PHPackages                             lysice/laravel-sso - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. lysice/laravel-sso

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

lysice/laravel-sso
==================

Simple PHP SSO integration for Laravel

v1.7.8.14(3y ago)6494[1 issues](https://github.com/Lysice/laravel-sso/issues)MITPHPPHP &gt;=7.1.3

Since Jul 8Pushed 3y ago1 watchersCompare

[ Source](https://github.com/Lysice/laravel-sso)[ Packagist](https://packagist.org/packages/lysice/laravel-sso)[ Docs](https://github.com/Lysice/laravel-sso)[ RSS](/packages/lysice-laravel-sso/feed)WikiDiscussions master Synced yesterday

READMEChangelog (10)Dependencies (3)Versions (26)Used By (0)

Simple PHP SSO integration for Laravel
======================================

[](#simple-php-sso-integration-for-laravel)

[![Latest Stable Version](https://camo.githubusercontent.com/3438d7db90e2a1167b0cbe581d74aea6ac57b8c8092bc7232686ad203fd44c7f/68747470733a2f2f706f7365722e707567782e6f72672f4c79736963652f6c61726176656c2d73736f2f762f737461626c65)](https://packagist.org/packages/Lysice/laravel-sso)[![Total Downloads](https://camo.githubusercontent.com/b8ab6f416789487f7d78bafd5caca6707e6b0b04e88f2e19f75d8920ec05b4ca/68747470733a2f2f706f7365722e707567782e6f72672f4c79736963652f6c61726176656c2d73736f2f646f776e6c6f616473)](https://packagist.org/packages/Lysice/laravel-sso)[![Latest Unstable Version](https://camo.githubusercontent.com/d41b63b197374197373b49d81997f3efa9ab02e240803040151a01557ea6f685/68747470733a2f2f706f7365722e707567782e6f72672f4c79736963652f6c61726176656c2d73736f2f762f756e737461626c65)](https://packagist.org/packages/Lysice/laravel-sso)[![License](https://camo.githubusercontent.com/4bcaceeb521de03045eaf42d0ae4feb0d20ec3bc35d0b0d2c7655d495ade6cb9/68747470733a2f2f706f7365722e707567782e6f72672f4c79736963652f6c61726176656c2d73736f2f6c6963656e7365)](https://packagist.org/packages/Lysice/laravel-sso)

[![](https://camo.githubusercontent.com/640c3d52b2764f179ef3cf089b604516a8c4ac0a06f055a46c6a7fce9428b787/68747470733a2f2f6c61726176656c2e636f6d2f6173736574732f696d672f636f6d706f6e656e74732f6c6f676f2d6c61726176656c2e737667)](https://camo.githubusercontent.com/640c3d52b2764f179ef3cf089b604516a8c4ac0a06f055a46c6a7fce9428b787/68747470733a2f2f6c61726176656c2e636f6d2f6173736574732f696d672f636f6d706f6e656e74732f6c6f676f2d6c61726176656c2e737667)

This package based on [Simple PHP SSO skeleton](https://github.com/Lysice/php-simple-sso) package and made suitable for Laravel framework.

### Requirements

[](#requirements)

- Laravel 5.5+
- PHP 7.1+

### Words meanings

[](#words-meanings)

- ***SSO*** - Single Sign-On.
- ***Server*** - page which works as SSO server, handles authentications, stores all sessions data.
- ***Broker*** - your page which is used visited by clients/users.
- ***Client/User*** - your every visitor.

### How it works?

[](#how-it-works)

Client visits Broker and unique token is generated. When new token is generated we need to attach Client session to his session in Broker so he will be redirected to Server and back to Broker at this moment new session in Server will be created and associated with Client session in Broker's page. When Client visits other Broker same steps will be done except that when Client will be redirected to Server he already use his old session and same session id which associated with Broker#1.

### Some tips before

[](#some-tips-before)

- sometimes 429 occurs when you send more requests The answer is that `api` middleware group use `ThrottleRequests` middleware aliased by `throttle`. You need to remove it or increase the number of throttle like `'throttle:600,1`.
- 405 exceptions occurs when POST or other METHOD execute before attach. Version1.7.6 Now You can set the methods what the `attach` route supports. You can doing this just like it in `laravel-sso.php` below: ```
    'supports' => [
            'attach' => [
                'GET'
            ],
            'logout' => [
                'POST'
            ]
        ],

    ```

Installation
============

[](#installation)

### Server

[](#server)

Install this package using composer.

```
$ composer require Lysice/laravel-sso
```

Copy config file to Laravel project `config/` folder.

```
$ php artisan vendor:publish --provider="Lysice\LaravelSSO\SSOServiceProvider"
```

Create table where all brokers will be saved.

```
$ php artisan migrate --path=vendor/Lysice/laravel-sso/database/migrations
```

Edit your `app/Http/Kernel.php` by removing throttle middleware and adding sessions middleware to `api` middlewares array. This is necessary because we need sessions to work in API routes and throttle middleware can block connections which we need.

```
'api' => [
    'bindings',
    \Illuminate\Session\Middleware\StartSession::class,
],
```

Now you should create brokers. You can create new broker using following Artisan CLI command:

```
$ php artisan sso:broker:create {name}
```

---

### Broker

[](#broker)

Install this package using composer.

```
$ composer require Lysice/laravel-sso
```

Copy config file to Laravel project `config/` folder.

```
$ php artisan vendor:publish --provider="Lysice\LaravelSSO\SSOServiceProvider"
```

Change `type` value in `config/laravel-sso.php` file from `server`to `broker`.

