PHPackages spsostrov/libsso-symfony - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. spsostrov/libsso-symfony ActiveLibrary[Authentication & Authorization](/categories/authentication) spsostrov/libsso-symfony ======================== The SPŠ Ostrov school's SSO library - Symfony bridge v1.0.0(1mo ago)095MITPHPPHP >=7.4 Since Dec 5Pushed 1mo ago1 watchersCompare [ Source](https://github.com/marek-sterzik/spsostrov-libsso-symfony)[ Packagist](https://packagist.org/packages/spsostrov/libsso-symfony)[ Docs](https://github.com/marek-sterzik/spsostrov-libsso-symfony)[ RSS](/packages/spsostrov-libsso-symfony/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (4)Versions (9)Used By (0) Symfony connector for SPŠ Ostrov libsso library =============================================== [](#symfony-connector-for-spš-ostrov-libsso-library) This is just a symfony connector for the original [spsostrov/libsso](https://github.com/marek-sterzik/spsostrov-libsso) library. It provides extra modules for the Symfony security bundle allowing to communicate with the school's SSO system. Installation ------------ [](#installation) Install the package into the project: ``` composer require spsostrov/libsso-symfony ``` Then add the bundle `SPSOstrov\SSOBundle\SSOBundle` in your application bundles: ``` return [ # ... (other bundles) SPSOstrov\SSOBundle\SSOBundle::class => ['all' => true], ]; ``` Usage ----- [](#usage) The libsso symfony connector is a Symfony bundle providing extra modules to the standard symfony security bundle. It provides two modules: 1. The `spsostrov_sso` user provider. 2. The `spsostrov_sso` authenticator. Both modules are indended to be used together. The `spsostrov_sso` authenticator requires to use the corresponding user provider and will not work with any other user providers. On the other hand, you may override the default user provier for the given firewall rule by a specific user provider by specifying the `provider` argument. Configuration ------------- [](#configuration) This library may be configured via `security.yaml` config file. A typical `security.yaml` may look like this: ``` security: providers: spsostrov_sso: spsostrov_sso: # Set the service id of the service responsible for the role decision. # (instance of interface SPSOstrov\SSOBundle\SSORoleDeciderInterface) # If no role decider is used, the default role decider is applied # providing the roles: ROLE_USER, ROLE_TEACHER, ROLE_STUDENT. # (optional) role_decider: null # Set the service id of the user data provider. It may add any custom # data to the user object available then as $user->getUserData(). # The user data provider needs to be an instance of the class # SPSostrov\SSOBundle\SSOUserDataProviderInterface # User data are set to null if no user data provider is set. # (optional) user_data_provider: null firewalls: main: lazy: true # You need to use the spsostrov_sso user provider: provider: spsostrov_sso # Configure the spsostrov_sso authenticator spsostrov_sso: # Setup the route name used for log in: login_path: login # When the controller requires a valid user, which is not available, # the authenticator will redirect the user to the controller specified # by login_path (see above). The authenticator may pass the original url # as a get parameter to the login controller. This option tells # the name of such an get parameter. You may also pass null to suppress # this functionality and pass no get parameters to the login controller. redirect_param: back # Override the default user provider. # (optional) provider: null # Use the SSO variant (currently 'production' and 'testing' variants are available) # (optional) sso_variant: production # Set a custom SSO gateway URL (override the gateway url given by the sso_variant) # (optional) sso_gateway_url: null # Set a custom SSO gateway check URL (override the gateway url given by the sso_variant) # (optional) sso_gateway_check_url: null # Set a custom class for the users (must be a subclass of SPSOstrov\SSOBundle\SSOUser) # (optional) sso_user_class: null # Service id of the SPSOstrov\SSO\SSO service. # If used, the arguments sso_variant, sso_gateway_url, sso_gateway_check_url, sso_user_class take # no effect # (optional) sso: null # configure standard logout: logout: path: logout ``` The login controller -------------------- [](#the-login-controller) You need to define a specific login controller, where