PHPackages                             fei/connect-client - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Utility &amp; Helpers](/categories/utility)
4. /
5. fei/connect-client

ActiveProject[Utility &amp; Helpers](/categories/utility)

fei/connect-client
==================

Yoctu Connect Client - Service Provider

v4.4.0(4mo ago)018.1k1[1 issues](https://github.com/flash-global/connect-client/issues)[3 PRs](https://github.com/flash-global/connect-client/pulls)2GPL-3.0PHPPHP &gt;=7.0

Since Dec 14Pushed 4mo ago21 watchersCompare

[ Source](https://github.com/flash-global/connect-client)[ Packagist](https://packagist.org/packages/fei/connect-client)[ RSS](/packages/fei-connect-client/feed)WikiDiscussions master Synced yesterday

READMEChangelog (10)Dependencies (10)Versions (43)Used By (2)

Connect-Client
==============

[](#connect-client)

[![GitHub license](https://camo.githubusercontent.com/9700ec5e73e2cce0c5dedf8ad12379091340c775f74cc361a73f981cc58be586/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f666c6173682d676c6f62616c2f636f6e6e6563742d636c69656e742e737667)](https://github.com/flash-global/connect-client)[![continuousphp](https://camo.githubusercontent.com/37aba67b579e54b6c559fb7fc117b6c54656a88109224d4d51b917892ad02d09/68747470733a2f2f696d672e736869656c64732e696f2f636f6e74696e756f75737068702f6769742d6875622f666c6173682d676c6f62616c2f636f6e6e6563742d636c69656e742e737667)](https://continuousphp.com/git-hub/flash-global/connect-client)[![GitHub issues](https://camo.githubusercontent.com/b14aad4a9768c23f5a56588e7b3977178253b7ee0499b51400af52d29a2c653a/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6973737565732f666c6173682d676c6f62616c2f636f6e6e6563742d636c69656e742e737667)](https://github.com/flash-global/connect-client/issues)

The role of Connect-Client is to integrate SAML standard protocol into your application.

It will allow you to validate an user's authentication with a SSO (Single Sign-On) device, get specific information about him, and define his authorizations through assertions.

Check out `connect-idp` documentation for more information about SAML standard protocol.

Installation &amp; prerequisites
--------------------------------

[](#installation--prerequisites)

Connect-Client needs **PHP 5.5** or up, with the extension `mcrypt` plugged to run correctly.

You will have to integrate it to your project with `composer require fei/connect-client`

Integration
-----------

[](#integration)

Here is an example on how it works (See `/example` folder):

```
$metadata = new Metadata();

// Configure your metadata... (See next chapter)

$config = (new Config())
    ->setDefaultTargetPath('/resource.php')
    ->setLogoutTargetPath('/');

$connect = new Connect(new Saml($metadata), $config);
$connect->handleRequest($_SERVER['REQUEST_URI'], $_SERVER['REQUEST_METHOD'])->emit();
```

After you created a new `Metadata` instance, and configured it (cf **Setting up your metadata**), create a new `Connect` object which will take two parameter:

- A new `SAML` instance (which allow you to use every SAML methods) which will take our metadata as parameter:
- A `Config` which has to be filled with:
    - `defaultTargetPath` which is an URI where the user will be redirected to, if the login response doesn't contain one
    - `logoutTargetPath` which will be used to redirect the user after he logged out

Default path for both setters is `/`

Finally, using the method `handleRequest` from the newly `Connect` object will validate (or not) the request, and redirect the user.

Setting up your metadata
------------------------

[](#setting-up-your-metadata)

To fill the `Metadata` instance, two objects are necessary: the `Identity Provider` and the `Service Provider` descriptors.

```
$metadata->setIdentityProvider(
    (new IdpSsoDescriptor())
        ->setID('http://idp.dev:8080')
        ->setWantAuthnRequestsSigned(true)
        ->addSingleSignOnService(
            new SingleSignOnService('http://idp.dev:8080/sso', SamlConstants::BINDING_SAML2_HTTP_REDIRECT)
        )
        ->addSingleLogoutService(
            new SingleLogoutService('http://idp.dev:8080/logout', SamlConstants::BINDING_SAML2_HTTP_POST)
        )
        ->addKeyDescriptor(new KeyDescriptor(
            KeyDescriptor::USE_SIGNING,
            X509Certificate::fromFile(__DIR__ . '/keys/idp/idp.crt')
        ))
)->setServiceProvider(
    (new SpSsoDescriptor())
        ->setID('http://' . $_SERVER['HTTP_HOST'])
        ->addAssertionConsumerService(
            new AssertionConsumerService(
                'http://' . $_SERVER['HTTP_HOST'] . '/acs.php',
                SamlConstants::BINDING_SAML2_HTTP_POST
            )
        )
        ->addSingleLogoutService(
            new SingleLogoutService(
                'http://' . $_SERVER['HTTP_HOST'] . '/logout.php',
                SamlConstants::BINDING_SAML2_HTTP_POST
            )
        )
        ->addKeyDescriptor(new KeyDescriptor(
            KeyDescriptor::USE_SIGNING,
            X509Certificate::fromFile(__DIR__ . '/keys/sp.crt')
        ))
        ->addKeyDescriptor(new KeyDescriptor(
            KeyDescriptor::USE_ENCRYPTION,
            X509Certificate::fromFile(__DIR__ . '/keys/sp.crt')
        )),
    file_get_contents(__DIR__ . '/keys/sp.pem')
);
```

