surfnet/stepup-saml-bundle

A Symfony 3 (with SF 4 support) bundle that integrates the simplesamlphp\saml2 library with Symfony.

Installs: 41 682

Dependents: 2

Suggesters: 0

Security: 0

Stars: 11

Watchers: 13

Forks: 18

Open Issues: 7

Type:symfony-bundle


README

A bundle that adds SAML capabilities to your application using simplesamlphp/saml2

Developed as part of the SURFnet StepUp Gateway

Installation

  • Add the package to your Composer file
    composer require surfnet/stepup-saml-bundle

For Symfony 3.4 support use version 4.1.1 or greater.

  • Add the bundle to your kernel in app/AppKernel.php
    public function registerBundles()
    {
        // ...
        $bundles[] = new Surfnet\SamlBundle\SurfnetSamlBundle;
    }

For use of this bundle in Symfony 4.3

  1. Require the bundle in the composer.json (version 4.1.9 or higher)
  2. Enable the bundle in config/bundles.php add to the return statement: Surfnet\SamlBundle\SurfnetSamlBundle::class => ['all' => true],
  3. Specify the bundle configuration in config/packages/surfnet_saml.yml, consult the configuration section below for available options.

And, on top of that you should explicitly configure the Twig templating engine:

In config/packages/framework.yaml add:

framework:
    templating:
        engines:
            - twig

Configuration

surfnet_saml:
    hosted:
        attribute_dictionary:
            ignore_unknown_attributes: false
        service_provider:
            enabled: true
            assertion_consumer_route: name_of_the_route_of_the_assertion_consumer_url
            public_key: %surfnet_saml_sp_publickey%
            private_key: %surfnet_saml_sp_privatekey%
        identity_provider:
            enabled: true
            service_provider_repository: service.name.of.entity_repository
            sso_route: name_of_the_route_of_the_single_sign_on_url
            public_key: %surfnet_saml_idp_publickey%
            private_key: %surfnet_saml_idp_privatekey%
        metadata:
            entity_id_route: name_of_the_route_of_metadata_url
            public_key: %surfnet_saml_metadata_publickey%
            private_key: %surfnet_saml_metadata_privatekey%
    remote:
        identity_provider:
            enabled: true
            entity_id: %surfnet_saml_remote_idp_entity_id%
            sso_url: %surfnet_saml_remote_idp_sso_url%
            certificate: %surfnet_saml_remote_idp_certificate%
        service_providers:
            - entity_id: "%surfnet_saml_remote_sp_entity_id%"
              certificate_file: "%surfnet_saml_remote_sp_certificate%"
              assertion_consumer_service_url: "%surfnet_saml_remote_sp_acs%"            

The hosted configuration lists the configuration for the services (SP, IdP or both) that your application offers. SP and IdP functionality can be turned off and on individually through the repective enabled flags. The remote configuration lists, if enabled, the configuration for a remote IdP to connect to. The inlined certificate in the last line can be replaced with certificate_file containing a filesystem path to a file which contains said certificate. It is recommended to use parameters as listed above. The various publickey and privatekey variables are the contents of the key in a single line, without the certificate etc. delimiters. The use of parameters as listed above is highly recommended so that the actual key contents can be kept out of the configuration files (using for instance a local parameters.yml file).

The service_provider_repository is a repository of service providers for which you offer IdP services. The service configured must implement the Surfnet\SamlBundle\Entity\ServiceProviderRepository interface.

Service providers can be provided statically by using the remote.service_providers configuration option. To use these configured service providers keep in mind that you need to assign surfnet_saml.remote.service_providers as service_provider_repository.

Example Usage

Metadata Publishing

<?php

namespace Acme\SamlBundle

use Surfnet\SamlBundle\Http\XMLResponse;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;

class MetadataController extends Controller
{
    public function metadataAction(Request $request)
    {
        /** @var \Surfnet\SamlBundle\Metadata\MetadataFactory $metadataFactory */
        $metadataFactory = $this->get('surfnet_saml.metadata_factory');

        return new XMLResponse($metadataFactory->generate());
    }
}

Release strategy

CHANGELOG.md

Please read: https://github.com/OpenConext/Stepup-Deploy/wiki/Release-Management for more information on the release strategy used in Stepup projects.

UPGRADING.md

When introducing backwards compatible breaking changes in the bundle. Please update the UPGRADING.md file to instruct users how to deal with these changes. This makes upgrading as painless as possible.