PHPackages                             t-ronx/sso-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. t-ronx/sso-bundle

ActiveSymfony-bundle[Authentication &amp; Authorization](/categories/authentication)

t-ronx/sso-bundle
=================

Single-sign-on bundle for Symfony2

03413PHP

Since Jun 18Pushed 11y ago1 watchersCompare

[ Source](https://github.com/T-RonX/FMSingleSignOnBundle)[ Packagist](https://packagist.org/packages/t-ronx/sso-bundle)[ RSS](/packages/t-ronx-sso-bundle/feed)WikiDiscussions master Synced 1mo ago

READMEChangelogDependenciesVersions (1)Used By (0)

Disclaimer
----------

[](#disclaimer)

I am by no means a security expert. I'm not bad at it either, but I cannot vouch for the security of this bundle. You can use this in production if you want, but please do so at your own risk. That said, if you'd like to contribute to make this bundle better/safer, you can always [create an issue](https://github.com/financial-media/FMSingleSignOnBundle/issues) or send [a pull request](https://github.com/financial-media/FMSingleSignOnBundle/pulls).

Description
-----------

[](#description)

This bundle provides an easy way to integrate a single-sign-on in your website. It uses an existing ('main') firewall for the actual authentication, and redirects all configured SSO-routes to authenticate via a one-time-password.

Installation
------------

[](#installation)

Install using composer:

```
php composer.phar require "fm/sso-bundle"

```

Enable the bundle in the kernel:

```
// app/AppKernel.php
$bundles[] = new FM\SingleSignOnBundle\FMSingleSignOnBundle();
```

Configuration
-------------

[](#configuration)

Enable sso-routes:

```
# app/config/routing.yml:
sso:
    resource: .
    type:     sso

otp:
    # this needs to be the same as the check_path, specified later on in security.yml
    pattern: /otp/
```

The bundle relies on an existing firewall to provide the actual authentication. To do this, you have to configure the single-sign-on login path to be behind that firewall, and make sure you need to be authenticated to access that route.

```
# app/config/config.yml:
fm_single_sign_on:
    host: mydomain.com
    login_path: /sso/
```

```
# app/config/security.yml
security:
    access_control:
        -
            host: mydomain.com
            path: ^/sso/$
            roles: [IS_AUTHENTICATED_FULLY]
```

```
# app/config/security.yml:
security:
    firewalls:
        main:
            pattern: ^/
```

This makes sure the user has to authenticate first (using a login form).

Now for each firewall (other than the main one), you can configure single-sign-on authentication using a one-time-password. The only thing you have to provide is a path and user provider. Everything else is handled by the bundle.

```
# app/config/security.yml:
security:
    firewalls:
        sso:
            pattern: ^/
            fm_sso:
                provider: main
                check_path: /otp/ # path where otp will be authenticated
```

That's it, you're done!

Domain restriction
------------------

[](#domain-restriction)

Because we're working with multiple domains here, it's wise to configure the firewalls to only work for specific domains. Say we have domain A and B. Domain A is where the single-sign-on is done (`main` firewall), and domain B is authenticated by the one-time-password (`sso` firewall). We can use a request matcher service that confines the firewalls to specific domains. First we have to configure the request matchers:

```
# app/config/security.yml
security:
    firewalls:
        main:
            request_matcher: my.security.request_matcher.main
        sso:
            request_matcher: my.security.request_matcher.sso
```

Now we can implement them as services:

```
# src/MyAwesomeBundle/Resources/config/services.yml
services:
    my.security.request_matcher.main
        class: %security.matcher.class%
        arguments: ["/", "domain-a.com"]

    my.security.request_matcher.sso
        class: %security.matcher.class%
        arguments: ["/", "domain-b.com"]
```

###  Health Score

23

—

LowBetter than 27% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity14

Limited adoption so far

Community11

Small or concentrated contributor base

Maturity41

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 89.5% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://www.gravatar.com/avatar/40afe559b136d08bf19840e5835bd3bd0f679dc44e7f9f9892e427b04c8b390a?d=identicon)[T-RonX](/maintainers/T-RonX)

---

Top Contributors

[![pkruithof](https://avatars.githubusercontent.com/u/330828?v=4)](https://github.com/pkruithof "pkruithof (17 commits)")[![T-RonX](https://avatars.githubusercontent.com/u/1150933?v=4)](https://github.com/T-RonX "T-RonX (2 commits)")

### Embed Badge

![Health badge](/badges/t-ronx-sso-bundle/health.svg)

```
[![Health](https://phpackages.com/badges/t-ronx-sso-bundle/health.svg)](https://phpackages.com/packages/t-ronx-sso-bundle)
```

###  Alternatives

[namshi/jose

JSON Object Signing and Encryption library for PHP.

1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client

OAuth 1.0 Client Library

99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield

Filament support for `spatie/laravel-permission`.

2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle

Implements a refresh token system over Json Web Tokens in Symfony

70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google

Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client

41721.2M118](/packages/league-oauth2-google)[illuminate/auth

The Illuminate Auth package.

9327.3M1.0k](/packages/illuminate-auth)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)