chrisreedio / socialment-bastion-azure
Provides a Bridge between Socialment, Bastion, and Azure AD.
Fund package maintenance!
chrisreedio
Requires
- php: ^8.1
- chrisreedio/bastion: ^v3.0.0-beta2
- chrisreedio/laravel-azure-graph: ^0.1.0-beta1
- chrisreedio/socialment: ^v3.5.0-beta1
- filament/filament: ^3.0
- illuminate/contracts: ^10.0
- socialiteproviders/microsoft-azure: ^5.1
- spatie/laravel-package-tools: ^1.15.0
Requires (Dev)
- larastan/larastan: ^2.0.1
- laravel/pint: ^1.0
- nunomaduro/collision: ^7.9
- orchestra/testbench: ^8.0
- pestphp/pest: ^2.0
- pestphp/pest-plugin-arch: ^2.0
- pestphp/pest-plugin-laravel: ^2.0
- phpstan/extension-installer: ^1.1
- phpstan/phpstan-deprecation-rules: ^1.0
- phpstan/phpstan-phpunit: ^1.0
This package is auto-updated.
Last update: 2024-04-29 01:08:55 UTC
README
This is a highly opinionated package that provides a bridge between Socialment, Bastion, and Azure AD.
Installation
You can install the package via composer:
composer require chrisreedio/socialment-bastion-azure
Then execute and follow the prompts:
php artisan socialment-bastion-azure:install
Include this plugin in your panel configuration:
$panel ->plugins([ // ... Other Plugins \ChrisReedIO\Bastion\BastionPlugin::make(), \ChrisReedIO\Socialment\SocialmentPlugin::make() ->registerProvider('azure', 'fab-microsoft', 'Azure Active Directory'), ])
Remember to add the Spatie HasRoles trait to your User model.
use Spatie\Permission\Traits\HasRoles; class User extends Authenticatable { use HasRoles; }
This additional glue package will automagically hook the pre-login callbacks from Socialment into Bastion's Roles via the SSO Group field.
Seeder
If you're choosing to use the seeder(s) make sure you add the RoleSeeder to your DatabaseSeeder.php like this:
$this->call([ // ... Other Seeders RoleSeeder::class, ]);
Also don't forget to edit the RoleSeeder.php to add your own SSO Groups to each Role.
Some example roles have been placed there for you.
Azure App Registration
Redirect URL
Ensure that you configure the redirect URL on your app registration and that it matches the value in your .env file.
AZURE_REDIRECT_URI=https://yourdomain.com/login/azure/callback
Azure Permissions
You will need to grant your app registration the following permissions:
Directory.Read.AllGroupMember.Read.AllUser.Read
Config
By default, the config does not get published upon install.
This is the contents of the published config services.php file:
It is just the stock services file with the azure block added.
return [ 'mailgun' => [ 'domain' => env('MAILGUN_DOMAIN'), 'secret' => env('MAILGUN_SECRET'), 'endpoint' => env('MAILGUN_ENDPOINT', 'api.mailgun.net'), 'scheme' => 'https', ], 'postmark' => [ 'token' => env('POSTMARK_TOKEN'), ], 'ses' => [ 'key' => env('AWS_ACCESS_KEY_ID'), 'secret' => env('AWS_SECRET_ACCESS_KEY'), 'region' => env('AWS_DEFAULT_REGION', 'us-east-1'), ], 'azure' => [ 'client_id' => env('AZURE_CLIENT_ID'), 'client_secret' => env('AZURE_CLIENT_SECRET'), 'redirect' => env('AZURE_REDIRECT_URI'), 'tenant' => env('AZURE_TENANT_ID'), 'proxy' => env('PROXY') // Optional ], ];
You may publish the config after installation with:
php artisan vendor:publish --tag="socialment-bastion-azure-config"
Testing
composer test
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security Vulnerabilities
Please review our security policy on how to report security vulnerabilities.
Credits
License
The MIT License (MIT). Please see License File for more information.