rozmarbeka/simplesamlphp-bundle

SimpleSAMLphp Bundle for Symfony2

SimplesamlphpBundle

This is a SimpleSAMLphp Bundle for Symfony2., _(*1)

Note: For Symfony 2.7 or lower, you need to use the 1.0.0 release of this bundle., _(*2)

Installation

Add this bundle to your Symfony2 project., _(*3)

composer require hslavich/simplesamlphp-bundle

or manually require this bundle in your composer.json file., _(*4)

"require": {
    ...
    "hslavich/simplesamlphp-bundle": "dev-master"
}

Update your project., _(*5)

composer update hslavich/simplesamlphp-bundle

Activate the bundle in app/AppKernel.php., _(*6)

$bundles = array(
    ...
    new Hslavich\SimplesamlphpBundle\HslavichSimplesamlphpBundle(),
)

Configuration

Add bundle configuration settings to your Symfony2 config., _(*7)

# app/config/config.yml
hslavich_simplesamlphp:
    # Service provider name
    sp: default-sp

You will need to create your own user provider. See the Symfony2 documentation "How to Create a custom User Provider"., _(*8)

1. First, create a User class (you can also place it in your Entity/ folder), _(*9)

   # src/Acme/MyBundle/Security/User/MyUser.php
   namespace Acme\MyBundle\Security\User;
   
   use Symfony\Component\Security\Core\User\UserInterface;
   use Symfony\Component\Security\Core\User\EquatableInterface;
   
   class MyUser implements UserInterface, EquatableInterface
   {
       ...
   }

2. Then create the UserProvider class, _(*10)

   # src/Acme/MyBundle/Security/User/MyUserProvider.php
   namespace Acme\MyBundle\Security\User;
   
   use Symfony\Component\Security\Core\User\UserProviderInterface;
   use Symfony\Component\Security\Core\User\UserInterface;
   use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
   use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
   
   class MyUserProvider implements UserProviderInterface
   {
       public function loadUserByUsername($username) { ... }
       public function refreshUser(UserInterface $user) { ... }
       public function supportsClass($class) { ... }
   }

3. And make your UserProvider a service, _(*11)

   # src/Acme/MyBundle/Resources/config/services.yml
   services:
       my_user_provider:
           class: Acme\MyBundle\Security\User\MyUserProvider

Then add the provider and firewalls settings to you Symfony2 security file., _(*12)

# app/config/security.yml
security:
    providers:
        simplesaml:
            id: my_user_provider

    firewalls:
        saml:
            pattern:    ^/
            anonymous: true
            stateless:  true
            simple_preauth:
                authenticator: simplesamlphp.authenticator
                provider: simplesaml
            logout:
                path:   /logout
                success_handler: simplesamlphp.logout_handler

Create the following file structure in your app/ folder and place your configuration files in there., _(*13)

app/
  config/
    simplesamlphp/
      cert/
        saml.crt
        saml.pem
      config/
        config.php
        authsources.php
      metadata/
        saml20-idp-remote.php # Example

Make sure to correctly set the paths for cert/ and metadata/ folders in your config.php file (absolute paths recommended). The metadata/saml20-idp-remote.php is just an example. See the SimpleSAMLphp documentation, "Adding IdPs to the SP" for more information., _(*14)

You may also place those folders anywhere else on your machine, just make sure to correctly set the SIMPLESAMLPHP_CONFIG_DIR environment variable (see below)., _(*15)

Add the environment variable to your webserver configuration file, e.g. /etc/apache2/httpd.conf.local., _(*16)

<Directory *>
    ...
    SetEnv SIMPLESAMLPHP_CONFIG_DIR /var/path/to/my/config
</Directory>

Enable session bridge storage (see Symfony documentation for more information)., _(*17)

# app/config/config.yml
framework:
    session:
        storage_id: session.storage.php_bridge
        handler_id: ~

Create an alias on your webserver, e.g. for an Apache2 webserver, add this line to you http.conf.local (or other desired configuration file)., _(*18)

Alias /simplesaml /home/myapp/vendor/simplesamlphp/simplesamlphp/www