PHPackages                             hslavich/oneloginsaml-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. hslavich/oneloginsaml-bundle

ActiveSymfony-bundle[Authentication &amp; Authorization](/categories/authentication)

hslavich/oneloginsaml-bundle
============================

OneLogin SAML Bundle for Symfony

v2.10.0(3y ago)1482.5M↓10.1%96[17 issues](https://github.com/hslavich/OneloginSamlBundle/issues)[2 PRs](https://github.com/hslavich/OneloginSamlBundle/pulls)1MITPHP

Since Jun 17Pushed 3y ago14 watchersCompare

[ Source](https://github.com/hslavich/OneloginSamlBundle)[ Packagist](https://packagist.org/packages/hslavich/oneloginsaml-bundle)[ RSS](/packages/hslavich-oneloginsaml-bundle/feed)WikiDiscussions 2.x Synced 1mo ago

READMEChangelog (10)Dependencies (12)Versions (48)Used By (1)

OneloginSamlBundle
==================

[](#oneloginsamlbundle)

OneLogin SAML Bundle for Symfony. ()

[![Latest Stable Version](https://camo.githubusercontent.com/a3e157b119c32c3b26482b418f2a7b2e220f0e498a5057594c9cff8d02a8ba1a/68747470733a2f2f706f7365722e707567782e6f72672f68736c61766963682f6f6e656c6f67696e73616d6c2d62756e646c652f76)](//packagist.org/packages/hslavich/oneloginsaml-bundle)[![Latest Unstable Version](https://camo.githubusercontent.com/aa17ee86eacb07b7e0be1f445fc85d31a314639bf52401daea87a8b5d0fbf21a/68747470733a2f2f706f7365722e707567782e6f72672f68736c61766963682f6f6e656c6f67696e73616d6c2d62756e646c652f762f756e737461626c65)](//packagist.org/packages/hslavich/oneloginsaml-bundle)[![Total Downloads](https://camo.githubusercontent.com/8538b7414ec6f0762a8c0c8b672c09ff12903949ca89a8802daabd5dd6cf90fb/68747470733a2f2f706f7365722e707567782e6f72672f68736c61766963682f6f6e656c6f67696e73616d6c2d62756e646c652f646f776e6c6f616473)](//packagist.org/packages/hslavich/oneloginsaml-bundle)[![License](https://camo.githubusercontent.com/a5800297e61cc33ad7925d2b6f7f32791526f00269a1045815cf2ef7732a7614/68747470733a2f2f706f7365722e707567782e6f72672f68736c61766963682f6f6e656c6f67696e73616d6c2d62756e646c652f6c6963656e7365)](//packagist.org/packages/hslavich/oneloginsaml-bundle)

[![Build Status](https://camo.githubusercontent.com/94b5269f13493bcce2ee53b2ebf7fde5d4aec286355ff2bdb28b1864360bd2ef/68747470733a2f2f7472617669732d63692e6f72672f68736c61766963682f4f6e656c6f67696e53616d6c42756e646c652e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/hslavich/OneloginSamlBundle)[![Coverage Status](https://camo.githubusercontent.com/59a30bd4f92467f6d22ebaee9db139397ab2fec44e34a5d1d99539618cad26fb/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f6769746875622f68736c61766963682f4f6e656c6f67696e53616d6c42756e646c652f62616467652e7376673f6272616e63683d6d6173746572)](https://coveralls.io/github/hslavich/OneloginSamlBundle?branch=master)

[!["Buy Me A Coffee"](https://camo.githubusercontent.com/9f44ce2dc3b3eecdd02598900866ffc518801df1932849703dae1e5ce5031070/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67)](https://www.buymeacoffee.com/hslavich)

> This bundle supports Symfony 5 and earlier.
> For newer Symfony versions you can use [nbgrp/onelogin-saml-bundle](https://github.com/nbgrp/onelogin-saml-bundle).

Installation
------------

[](#installation)

Install with composer

```
composer require hslavich/oneloginsaml-bundle
```

Enable the bundle in `config/bundles.php` (if you don't use Symfony Flex)

```
return [
    // ...
    Hslavich\OneloginSamlBundle\HslavichOneloginSamlBundle::class => ['all' => true],
]
```

Configuration
-------------

[](#configuration)

Configure SAML metadata in `config/packages/hslavich_onelogin_saml.yaml`. Check  for more info.

```
hslavich_onelogin_saml:
    # Basic settings
    idp:
        entityId: 'http://id.example.com/saml2/idp/metadata.php'
        singleSignOnService:
            url: 'http://id.example.com/saml2/idp/SSOService.php'
            binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
        singleLogoutService:
            url: 'http://id.example.com/saml2/idp/SingleLogoutService.php'
            binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
        x509cert: ''
    sp:
        entityId: 'http://myapp.com/app_dev.php/saml/metadata'
        assertionConsumerService:
            url: 'http://myapp.com/app_dev.php/saml/acs'
            binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
        singleLogoutService:
            url: 'http://myapp.com/app_dev.php/saml/logout'
            binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
        privateKey: ''
    # Optional settings
    baseurl: 'http://myapp.com'
    strict: true
    debug: true
    security:
        nameIdEncrypted: false
        authnRequestsSigned: false
        logoutRequestSigned: false
        logoutResponseSigned: false
        wantMessagesSigned: false
        wantAssertionsSigned: false
        wantNameIdEncrypted: false
        requestedAuthnContext: true
        signMetadata: false
        wantXMLValidation: true
        relaxDestinationValidation: false
        destinationStrictlyMatches: true
        rejectUnsolicitedResponsesWithInResponseTo: false
        signatureAlgorithm: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
        digestAlgorithm: 'http://www.w3.org/2001/04/xmlenc#sha256'
    contactPerson:
        technical:
            givenName: 'Tech User'
            emailAddress: 'techuser@example.com'
        support:
            givenName: 'Support User'
            emailAddress: 'supportuser@example.com'
        administrative:
            givenName: 'Administrative User'
            emailAddress: 'administrativeuser@example.com'
    organization:
        en:
            name: 'Example'
            displayname: 'Example'
            url: 'http://example.com'
```

If you don't want to set contactPerson or organization, don't add those parameters instead of leaving them blank.

Configure firewall and user provider in `config/packages/security.yaml`

```
security:
    # ...

    providers:
        saml_provider:
            # Basic provider instantiates a user with default roles
            saml:
                user_class: 'AppBundle\Entity\User'
                default_roles: ['ROLE_USER']

    firewalls:
        app:
            pattern: ^/
            saml:
                # Match SAML attribute 'uid' with username.
                # Uses getNameId() method by default.
                username_attribute: uid
                # Use the attribute's friendlyName instead of the name
                use_attribute_friendly_name: true
                check_path: saml_acs
                login_path: saml_login
            logout:
                path: saml_logout

    access_control:
        - { path: ^/saml/login, roles: PUBLIC_ACCESS }
        - { path: ^/saml/metadata, roles: PUBLIC_ACCESS }
        - { path: ^/, roles: ROLE_USER }
```

Edit your `config/routing` or `config/routes.yaml` depending on your Symfony version.

```
hslavich_saml_sp:
    resource: "@HslavichOneloginSamlBundle/Resources/config/routing.yml"
```

Inject SAML attributes into User object (Optional)
--------------------------------------------------

[](#inject-saml-attributes-into-user-object-optional)

Your user class must implement `SamlUserInterface`

```