PHPackages j-oppenhuis/laravel-saml2 - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. j-oppenhuis/laravel-saml2 ActiveLibrary[Authentication & Authorization](/categories/authentication) j-oppenhuis/laravel-saml2 ========================= SAML support to make a laravel application to both a SAML IDP and a SAML SP. 2.1.0(5y ago)028MITPHPPHP >=5.5.9 Since Apr 28Pushed 5y agoCompare [ Source](https://github.com/j-oppenhuis/laravel-saml2)[ Packagist](https://packagist.org/packages/j-oppenhuis/laravel-saml2)[ RSS](/packages/j-oppenhuis-laravel-saml2/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (3)Dependencies (2)Versions (4)Used By (0) Laravel + SAML2 Goodness ======================== [](#laravel--saml2-goodness) This repo was originally a fork of kingstarter/laravel-saml. It has since grown from that, and is now gives any laravel application the following abilities: 1 - Become a IDP 2 - Generate certs for signing messages, signing assertions and encrypting attributes. These certs use data inputed from the config file 3 - Configure attributes to be sent (From Config File) 4 - Configure for each SP if the message and/or assertion should be signed 5 - Provides the ability on the logout page to logout from any of the service provides via iframe This package makes it so easy to maintain and a IDP. Docs need a little work, if you are willing to help let me know. Installation ------------ [](#installation) ### Basic package installation [](#basic-package-installation) Using `composer`: ``` composer require "pkeogan/laravel-saml2":"dev-master" ``` #### Laravel 5.4 [](#laravel-54) Add the service provider to `config/app.php` ``` Pkeogan\LaravelSaml\LaravelSamlServiceProvider::class, ``` #### Laravel 5.5+ [](#laravel-55) This package supports Laravel's Package Auto Discovery and should be automatically loaded when required using composer. If the package is not auto discovered run ``` php artisan package:discover ``` #### Configuration [](#configuration) There is one configuration file to publish and the config/filesystem.php file that needs to be extended. The command ``` php artisan vendor:publish --tag="saml_config" ``` will publish the config/saml.php file. #### FileSystem configuration [](#filesystem-configuration) Within `config/filesystem.php` following entry needs to be added: ``` 'disks' => [ ... 'saml' => [ 'driver' => 'local', 'root' => storage_path().'/saml', ], ], ``` #### Fill out the config file [](#fill-out-the-config-file) WIP #### Generating metadata and certificates [](#generating-metadata-and-certificates) Once the config is filled out correcly, run the command below to generate the metadata and the cert. Please note, if no certs are located the system will generate them. If you would like to overide the certs, please use the `--cert` flag ``` php artisan laravel-saml:generate-meta ``` #### SAML SP entries [](#saml-sp-entries) Within the saml.php config file the SAML Service Provider array needs to be filled. ``` 'sp' => [ //Tableau 'https://sso.online.tableau.com/public/sp/SSO?alias=xxxx-xxxx-xxxx-xxxx-xxxxxxxx' => [ 'entity-id' => 'https://sso.online.tableau.com/public/sp/metadata?alias=xxxx-xxxx-xxxx-xxxx-xxxxxxxx', 'certificate' => 'MIICozC........dUvTnGP18g==' ], //A nifty testing service provider 'https://sptest.iamshowcase.com/acs' => [ ] ], ``` ### Using the SAML package [](#using-the-saml-package) To use the SAML package, some files need to be modified. Within your login view, probably `resources/views/auth/login.blade.php` add a SAMLRequest field beneath the CSRF field (this is actually a good place for it): ``` {{-- The hidden CSRF field for secure authentication --}} {{ csrf_field() }} {{-- Add a hidden SAML Request field for SAML authentication --}} @if(isset($_GET['SAMLRequest'])) @elseif(isset($saml)) @endif @if( config('saml.logout_apps_via_iframe') && session('samlLogout') ) @include('saml::logout') @endif ``` The SAMLRequest field will be filled automatically when a SAMLRequest is sent by a http request and therefore initiate a SAML authentication attempt. To initiate the SAML auth, the login and redirect functions need to be modified. Within `app/Http/Controllers/Auth/LoginController.php` change `use AuthenticatesUsers` to `use SamlAuthenticatesUsers` ``` use App\Http\Controllers\Controller; use KingStarter\LaravelSaml\Http\Traits\SamlAuthenticatesUsers; class LoginController extends Controller { ... /** * The user has been authenticated. * * @param \Illuminate\Http\Request $request * @param mixed $user * @return mixed */ protected function authenticated(Request $request, $user) { if(Auth::check() && isset($request['SAMLRequest'])) { $this->handleSamlLoginRequest($request); } return redirect()->intended($this->redirectPath()); } ..... ``` To allow later direct redirection when somebody is already logged in, we need to add also some lines to `app/Http/Middleware/RedirectIfAuthenticated.php`: ```