在Laravel上使用SimpleSamlPhp包装器进行单点登录 [英] Single sign on using SimpleSamlPhp wrapper on Laravel

问题描述

在我的laravel应用程序中实现单点登录.我决定使用此插件 https://github.com/aacotroneo/laravel-saml2 基本上是著名的SimpleSamlPhp的包装.

Implementing single sign on in my laravel application. I have decided to use this plugin https://github.com/aacotroneo/laravel-saml2 which is basically a wrapper on famous SimpleSamlPhp.

我已通过composer并根据给定的信息下载了代码.请记住，您不需要实现这些路由，但是需要将它们添加到IDP配置中.例如，如果您使用simplesamlphp，请将以下内容添加到/metadata/sp-remote.php

I downloaded the code via composer and as per given information Remember that you don't need to implement those routes, but you'll need to add them to your IDP configuration. For example, if you use simplesamlphp, add the following to /metadata/sp-remote.php

$metadata['http://laravel_url/saml/metadata'] = array(
 'AssertionConsumerService' => 'http://laravel_url/saml/acs',
 'SingleLogoutService' => 'http://laravel_url/saml/sls',
 //the following two affect what the $Saml2user->getUserId() will return
 'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
 'simplesaml.nameidattribute' => 'uid'  
);

我找不到 metadata/sp-remote.php ，知道吗?就 http://laravel_url/saml/acs 而言，我是否需要在服务器上部署saml?因为目前该插件代码位于laravel核心体系结构代码层次结构的 vendors 中.

I can't find metadata/sp-remote.php, any idea? and as far as http://laravel_url/saml/acs is concerned, do I need to deploy saml on the server? because at the moment the plugin code is in vendors in laravel core architecture code hierarchy.

推荐答案

我希望这会对其他人有所帮助.我在 config 文件夹中添加了 saml2_settings.php .

I hope this will help others. I added saml2_settings.php in the config folder.

更新了路线:

'logoutRoute' => '/logout',
'loginRoute' => '/homepage',
'errorRoute' => '/error',

更新了 x509cert (publickey.cer)和 privateKey

updated x509cert (publickey.cer) and privateKey

更新了'entityId'，添加了元数据xml的网址.在 saml2_settings.php 文件中更新了 singleLogoutService 和其余必需的详细信息.

Updated 'entityId', added the url of metadata xml. Updated singleLogoutService and rest of the required details in the saml2_settings.php file.

添加了两个侦听器1)登录事件2)退出事件

Added two listeners 1) for login event 2) for logout event

像这样更新路线文件:

\Illuminate\Support\Facades\Event::listen('Aacotroneo\Saml2\Events\Saml2LogoutEvent', function ($event) {
    \Illuminate\Support\Facades\Auth::logout();
    \Illuminate\Support\Facades\Session::save();
    return redirect("login");
});

\Illuminate\Support\Facades\Event::listen('Aacotroneo\Saml2\Events\Saml2LoginEvent', function (\Aacotroneo\Saml2\Events\Saml2LoginEvent $event) {

    $user = $event->getSaml2User();
    $userData = [
        'id' => $user->getUserId(),
        'attributes' => $user->getAttributes(),
        'assertion' => $user->getRawSamlAssertion()
    ];


      // add the login for auto login based on your settings
    /// REDIRECT the user to homepage
    }
});

这篇关于在Laravel上使用SimpleSamlPhp包装器进行单点登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！