the authenticator will authenticate the user. At this controller the "hard work" is done. The request is redirected to the SSO server and then back. While the SSO system does not allow to pass any GET arguments through the login process, therefore it is not possible to directly pass the get arguments originally passed to the login controller into the controller's processing method. The authenticator uses here an session-based layer trying to pass all arguments properly. But the layer is not able to guarantee to work in all circumstances. The code of the login controller's method is processed after a successfull login using the authenticator. A typical login controller may look like this: ``` #[Route('/login', name: 'login')] public function login(Request $request): Response { # get the "back" get variable $url = $request->query->get("back"); if (!is_string($url)) { # if "back" get variable not available, redirect to the main controller return $this->redirectToRoute('main'); } # redirect to the url given by the "back" variable, if "back" variable available return $this->redirect($url); } ``` Users ----- [](#users) The object representing the authenticated user is an instance of `SPSOstrov\SSOBundle\SSOUser` which is a subclass of the original `SPSOstrov\SSO\SSOUser` class from the original libsso library. The user therefore provides all functions available in the original libsso library and moreover provides the `getRoles()` method (not available in libsso) returning the assigned roles by the role decider. (See role deciders) Role deciders ------------- [](#role-deciders) A role decider is a service allowing to assign custom roles to existing users. You may do the role decision proces in any way you want depending on the data from the database and also on the data from the user. All you need is to create a symfony service implementing the `SPSOstrov\SSOBundle\SSORoleDeciderInterface` with its single method `decideRoles()`, which takes one argument the user being decided and is responsible for returning an array of all roles assigned to the given user. If no role decider is set up, a default role decider is used. It will decide the roles `ROLE_USER` (any user will have this role), `ROLE_TEACHER` (teachers) and `ROLE_STUDENT` (students). User data providers ------------------- [](#user-data-providers) An user data provider is an service allowing to attach custom data (refreshed at each request) to the user. You need toimplement the `SPSOstrov\SSOBundle\SSOUserDataProviderInterface` with its method `getUserData()` taking the instance of the `SSOUser` class as an argument and should return the data. The data are available then by calling the method `$user->getUserData()`. ### Health Score 41 — FairBetter than 89% of packages Maintenance90 Actively maintained with recent releases Popularity13 Limited adoption so far Community7 Small or concentrated contributor base Maturity44 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~68 days Recently: every ~82 days Total 8 Last Release 47d ago Major Versions v0.3.3 → v1.0.02026-03-26 ### Community Maintainers ![](https://www.gravatar.com/avatar/784785f5dfad3eab11bf8f02ab43db82212e41c835b7a9ad1c1d16d924d42b8d?d=identicon)[spsostrov](/maintainers/spsostrov) --- Top Contributors [![marek-sterzik](https://avatars.githubusercontent.com/u/26008248?v=4)](https://github.com/marek-sterzik "marek-sterzik (42 commits)") ### Embed Badge ![Health badge](/badges/spsostrov-libsso-symfony/health.svg) ``` [![Health](https://phpackages.com/badges/spsostrov-libsso-symfony/health.svg)](https://phpackages.com/packages/spsostrov-libsso-symfony) ``` ### Alternatives [gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[scheb/2fa Two-factor authentication for Symfony applications (please use scheb/2fa-bundle to install) 578630.7k1](/packages/scheb-2fa)[scheb/2fa-bundle A generic interface to implement two-factor authentication in Symfony applications 6914.0M62](/packages/scheb-2fa-bundle)[web-auth/webauthn-framework FIDO2/Webauthn library for PHP and Symfony Bundle. 50570.7k1](/packages/web-auth-webauthn-framework)[auth0/symfony Symfony SDK for Auth0 Authentication and Management APIs. 128738.1k](/packages/auth0-symfony)[web-auth/webauthn-symfony-bundle FIDO2/Webauthn Security Bundle For Symfony 63397.4k6](/packages/web-auth-webauthn-symfony-bundle) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)