shawinigan / sso
Shawinigan SSO utilities
Requires
- php: ^7.2 || ^8.0
- ext-json: *
- laravel/framework: ^8.0|^9.0|^10.0
- nesbot/carbon: ^2.46
- socialiteproviders/manager: ~4.0
- spatie/laravel-permission: ^6.1
- tmilos/scim-filter-parser: ^1.3
- tmilos/scim-schema: ^0.1.0
README
- Run
composer require shawinigan/ssoto include this in your project. - Run
php artisan vendor:publish --provider="Shawinigan\Sso\LaravelAzureProvisioning\AzureProvisioningProvider". - Run
php artisan vendor:publish --provider="Shawinigan\Sso\LaravelAzureSocialite\AzureSocialiteServiceProvider". - Run
npm install - Run
npm run build - Run
npm run dev - Run
php artisan migrate
Configuration (Laravel)
-
Open
config/azureprovisioning.phpto adjust the packages configurationIf the file doesn't exist, ensure you have ran
php artisan vendor:publish --provider="Shawinigan\Sso\LaravelAzureProvisioning\AzureProvisioningProvider". -
Modify the configuration as required. All fields are commented and should provide enough description for how they change the way this package works.
-
If you do not wish to provision Groups you can entirely remove (or comment) the
Groupskey. -
Open
config/shawi-sso.phpto adjust the packages configuration -
Add configuration to
config/services.php
'azure' => [ 'client_id' => env('AZURE_CLIENT_ID'), 'client_secret' => env('AZURE_CLIENT_SECRET'), 'redirect' => env('AZURE_REDIRECT_URI'), 'tenant' => env('AZURE_TENANT_ID'), 'proxy' => env('PROXY') // optionally ],
Configure the package's listener to listen for SocialiteWasCalled events.
Add the event to your listen[] array in app/Providers/EventServiceProvider. See the Base Installation Guide for detailed instructions.
protected $listen = [ \SocialiteProviders\Manager\SocialiteWasCalled::class => [ \Shawinigan\Sso\LaravelAzureSocialite\AzureExtendSocialite::class.'@handle', ], ];
- ###Add the AzureUser trait to the user model
use Shawinigan\Sso\LaravelAzureSocialite\Traits\AzureUser; class User extends Authenticatable { use HasApiTokens, HasFactory, Notifiable, HasRoles, AzureUser; 7. ### Add fillable and hidden to user model ```php protected $fillable = [ 'name', 'email', 'password', 'azure_auth_id', 'azure_access_token', 'azure_refresh_token', 'username', 'avatar', 'azure_expires_timestamp' ]; protected $hidden = [ 'password', 'remember_token', 'azure_auth_id', 'azure_access_token', 'azure_refresh_token', 'azure_expires_timestamp' ];
Configuration (Azure)
-
Login to Azure Active Directory
-
Select All services > Enterprise applications
-
Select New application
-
Select Create your own application
-
Provide your application's name and select the option "Integrate any other application you don't find in the gallery (Non-gallery)"
-
A) To provision all users/groups
- On the properties page, ensure the option "User assignment required?" is set to No
--OR--
-
B) To provision select users/groups
- On the Properties page, ensure the option "User assignment required?" is set to Yes
- On the Users and groups page, add the users and groups that you wish to provision
-
Navigate to the Provisioning page
-
Set the Provisioning Mode to Automatic
-
In the Admin Credentials section set the Tenant URL to your domain (with https://) followed by
/scim/v2.0/(Or the value you have set in in theroutePrefixconfiguration option). (e.g.https://laravel-azure-provisioning.com/scim/v2.0/) -
TODO: Provide the secret token generated by ... ?
-
Test the configuration and then save the settings
-
Expand the mapping section and remove any mappings that are not required by your application and add mappings that are missing and required by your application.
-
Save the settings again
Note: If you only want users within set groups to be provisioned, follow the steps in 6 B) and add the groups you require. Only the members of the group will then be provisioned.
This repository is based on : https://github.com/RobTrehy/LaravelAzureProvisioning https://github.com/SocialiteProviders/Microsoft-Azure