desarrollo-cespi / dc-saml-plugin
symfony plugin that provides SSO authentication and authorization using the SAML standard
Installs: 8
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 8
Forks: 0
Open Issues: 0
Type:symfony1-plugin
Requires
- composer/installers: ~1.0
This package is not auto-updated.
Last update: 2024-12-17 03:00:41 UTC
README
Introduction
This plugin provides SSO authentication and authorization for symfony applications based in [SAML].
SSO provided by Saml allow developers to concentrate in business logic delegating all authentication and authorization work to Saml Identity Manager.
The plugin installation is as simply as described here.
An other additional feature is that once a user is authenticated in one of the applications using Saml, you will be automatically authenticated in the others applications
Installation
- Install using Composer:
{ "require": { "desarrollo-cespi/dc-saml-plugin": "dev-master" } }
-
Install from source using git
-
Enable the plugin in your project configuration
// in config/ProjectConfiguration.class.php add: $this->enablePlugin("dcSamlPlugin");
- Clear the cache
Configuration
- In your app.yml add the following configuration lines
- Is important that you know the Login URL of Saml
- Is important that you know the Logout URL of Saml
- SAML server x509 Certificate
Example
all: ..... dc_saml_plugin: # Saml Server settings login_url: http://localhost/simplesaml/saml2/idp/SSOService.php logout_url: http://localhost/simplesaml/saml2/idp/initSLO.php?RelayState= certificate: <?php echo file_get_contents(sfConfig::get('sf_root_dir').'/saml.cert');?> # if you have a file with the saml certificate called saml.cert name_identifier_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistant" application_issuer: application-identification-name # The prefix to delete from the appliction credentials. # If you have this credentials for your application: # [application-identification-name.delete_something, application-identification-name.create_something] # the prefix should be "application-identification-name" remove_permission_prefix: prefix # Where do you want the plugin redirects you when login or logout success_signin_url: @homepage success_signout_url: @homepage # This module actions are if you want to redefine them. Do not recomended security_check_module: dcSamlAuth security_check_action: securityCheck # In this case, the permission attributes are like # array("permissions" => array("permission_name" => "prefix.permission")) attribute_name_of_the_credential_name: permission_name credentials_attribute_name: permissions
- In your settings.yml enable
dcSamlAuth
module and change
enabled_modules: [default, dcSamlAuth, .... ] login_module: dcSamlAuth login_action: signin
- Prepend the following routing rules in routing.yml:
dc_saml_signin: url: /login param: { module: dcSamlAuth, action: signin } dc_saml_signout: url: /logout param: { module: dcSamlAuth, action: signout }
- Change the security filter: filters.yml
rendering: ~ security: class: dcSamlSecurityFilter
- Change the parent class of myUser.class.php:
class myUser extends dcSamlSecurityUser { }
- Remember that it is important to change the session_name in factories.yml
all: storage: class: sfSessionStorage param: session_name: saml-test