Download the PHP package fei/connect-client without Composer
On this page you can find all versions of the php package fei/connect-client. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download fei/connect-client
More information about fei/connect-client
Files in fei/connect-client
Package connect-client
Short Description Yoctu Connect Client - Service Provider
License GPL-3.0
Informations about the package connect-client
Connect-Client
The role of Connect-Client is to integrate SAML standard protocol into your application.
It will allow you to validate an user's authentication with a SSO (Single Sign-On) device, get specific information about him, and define his authorizations through assertions.
Check out connect-idp
documentation for more information about SAML standard protocol.
Installation & prerequisites
Connect-Client needs PHP 5.5 or up, with the extension mcrypt
plugged to run correctly.
You will have to integrate it to your project with composer require fei/connect-client
Integration
Here is an example on how it works (See /example
folder):
After you created a new Metadata
instance, and configured it (cf Setting up your metadata), create a new Connect
object which will take two parameter:
- A new
SAML
instance (which allow you to use every SAML methods) which will take our metadata as parameter: - A
Config
which has to be filled with:defaultTargetPath
which is an URI where the user will be redirected to, if the login response doesn't contain onelogoutTargetPath
which will be used to redirect the user after he logged out
Default path for both setters is /
Finally, using the method handleRequest
from the newly Connect
object will validate (or not) the request, and redirect the user.
Setting up your metadata
To fill the Metadata
instance, two objects are necessary: the Identity Provider
and the Service Provider
descriptors.
Identity Provider
As shown above, we need to fill an IdpSsoDescriptor
with a few directives:
setID
set an unique ID corresponding to the Identity Provider created in Connect-IDPsetWantAuthnRequestsSigned
takes a single bool parameter and indicates if we want the Service Provider to sign every sent AuthnRequestsaddSingleSignOnService
takes a SingleSignOnService as parameter, which has two properties:- The endpoint which will handle the request
- A constant which describes the way the request will be sent
addSingleLogoutService
works as the same way assetSingleSignOnService
, but with a SingleLogoutService, instanciated which an endpoint and a constant to indicate how the request is sent.-
addKeyDescriptor
is used to associate a certificate to the SsoDescriptor. Those certificates will be used to:- Sign the AuthnRequest
- Decrypt assertions.
First
addKeyDescriptor
parameter is a constant contained inKeyDescriptor
, describing how the key will be used, and the second one indicates the used certificate's path (viaX509Certificate fromFile()
static method)
Service Provider
The service provider setter has two parameters:
The first one is the SpSsoDescriptor
, and the second one constitutes the private key that has been generated to sign AuthnRequests.
As the IdpSsoDescriptor
, the SpSsoDescriptor
must be filled with different properties:
setID
Set an unique ID corresponding to the Service Provider created in Connect-IDPaddAssertionConsumerService
takes an AssertionConsumerService as parameter, which has two properties:- The first one describes an endpoint which tell the client where it should listen for IDP responses
- A constant describing the request binding
addSingleLogoutService
takes a SingleLogoutService as parameter, which has two properties:- An endpoint describing where the client should listen to receive logout demands
- A constant describing the request binding (POST in the example above)
addKeyDescriptor
is used to associate a certificate to the SsoDescriptor. Those certificates will be used to:- Sign the AuthnRequest
- Decrypt assertions.
Profile Association
You could register with Config::registerProfileAssociation(callable $callback, $profileAssociationPath = '/connect/profile-association')
a profile association callback for handling request provided by Connect-IDP. The callback must have one parameter which
must implement Fei\Service\Connect\Common\ProfileAssociation\Message\RequestMessageInterface
and must return a instance of
Fei\Service\Connect\Common\ProfileAssociation\Message\ResponseMessageInterface
:
Role that the association profile message must set is provided by the RequestMessage. If the role returned is not valid (not provided by the RequestMessage) a \LogicException will be throw.
If you decide that a request from Connect-IDP is not valid you must throw a Fei\Service\Connect\Common\ProfileAssociation\Exception\ProfileAssociationException
instance with a message and a HTTP error code which will be transmitted to Connect-IPD.
All messages between Connect-IPD and your Connect-client integration are encrypted so you must set private and public keys for IDP and your Service Provider with metadata configuration directive.
Get role and local username
If the current user which the client provide with the method Client::getUser()
is the result of a profile association,
you could get the local username and role with respectively Client::getLocalUsername()
and Client::getRole()
.
Create and validate Token
With Connect client, you could create and validate token. Tokens is a simple and secure way to transmit Connect authorization between service which consume Connect-Client.
Create a token:
Validate a token:
Link to documentation
Examples
You can test this client easily thanks to the folder examples
There are several methods in UserAdmin class, all listed in the following table:
Method | Parameters | Return |
---|---|---|
persist | User $user |
User |
edit | User $formerUser, User $newUser |
|
delete | User $user |
|
getCertificate | string |
|
setCertificate | string $certificate |
UserAdmin |
getToken | Token |
|
setToken | Token $token |
|
createToken | string |
|
getAdminSpMetadataFile | string |
|
setAdminSpMetadataFile | string $adminSpMetadataFile |
UserAdmin |
getConnect | Connect |
|
setConnect | Connect $connect |
UserAdmin |
fetchCertificate | string |
All versions of connect-client with dependencies
fei/connect-common Version ^3.3.0
fei/api-client Version ^1.3
lightsaml/lightsaml Version ^1.2
nikic/fast-route Version ^1.0
zendframework/zend-diactoros Version ^1.3
psr/simple-cache Version ^1.0
zendframework/zend-cache Version ^2.7
ext-json Version *