### Identity Provider

[](#identity-provider)

As shown above, we need to fill an `IdpSsoDescriptor` with a few directives:

- `setID` set an unique ID corresponding to the Identity Provider created in Connect-IDP
- `setWantAuthnRequestsSigned` takes a single bool parameter and indicates if we want the Service Provider to sign every sent AuthnRequests
- `addSingleSignOnService` takes a SingleSignOnService as parameter, which has two properties:

    - The endpoint which will handle the request
    - A constant which describes the way the request will be sent
- `addSingleLogoutService` works as the same way as `setSingleSignOnService`, but with a SingleLogoutService, instanciated which an endpoint and a constant to indicate how the request is sent.
- `addKeyDescriptor` is used to associate a certificate to the SsoDescriptor. Those certificates will be used to:

    - Sign the AuthnRequest
    - Decrypt assertions.

    First `addKeyDescriptor` parameter is a constant contained in `KeyDescriptor`, describing how the key will be used, and the second one indicates the used certificate's path (via `X509Certificate fromFile()` static method)

### Service Provider

[](#service-provider)

The service provider setter has two parameters:

**The first one** is the `SpSsoDescriptor`, and **the second one** constitutes the private key that has been generated to sign AuthnRequests.

As the `IdpSsoDescriptor`, the `SpSsoDescriptor` must be filled with different properties:

- `setID` Set an unique ID corresponding to the Service Provider created in Connect-IDP
- `addAssertionConsumerService` takes an AssertionConsumerService as parameter, which has two properties:
    - The first one describes an endpoint which tell the client where it should listen for IDP responses
    - A constant describing the request binding
- `addSingleLogoutService` takes a SingleLogoutService as parameter, which has two properties:
    - An endpoint describing where the client should listen to receive logout demands
    - A constant describing the request binding (POST in the example above)
- `addKeyDescriptor` is used to associate a certificate to the SsoDescriptor. Those certificates will be used to:
    - Sign the AuthnRequest
    - Decrypt assertions.

### Profile Association

[](#profile-association)

You could register with `Config::registerProfileAssociation(callable $callback, $profileAssociationPath = '/connect/profile-association')`a profile association callback for handling request provided by Connect-IDP. The callback must have one parameter which must implement `Fei\Service\Connect\Common\ProfileAssociation\Message\RequestMessageInterface` and must return a instance of `Fei\Service\Connect\Common\ProfileAssociation\Message\ResponseMessageInterface` :

```
$config = (new Config())
    ->registerProfileAssociation(
        function (UsernamePasswordMessage $message) {
            if ($message->getUsername() != 'test' || $message->getPassword() != 'test') {
                throw new ProfileAssociationException('Profile not found', 400);
            }

            // Get allowed roles
            $roles = $message->getRoles();

            return (new ResponseMessage())->setRole('USER');
        },
        '/connect-profile-association'
    );
```

Role that the association profile message must set is provided by the RequestMessage. If the role returned is not valid (not provided by the RequestMessage) a \\LogicException will be throw.

If you decide that a request from Connect-IDP is not valid you must throw a `Fei\Service\Connect\Common\ProfileAssociation\Exception\ProfileAssociationException`instance with a message and a HTTP error code which will be transmitted to Connect-IPD.

All messages between Connect-IPD and your Connect-client integration are encrypted so you must set private and public keys for IDP and your Service Provider with metadata configuration directive.

#### Get role and local username

[](#get-role-and-local-username)

If the current user which the client provide with the method `Client::getUser()` is the result of a profile association, you could get the local username and role with respectively `Client::getLocalUsername()` and `Client::getRole()`.

### Create and validate Token

[](#create-and-validate-token)

With Connect client, you could create and validate token. Tokens is a simple and secure way to transmit Connect authorization between service which consume Connect-Client.

