gl-events/sylius-admin-saml-plugin

SAML auth SSO plugin for Sylius.


README

Features

This plugin allow your admin users to sign in with SAML providers (Google, Azure, Okta, etc.)

Form admin login

Installation

  1. Add the bundle to your composer.json file:
   composer require gl-events/sylius-admin-saml-plugin
  1. Write your Identity Provider informations in your .env file:
   SAML_IDP_ENTITY_ID=
   SAML_IDP_SSO_URL=
   SAML_IDP_SLO_URL=
   SAML_IDP_CERTIFICATE=
   SAML_IDENTIFIER_KEY=
  1. Add your SP private key in your .env file (you can generate one at your project root with openssl genpkey -algorithm RSA -out private.key):
   SAML_SP_PRIVATE_KEY=
  1. Enable or not the traditionnal sylius admin form login in your .env file:
   SYLIUS_ADMIN_LOGIN=
  1. Add the plugin class to your config/bundles.php file:
    return [
        ...
        GlEvents\SyliusAdminSamlPlugin\GlEventsSyliusAdminSamlPlugin::class => ['all' => true],
    ];
  1. Add default config
# config/packages/gl_events_saml_admin_plugin.yaml

imports:
    - { resource: "@GlEventsSyliusAdminSamlPlugin/Resources/config/config.yaml" }

  1. Add in your config/security.yaml file:
        providers:
            saml_provider:
              id: gl_events.saml_plugin.provider.saml_user
        firewalls:
              saml:
                    pattern: ^/saml
                    stateless: true
                    custom_authenticator: gl_events.saml_plugin.security.saml_authenticator
              main:
                    lazy: true
                    provider: saml_provider
        access_control:
              - { path: "%sylius.security.admin_regex%/saml", role: ROLE_SUPER_ADMIN }
              - { path: "%sylius.security.admin_regex%/login/saml", role: PUBLIC_ACCESS }
              - { path: "%sylius.security.admin_regex%/login/saml/logout", role: PUBLIC_ACCESS }
              - { path: "%sylius.security.admin_regex%/login/saml/acs", role: PUBLIC_ACCESS }
              - { path: "%sylius.security.admin_regex%/login/saml/sls", role: PUBLIC_ACCESS }
              - { path: "%sylius.security.admin_regex%/login/saml/metadata", role: PUBLIC_ACCESS }
  1. Add in your config/routes.yaml file:
   glevents_sylius_admin_saml_plugin:
        resource: "@GlEventsSyliusAdminSamlPlugin/Resources/config/routing.yml"

You are now ready to go ! 🚀

Credits

Developed by GL Events.