PHPackages silinternational/simplesamlphp-module-mfa - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. silinternational/simplesamlphp-module-mfa AbandonedArchivedSimplesamlphp-module[Authentication & Authorization](/categories/authentication) silinternational/simplesamlphp-module-mfa ========================================= A simpleSAMLphp module for prompting the user for MFA credentials (such as a TOTP code, etc.). 5.2.2(2y ago)61.3k2LGPL-2.1-or-laterPHPPHP >=7.2 Since Nov 1Pushed 1y ago2 watchersCompare [ Source](https://github.com/sil-org/simplesamlphp-module-mfa)[ Packagist](https://packagist.org/packages/silinternational/simplesamlphp-module-mfa)[ RSS](/packages/silinternational-simplesamlphp-module-mfa/feed)WikiDiscussions develop Synced 6d ago READMEChangelog (10)Dependencies (10)Versions (30)Used By (0) Archived ======== [](#archived) This repository is no longer maintained. It has been included directly in . \-- Multi-Factor Authentication (MFA) simpleSAMLphp Module ====================================================== [](#multi-factor-authentication-mfa-simplesamlphp-module) A simpleSAMLphp module for prompting the user for MFA credentials (such as a TOTP code, etc.). This mfa module is implemented as an Authentication Processing Filter, or AuthProc. That means it can be configured in the global config.php file or the SP remote or IdP hosted metadata. It is recommended to run the mfa module at the IdP, and configure the filter to run before all the other filters you may have enabled. How to use the module --------------------- [](#how-to-use-the-module) Simply include `simplesamlphp/composer-module-installer` and this module as required in your `composer.json` file. The `composer-module-installer` package will discover this module and copy it into the `modules` folder within `simplesamlphp`. You will then need to set filter parameters in your config. We recommend adding them to the `'authproc'` array in your `metadata/saml20-idp-hosted.php` file. Example (for `metadata/saml20-idp-hosted.php`): ``` use Sil\PhpEnv\Env; use Sil\Psr3Adapters\Psr3SamlLogger; // ... 'authproc' => [ 10 => [ // Required: 'class' => 'mfa:Mfa', 'employeeIdAttr' => 'employeeNumber', 'idBrokerAccessToken' => Env::get('ID_BROKER_ACCESS_TOKEN'), 'idBrokerAssertValidIp' => Env::get('ID_BROKER_ASSERT_VALID_IP'), 'idBrokerBaseUri' => Env::get('ID_BROKER_BASE_URI'), 'idBrokerTrustedIpRanges' => Env::get('ID_BROKER_TRUSTED_IP_RANGES'), 'idpDomainName' => Env::get('IDP_DOMAIN_NAME'), 'mfaSetupUrl' => Env::get('MFA_SETUP_URL'), // Optional: 'loggerClass' => Psr3SamlLogger::class, ], // ... ], ``` The `employeeIdAttr` parameter represents the SAML attribute name which has the user's Employee ID stored in it. In certain situations, this may be displayed to the user, as well as being used in log messages. The `loggerClass` parameter specifies the name of a PSR-3 compatible class that can be autoloaded, to use as the logger within ExpiryDate. The `mfaSetupUrl` parameter is for the URL of where to send the user if they want/need to set up MFA. The `idpDomainName` parameter is used to assemble the Relying Party Origin (RP Origin) for WebAuthn MFA options. Testing Locally --------------- [](#testing-locally) ### Setup [](#setup) Add entries to your hosts file to associate `mfa-sp.local` and `mfa-idp.local`with the IP address of your docker containers (which is the IP address from the Vagrantfile if you are running docker within the Vagrant VM). ### Automated Testing [](#automated-testing) Run `make test`. ### Manual Testing [](#manual-testing) Go to in your browser and sign in with one of the users defined in `development/idp-local/config/authsources.php`. Example: username = `must_set_up_mfa`, password = `a` Go to [http://mfa-sp.local:52021/module.php/core/as\_logout.php?ReturnTo=/&AuthId=mfa-idp](http://mfa-sp.local:52021/module.php/core/as_logout.php?ReturnTo=/&AuthId=mfa-idp)to logout. Why use an AuthProc for MFA? ---------------------------- [](#why-use-an-authproc-for-mfa) Based on... - the existence of multiple other simpleSAMLphp modules used for MFA and implemented as AuthProcs, - implementing my solution as an AuthProc and having a number of tests that all confirm that it is working as desired, and - a discussion in the SimpleSAMLphp mailing list about this: [https://groups.google.com/d/msg/simplesamlphp/ocQols0NCZ8/RL\_WAcryBwAJ](https://groups.google.com/d/msg/simplesamlphp/ocQols0NCZ8/RL_WAcryBwAJ) ... it seems sufficiently safe to implement MFA using a simpleSAMLphp AuthProc. For more of the details, please see this Stack Overflow Q&A: Contributing ------------ [](#contributing) To contribute, please submit issues or pull requests at Acknowledgements ---------------- [](#acknowledgements) This is adapted from the `silinternational/simplesamlphp-module-expirychecker`module, which itself is adapted from other modules. Thanks to all those who contributed to that work. ### Health Score 36 — LowBetter than 82% of packages Maintenance27 Infrequent updates — may be unmaintained Popularity21 Limited adoption so far Community15 Small or concentrated contributor base Maturity69 Established project with proven stability Bus Factor1 Top contributor holds 65.5% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~96 days Recently: every ~103 days Total 25 Last Release 809d ago Major Versions 0.1.0 → 1.0.02017-11-27 1.1.0 → 2.0.02018-01-23 2.1.0 → 3.0.02019-04-09 3.0.1 → 4.0.02019-05-23 4.1.1 → 5.0.02021-12-14 PHP version history (2 changes)0.1.0PHP >=7.0 4.0.1PHP >=7.2 ### Community Maintainers ![](https://www.gravatar.com/avatar/a5e188393958c4505bb06d9e79ed99a47d1cd42551142f02ef364d8268449ef8?d=identicon)[fillup](/maintainers/fillup) ![](https://www.gravatar.com/avatar/836739aa4f60c754dc9a4a547ebd0c166e4b6e855d9f119df2be5aec92f3a375?d=identicon)[forevermatt](/maintainers/forevermatt) --- Top Contributors [![forevermatt](https://avatars.githubusercontent.com/u/6233204?v=4)](https://github.com/forevermatt "forevermatt (205 commits)")[![briskt](https://avatars.githubusercontent.com/u/3172830?v=4)](https://github.com/briskt "briskt (84 commits)")[![fillup](https://avatars.githubusercontent.com/u/556105?v=4)](https://github.com/fillup "fillup (21 commits)")[![Baggerone](https://avatars.githubusercontent.com/u/8058522?v=4)](https://github.com/Baggerone "Baggerone (3 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/silinternational-simplesamlphp-module-mfa/health.svg) ``` [![Health](https://phpackages.com/badges/silinternational-simplesamlphp-module-mfa/health.svg)](https://phpackages.com/packages/silinternational-simplesamlphp-module-mfa) ``` ### Alternatives [drupalauth/simplesamlphp-module-drupalauth A SimpleSAMLphp module adding support for Drupal as the authentication source. 25305.4k1](/packages/drupalauth-simplesamlphp-module-drupalauth)[simplesamlphp/simplesamlphp-module-webauthn A PHP implementation of a FIDO2 / WebAuthn authentication agent 181.4k](/packages/simplesamlphp-simplesamlphp-module-webauthn) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)