PHPackages salihkiraz/simplesamlphp-module-silauth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. salihkiraz/simplesamlphp-module-silauth ActiveSimplesamlphp-module salihkiraz/simplesamlphp-module-silauth ======================================= SimpleSAMLphp auth module implementing various security measures before calls to IdP ID Broker backend 7.0.6(3y ago)01MITPHPPHP >=7.0 Since Jan 3Pushed 3y agoCompare [ Source](https://github.com/salihkiraz/simplesamlphp-module-silauth)[ Packagist](https://packagist.org/packages/salihkiraz/simplesamlphp-module-silauth)[ RSS](/packages/salihkiraz-simplesamlphp-module-silauth/feed)WikiDiscussions develop Synced 1mo ago READMEChangelog (5)Dependencies (17)Versions (52)Used By (0) simplesamlphp-module-silauth ============================ [](#simplesamlphp-module-silauth) SimpleSAMLphp auth module implementing custom business logic [![Codeship](https://camo.githubusercontent.com/6827f217eb0b74d20ee13aaf5c563d5cba5f548684283cf89ff4b4dc0b78af1e/68747470733a2f2f696d672e736869656c64732e696f2f636f6465736869702f61623332663036302d613433622d303133342d643130342d3436336132366561613636332e7376673f7374796c653d666c61742d737175617265)](https://app.codeship.com/projects/190461)[![Scrutinizer](https://camo.githubusercontent.com/3f7e5fa761101b9ea96fa816bdbff4e85fd9b209d87e4883b7f6387a7d957e3d/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f672f73696c696e7465726e6174696f6e616c2f73696d706c6573616d6c7068702d6d6f64756c652d73696c617574682e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/silinternational/simplesamlphp-module-silauth/)[![GitHub license](https://camo.githubusercontent.com/942e017bf0672002dd32a857c95d66f28c5900ab541838c6c664442516309c8a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c75652e7376673f7374796c653d666c61742d737175617265)](https://raw.githubusercontent.com/silinternational/simplesamlphp-module-silauth/develop/LICENSE) Database Migrations ------------------- [](#database-migrations) To create another database migration file, run the following (replacing `YourMigrationName` with whatever you want the migration to be named, using CamelCase): ``` make migration NAME=YourMigrationName ``` Rate Limiting ------------- [](#rate-limiting) SilAuth will rate limit failed logins by username and by every untrusted IP address from a login attempt. ### tl;dr ("the short version") [](#tldr-the-short-version) If there have been more than 10 failed logins for a given username (or IP address) within the past hour, a captcha will be included in the webpage. The user may or may not have to directly interact with the captcha, though. If there have been more than 50 failed logins for that username (or IP address) within the past hour, logins for that username (or IP address) will be blocked for up to an hour. ### Details [](#details) For each login attempt, if it has too many failed logins within the last hour (aka. recent failed logins) for the given username OR for any single untrusted IP address associated with the current request, it will do one of the following: - If there are fewer than `Authenticator::REQUIRE_CAPTCHA_AFTER_NTH_FAILED_LOGIN`recent failures: process the request normally. - If there are at least that many, but fewer than `Authenticator::BLOCK_AFTER_NTH_FAILED_LOGIN`: require the user to pass a captcha. - If there are more than that: block that login attempt for `(recent failures above the limit)^2` seconds after the most recent failed login, with a minimum of 3 (so blocking for 9 seconds). - Note: the blocking time is capped at an hour, so if no more failures occur, then the user will be unblocked in no more than an hour. See `features/login.feature` for descriptions of how various situations are handled. That file not only contains human-readable scenarios, but those are also actual tests that are run to ensure those descriptions are correct. #### Example 1 [](#example-1) - If `BLOCK_AFTER_NTH_FAILED_LOGIN` is 50, and - if `REQUIRE_CAPTCHA_AFTER_NTH_FAILED_LOGIN` is 10, and - if there have been 4 failed login attempts for `john_smith`, and - there have been 10 failed login attempts from `11.22.33.44`, and - there have been 3 failed login attempts from `192.168.1.2`, and - someone tries to login as `john_smith` from `192.168.1.2` and their request goes through a proxy at `11.22.33.44`, then - they will have to pass a captcha, but they will not yet be blocked. #### Example 2 [](#example-2) - However, if all of the above is true, but - there have now been 55 failed login attempts from `11.22.33.44`, then - any request involving that IP address will be blocked for 25 seconds after the most recent of those failed logins. Excluding trusted IP addresses from IP address based rate limiting ------------------------------------------------------------------ [](#excluding-trusted-ip-addresses-from-ip-address-based-rate-limiting) Since