dfoxx / laravel-shibboleth
An opinionated Shibboleth authentication package for Laravel.
Requires
- laravel/framework: 5.4.*
This package is not auto-updated.
Last update: 2025-04-21 17:38:37 UTC
README
An opinionated Shibboleth authentication package for Laravel. There is a middleware and a guard, I prefer the middleware.
Note: This package assumes your web server is configured with the Shibboleth Service Provider (e.g. Apache or NGINX with Shibboleth modules), and that PHP
$_SERVER
variables are populated with authenticated Shibboleth user attributes. The Shibboleth handler (e.g./Shibboleth.sso
) must also be properly configured and accessible.
Features
- Route-level middleware (
shibboleth
) for lightweight Shibboleth enforcement - Laravel guard (
auth:shibboleth
) for seamless integration with Laravel’s auth system - Store extended identity metadata in a dedicated
users_shibboleth
table
Installation
composer require dfoxx/laravel-shibboleth
Update public/.htaccess
:
<IfModule mod_shib>
AuthType shibboleth
ShibRequestSetting requireSession false
require shibboleth
</IfModule>
Update User model with this trait to use SHIB_IDENTIFIER_KEY
as the column to store the Shibboleth identifier
use Dfoxx\Shibboleth\HasShibbolethIdentifier; class User extends Authenticatable { use HasShibbolethIdentifier; }
Middleware
Routes:
// unprotected routes Route::middleware(['shibboleth'])->group(function () { // protected routes });
Guard
Update config/auth.php
to use the guard:
'guards' => [ 'shibboleth' => [ 'driver' => 'shibboleth-session', 'provider' => 'shibboleth', ], ],
Routes:
// unprotected routes Route::middleware(['auth:shibboleth'])->group(function () { // protected routes });
Shibboleth Data
You can opt to store the Shibboleth data in it's own model Shibboleth.php
You can copy the migrations over and edit them as you see fit:
php artisan vendor:publish --tag=laravel-shibboleth-migrations
Then add the trait to the User model:
use Dfoxx\Shibboleth\HasShibbolethData; class User extends Authenticatable { use HasShibbolethData; }
And then access Shibboleth data:
$user->shib('eppn'); $user->shibboleth->data['eppn'];
Configuration
.env key |
Description |
---|---|
SHIB_USER |
Optional for local development to bypass headers and log in this user |
SHIB_MIDDLEWARE |
Set your own custom name for the middleware |
SHIB_AUTO_CREATE_USERS |
Defaults to false, will not attempt to create users |
SHIB_SERVER_KEY |
Shibboleth header used to uniquely identify the user (e.g. SHIB_UID, SHIB_EPPN) |
SHIB_IDENTIFIER_KEY |
User model column to use for authentication (e.g. uid, unity_id, username) |
You can publish the config file config/shibboleth.php
to edit the map for the Shibboleth model:
php artisan vendor:publish --tag=laravel-shibboleth-config
License
The MIT License (MIT). Please see License File for more information.