giak/shibboleth-bundle

Fork from Unicecil bundle authentication for Symfony 4+

Maintainers

Details

github.com/adidash/shibboleth-bundle

Source

Issues

Installs: 3

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

Type:symfony-bundle

v1.0 2020-09-23 08:14 UTC

Requires

MIT ecb02ab8c4a546405b5fdc6a20a76a9775c2f749

  • giak <guillaume.giacomel.woop@gmail.com>

This package is auto-updated.

Last update: 2024-04-23 16:35:01 UTC

README

This is a Shibboleth bundle for Symfony 4+ that uses the Guard system.

Installation

Install bundle via composer by running the following command :

composer require giak/shibboleth-bundle

Enable the bundle in app/AppKernel.php :

<?php
// app/AppKernel.php

public function registerBundles()
{
    $bundles = array(
        // ...
        new Giak\ShibbolethBundle\GiakShibbolethBundle(),
        // ...
    );
}

Modify your config.yml file to add the shibboleth settings :

giak_shibboleth:
    login_path: 'Shibboleth.sso/Login'  # The path used to call Shibboleth login authentication (default = 'Shibboleth.sso/Login')
    logout_path: 'Shibboleth.sso/Login'  # The path used to call Shibboleth logout (default = 'Shibboleth.sso/Logout')  
    username: 'eppn'  # The Shibboleth attribute that is used as username for the logged in user. The attribute must appear in the'attributes' parameter list (default = 'username')
    attributes: ['eppn', 'mail', 'givenName', 'sn']  # The list of attributes returned by Shibboleth Service Provider
    login_target : ''  # The route to which the user will be redirected after login. If this parameter is not filled, the user will be redirected to the page from which he comes. (default = null)
    logout_target : ''  # The route to which the user will be redirected after logout. If this parameter is not filled, the user will be redirected to the page from which he comes. (default = null)

And modify your security.yml file to secure your application :

security:
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            anonymous: ~
            logout: ~
            guard:
              authenticators:
                - Giak.shibboleth_authenticator

    access_control:
        - { path: ^/, roles: ROLE_USER }

Configure your application .htaccess or your apache configuration:

AuthType shibboleth
ShibRequestSetting requireSession 0
ShibUseHeaders On
ShibRequestSetting applicationId engagement
Require shibboleth

User and UserProvider

Create your own User and UserProvider classes

User

namespace MyBundle\Security\User;

class User implements UserInterface
{
...
}

UserProvider

namespace MyBundle\Security\User;

use Giak\ShibbolethBundle\Security\User\ShibbolethUserProviderInterface;

class MyShibbolethUserProvider extends ShibbolethUserProviderInterface
{
    public function loadUser(array $credentials)
    {
        $user = new User();
        $user->setMail($credentials['mail']);
        ...
        return $user;
    }
    
    public function refreshUser(UserInterface $user)
    {
        return $user;
    }
}

Add your provider to the security.yml file

security:
    providers:
        shibboleth:
            id: MyBundle\Security\User\MyShibbolethUserProvider