PHP download

Download the PHP package intervieweb/spid-php-lib without Composer

On this page you can find all versions of the php package intervieweb/spid-php-lib. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download intervieweb/spid-php-lib
More information about intervieweb/spid-php-lib
Files in intervieweb/spid-php-lib

Vendor intervieweb
Package spid-php-lib
Short Description PHP package for SPID authentication
License BSD-3-Clause

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of intervieweb/spid-php-lib

Informations about the package spid-php-lib

Notice: Unofficial Release

Main differences with official release:

implements logging
uses PSR-12 style guide

spid-php-lib

PHP package for SPID authentication.

This PHP package is aimed at implementing SPID Service Providers. SPID is the Italian digital identity system, which enables citizens to access all public services with a single set of credentials. This package provides a layer of abstraction over the SAML protocol by exposing just the subset required in order to implement SPID authentication in a web application.

Alternatives for PHP:

spid-php based on SimpleSAMLphp
spid-php2 based on php-saml

Framework specific libraries and examples based on spid-php-lib:

Alternatives for other languages:

spid-php-lib
Table of Contents
- Repository layout
- Getting Started
- Prerequisites
- Configuring and Installing
- Usage
  - Performing login
  - Performing logout
  - Complete API
- Example
  - Demo application
- Features
- More features
- Troubleshooting
- Testing
- Unit tests
- Linting
- Contributing
- See also
- Authors
- License

Repository layout

bin/ auxiliary scripts
example/ contains a demo application
src/ contains the library implementation
test/ contains the unit tests

Getting Started

Tested on: amd64 Debian 9.5 (stretch, current stable) with PHP 7.0.

Supports PHP 7.0, 7.1 and 7.2.

Prerequisites

Configuring and Installing

NOTE: during testing, please use the test Identity Provider spid-testenv2.

Install with composer
(OPTIONAL) Manually generate key and certificate files for your Service Provider (SP).

Example:

This step can be skipped: the library takes care of this step automatically if you declare the optional sp_key_cert_values key in the settings array. Check the example in the Usage section for further details.
Download the Identity Provider (IdP) metadata files and place them in a directory in your project, for example idp_metadata. A convenience tool is provided to download those of the production IdPs: vendor/italia/spid-php-lib/bin/download_idp_metadata.php, example usage:

TEST ENVIRONMENT: If you are using spid-testenv2, manually download the IdP metadata and place it in your idp_metadata folder
Make your SP known to IdPs: for production follow the guidelines at https://www.spid.gov.it/come-diventare-fornitore-di-servizi-pubblici-e-privati-con-spid

TEST ENVIRONMENT: simply download your Service Provider (SP) metadata and place it in the appropriate folder of the test environment. The test environment must be restarted after every change to the SP metadata.

Usage

All classes provided by this package reside in the Italia\Spid namespace. More detailed documentation is available in the SAMLInterface.php file.

Load them using the composer-generated autoloader:

The main class is Italia\Spid\Sp (service provider).

Generate a settings array following this guideline

then initialize the main Sp class

Don't want the library to generate .key and .crt files for you? Then remove the sp_key_cert_values key from the settings array, or decalre

Performing login

Complete the login operation by calling

at the assertion consumer service URL.

Then call

to receive an array of the requested user attributes.

Performing logout

Call

The method will redirect to the IdP Single Logout page, or return false if you are not logged in.

Complete API

Method	Description
__contruct($settings, $protocol = null, $autoconfigure = true)	`$settings` should be based on the example provided in the Usage section. `$protocol` represents the protocol used for login. At the moment only `SAML` is supported, and can be selected by either `$protocol = 'saml'` or the default `$protocol = null`. `$autoconfigure` tells the constructor if it should check for .key and .crt files at the specified location from the `$settings` array and generate them in case they are not found. Set this to `false` if you wish to generate those manually.
loadIdpFromFile(string $filename)	loads an `Idp` object by parsing the provided XML at `$filename`
getIdpList() : array	loads all the `Idp` objects from the `idp_metadata_folder` provided in settings
getIdp(string $filename)	alias of `loadIdpFromFile`
getSPMetadata() : string	returns the SP metadata as a string
login(string $idpFilename, int $assertID, int $attrID, $level = 1, string $redirectTo = null, $shouldRedirect = true)	login with REDIRECT binding. Use `$idpFilename` to select in IdP for login by indicating the name (without extension) of an XML file in your `idp_metadata_folder`. `$assertID` and `$attrID` indicate respectively the array index of `sp_assertionconsumerservice` and `sp_attributeconsumingservice` provided in settings. Optional parameters: `$level` for SPID authentication level (1, 2 or 3), `$redirectTo` to indicate an url to redirect to after login, `$shouldRedirect` to indicate if the login function should automatically redirect to the IdP or should return the login url as a string
loginPost(string $idpName, int $ass, int $attr, $level = 1, string $redirectTo = null, $shouldRedirect = true)	like login, but uses POST binding
logout(int $slo, string $redirectTo = null, $shouldRedirect = true)	logout with REDIRECT binding. `$slo` indicates the array index of the `sp_singlelogoutservice` provided in settings. Optional parameters: `$redirectTo` to indicate an url to redirect to after login, `$shouldRedirect` to indicate if the login function should automatically redirect to the IdP or should return the login url as a string
logoutPost(int $slo, string $redirectTo = null, $shouldRedirect = true)	like logout, but uses POST binding
isAuthenticated() : bool	checks if the user is authenticated. This method MUST be called after login and logout to finalize the operation.
getAttributes() : array	If you requested attributes with an attribute consuming service during login, this method will return them in array format

Example

A basic demo application is provided in the example/ directory of this repository.

