PHPackages                             niif/shib-auth-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. niif/shib-auth-bundle

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

niif/shib-auth-bundle
=====================

Shibboleth based (federated SAML) user authentication bundle

v1.2.8(6y ago)02.1k3[1 issues](https://github.com/NIIF/ShibAuthBundle/issues)[6 PRs](https://github.com/NIIF/ShibAuthBundle/pulls)MITPHP

Since May 6Pushed 3y ago6 watchersCompare

[ Source](https://github.com/NIIF/ShibAuthBundle)[ Packagist](https://packagist.org/packages/niif/shib-auth-bundle)[ RSS](/packages/niif-shib-auth-bundle/feed)WikiDiscussions master Synced 2mo ago

READMEChangelog (10)Dependencies (3)Versions (18)Used By (0)

The bundle provides the authentication security token to users who authenticate via Shibboleth SP apache implementation.

Then you can implement access control as symfony does.

You *must* implement your own user provider, this bundle not working without them.

Install
=======

[](#install)

Install the bundle by composer

`composer require niif/shib-auth-bundle`

Update `app/AppKernel.php`

```
$bundles = array(
            ...
            new Niif\ShibAuthBundle\NiifShibAuthBundle(),
            ...
        );
```

Configure the shibboleth bundle.

update your `app/config/config.yml`

```
...
niif_shib_auth: ~
# niif_shib_auth:
    # baseURL:           "%shib_auth_base_url%" # optional, have default value:  /Shibboleth.sso/
    # sessionInitiator:  "%shib_auth_session_initiator%" # optional, have default value: Login
    # logoutPath:        "%shib_auth_logout_path%" # optional, have default value: Logout
    # logoutReturnPath:  "%shib_auth_logout_return_path%" # optional, have default value: "/" you should use absolute url, or named symfony route too.
    # usernameAttribute: "%shib_auth_username_attribute%" # optional, have default value: REMOTE_USER
    # moduleAttribute:   "%shib_auth_module_attribute%" # optional, the name of the server variable for ensure shibboleth session exist default: HTTP_SHIB_APPLICATION_ID
...
```

then add new firewall rule

in `app/config/security.yml`

```
    ...
    providers:
        ...
        shibboleth:
            id: shibboleth.user.provider
        ...
    ...
    firewalls:
        ...
        main:
            guard:
                authenticators:
                    - niif_shib_auth.shib_authenticator
        logout:
                path:   /logout
                target: /
                invalidate_session: true
                success_handler: niif_shib_auth.shib_authenticator
        ...
```

You should create a simple the logout action in any controller:

```
   /**
    * @Route("/logout")
    * @Template()
    * @return \Symfony\Component\HttpFoundation\RedirectResponse
    */
   public function logoutAction()
   {
       return $this->redirect($this->generateUrl('logged_out'));
   }
```

Impersonate
===========

[](#impersonate)

The authenticator support the impersonate feature.

in `app/config/security.yml`

```
    ...
    providers:
        ...
        shibboleth:
            id: shibboleth.user.provider
        in_memory:
            memory: ~
        ...
    ...
    firewalls:
        ...
        switch_user: { provider: in_memory }
        main:
            guard:
                authenticators:
                    - niif_shib_auth.shib_authenticator
        logout:
                path:   /logout
                target: /
                invalidate_session: true
                success_handler: niif_shib_auth.shib_authenticator
        ...
```

Simulate shibboleth authentication in development environment
=============================================================

[](#simulate-shibboleth-authentication-in-development-environment)

When you develop an application you shoud simulate shibboleth authentication anyhow. You can do it in apache config, after enable *headers* and *env* modules:

```
        Alias /my_app /home/me/my_app/web

           Options Indexes FollowSymLinks
           AllowOverride All
           Require all granted
           SetEnv Shib-Person-uid myuid
           SetEnv Shib-EduPersonEntitlement urn:oid:whatever
           RequestHeader append Shib-Identity-Provider "fakeIdPId"
           RequestHeader append eppn "myeppn"

```

###  Health Score

35

—

LowBetter than 80% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity19

Limited adoption so far

Community17

Small or concentrated contributor base

Maturity72

Established project with proven stability

 Bus Factor1

Top contributor holds 89.5% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~127 days

Recently: every ~244 days

Total

12

Last Release

2266d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/dbd1543568948482a6229c1c07ddcc76c71254d0d5c63c024a967222857c33bd?d=identicon)[gyufi](/maintainers/gyufi)

![](https://www.gravatar.com/avatar/b8bab3c1b234f0732268e672b7acc23549b3819e445c2fddc7de385dbac40e4d?d=identicon)[kukkjanos](/maintainers/kukkjanos)

![](https://www.gravatar.com/avatar/58cf0b44aa083da212f27d6c89a3ba7b0716079d39f2d2d845d4997d61e93571?d=identicon)[northway](/maintainers/northway)

---

Top Contributors

[![szabogyula](https://avatars.githubusercontent.com/u/3406217?v=4)](https://github.com/szabogyula "szabogyula (17 commits)")[![dorion](https://avatars.githubusercontent.com/u/169303?v=4)](https://github.com/dorion "dorion (1 commits)")[![northway](https://avatars.githubusercontent.com/u/3431401?v=4)](https://github.com/northway "northway (1 commits)")

### Embed Badge

![Health badge](/badges/niif-shib-auth-bundle/health.svg)

```
[![Health](https://phpackages.com/badges/niif-shib-auth-bundle/health.svg)](https://phpackages.com/packages/niif-shib-auth-bundle)
```

###  Alternatives

[namshi/jose

JSON Object Signing and Encryption library for PHP.

1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client

OAuth 1.0 Client Library

99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield

Filament support for `spatie/laravel-permission`.

2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle

Implements a refresh token system over Json Web Tokens in Symfony

70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google

Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client

41721.2M118](/packages/league-oauth2-google)[illuminate/auth

The Illuminate Auth package.

9327.3M1.0k](/packages/illuminate-auth)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)