PHPackages                             kaabar-sso/yii2-sso - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. kaabar-sso/yii2-sso

ActiveYii2-extension[Authentication &amp; Authorization](/categories/authentication)

kaabar-sso/yii2-sso
===================

Connect Yii 2 application to a SAML Identity Provider for Single Sign On

09PHP

Since Aug 9Pushed 2y ago1 watchersCompare

[ Source](https://github.com/cpjeslot/kaabar-sso)[ Packagist](https://packagist.org/packages/kaabar-sso/yii2-sso)[ RSS](/packages/kaabar-sso-yii2-sso/feed)WikiDiscussions main Synced yesterday

READMEChangelogDependenciesVersions (1)Used By (0)

Kaabar SSO Login
================

[](#kaabar-sso-login)

Kaabar SSO Login

Installation
------------

[](#installation)

The preferred way to install this extension is through [composer](https://getcomposer.org/download/).

Either run

```
php composer.phar require --prefer-dist kaabar-sso/yii2-sso "*"

```

or add

```
"kaabar-sso/yii2-sso": "*"

```

to the require section of your `composer.json` file.

About SAML
----------

[](#about-saml)

Integrate your Yii2 application with a SAML Identity Provider for seamless Single Sign-On authentication.

SAML, or Security Assertion Markup Language, is a widely used standard for enabling Single Sign-On (SSO) and identity federation across different applications and services. It allows secure authentication and authorization exchanges between parties, typically a service provider (SP) and an identity provider (IdP). Here's an overview of SAML:

1. Authentication and Authorization: SAML facilitates the sharing of authentication and authorization data between different systems. It enables a user to log in once (Single Sign-On) and access multiple applications without needing to re-enter credentials.
2. Components: SAML involves three main components: the user (principal), the service provider (SP), and the identity provider (IdP). The IdP is responsible for authenticating the user, while the SP relies on the IdP's assertions to grant access.
3. SAML Assertions: Assertions are the core building blocks of SAML. They contain statements about a user's authentication and attributes. There are three main types: Authentication Assertions, Attribute Assertions, and Authorization Decision Assertions.
4. SAML Profiles: SAML profiles define how assertions are packaged and exchanged in specific use cases. Common profiles include Web Browser SSO, Single Logout, and Enhanced Client or Proxy (ECP) profiles.
5. SAML Workflow: When a user accesses an SP, the SP generates a SAML authentication request and redirects the user to the IdP. The IdP authenticates the user and generates a SAML response containing assertions. The user is then redirected back to the SP with the SAML response.
6. Metadata: SAML uses metadata to share information about entities (IdPs and SPs) involved in the SSO process. Metadata includes details such as endpoints, public keys, and supported bindings.
7. Security: SAML relies on XML digital signatures and optionally encryption to ensure the integrity and confidentiality of exchanged data. It's crucial to securely manage private keys and certificates.
8. Use Cases: SAML is commonly used in enterprise environments, educational institutions, and federated systems to enable seamless access to various applications. It's also utilized for cross-domain single sign-on in web applications.
9. SAML Implementations: Frameworks and libraries, such as the onelogin/php-saml library for PHP applications, provide tools to implement SAML-based SSO easily.
10. Advantages: SAML reduces the need for users to manage multiple credentials, simplifies user provisioning and deprovisioning, and enhances security by centralizing authentication.

SAML plays a significant role in simplifying user access to multiple systems while maintaining security and privacy standards. Its widespread adoption and compatibility make it a fundamental component of modern identity and access management solutions.

Configuration
-------------

[](#configuration)

Register `kaabar\sso\Saml` to your components in `config/web.php`.

```
'components' => [
    'saml' => [
        'class' => 'kaabar\sso\Saml',
        'configFileName' => '@app/config/saml.php', // OneLogin_Saml config file (Optional)
    ]
]
```

To enable this component, a `OneLogin_Saml` configuration should be stored in a PHP file. By default, `configFileName` is set as `@app/config/saml.php`, so ensure you create this file beforehand. The file should return the `OneLogin_Saml` configuration. For a sample configuration, refer to the [link](https://github.com/onelogin/php-saml/blob/master/settings_example.php) provided.

```
