Download the PHP package gl-events/sylius-admin-saml-plugin without Composer
On this page you can find all versions of the php package gl-events/sylius-admin-saml-plugin. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download gl-events/sylius-admin-saml-plugin
More information about gl-events/sylius-admin-saml-plugin
Files in gl-events/sylius-admin-saml-plugin
Package sylius-admin-saml-plugin
Short Description SAML auth SSO plugin for Sylius.
License MIT
Informations about the package sylius-admin-saml-plugin
GL events SyliusAdminSamlPlugin
Features
This plugin allow your admin users to sign in with SAML providers (Google, Azure, Okta, etc.)
Installation
-
Add the bundle to your
composer.jsonfile: -
Add the plugin class to your
config/bundles.phpfile: -
Import the plugin defaults (registers the SSO button hook and the login-page Twig globals):
-
Configure the plugin. Everything is set through the bundle configuration, no dedicated env vars are required. Generate the SP private key with
openssl genpkey -algorithm RSA -out private.key:Every setting is optional and defaults to an empty string (
proxy_varstofalse,admin_login/sso_logintotrue); a missing SAML setting simply makes the SSO login fail at runtime (flash + redirect back to the login page), it never breaks the app boot. Any value may still reference an env var if you prefer, e.g.certificate: '%env(SAML_IDP_CERTIFICATE)%'. -
Wrap the traditional admin login form so it can be toggled with
admin_login.The plugin does not override the core Sylius admin login hooks (a plugin must never override the host app's defaults). Gate the whole form with a single hook override in
config/packages/sylius_twig_hooks.yaml:This wraps the entire
<form>(fields + CSRF) in theadmin_logincondition, so in SSO-only mode the form disappears cleanly. The SSO button hook is provided by the plugin on the siblingsylius_admin.security.login.page.contenthook, so it stays visible regardless. -
Add in your
config/security.yamlfile: -
Add in your
config/routes.yamlfile: - If your application runs behind a reverse proxy (load balancer, Kubernetes ingress, etc.) that terminates SSL, set
proxy_vars: truein yourgl_events_sylius_admin_samlconfig:
This tells the onelogin/php-saml library to read X-Forwarded-Proto, X-Forwarded-Host and X-Forwarded-Port headers when building the current URL for SAML response validation. Without this, the library detects http:// instead of https:// and rejects the SAML response with an error like "The response was received at http://... instead of https://...".
Also verify your Symfony trusted_proxies and trusted_headers settings so that $request->getScheme() also returns the correct scheme, see: https://symfony.com/doc/current/deployment/proxies.html#but-what-if-the-ip-of-my-reverse-proxy-changes-constantly
- You are now ready to go ! 🚀
Credits
Developed by GL Events.