Set 3 new options in your `.env` file:

```
SSO_SERVER_URL=
SSO_BROKER_NAME=
SSO_BROKER_SECRET=
```

`SSO_SERVER_URL` is your server's http url without trailing slash. `SSO_BROKER_NAME` and `SSO_BROKER_SECRET` must be data which exists in your server's `brokers` table.

Edit your `app/Http/Kernel.php` by adding `\Lysice\LaravelSSO\Middleware\SSOAutoLogin::class` middleware to `web` middleware group. It should look like this:

```
protected $middlewareGroups = [
        'web' => [
            ...
            \Lysice\LaravelSSO\Middleware\SSOAutoLogin::class,
        ],

        'api' => [
            ...
        ],
    ];
```

Last but not least, you need to edit `app/Http/Controllers/Auth/LoginController.php`. You should add two functions into `LoginController` class which will authenticate your client through SSO server but not your Broker page.

```
protected function attemptLogin(Request $request)
{
    $broker = new \Lysice\LaravelSSO\LaravelSSOBroker;

    $credentials = $this->credentials($request);
    return $broker->login($credentials[$this->username()], $credentials['password']);
}

public function logout(Request $request)
{
    $broker = new \Lysice\LaravelSSO\LaravelSSOBroker;

    $broker->logout();

    $this->guard()->logout();

    $request->session()->invalidate();

    return redirect('/');
}
```

That's all. For other Broker pages you should repeat everything from the beginning just changing your Broker name and secret in configuration file.

Example `.env` options:

```
SSO_SERVER_URL=https://server.test
SSO_BROKER_NAME=site1
SSO_BROKER_SECRET=892asjdajsdksja74jh38kljk2929023
```

### Multiple mode

[](#multiple-mode)

you can use the multiple mode by using like this:

you must use the newest version to use this feature.

- In `server` and `client`'s config file `laravel-sso.php` `multi_enabled` option must be true:

```
'multi_enabled' => env('SSO_MULTI_ENABLED', false),

```

in .env file:

```
SSO_MULTI_ENABLED=true

```

when `multi_enabled` is true you can use the multi mode.

- In `LoginController.php` you need rewrite the function `attemptLogin`

```
protected function attemptLogin(Request $request)
    {
        $broker = new LaravelSSOBroker();
        $credentials = $this->credentials($request);
		// this is your own field.
        $loginKey = $request->input('login_key', '');

        return $broker->handleLogin($credentials[$this->username()], $credentials['password'], $loginKey);
    }

```

- your blade/js send the request with params:

```
login_key //your login key
username  //your login key value
password  // your login key password

```

or you can change the name of `login_key` to other key name like `login_name`

then you need to change the `loginKey`'s name in `attemptLogin` function like this:

```
protected function attemptLogin(Request $request)
    {
        $broker = new LaravelSSOBroker();
        $credentials = $this->credentials($request);
		// this is your own field.
        $loginKey = $request->input('login_name', '');

        return $broker->handleLogin($credentials[$this->username()], $credentials['password'], $loginKey);
    }

```

In `laravel-sso` it will send a request like this:

```
$this->userInfo = $this->makeRequest('POST', 'loginMulti', [
            $key => $keyValue,
            'password' => $password,
            'key' => $key
        ]);

```

And your own key `login_key` 's value will be used for authentication.

### Thanks to these company's Support

[](#thanks-to-these-companys-support)

[![https://JetBrains.com?from=laravel-sso](https://camo.githubusercontent.com/3cf726e7cdadba47755b7f7ea4227945a92a2fa48aadf4a2573140ec6501c989/68747470733a2f2f7265736f75726365732e6a6574627261696e732e636f6d2f73746f726167652f70726f64756374732f636f6d70616e792f6272616e642f6c6f676f732f6a625f6265616d2e737667)](https://camo.githubusercontent.com/3cf726e7cdadba47755b7f7ea4227945a92a2fa48aadf4a2573140ec6501c989/68747470733a2f2f7265736f75726365732e6a6574627261696e732e636f6d2f73746f726167652f70726f64756374732f636f6d70616e792f6272616e642f6c6f676f732f6a625f6265616d2e737667)

###  Health Score

28

—

LowBetter than 54% of packages

Maintenance17

Infrequent updates — may be unmaintained

Popularity18

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity56

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~17 days

Recently: every ~11 days

Total

25

Last Release

1363d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/6f077a192556cd9c34d866d3a65c0e4ba9d7f3b06403e431f58fd975ac3b7ed9?d=identicon)[Lysice](/maintainers/Lysice)

---

Top Contributors

[![Lysice](https://avatars.githubusercontent.com/u/17869820?v=4)](https://github.com/Lysice "Lysice (63 commits)")

---

Tags

laravelAuthenticationSSOlogin

### Embed Badge

![Health badge](/badges/lysice-laravel-sso/health.svg)

```
[![Health](https://phpackages.com/badges/lysice-laravel-sso/health.svg)](https://phpackages.com/packages/lysice-laravel-sso)
```

###  Alternatives

[zefy/laravel-sso

Simple PHP SSO integration for Laravel

1033.0k](/packages/zefy-laravel-sso)[maicol07/laravel-oidc-client

OpenID Connect Client for Laravel

251.1k](/packages/maicol07-laravel-oidc-client)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)