/example and /tests folders are NOT provided with the production version from packagist, remember to require the dev-develop version or just clone this repository (advised)

To try it out:

Generate a test certificate and key pair with:
Adapt the hostname of the SP changing the $base variable in the example/index.php file; the browser you'll be testing from must be able to resolve the FQDN (the default is https://sp.example.com). Using HTTPS is strongly suggested.
Configure and install the test IdP spid-testenv2
Serve the example dir from your preferred webserver
Visit https://sp.example.com/metadata to get the SP metadata, then copy these over to the IdP and register the SP with the IdP
Visit https://idp.example.com/metadata to get the IdP metadata, then save it as example/idp_metadata/testenv.xml to register the IdP with the SP
Visit: https://sp.example.com and click login.

Demo application

A Docker-based demo application is available at https://github.com/simevo/spid-php-lib-example.

Features

provides a lean implementation without relying on external SAML packages
routing-agnostic, can be integrated in any web framework / CMS
uses a session to store the authentication result and the received attributes
does not currently support Attribute Authority (AA)

_Compliance with SPID regulations (for Service Providers)_
Metadata:
parsing of IdP XML metadata (1.2.2.4)	✓
support for multiple signing certificates in IdP XML metadata (1.2.2.4)
parsing of AA XML metadata (2.2.4)
SP XML metadata generation (1.3.2)	✓
AuthnRequest generation (1.2.2.1):
generation of AuthnRequest XML	✓
HTTP-Redirect binding	✓
HTTP-POST binding	✓
`AssertionConsumerServiceURL` customization	The library uses `AssertionConsumerServiceIndex` customization which is preferred
`AssertionConsumerServiceIndex` customization	✓
`AttributeConsumingServiceIndex` customization	✓
`AuthnContextClassRef` (SPID level) customization	✓
`RequestedAuthnContext/@Comparison` customization	✓
`RelayState` customization (1.2.2)	✓
Response/Assertion parsing
verification of `Signature` value (if any)	✓
verification of `Signature` certificate (if any) against IdP/AA metadata	✓
verification of `Assertion/Signature` value	✓
verification of `Assertion/Signature` certificate against IdP/AA metadata	✓
verification of `SubjectConfirmationData/@Recipient`	✓
verification of `SubjectConfirmationData/@NotOnOrAfter`	✓
verification of `SubjectConfirmationData/@InResponseTo`	✓
verification of `Issuer`	✓
verification of `Assertion/Issuer`	✓
verification of `Destination`	✓
verification of `Conditions/@NotBefore`	✓
verification of `Conditions/@NotOnOrAfter`	✓
verification of `Audience`	✓
parsing of Response with no `Assertion` (authentication/query failure)	✓
parsing of failure `StatusCode` (Requester/Responder)	✓
Response/Assertion parsing for SSO (1.2.1, 1.2.2.2, 1.3.1):
parsing of `NameID`	✓
parsing of `AuthnContextClassRef` (SPID level)	✓
parsing of attributes	✓
Response/Assertion parsing for attribute query (2.2.2.2, 2.3.1):
parsing of attributes
LogoutRequest generation (for SP-initiated logout):
generation of LogoutRequest XML	✓
HTTP-Redirect binding	✓
HTTP-POST binding	✓
LogoutResponse parsing (for SP-initiated logout):
parsing of LogoutResponse XML	✓
verification of `Response/Signature` value (if any)	✓
verification of `Response/Signature` certificate (if any) against IdP metadata	✓
verification of `Issuer`	✓
verification of `Destination`	✓
PartialLogout detection	pending, see: #46
LogoutRequest parsing (for third-party-initiated logout):
parsing of LogoutRequest XML	✓
verification of `Response/Signature` value (if any)	✓
verification of `Response/Signature` certificate (if any) against IdP metadata	✓
verification of `Issuer`	✓
verification of `Destination`	✓
parsing of `NameID`	✓
LogoutResponse generation (for third-party-initiated logout):
generation of LogoutResponse XML	✓
HTTP-Redirect binding	✓
HTTP-POST binding	✓
PartialLogout customization	pending, see: #46
AttributeQuery generation (2.2.2.1):
generation of AttributeQuery XML
SOAP binding (client)

More features

[x] Generation of SPID button markup

Troubleshooting

It is advised to install a browser plugin to trace SAML messages:

Firefox:
- SAML-tracer by Olav Morken, Jaime Perez
- SAML Message Decoder by Magnus Suther
Chrome/Chromium:

In addition, you can use the SAML Developer Tools provided by onelogin to understand what is going on

Testing

To test and lint this package you must place yourself in its root directory, then follow the provided instructions.

Assuming you followed the installation instructions with composer, simply do:

Unit tests

Install prerequisites with composer, generate key and certificate for the SP and download the metadata for all current production IdPs with:

then launch the unit tests with PHPunit:

Linting

This project complies with the PSR-2: Coding Style Guide.

Make sure you are in the package directory, then lint the code with:

Contributing

For your contributions please use the git-flow workflow.

Authors

Lorenzo Cattaneo and Paolo Greppi, simevo s.r.l.

License

License: BSD 3-Clause, see LICENSE file.

All versions of spid-php-lib with dependencies

PHP Build Version

Package Version

Version v1.0.4 Release 22. Apr 2024
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of spid-php-lib from vendor intervieweb

Requires ext-dom Version *
ext-openssl Version *
ext-simplexml Version *
ext-zlib Version *
robrichards/xmlseclibs Version ^3.0
php Version ^7.1 || ^8.0
psr/log Version 1.1.4 || ^2.0 || ^3.0

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package intervieweb/spid-php-lib contains the following files

Loading the files please wait ....