SAML2 SSO for Flarum
A Flarum extension to support SAML2 SSO Login and Registration on Flarum. This opens up Flarum for use as an internal corporate discussion/community tool.
Use Bazaar or install manually with composer:
composer require askvortsov/flarum-saml
composer update askvortsov/flarum-saml
Flarum SAML integrates with Flarum Auth Sync, which lets you sync user avatars, bios, groups, and masquerade attributes via SAML Response Attributes. To this feature:
- Enable it in settings
- Make sure that Flarum Auth Sync is enabled and configured properly
- Make sure that Friends of Flarum User Bios and Friends of Flarum Masquerade are enabled if you'd like to use those integrations.
Have your SAML Identity Provider include the following in attributes (make sure that keys are lowercase):
avatar: A URL pointing to an image for the user's avatar. Make sure that the file type is compatible with Flarum (jpeg or png I believe).
groups: A comma-separated list of ids for groups that a user should belong to. Keep in mind that this will both add and remove groups, so make sure that all desired groups are included.
bio: A string that will be synced to the user's bio if Friends of Flarum User Bios is enabled
- For any masquerade attributes you want to sync, make sure that the SAML attribute key matches the name of the profile field.
If one of these isn't included, or doesn't work, the rest should still work.
- Replace CSRF exemption workaround when Flarum Beta 12 is released.
- Add support for signing/encrypting SAMLRequests.
Super excited to be posting my first extensions, hopefully more to follow! If you run into issues or have feature requests, let me know and I'll look into it!