Download the PHP package iwouldrathercode/php-custom-saml without Composer

On this page you can find all versions of the php package iwouldrathercode/php-custom-saml. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package php-custom-saml

iwouldrathercode/php-custom-saml

Latest Version on Packagist Total Downloads

Opinionated fork of OneLogin's SAML PHP Toolkit Compatible with PHP 5.X & 7.X. Based on OneLogin toolkit, which is much lighter and easier to install than simplesamlphp SP. It doesn't need separate routes or session storage to work!

Installation - Composer

You can install the package via composer:

Or manually add this to your composer.json:

If you are using Laravel 5.5 and up, the service provider will automatically get registered.

For older versions of Laravel (<5.5), you have to add the service provider to config/app.php:

Then publish the config files with php artisan vendor:publish --provider="Iwouldrathercode\Saml2\Saml2ServiceProvider". This will add the files app/config/saml2_settings.php & app/config/saml2/test_idp_settings.php, which you will need to customize.

The test_idp_settings.php config is handled almost directly by OneLogin so you should refer to that for full details, but we'll cover here what's really necessary. There are some other config about routes you may want to check, they are pretty strightforward.

Configuration

Define the IDPs

Define names of all the IDPs you want to configure in saml2_settings.php. Optionally keep 'test' as the first IDP if you want to use the simplesamlphp demo, and add real IDPs after that. The name of the IDP will show up in the URL used by the Saml2 routes this library makes, as well as internally in the filename for each IDP's config.

Configure laravel-saml2 to know about each IDP

You will need to create a separate configuration file for each IDP under app/config/saml2/ folder. e.g. myidp1_idp_settings.php. You can use test_idp_settings.php as the starting point; just copy it and rename it.

Configuration options are note explained in this project as they come from the OneLogin project, please refer there for details.

The only real difference between this config and the one that OneLogin uses, is that the SP entityId, assertionConsumerService url and singleLogoutService URL are injected by the library. If you don't specify those URLs in the corresponding IDP config optional values, this library provides defaults values: the metadata, acs, and sls routes that this library creates for each IDP. If specify different values in the config, note that the acs and sls URLs should correspond to actual routes that you set up that are directed to the corresponding Saml2Controller function.

If you want to optionally define values in ENV vars instead of the *_idp_settings file, you'll see in there that there is a naming pattern you can follow for ENV values. For example, if in myipd1_idp_settings.php you set $this_idp_env_id = 'MYIDP1';, and in myidp2_idp_settings.php you set it to 'SECONDIDP', then you can set ENV vars starting with SAML2_MYDP1_ and SAML2_SECONDIDP_, e.g.

URLs To Pass to The IDP configuration

As mentioned above, you don't need to implement the SP entityId, assertionConsumerService url and singleLogoutService routes, because Saml2Controller already does by default. But you need to know these routes, to provide them to the configuration of your actual IDP, i.e. the 3rd party you are asking to authenticate users.

You can check the actual routes in the metadata, by navigating to 'http(s)://laravel_url/myidp1/metadata', which incidentally will be the default entityId for this SP.

If you configure the optional routesPrefix setting in saml2_settings.php, then all idp routes will be prefixed by that value, so you'll need to adjust the metadata url accordingly. For example, if you configure routesPrefix to be 'single_sign_on', then your IDP metadata for myidp1 will be found at http://laravel_url/single_sign_on/myidp1/metadata.

Example: simplesamlphp IDP configuration

If you use simplesamlphp as a test IDP, and your SP metadata url is http://laravel_url/myidp1/metadata, add the following to /metadata/sp-remote.php to inform the IDP of your laravel-saml2 SP identity:

Usage

When you want your user to login, just redirect to the login route configured for the particular IDP, route('saml2_login', 'myIdp1'). You can also instantiate a Saml2Auth for the desired IDP using the Saml2Auth::loadOneLoginAuthFromIpdConfig('myIdp1') function to load the config and construct the OneLogin auth argment; just remember that it does not use any session storage, so if you ask it to login it will redirect to the IDP whether the user is already logged in or not. For example, you can change your authentication middleware.

Since Laravel 5.3, you can change your unauthenticated method in .

For login requests that come through redirects to the login route, 'routesPrefix/myidp1/login', the default login call does not pass a redirect URL to the Saml login request. That login argument is useful because the ACS handler can gets that value (passed back from the IDP as RelayPath) and by default will redirect there. To pass the redirect URL from the controller login, extend the Saml2Controller class and implement your own login() function. Set the saml2_settings value saml2_controller to be your extended class so that the routes will direct requests to your controller instead of the default.
E.g.
saml_settings.php

MySaml2Controller.php

After login is called, the user will be redirected to the IDP login page. Then the IDP, which you have configured with an endpoint the library serves, will call back, e.g. /myidp1/acs or /routesPrefix/myidp1/acs. That will process the response and fire an event when ready. The next step for you is to handle that event. You just need to login the user or refuse.

Auth persistence

Be careful about necessary Laravel middleware for Auth persistence in Session.

For exemple, it can be:

And in config/saml2_settings.php :

Log out

Now there are two ways the user can log out.

For case 1, initiate a logout by redirecting the user to the saml2_logout route (route('saml2_logout', 'myidp1')). Do not close the session immediately as you need to receive a response confirmation from the IDP (redirection). That response will be handled by the library at the sls route, and it will fire a Saml2LogoutEvent event that you can use to complete the logout in the same way as with case 2 below.

For case 2 you will only receive the event. Both cases 1 and 2 receive the same Saml2LogoutEvent event.

Note that for case 2, you may have to manually save your session to make the logout stick (as the session is saved by middleware, but the OneLogin library will redirect back to your IDP before that happens)

That's it. Feel free to ask any questions, make PR or suggestions, or open Issues.


All versions of php-custom-saml with dependencies

PHP Build Version
Package Version
Requires php Version >=5.5.0
ext-openssl Version *
illuminate/support Version >=5.0.0
iwouldrathercode/php-custom-one-login Version 1.0.8
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package iwouldrathercode/php-custom-saml contains the following files

Loading the files please wait ....