unicesil / shibboleth-bundle
Shibboleth bundle authentication for Symfony 5+
Installs: 1 642
Dependents: 0
Suggesters: 0
Security: 0
Stars: 3
Watchers: 1
Forks: 3
Open Issues: 3
Type:symfony-bundle
Requires
- php: >=7.2.5
- symfony/routing: ^5.4
- symfony/security-bundle: ^5.4
This package is not auto-updated.
Last update: 2024-04-10 18:05:19 UTC
README
This is a Shibboleth bundle for Symfony 3+ that uses the Guard system.
Installation
Install bundle via composer by running the following command :
composer require unicesil/shibboleth-bundle
If you don't use flex, enable the bundle in config/bundles.php :
<?php return [ //... UniceSIL\ShibbolethBundle\UniceSILShibbolethBundle::class => ['all' => true] ];
Modify the file config/packages/unice_sil_shibboleth.yaml to add your shibboleth settings :
unice_sil_shibboleth: login_path: 'Shibboleth.sso/Login' # The path used to call Shibboleth login authentication (default = 'Shibboleth.sso/Login') logout_path: 'Shibboleth.sso/Logout' # The path used to call Shibboleth logout (default = 'Shibboleth.sso/Logout') username: 'eppn' # The Shibboleth attribute that is used as username for the logged in user. The attribute must appear in the'attributes' parameter list (default = 'username') attributes: ['eppn', 'mail', 'givenName', 'sn'] # The list of attributes returned by Shibboleth Service Provider login_target : '' # The route to which the user will be redirected after login. If this parameter is not filled, the user will be redirected to the page from which he comes. (default = null) logout_target : '' # The route to which the user will be redirected after logout. If this parameter is not filled, the user will be redirected to the page from which he comes. (default = null)
And modify your security.yml file to secure your application :
security: enable_authenticator_manager: true provider: shibboleth: id: Your\Shibboleth\User\Provider\Class firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false shibboleth: lazy: true provider: shibboleth custom_authenticators: - unicesil.shibboleth_authenticator logout: ~ access_control: - { path: ^/, roles: ROLE_USER }
Configure your application .htaccess or your apache configuration:
AuthType shibboleth
ShibRequestSetting requireSession 0
ShibUseHeaders On
ShibRequestSetting applicationId engagement
Require shibboleth
User and UserProvider
Create your own User and UserProvider classes
User
class User extends UserInterface { //... public function getUserIdentifier() { // ... } }
UserProvider
use UniceSIL\ShibbolethBundle\Security\Provider\AbstractShibbolethUserProvider; class MyShibbolethUserProvider extends AbstractShibbolethUserProvider { public function loadUserByIdentifier(string $identifier): UserInterface { $shibbolethUserAttributes = $this->getAttributes(); // Return an instance of User } }
Logout
to properly disconnect your users from the application via Shibboleth, configure the listener as follows in the service.yaml file.
unicesil.shibboleth_logout_event: class: UniceSIL\ShibbolethBundle\EventListener\LogoutEventListener arguments: ['%unice_sil_shibboleth%', "@router"] tags: - name: 'kernel.event_listener' event: 'Symfony\Component\Security\Http\Event\LogoutEvent' method: onLogout dispatcher: security.event_dispatcher.{YOUR_FIREWALL_NAME} # ex: security.event_dispatcher.main
Configure the logout route in security.yaml.
security: firewalls: shibboleth: logout: path: /logout
Don't forgot to declare the logout route in your route configuration file.
logout: path: /logout