This package is abandoned and no longer maintained. The author suggests using the teamnovu/educa-federation-client package instead.

v2.0.1 2019-10-30 20:30 UTC

This package is auto-updated.

Last update: 2021-11-29 09:12:25 UTC


Latest Version on Packagist

Official client for service providers connecting to

Example Implementation

You can find a example Project at


You can install the package via composer:

composer require teamnovu/educa-federation-client


Before you can reveive SAMLResponse from the federation, you must generate a x509 certificate and a corresponding private key. Consult the table after the example to get more information about the config keys.

$config = [
    'sp' => [
        'x509cert' => '',
        'privateKey' => '',
        'entityId' => 'http://localhost/saml/sp/metadata',
        'assertionConsumerService' => [
            'url' => 'http://localhost/saml/acs',

    'contactPerson' => [
        'technical' => [
            'givenName' => 'Your Name',
            'emailAddress' => '',
        'support' => [
            'givenName' => 'Your Name',
            'emailAddress' => '',
x509certContains certificate of service providers in x509 format without headersMIIFdDCCA1ygAwIBAgIUPNptL10Zxoxj/AJLnVVpc2oA0KIwDQYJKoZIhvcNAQEF BQAwczELMAkGA1UEBgwCQ0gxDTALBgNVBAgMBEJlcm4xDTALBgNVBAcMBFRodW4x GDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFueTEWMBQGA1UECwwNSVQgRGVw...
privateKeyContains certificate's private key of service provider-----BEGIN RSA PRIVATE KEY----- MIIJKQIBAAKCAgEAxT4Lt3bww5lsdEIk4WVcQ8LqTmK+k0kV8g/6SRi1lhr1TJ/u DZILFoCFUHuuqN9Vlh...
entityIdUsually this is the URL to the metadata of the service provider. Can be any valid URI.
assertionConsumerService.urlUrl to which the SAMLResponse will be sent as HTTP-POST binding. Under this url you should process the response with this package. This URL needs to be configured by the federation
contactPerson.technical.givenNameName of your technical contactHans Muster
contactPerson.technical.emailAddressE-Mail of your technical of your support contactHans Muster of your support


Process SAMLResponse

You can use this package to process a SAMLResponse returned by the federation.

require 'vendor/autoload.php';

use  Teamnovu\SamlClient\Saml2AuthFactory;

$config = [ /* your config */ ];
$client = Saml2AuthFactory::forServiceProvider($config);
try {
} catch(\Exception $ex) {
    // handle error

$user = $client->getSaml2User();
$user->getNameId(); // unique identifier for the user
$user->getIntendedUrl(); // url originally passed as resource_name

Generate Metadata

This package can generate the proper metadata xml code to be imported by the federation to enable the certain service provider (e.g. under a given route or to create a metadata.xml sent to the federation support).

require 'vendor/autoload.php';

use  Teamnovu\SamlClient\Saml2AuthFactory;

$config = [ /* your config */ ];
$client = Saml2AuthFactory::forServiceProvider($config);
$metadata = $client->getMetadata();

echo $metadata;

Generate Certificate and Key


To generate the needed data you can use the following command. Please change the DN information to match your company

openssl req -newkey rsa:3072 -new -x509 -days 3652 -nodes -out sp.crt -keyout sp.key -subj "/C=CH/ST=Bern/L=Bern/O=Development/OU=IT Department/"

The command will generate a sp.crt and a sp.key file.

You now have the options to add the contents to the config or load them directly from the filesystem. Don't forget to remove the header and footer from the certificate(-----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----).




composer test


Please see CHANGELOG for more information what has changed recently.


Please see CONTRIBUTING for details.


If you discover any security related issues, please email instead of using the issue tracker.



The MIT License (MIT). Please see License File for more information.

PHP Package Boilerplate

This package was generated using the PHP Package Boilerplate.