netresearch/nr-saml-auth

TYPO3 Saml Authentication for frontend

Installs: 19

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 6

Forks: 0

Open Issues: 0

Type:typo3-cms-extension

10.0.9 2023-06-28 13:00 UTC

This package is auto-updated.

Last update: 2023-09-14 07:11:54 UTC


README

With this TYPO3 extension you can authenticate against a SAML SSO server.
It works for backend and frontend users and make use of the onelogin/php-saml package.

Installation

Require the package.

composer require netresearch/nr-saml-auth

Then you have to add a new record of SAML Auth Settings on the root page in the TYPO3 backend and configure it properly.

Example configuration

Entity ID: your-sp

Customer service URL: https://domain.tld/?logintype=login

Customer service binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

Name ID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient

Certificate: -----BEGIN CERTIFICATE-----
MIIFYDCCA0igAwIBAgIJAMWkGz7F5peWMA0GCSqGSIb3DQEB
...
6E29QdAP/7OlaUjL8yb0hAQfcweKg7A9Kw+nVngScgiq99FT
-----END CERTIFICATE-----

Private key: -----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCk/hHdRe3
...
3gxX31MgSwnYq6RTKQvPUlEX2UmMcjk=
-----END PRIVATE KEY-----

Entity ID: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

SSO URL: http://sso-url.de:80/sso

Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect

# Provided by the SSO server else just input something
Certificate: ...

# Prefix for created users
Other: sso-

Groups: Choose you frontenduser folder

Groups: Select the Frontendusergroup which should every logged in user assigned to

As example SSO server you could use https://capriza.github.io/samling/samling.html.

Auto discovery

  • the login service will try to autodetect the configuration for the current login/logout request
  • Therefor ensure, that your sp_entity_id matches your domain

Middleware

  • the extension provides a middleware to redirect the client to the page he came from after login/logout
  • ensure that RelayState parameter contains the target URL and is transmitted via post/get from SAML server to the configured ACS urls