dfoxx/laravel-shibboleth

An opinionated Shibboleth authentication package for Laravel.

1.0.0 2017-02-07 23:33 UTC

This package is not auto-updated.

Last update: 2025-04-21 17:38:37 UTC


README

An opinionated Shibboleth authentication package for Laravel. There is a middleware and a guard, I prefer the middleware.

Note: This package assumes your web server is configured with the Shibboleth Service Provider (e.g. Apache or NGINX with Shibboleth modules), and that PHP $_SERVER variables are populated with authenticated Shibboleth user attributes. The Shibboleth handler (e.g. /Shibboleth.sso) must also be properly configured and accessible.

Features

  • Route-level middleware (shibboleth) for lightweight Shibboleth enforcement
  • Laravel guard (auth:shibboleth) for seamless integration with Laravel’s auth system
  • Store extended identity metadata in a dedicated users_shibboleth table

Installation

composer require dfoxx/laravel-shibboleth

Update public/.htaccess:

<IfModule mod_shib>
    AuthType shibboleth
    ShibRequestSetting requireSession false
    require shibboleth
</IfModule>

Update User model with this trait to use SHIB_IDENTIFIER_KEY as the column to store the Shibboleth identifier

use Dfoxx\Shibboleth\HasShibbolethIdentifier;

class User extends Authenticatable
{
    use HasShibbolethIdentifier;
}

Middleware

Routes:

// unprotected routes

Route::middleware(['shibboleth'])->group(function () {
    // protected routes
});

Guard

Update config/auth.php to use the guard:

'guards' => [
    'shibboleth' => [
        'driver' => 'shibboleth-session',
        'provider' => 'shibboleth',
    ],
],

Routes:

// unprotected routes

Route::middleware(['auth:shibboleth'])->group(function () {
    // protected routes
});

Shibboleth Data

You can opt to store the Shibboleth data in it's own model Shibboleth.php

You can copy the migrations over and edit them as you see fit:

php artisan vendor:publish --tag=laravel-shibboleth-migrations

Then add the trait to the User model:

use Dfoxx\Shibboleth\HasShibbolethData;

class User extends Authenticatable
{
    use HasShibbolethData;
}

And then access Shibboleth data:

$user->shib('eppn');
$user->shibboleth->data['eppn'];

Configuration

.env key Description
SHIB_USER Optional for local development to bypass headers and log in this user
SHIB_MIDDLEWARE Set your own custom name for the middleware
SHIB_AUTO_CREATE_USERS Defaults to false, will not attempt to create users
SHIB_SERVER_KEY Shibboleth header used to uniquely identify the user (e.g. SHIB_UID, SHIB_EPPN)
SHIB_IDENTIFIER_KEY User model column to use for authentication (e.g. uid, unity_id, username)

You can publish the config file config/shibboleth.php to edit the map for the Shibboleth model:

php artisan vendor:publish --tag=laravel-shibboleth-config

License

The MIT License (MIT). Please see License File for more information.