PHPackages scolmore/zerotrust - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. scolmore/zerotrust ActiveLibrary[Security](/categories/security) scolmore/zerotrust ================== A package to add Azure active directory as a middleware security wrapper around your application. v0.1(2y ago)18MITPHPPHP ^8.2 Since Mar 7Pushed 2y ago1 watchersCompare [ Source](https://github.com/scolmore/zerotrust)[ Packagist](https://packagist.org/packages/scolmore/zerotrust)[ Docs](https://github.com/scolmore/zero-trust)[ RSS](/packages/scolmore-zerotrust/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)Dependencies (4)Versions (2)Used By (0) ZeroTrust ========= [](#zerotrust) [![Latest Version on Packagist](https://camo.githubusercontent.com/16e770bd936031b2db4e591b11b5fe8051e91ed6981a1a9fa7aeb03063f82c27/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f73636f6c6d6f72652f7a65726f74727573742e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/scolmore/zerotrust)[![GitHub Action Tests](https://camo.githubusercontent.com/52be44f5aee4129e10c76fece74141d25aea76d2d5b99a5db80a5b426abc47e9/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f73636f6c6d6f72652f7a65726f74727573742f72756e2d74657374732e796d6c3f6c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://github.com/scolmore/zerotrust/actions?query=workflow%3ATests+branch%3Amain)[![GitHub Action Code Style](https://camo.githubusercontent.com/d9228c06d8abe607d3eb04cc3ff602959ffa85afe5738383901f65c2372a2c74/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f73636f6c6d6f72652f7a65726f74727573742f636f64652d7374796c652e796d6c3f6c6162656c3d636f64652532307374796c65267374796c653d666c61742d737175617265)](https://github.com/scolmore/zerotrust/actions?query=workflow%3A%22Check+%26+fix+styling%22+branch%3Amain)[![Total Downloads](https://camo.githubusercontent.com/4582b09a2fc4830cfb5387181829e90c34ca26bbe7ac55651fe1524c71d8fbf6/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f73636f6c6d6f72652f7a65726f74727573742e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/scolmore/zerotrust) Zero trust is a Laravel middleware that provides an authentication middleware wrapper for your enterprise application using Azure active directory, allowing you to take advantage of account restrictions and 2FA (if enabled in your AD) without having to touch your applications' authentication. With the middleware added to your route(s), the user will be greeted with a login selection page (if more than one directory is added) or sent directly to the Microsoft login page. [![Multiple domain selection](art/multiple_ad_selection.png)](art/multiple_ad_selection.png) Setting up Microsoft Azure Active Directory ------------------------------------------- [](#setting-up-microsoft-azure-active-directory) To setup your Azure AD for use with this package, you can follow the following guide [HERE](https://learn.microsoft.com/en-us/power-apps/developer/data-platform/walkthrough-register-app-azure-active-directory) from Microsoft. For your callback URL, you will need to use `https://yourdomain.com/zero-trust/callback`. Installation ------------ [](#installation) Via Composer ``` composer require scolmore/zerotrust ``` Publish the configuration and views ----------------------------------- [](#publish-the-configuration-and-views) ``` php artisan vendor:publish --provider="Scolmore\ZeroTrust\ZeroTrustServiceProvider" ``` Usage ----- [](#usage) ### Configuration [](#configuration) The following will need to be added to your `.env` file: ``` ZEROTRUST_TITLE="My Organisation" ZEROTRUST_APP_NAME="My application name" ZEROTRUST_ENABLED=true ZEROTRUST_AZURE_NAME="Company AD one" ZEROTRUST_AZURE_TENANT_ID= ZEROTRUST_AZURE_CLIENT_ID= ZEROTRUST_AZURE_SECRET= ``` ### Middleware [](#middleware) Add the middleware to the required route(s)/route groups. ``` Route::middleware('zero-trust')->get('/dashboard', function () { return view('dashboard'); })->name('dashboard'); ``` ### Automatic login [](#automatic-login) If you want to attempt to automatically log the user in, set `ZEROTRUST_AUTO_LOGIN=true` in your `.env` file. This will perform a lookup on the Microsoft signed-in user on your User modal against the email column, if one is found the user will be logged in to your application. The User modal and email column can be changed in the configuration file. ### Restricted domains [](#restricted-domains) You may have a Microsoft Active Directory that has many different domains, and for your particular application, you want to restrict this. Lets say your AD has the following domains: - example.com - foo.com - bar.com You want, foo.com and bar.com to have access, but not example.com. To do this simply add the following to you `.env` file: ``` ZEROTRUST_RESTRICTED_DOMAINS="foo.com,bar.com" ``` Now when a user from example.com tries to login, they will be refused access and be displayed with the following screen. [![Restricted domain](art/restricted_domain.png)](art/restricted_domain.png) ### Logging out [](#logging-out) When a user logs out, you may also want to log them out of the Microsoft account at the same time. To do this, replace your Laravel logout method that calls `route('logout')` with `route('zero-trust.logout')`. ### Extending the middleware [](#extending-the-middleware) If you would like to perform additional actions when a user is authenticated or a restricted domain tries to login, you can extend the middleware from your own middleware. For example, perhaps you want to log the access with the Spatie activity log. In that case, create a new middleware, extend the ZeroTrust middleware and override the `completed` method. `ZeroTrustMiddleware.php` ```