netresearch/nr-saml-auth

TYPO3 SAML Authentication for frontend

Maintainers

Package info

github.com/netresearch/t3x-nr-saml-auth

Homepage

Type:typo3-cms-extension

pkg:composer/netresearch/nr-saml-auth

Statistics

Installs: 21

Dependents: 0

Suggesters: 0

Stars: 1

Open Issues: 3

Security

Advisories: 0

Aikido package health analysis

10.0.10 2025-11-12 22:23 UTC

Requires

GPL-2.0+ 88868f591fd39c6932794ae5b382e6bd416ea522

This package is auto-updated.

Last update: 2026-03-02 20:16:14 UTC

README

CI TYPO3 PHP PHPStan License

TYPO3 extension for SAML SSO authentication supporting frontend and backend users using the onelogin/php-saml library.

Requirements

Version TYPO3 PHP
12.x 12.4, 13.4 8.1 - 8.4
10.x 10.4, 11.5 7.4 - 8.1

Installation

Install via Composer:

composer require netresearch/nr-saml-auth

Configuration

Backend Setup

  1. Create a new SAML Auth Settings record on the root page in the TYPO3 backend
  2. Configure the Service Provider (SP) and Identity Provider (IdP) settings

Example Configuration

# Service Provider Settings
Entity ID: https://your-domain.tld
Customer service URL: https://your-domain.tld/?logintype=login
Customer service binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
Name ID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient

Certificate: -----BEGIN CERTIFICATE-----
MIIFYDCCA0igAwIBAgIJAMWkGz7F5peWMA0GCSqGSIb3DQEB...
-----END CERTIFICATE-----

Private key: -----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoIC...
-----END PRIVATE KEY-----

# Identity Provider Settings
Entity ID: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
SSO URL: https://idp.example.com/sso
Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
Certificate: [IDP Certificate]

# User Settings
Username prefix: sso-
User folder: [Select frontend user folder]
User groups: [Select default frontend user groups]

Testing with SimpleSAMLphp

For development/testing, you can use SimpleSAMLphp or online SAML testing tools like samling.

Features

Auto Discovery

The login service automatically detects the SAML configuration for the current request based on the sp_entity_id matching your domain.

Deep Link Support (Middleware)

The extension includes middleware for redirecting users to their original destination after login/logout:

  • The RelayState parameter should contain the target URL
  • Transmitted via POST (login) or GET (logout) from SAML server to the configured ACS URLs

Backend Module

Access SAML metadata via the Admin Tools > SAML Auth backend module to configure your IdP.

Upgrading

From 10.x to 12.x

Version 12.x includes breaking changes:

  • PHP 8.1+ required: Upgrade your PHP version
  • TYPO3 12.4+ required: Upgrade your TYPO3 installation
  • onelogin/php-saml 4.0: Library upgraded with security improvements
  • PSR-14 Events: Legacy hooks replaced with modern event system
  • Dependency Injection: Services now use TYPO3 DI container

No database migrations required.

Development

Quality Tools

# Install dependencies
composer install

# Run all CI checks
composer ci

# Individual checks
composer ci:test:php:phpstan  # Static analysis
composer ci:test:php:cgl     # Code style check
composer ci:cgl              # Code style fix
composer ci:test:php:unit    # Unit tests

License

This extension is proprietary software by Netresearch DTT GmbH.

Support

For issues and feature requests, please use the GitHub issue tracker.