel-shibboleth) An opinionated Shibboleth authentication package for Laravel. There is a middleware and a guard, I prefer the middleware. > **Note:** This package assumes your web server is configured with the [Shibboleth Service Provider](https://shibboleth.atlassian.net/wiki/spaces/SP3/) (e.g. Apache or NGINX with Shibboleth modules), and that PHP `$_SERVER` variables are populated with authenticated Shibboleth user attributes. The Shibboleth handler (e.g. `/Shibboleth.sso`) must also be properly configured and accessible. Features -------- [](#features) - Route-level middleware (`shibboleth`) for lightweight Shibboleth enforcement - Laravel guard (`auth:shibboleth`) for seamless integration with Laravel’s auth system - Store extended identity metadata in a dedicated `users_shibboleth` table Installation ------------ [](#installation) ``` composer require dfoxx/laravel-shibboleth ``` Update `public/.htaccess`: ``` AuthType shibboleth ShibRequestSetting requireSession false require shibboleth ``` Update User model with this trait to use `SHIB_IDENTIFIER_KEY` as the column to store the Shibboleth identifier ``` use Dfoxx\Shibboleth\HasShibbolethIdentifier; class User extends Authenticatable { use HasShibbolethIdentifier; } ``` Middleware ---------- [](#middleware) Routes: ``` // unprotected routes Route::middleware(['shibboleth'])->group(function () { // protected routes }); ``` Guard ----- [](#guard) Update `config/auth.php` to use the guard: ``` 'guards' => [ 'shibboleth' => [ 'driver' => 'shibboleth-session', 'provider' => 'shibboleth', ], ], ``` Routes: ``` // unprotected routes Route::middleware(['auth:shibboleth'])->group(function () { // protected routes }); ``` Shibboleth Data --------------- [](#shibboleth-data) You can opt to store the Shibboleth data in it's own model `Shibboleth.php` You can copy the migrations over and edit them as you see fit: ``` php artisan vendor:publish --tag=laravel-shibboleth-migrations ``` Then add the trait to the User model: ``` use Dfoxx\Shibboleth\HasShibbolethData; class User extends Authenticatable { use HasShibbolethData; } ``` And then access Shibboleth data: ``` $user->shib('eppn'); $user->shibboleth->data['eppn']; ``` Configuration ------------- [](#configuration) `.env` keyDescription`SHIB_USER`Optional for local development to bypass headers and log in this user`SHIB_MIDDLEWARE`Set your own custom name for the middleware`SHIB_AUTO_CREATE_USERS`Defaults to false, will not attempt to create users`SHIB_SERVER_KEY`Shibboleth header used to uniquely identify the user (e.g. SHIB\_UID, SHIB\_EPPN)`SHIB_IDENTIFIER_KEY`User model column to use for authentication (e.g. uid, unity\_id, username)You can publish the config file `config/shibboleth.php` to edit the map for the Shibboleth model: ``` php artisan vendor:publish --tag=laravel-shibboleth-config ``` License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 28 — LowBetter than 54% of packages Maintenance15 Infrequent updates — may be unmaintained Popularity12 Limited adoption so far Community12 Small or concentrated contributor base Maturity64 Established project with proven stability Bus Factor1 Top contributor holds 55.6% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~896 days Total 2 Last Release 2484d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/df2676a81612888d454451ac3db832e054d2cd7bfc333ef41c76065b63ff68db?d=identicon)[dfoxx](/maintainers/dfoxx) --- Top Contributors [![dfoxx](https://avatars.githubusercontent.com/u/4933482?v=4)](https://github.com/dfoxx "dfoxx (10 commits)")[![flashadvocate](https://avatars.githubusercontent.com/u/7848492?v=4)](https://github.com/flashadvocate "flashadvocate (7 commits)")[![rjhodson](https://avatars.githubusercontent.com/u/1626389?v=4)](https://github.com/rjhodson "rjhodson (1 commits)") --- Tags laravelshibbolethdfoxx ### Embed Badge ![Health badge](/badges/dfoxx-laravel-shibboleth/health.svg) ``` [![Health](https://phpackages.com/badges/dfoxx-laravel-shibboleth/health.svg)](https://phpackages.com/packages/dfoxx-laravel-shibboleth) ``` ### Alternatives [lab404/laravel-impersonate Laravel Impersonate is a plugin that allows to you to authenticate as your users. 2.3k16.4M48](/packages/lab404-laravel-impersonate)[santigarcor/laratrust This package provides a flexible way to add Role-based Permissions to Laravel 2.3k5.4M43](/packages/santigarcor-laratrust)[pragmarx/google2fa-laravel A One Time Password Authentication package, compatible with Google Authenticator. 1.0k15.5M63](/packages/pragmarx-google2fa-laravel)[codegreencreative/laravel-samlidp Make your PHP Laravel application an Identification Provider using SAML 2.0. This package allows you to implement your own Identification Provider (idP) using the SAML 2.0 standard to be used with supporting SAML 2.0 Service Providers (SP). 263763.5k1](/packages/codegreencreative-laravel-samlidp)[imdhemy/laravel-purchases The top-notch Laravel receipt validator. 3831.1M2](/packages/imdhemy-laravel-purchases)[jeremy379/laravel-openid-connect OpenID Connect support to the PHP League's OAuth2 Server. Compatible with Laravel Passport. 55342.3k2](/packages/jeremy379-laravel-openid-connect) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)