Create a token:

```
// Create a Connect client instance
$connect = new Connect(new Saml($metadata), $config);

// Create a Token client instance
$client = new Token([Connect::OPTION_BASEURL => 'http://idp.dev:8080']);

// Create a Token
$token = $client->createToken($connect);

// Use the token...
```

Validate a token:

```
// Create a Token client instance
$client = new Token([Connect::OPTION_BASEURL => 'http://idp.dev:8080']);

// Validate a Token

try {
    $user = $client->validate($token);
} catch (\Exception $e) {
    // Handle exception
}
```

Link to documentation
---------------------

[](#link-to-documentation)

### Examples

[](#examples)

You can test this client easily thanks to the folder [examples](https://gitlab.opcoding.eu/flash/services/Connect/client/tree/users-management/example)

There are several methods in UserAdmin class, all listed in the following table:

MethodParametersReturnpersist`User $user``User`edit`User $formerUser, User $newUser`delete`User $user`getCertificate`string`setCertificate`string $certificate``UserAdmin`getToken`Token`setToken`Token $token`createToken`string`getAdminSpMetadataFile`string`setAdminSpMetadataFile`string $adminSpMetadataFile``UserAdmin`getConnect`Connect`setConnect`Connect $connect                  ``UserAdmin`fetchCertificate`string`

###  Health Score

50

—

FairBetter than 95% of packages

Maintenance75

Regular maintenance activity

Popularity21

Limited adoption so far

Community27

Small or concentrated contributor base

Maturity70

Established project with proven stability

 Bus Factor2

2 contributors hold 50%+ of commits

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~90 days

Recently: every ~529 days

Total

38

Last Release

138d ago

Major Versions

v1.2.9 → v2.0.02017-11-24

v2.2.3 → v3.0.02018-06-04

v3.1.2 → v4.0.02019-11-07

PHP version history (2 changes)v2.2.2PHP &gt;=5.5

v3.0.0PHP &gt;=7.0

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/6177937?v=4)[Jérôme Schaeffer](/maintainers/Neofox)[@Neofox](https://github.com/Neofox)

![](https://avatars.githubusercontent.com/u/50910?v=4)[lav](/maintainers/lav)[@lav](https://github.com/lav)

![](https://avatars.githubusercontent.com/u/166146?v=4)[Renaud](/maintainers/rwellens)[@rwellens](https://github.com/rwellens)

---

Top Contributors

[![glickel](https://avatars.githubusercontent.com/u/5288479?v=4)](https://github.com/glickel "glickel (21 commits)")[![akta54](https://avatars.githubusercontent.com/u/6170403?v=4)](https://github.com/akta54 "akta54 (8 commits)")[![jheussler](https://avatars.githubusercontent.com/u/31237854?v=4)](https://github.com/jheussler "jheussler (8 commits)")[![fanshan](https://avatars.githubusercontent.com/u/1986015?v=4)](https://github.com/fanshan "fanshan (6 commits)")[![rendakbalazs](https://avatars.githubusercontent.com/u/53558800?v=4)](https://github.com/rendakbalazs "rendakbalazs (3 commits)")[![Anaelle](https://avatars.githubusercontent.com/u/2428585?v=4)](https://github.com/Anaelle "Anaelle (3 commits)")[![bcerati](https://avatars.githubusercontent.com/u/2326968?v=4)](https://github.com/bcerati "bcerati (2 commits)")[![Neofox](https://avatars.githubusercontent.com/u/6177937?v=4)](https://github.com/Neofox "Neofox (2 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (1 commits)")[![bianchim](https://avatars.githubusercontent.com/u/19705314?v=4)](https://github.com/bianchim "bianchim (1 commits)")[![mtisserant](https://avatars.githubusercontent.com/u/2929182?v=4)](https://github.com/mtisserant "mtisserant (1 commits)")[![Agillet](https://avatars.githubusercontent.com/u/8818086?v=4)](https://github.com/Agillet "Agillet (1 commits)")

###  Code Quality

TestsCodeception

Code StylePHP\_CodeSniffer

### Embed Badge

![Health badge](/badges/fei-connect-client/health.svg)

```
[![Health](https://phpackages.com/badges/fei-connect-client/health.svg)](https://phpackages.com/packages/fei-connect-client)
```

###  Alternatives

[mobiledetect/mobiledetectlib

Mobile\_Detect is a lightweight PHP class for detecting mobile devices. It uses the User-Agent string combined with specific HTTP headers to detect the mobile environment.

10.7k167.0M506](/packages/mobiledetect-mobiledetectlib)[illuminate/contracts

The Illuminate Contracts package.

706130.3M12.8k](/packages/illuminate-contracts)[flow-php/etl

PHP ETL - Extract Transform Load - Abstraction

378604.0k89](/packages/flow-php-etl)[civicrm/civicrm-core

Open source constituent relationship management for non-profits, NGOs and advocacy organizations.

751284.3k37](/packages/civicrm-civicrm-core)[phiki/phiki

Syntax highlighting using TextMate grammars in PHP.

3693.8M51](/packages/phiki-phiki)[florianv/exchanger

PHP exchange rate provider layer for currency conversion: 30+ services, chain fallback, and caching.

1865.0M20](/packages/florianv-exchanger)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
