qbnk/frontend-components-saml2

Saml2 package, part of Frontend Components for Slim-based frontends.

Maintainers

Details

bitbucket.org/qbnk/frontendcomponentssaml2

Homepage

Source

Installs: 995

Dependents: 0

Suggesters: 1

Security: 0

3.0.1 2023-10-06 13:52 UTC

Requires

MIT 16d752cf0e292686986980b958a02595fad74607

  • QBNK Tech <tech.woop@qbank.se>

This package is auto-updated.

Last update: 2024-04-17 10:02:47 UTC

README

A part of the qbnk/frontend-components package. This package contains a saml2 authentication adapter which is used to log the user in via an external Identity provider

use Slim\App;
use OneLogin\Saml2\Constants;

$app = new App();
$adapter = new Saml2($app, $settings);
$adapter->authenticate($returnUrl);

Register routes for the Slim router

$adapter->registerRoutes($app);

Settings sample

$settings = [
    'addQBankAccount' => true,
	'responseUsername' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
	'responseFirstname' => 'FirstName',
	'responseLastname' => 'LastName',
	'includeUserDataCookie' => true, // For them SPA's
    'jit' => [
        // If enabled, these settings will override the 'addQBankAccount' flag
        'enabled' => true,
        'userType' => 'Frontend',
        'responseGroups' => 'Groups',
        'groupMapping' => [
            'qbankDefaultGroups' => [
                {QBankGroupId1}, {QBankGroupId2}
            ],
            'adGroup1' => [
                {QBankGroupId3}, {QBankGroupId4}
            ],
            'adGroup2' => [
                {QBankGroupId3}, {QBankGroupId5}
            ]
        ]
    ],
	'security' => [
		'wantNameId' => true,
		'nameIdEncrypted' => false,
		'authnRequestsSigned' => false,
		'logoutRequestSigned' => false,
		'logoutResponseSigned' => false,
		'signMetadata' => true,
		'wantMessagesSigned' => true,
		'wantAssertionsSigned' => true,
		'wantNameIdEncrypted' => false,
		'requestedAuthnContext' => false,
		'wantXMLValidation' => true,
	],
	'contactPerson' => [
		'technical' => [
			'givenName' => 'QBNK Tech',
			'emailAddress' => 'tech@qbank.se'
		],
		'support' => [
			'givenName' => 'QBNK Support',
			'emailAddress' => 'support@qbank.se'
		],
	],
	'organization' => [
		'en-US' => [
			'name' => 'QBNK Company',
			'displayname' => 'QBNK Company',
			'url' => 'https://qbank.se/'
		],
	],
	'strict' => false,
	'debug' => true,
	'sp' => [
		'entityId' => '**FILLED IN AUTOMATICALLY**',
		'assertionConsumerService' => [
			'url' => '**FILLED IN AUTOMATICALLY**',
			'binding' => Constants::BINDING_HTTP_POST,
		],
		'singleLogoutService' => [
			'url' => '**FILLED IN AUTOMATICALLY**',
			'binding' => Constants::BINDING_HTTP_REDIRECT,
		],
		'NameIDFormat' => Constants::NAMEID_UNSPECIFIED
	],
	'idp' => [
		'entityId' => '{url}',
		'singleSignOnService' => [
			'url' => '{url}',
			'binding' => Constants::BINDING_HTTP_POST
		],
		'x509cert' => '{base64}'
	]
]