Download the PHP package fei/connect-client without Composer
On this page you can find all versions of the php package fei/connect-client. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download fei/connect-client
More information about fei/connect-client
Files in fei/connect-client
Package connect-client
Short Description Yoctu Connect Client - Service Provider
License GPL-3.0
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package connect-client
Connect-Client
The role of Connect-Client is to integrate SAML standard protocol into your application.
It will allow you to validate an user's authentication with a SSO (Single Sign-On) device, get specific information about him, and define his authorizations through assertions.
Check out connect-idp documentation for more information about SAML standard protocol.
Installation & prerequisites
Connect-Client needs PHP 5.5 or up, with the extension mcrypt plugged to run correctly.
You will have to integrate it to your project with composer require fei/connect-client
Integration
Here is an example on how it works (See /example folder):
After you created a new Metadata instance, and configured it (cf Setting up your metadata), create a new Connect object which will take two parameter:
- A new
SAMLinstance (which allow you to use every SAML methods) which will take our metadata as parameter: - A
Configwhich has to be filled with:defaultTargetPathwhich is an URI where the user will be redirected to, if the login response doesn't contain onelogoutTargetPathwhich will be used to redirect the user after he logged out
Default path for both setters is /
Finally, using the method handleRequest from the newly Connect object will validate (or not) the request, and redirect the user.
Setting up your metadata
To fill the Metadata instance, two objects are necessary: the Identity Provider and the Service Provider descriptors.
Identity Provider
As shown above, we need to fill an IdpSsoDescriptor with a few directives:
setIDset an unique ID corresponding to the Identity Provider created in Connect-IDPsetWantAuthnRequestsSignedtakes a single bool parameter and indicates if we want the Service Provider to sign every sent AuthnRequestsaddSingleSignOnServicetakes a SingleSignOnService as parameter, which has two properties:- The endpoint which will handle the request
- A constant which describes the way the request will be sent
addSingleLogoutServiceworks as the same way assetSingleSignOnService, but with a SingleLogoutService, instanciated which an endpoint and a constant to indicate how the request is sent.-
addKeyDescriptoris used to associate a certificate to the SsoDescriptor. Those certificates will be used to:- Sign the AuthnRequest
- Decrypt assertions.
First
addKeyDescriptorparameter is a constant contained inKeyDescriptor, describing how the key will be used, and the second one indicates the used certificate's path (viaX509Certificate fromFile()static method)
Service Provider
The service provider setter has two parameters:
The first one is the SpSsoDescriptor, and the second one constitutes the private key that has been generated to sign AuthnRequests.
As the IdpSsoDescriptor, the SpSsoDescriptor must be filled with different properties:
setIDSet an unique ID corresponding to the Service Provider created in Connect-IDPaddAssertionConsumerServicetakes an AssertionConsumerService as parameter, which has two properties:- The first one describes an endpoint which tell the client where it should listen for IDP responses
- A constant describing the request binding
addSingleLogoutServicetakes a SingleLogoutService as parameter, which has two properties:- An endpoint describing where the client should listen to receive logout demands
- A constant describing the request binding (POST in the example above)
addKeyDescriptoris used to associate a certificate to the SsoDescriptor. Those certificates will be used to:- Sign the AuthnRequest
- Decrypt assertions.
Profile Association
You could register with Config::registerProfileAssociation(callable $callback, $profileAssociationPath = '/connect/profile-association')
a profile association callback for handling request provided by Connect-IDP. The callback must have one parameter which
must implement Fei\Service\Connect\Common\ProfileAssociation\Message\RequestMessageInterface and must return a instance of
Fei\Service\Connect\Common\ProfileAssociation\Message\ResponseMessageInterface :
Role that the association profile message must set is provided by the RequestMessage. If the role returned is not valid (not provided by the RequestMessage) a \LogicException will be throw.
If you decide that a request from Connect-IDP is not valid you must throw a Fei\Service\Connect\Common\ProfileAssociation\Exception\ProfileAssociationException
instance with a message and a HTTP error code which will be transmitted to Connect-IPD.
All messages between Connect-IPD and your Connect-client integration are encrypted so you must set private and public keys for IDP and your Service Provider with metadata configuration directive.
Get role and local username
If the current user which the client provide with the method Client::getUser() is the result of a profile association,
you could get the local username and role with respectively Client::getLocalUsername() and Client::getRole().
Create and validate Token
With Connect client, you could create and validate token. Tokens is a simple and secure way to transmit Connect authorization between service which consume Connect-Client.
Create a token:
Validate a token:
Link to documentation
Examples
You can test this client easily thanks to the folder examples
There are several methods in UserAdmin class, all listed in the following table:
| Method | Parameters | Return |
|---|---|---|
| persist | User $user |
User |
| edit | User $formerUser, User $newUser |
|
| delete | User $user |
|
| getCertificate | string |
|
| setCertificate | string $certificate |
UserAdmin |
| getToken | Token |
|
| setToken | Token $token |
|
| createToken | string |
|
| getAdminSpMetadataFile | string |
|
| setAdminSpMetadataFile | string $adminSpMetadataFile |
UserAdmin |
| getConnect | Connect |
|
| setConnect | Connect $connect |
UserAdmin |
| fetchCertificate | string |
All versions of connect-client with dependencies
fei/connect-common Version ^3.3.0
fei/api-client Version ^1.3
lightsaml/lightsaml Version ^1.2
nikic/fast-route Version ^1.0
zendframework/zend-diactoros Version ^1.3
psr/simple-cache Version ^1.0
zendframework/zend-cache Version ^2.7
ext-json Version *