PHPackages rohit-raj-verma/pimcore-msentra-saml-login - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. rohit-raj-verma/pimcore-msentra-saml-login ActivePimcore-bundle[Authentication & Authorization](/categories/authentication) rohit-raj-verma/pimcore-msentra-saml-login ========================================== SAML 2.0 Single Sign-On (SSO) bundle for Pimcore 11 admin with Microsoft Entra ID (Azure AD) support and auto user provisioning v1.0.0(3mo ago)00MITPHPPHP >=8.1 Since Feb 13Pushed 3mo agoCompare [ Source](https://github.com/rohit-raj-verma/pimcore-msentra-saml-login)[ Packagist](https://packagist.org/packages/rohit-raj-verma/pimcore-msentra-saml-login)[ RSS](/packages/rohit-raj-verma-pimcore-msentra-saml-login/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (4)Versions (2)Used By (0) SSOBundle ========= [](#ssobundle) A Pimcore bundle that adds SAML 2.0 based Single Sign-On (SSO) to the Pimcore admin login. Supports Microsoft Entra ID (Azure AD) and other SAML 2.0 compliant Identity Providers. Features -------- [](#features) - **SAML 2.0 Authentication**: Full SAML 2.0 SP (Service Provider) implementation for Pimcore admin - **Custom Login Page**: Adds a "Login with SSO" button alongside the standard username/password form - **Auto User Provisioning**: Automatically creates Pimcore admin users on first SSO login - **User Sync**: Updates user profile (name, email) from IdP attributes on each login - **MS Entra ID Support**: Built-in support for Microsoft Entra ID (Azure AD) SAML attribute mapping - **Environment-Based Config**: Configure SP settings via environment variables Requirements ------------ [](#requirements) - Pimcore 11.x - PHP 8.1 or higher Installation ------------ [](#installation) ### Step 1: Install via Composer [](#step-1-install-via-composer) ``` composer require rohit-raj-verma/pimcore-sso-bundle ``` ### Step 2: Enable the Bundle [](#step-2-enable-the-bundle) Add the bundle to your `config/bundles.php`: ``` return [ // ... SSOBundle\SSOBundle::class => ['all' => true], ]; ``` ### Step 3: Configure Environment Variables [](#step-3-configure-environment-variables) Add the following variables to your `.env` file: ``` ###> SSOBundle ### SAML_SP_ENTITY_ID=https://sts.windows.net/YOUR-TENANT-ID/ SAML_SP_REPLY_URL=https://your-pimcore-domain.com/saml/acs ###< SSOBundle ### ``` VariableDescriptionExample`SAML_SP_ENTITY_ID`The Entity ID of your Identity Provider (IdP)`https://sts.windows.net/{tenant-id}/``SAML_SP_REPLY_URL`The ACS (Assertion Consumer Service) URL — your Pimcore domain + `/saml/acs``https://example.com/saml/acs`### Step 4: Configure Identity Provider Metadata [](#step-4-configure-identity-provider-metadata) Replace the placeholder values in `vendor/rohit-raj-verma/pimcore-sso-bundle/Resources/config/saml-idp.xml` with your IdP metadata, or copy the file to your project config directory. For **Microsoft Entra ID (Azure AD)**: 1. Go to **Azure Portal > Enterprise Applications > Your App > Single sign-on** 2. Download the **Federation Metadata XML** 3. Copy the `entityID` and `SingleSignOnService Location` values into `saml-idp.xml` Example `saml-idp.xml`: ``` ``` ### Step 5: Configure Azure AD / MS Entra (IdP Side) [](#step-5-configure-azure-ad--ms-entra-idp-side) In your Identity Provider, configure the following: SettingValue**Identifier (Entity ID)**`https://your-pimcore-domain.com/saml/acs` (same as `SAML_SP_REPLY_URL`)**Reply URL (ACS URL)**`https://your-pimcore-domain.com/saml/acs`**Sign-on URL**`https://your-pimcore-domain.com/saml/login`**Required SAML Claims / Attributes:** ClaimDescription`emailaddress`User's email (used as Pimcore username)`displayname`User's full name`givenname`First name (optional, fallback)`surname`Last name (optional, fallback)### Step 6: Clear Cache [](#step-6-clear-cache) ``` bin/console cache:clear ``` Usage ----- [](#usage) After installation, the Pimcore admin login page will display a **"Login with SSO"** button below the standard login form. ### Login Flow [](#login-flow) 1. User clicks **"Login with SSO"** on the Pimcore admin login page 2. The bundle sends a SAML AuthnRequest to the configured IdP 3. User authenticates with the IdP (e.g., Microsoft login) 4. IdP sends a SAML Response back to `/saml/acs` 5. The bundle validates the response and extracts user attributes 6. If the user doesn't exist in Pimcore, a new admin user is created automatically 7. User is logged into Pimcore admin ### Routes [](#routes) RoutePathDescription`saml_login``/saml/login`Initiates the SAML authentication request`saml_acs``/saml/acs`Assertion Consumer Service — receives the IdP responseHow It Works ------------ [](#how-it-works) - **RequestService**: Builds and sends SAML 2.0 AuthnRequest to the IdP using HTTP-Redirect binding - **ResponseService**: Receives and validates the SAML Response from the IdP, extracts user attributes - **UserService**: Creates or updates Pimcore admin users based on SAML attributes - **ContainerService**: Provides the SAML2 library container implementation (logging, ID generation, etc.) - **Login Template Override**: Overrides the default Pimcore admin login template to add the SSO button License ------- [](#license) This bundle is released under the MIT License. ### Health Score 34 — LowBetter than 77% of packages Maintenance82 Actively maintained with recent releases Popularity0 Limited adoption so far Community6 Small or concentrated contributor base Maturity42 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 94d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/14f0454e0b58557e15cd349a425aad845269014257efa282f693757235004819?d=identicon)[rohitrajv5](/maintainers/rohitrajv5) --- Top Contributors [![rohit-raj-verma](https://avatars.githubusercontent.com/u/261393979?v=4)](https://github.com/rohit-raj-verma "rohit-raj-verma (1 commits)") ### Embed Badge ![Health badge](/badges/rohit-raj-verma-pimcore-msentra-saml-login/health.svg) ``` [![Health](https://phpackages.com/badges/rohit-raj-verma-pimcore-msentra-saml-login/health.svg)](https://phpackages.com/packages/rohit-raj-verma-pimcore-msentra-saml-login) ``` ### Alternatives [simplesamlphp/simplesamlphp A PHP implementation of a SAML 2.0 service provider and identity provider. 1.1k12.4M193](/packages/simplesamlphp-simplesamlphp)[simplesamlphp/saml2 SAML2 PHP library from SimpleSAMLphp 30317.2M40](/packages/simplesamlphp-saml2)[league/oauth2-server-bundle Symfony bundle . 2344.7M6](/packages/league-oauth2-server-bundle)[m1guelpf/laravel-fastlogin Allow your users to login with FaceID/TouchID 99618.0k](/packages/m1guelpf-laravel-fastlogin)[jeremy379/laravel-openid-connect OpenID Connect support to the PHP League's OAuth2 Server. Compatible with Laravel Passport. 55342.3k2](/packages/jeremy379-laravel-openid-connect)[nl.idaas/openid-server OpenID Connect server for PHP 47129.2k1](/packages/nlidaas-openid-server) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)