almaviacx/ibexasamlbundle

Bundle that add a way to connect to Ibexa using the SAML protocol

Maintainers

Details

github.com/Novactive/AlmaviaCXIbexaSamlBundle

Homepage

Source

Issues

Installs: 809

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 3

Forks: 0

Open Issues: 0

Type:ibexa-bundle

dev-feat-saml 2024-03-22 09:44 UTC

Requires

MIT 38bd06972ee40de18ecf06e6e76cf7ac4295c972

bundleibexa

This package is auto-updated.

Last update: 2024-04-22 09:46:22 UTC

README

Configuration

Add the following config to the routing config file

hslavich_saml_sp:
  resource: "@HslavichOneloginSamlBundle/Resources/config/routing.yml"

Add the following parameters to the security config file

ibexa_saml_front:
    pattern: /saml/(login|metadata|logout)
    security: false

ibexa_front:
    ...
    saml:
        use_attribute_friendly_name: false
        check_path: saml_acs
        login_path: saml_login
        failure_path: saml_login
        default_target_path: /dashboard
        always_use_default_target_path: true
        user_factory: almaviacx.saml.user_factory
        # username_attribute:

The following variables are used to define the different parameters for the SAML endpoint communication

SAML_IDENTITY_PROVIDER_ENTITYID="..."
SAML_IDENTITY_PROVIDER_LOGIN_URL="..."
SAML_IDENTITY_PROVIDER_LOGIN_BINDING=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
SAML_IDENTITY_PROVIDER_LOGOUT_URL="..."
SAML_IDENTITY_PROVIDER_LOGOUT_BINDING=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
SAML_IDENTITY_PROVIDER_EMAIL_ATTRIBUTE="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
SAML_IDENTITY_PROVIDER_X509_CERT="..."

SAML_SERVICE_PROVIDER_URL=https://novabundles.ddev.site/admin
SAML_SERVICE_PROVIDER_NAMEID_FORMAT='urn:oasis:names:tc:SAML:2.0:nameid-format:nameidentifier'
SAML_SERVICE_PROVIDER_USER_GROUP_ID=sdf1sd61868sd1fdsvc

env(SAML_IDENTITY_PROVIDER_EMAIL_ATTRIBUTE): ~
env(SAML_IDENTITY_PROVIDER_LOGIN_ATTRIBUTE): ~

The following parameters are also available to tweak the behavior

# Attribute used to get the email address from
almaviacx.saml.identity.provider.email.attribute: '%env(resolve:SAML_IDENTITY_PROVIDER_EMAIL_ATTRIBUTE)%'
# Attribute used to get the login from (null = nameId or what is defined for the "username_attribute" parameter)
almaviacx.saml.identity.provider.login.attribute: '%env(resolve:SAML_IDENTITY_PROVIDER_LOGIN_ATTRIBUTE)%'

# Method used to load existing users 
almaviacx.saml.config.default.user_load_method: !php/const AlmaviaCX\Bundle\IbexaSaml\Security\Saml\SamlUserProvider::LOAD_METHOD_LOGIN

# Content Id or Remote Content Id of the user group where new users will be created
almaviacx.saml.config.default.user_group_id: '%env(resolve:SAML_SERVICE_PROVIDER_USER_GROUP_ID)%'

# Map user content type fields to the saml response attributes
almaviacx.saml.config.default.user_attributes_mapping:
    first_name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    last_name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Load user by email instead of login

Configure the following parameters :

# In security.yaml, configure the value for the following parameter :
username_attribute: '%almaviacx.saml.identity.provider.email.attribute%'
    
# As you don't want the email address to be used as login (Ibexa doesn't support special char in login), you need to configure this parameter :
almaviacx.saml.identity.provider.login.attribute: 
    
# Change the user load method
almaviacx.saml.config.default.user_load_method: !php/const AlmaviaCX\Bundle\IbexaSaml\Security\Saml\SamlUserProvider::LOAD_METHOD_EMAIL