programster/saml

A library to help with interfacing with a SAML SSO. This does so by wrapping around the onelogin/php-saml package.

Maintainers

Details

github.com/programster/package-saml-helper

Homepage

Source

Issues

Installs: 209

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 2

Forks: 0

Open Issues: 0

2.3.1 2022-05-18 14:57 UTC

Requires

MIT 89ef8221f09f96e96f519e58efca1a129642f590

SSOsaml

This package is auto-updated.

Last update: 2024-04-18 19:01:29 UTC

README

A package to help with integrating with a SAML SSO.

Example Usage

All of the examples require first creating the SAML "client" which has all of the settings. One must create it like so:

$spConfig = new Programster\Saml\ServiceProviderConfig(
    entityId: APP_SERVICE_PROVIDER_IDENTITY,
    name: APP_SERVICE_PROVIDER_NAME,
    description: "A test service provider",
    loginHandlerUrl: APP_URL . "/auth/saml-login-handler",
    logoutHandlerUrl: APP_URL . "/auth/saml-logout-handler",
    publicCert: file_get_contents(SERVICE_PROVIDER_CERT_PATH),
    privateKey: file_get_contents(SERVICE_PROVIDER_PRIVATE_KEY_PATH)
);

$idpConfig = new \Programster\Saml\IdentityProviderConfig(
    entityId: IDENTITY_PROVIDER_IDENTITY_URI,
    authUrl: IDENTITY_PROVIDER_AUTH_URL,
    logoutUrl: IDENTITY_PROVIDER_LOGOUT_URL,
    publicSigningCertificates: [file_get_contents(IDENTITY_PROVIDER_PUBLIC_SIGNING_CERT)],
);

$samlConfig = new \Programster\Saml\SamlConfig($spConfig, $idpConfig);
$samlClient = new \Programster\Saml\SamlClient($samlConfig);

I know that seems a bit long-winded, but the client requires a lot of settings to be configured, and I prefer this over expecting the developer to just pass in an array of key/value pairs and expecting them to know what keys they need to set etc.

Once you have the SAML client, you can use it for handling all the requests/responses like so:

Send the user with a signed SAML request to the SSO to log in and then get redirected back to our site with their information:

$returnToURL = "https://localhost/saml-login-handler";
$samlClient->handleUserLoginRequest($returnToURL);

Then use the client to handle the response from the SSO logging in and redirecting back to our site with the user's details:

$response = $samlClient->handleSamlLoginResponse();
$userAttributes = $response->getUserAttributes();
$userEmail = $userAttributes['email'][0];

Use the client to send a logout request to the SSO:

$returnToUrl = 'http://my.domain.com/auth/saml-logout-handler';
$samlClient->handleUserLogoutRequest($returnToUrl);

Handle the response from the SSO for that logout request:

$ssoLoggedOutUrl = $samlClient->handleSamlLogoutResponse();