tim-online/laravel-auth-pubtkt

Laravel login server for mod_auth_pubtkt

Maintainers

Details

github.com/tim-online/laravel-auth-pubtkt

Homepage

Source

Issues

Installs: 9

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 4

Forks: 0

Open Issues: 0

0.0.1 2017-05-08 07:43 UTC

Requires

GPL-2.0 d95b4135d205c2038dfc4cfd3917584c7784cbf7

SSOlaravelmod_auth_pubtkt

This package is not auto-updated.

Last update: 2024-11-24 03:45:49 UTC

README

This module implements the login server for the Apache mod_auth_pubtkt module.

It works by setting an additional auth_pubtkt cookie when logging in.

Installation

This package can be installed through Composer.

composer require tim-online/laravel-auth-pubtkt

You must install this service provider.

// config/app.php
'providers' => [
    ...
    Timonline\AuthPubtkt\AuthPubtktServiceProvider::class
    ...
];

You can publish the config file of this package with this command:

php artisan vendor:publish --provider="Timonline\AuthPubtkt\AuthPubtktServiceProvider"

This module works with the default Laravel login form but it needs some customisations to make the redirect to the protected application work properly.

Allow the auth_pubtkt cookie to be unencrypted. Add the cookienaam as an exception to EncryptCookies:

/**
 * The names of the cookies that should not be encrypted.
 *
 * @var array
 */
protected $except = [
    'auth_pubtkt',
];

Add the back parameter as a hidden input to your login form:

<input type="hidden" name="back" value="{{ app('request')->input('back') }}" />

And finally, after login, redirect to the back url. Edit your Auth\LoginController:

protected function redirectTo(Request $request)
{
    return $request->input('back', '/home');
}

To make the redirect work in Spark you can edit SparkServiceProvider and add this call in the booted method:

Spark::afterLoginRedirectTo(function() {
    $request = app('request');
    return $request->input('back', '/home');
});

To secure the protected application you can use something like this:

<Location />
    AuthType mod_auth_pubtkt
    TKTAuthLoginURL https://myapp.tld/login
    TKTAuthTimeoutURL https://myapp.tld/login?timeout=1
    TKTAuthRefreshURL https://myapp.tld/login?refresh=1
    TKTAuthUnauthURL https://myapp.tld/login?unauth=1
    TKTAuthRequireSSL on
    require valid-user
</Location>

TODO

  • make ?back= work without manual customisations in view and controller
  • make the EncryptCookies middleware automatically skip the auth_pubtkt cookie
  • create a custom Laravel authentication guard for mod_auth_pubtkt
  • Add timeout, refresh & unauth notifications