clemsonmartech / laravel-shibboleth
Fork of razorbacks/laravel-shibboleth in order to support modern Laravel
Requires
- illuminate/support: ^9.0 || ^11.0
- laravel/framework: ^9.0 || ^11.0
- mrclay/shibalike: 1.0.0
- php-open-source-saver/jwt-auth: ^1.4 || ^2.0
Provides
Replaces
This package is not auto-updated.
Last update: 2025-03-20 21:53:04 UTC
README
This package provides Shibboleth authentication for Laravel. It was forked from razorbacks/laravel-shibboleth.
For development, it can emulate an IdP (via mrclay/shibalike).
Installation
Use composer to require the latest release into your project:
composer require clemsonmartech/laravel-shibboleth
If you you would like to use the emulated IdP via shibalike, then you will need to manually register it on any version - this is not automatically loaded.
Jhu\Wse\LaravelShibboleth\ShibalikeServiceProvider::class,
Note that the password is the same as the username for shibalike.
Publish the default configuration file:
php artisan vendor:publish --provider="Jhu\Wse\LaravelShibboleth\ShibbolethServiceProvider"
Optionally, you can also publish the views for the shibalike emulated IdP login:
php artisan vendor:publish --provider="Jhu\Wse\LaravelShibboleth\ShibalikeServiceProvider"
Change the driver to shibboleth
in your config/auth.php
file.
'providers' => [ 'users' => [ 'driver' => 'shibboleth', 'model' => App\Models\User::class, ], ],
Now users may login via Shibboleth by going to
https://example.com/shibboleth-login
and logout using
https://example.com/shibboleth-logout
so you can provide a custom link or
redirect based on email address in the login form.
@if (Auth::guest()) <a href="/shibboleth-login">Login</a> @else <a href="/shibboleth-logout"> Logout {{ Auth::user()->name }} </a> @endif
You may configure server variable mappings in config/shibboleth.php
such as
the user's first name, last name, entitlements, etc. You can take a look at them
by reading what's been populated into the $_SERVER
variable after
authentication.
<?php print_r($_SERVER);
If the config setting shibboleth.update_users
is set to true
(the default) then mapped values will be synced to the user table upon successful authentication.
To disable updated, set shibboleth.update_users
to false
.
Authorization
You can check for an entitlement string of the current user statically:
$entitlement = 'urn:mace:uark.edu:ADGroups:Computing Services:Something'; if (Entitlement::has($entitlement)) { // authorize something }
Now you can draft policies and gates around these entitlements.
JWTAuth Tokens
If you're taking advantage of token authentication with tymon/jwt-auth then
set this variable in your .env
JWTAUTH=true