this application enforces rate limits based on the number of recent failed login attempts by both username and IP address, and since it looks at both the REMOTE\_ADDR and the X-Forwarded-For header for IP addresses, you will want to list any IP addresses that should NOT be rate limited (such as your load balancer) in the TRUSTED\_IP\_ADDRESSES environment variable (see `local.env.dist`). Status Check ------------ [](#status-check) To check the status of the website, you can access this URL: `https://(your domain name)/module.php/silauth/status.php` Debugging --------- [](#debugging) To debug the project in your IDE (such as NetBeans), do the following: 1. Edit your `local.env` file, insert your IP address as the value for `XDEBUG_REMOTE_HOST`. 2. Run `make start enabledebug`. 3. Set your IDE to use debugger port 9000 and a Session ID of netbeans-xdebug. 4. Click the "Debug Project" button in your IDE. ### Manual Testing [](#manual-testing) 1. Add an entry to your `/etc/hosts` file for `127.0.0.1 silauth.local` 2. Run `make` 3. Go to in your browser. ### Debugging [](#debugging-1) Xdebug can be enabled by doing the following: 1. Define `REMOTE_DEBUG_IP` in `local.env`. This should be the IP address of your development machine, i.e. the one that is running your IDE. If you're using Linux as your Docker host, you can use 172.17.0.1 here. 2. Map run-debug.sh into the container you wish to debug. For example: ``` volumes: - ./development/run-debug.sh:/data/run.sh ``` 3. Enable debugging in your IDE. See the next section for PhpStorm setup. Configuring PhpStorm for remote debugging ----------------------------------------- [](#configuring-phpstorm-for-remote-debugging) In PhpStorm go to: Preferences > PHP > Debug > DBGp Proxy and set the following settings: - Host: (your IP address or hostname) - Port: 9000 Set path mappings in: Preferences > PHP > Servers - Add a server and map the project folder to '/data/vendor/simplesamlphp/simplesamlphp/modules/silauth' - Map other directories as needed. PhpStorm should prompt when an unrecognized path is encountered. Then start listening by clicking the "listen" button on the PhpStorm toolbar. ### Health Score 29 — LowBetter than 60% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity1 Limited adoption so far Community13 Small or concentrated contributor base Maturity71 Established project with proven stability Bus Factor1 Top contributor holds 84% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~41 days Recently: every ~16 days Total 49 Last Release 1433d ago Major Versions 2.4.0 → 3.0.02017-08-30 3.0.0 → 4.0.02017-11-09 4.1.0 → 5.0.02019-04-10 5.1.0 → 6.0.02019-05-23 6.1.9 → 7.0.02021-12-14 PHP version history (2 changes)0.3.0PHP >=5.6 1.1.0PHP >=7.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/251de906d1bd4de4859a3ce9a717c065040ca2c90329c471429d127fc6dd3c68?d=identicon)[salihkiraz](/maintainers/salihkiraz) --- Top Contributors [![forevermatt](https://avatars.githubusercontent.com/u/6233204?v=4)](https://github.com/forevermatt "forevermatt (535 commits)")[![briskt](https://avatars.githubusercontent.com/u/3172830?v=4)](https://github.com/briskt "briskt (60 commits)")[![fillup](https://avatars.githubusercontent.com/u/556105?v=4)](https://github.com/fillup "fillup (25 commits)")[![salihkiraz](https://avatars.githubusercontent.com/u/7440402?v=4)](https://github.com/salihkiraz "salihkiraz (6 commits)")[![Baggerone](https://avatars.githubusercontent.com/u/8058522?v=4)](https://github.com/Baggerone "Baggerone (5 commits)")[![jason-jackson](https://avatars.githubusercontent.com/u/35783387?v=4)](https://github.com/jason-jackson "jason-jackson (4 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (1 commits)")[![scrutinizer-auto-fixer](https://avatars.githubusercontent.com/u/6253494?v=4)](https://github.com/scrutinizer-auto-fixer "scrutinizer-auto-fixer (1 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/salihkiraz-simplesamlphp-module-silauth/health.svg) ``` [![Health](https://phpackages.com/badges/salihkiraz-simplesamlphp-module-silauth/health.svg)](https://phpackages.com/packages/salihkiraz-simplesamlphp-module-silauth) ``` ### Alternatives [laravel/framework The Laravel Framework. 34.6k509.9M17.0k](/packages/laravel-framework)[shopware/platform The Shopware e-commerce core 3.3k1.5M3](/packages/shopware-platform)[magento/community-edition Magento 2 (Open Source) 12.1k52.1k10](/packages/magento-community-edition)[laravel/nightwatch The official Laravel Nightwatch package. 3486.1M13](/packages/laravel-nightwatch)[wheelpros/fitment-platform-api Magento 2 (Open Source) 12.1k1.2k](/packages/wheelpros-fitment-platform-api)[shopware/core Shopware platform is the core for all Shopware ecommerce products. 595.2M386](/packages/shopware-core) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)