2017 © Pedro Peláez
 

symfony-bundle common-bundle

Bundle providing common tools for SimpleSSO server and for Symfony clients.

image

simplesso/common-bundle

Bundle providing common tools for SimpleSSO server and for Symfony clients.

  • Friday, March 30, 2018
  • by Vinorcola
  • Repository
  • 1 Watchers
  • 0 Stars
  • 26 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 0 Forks
  • 0 Open issues
  • 7 Versions
  • 0 % Grown

The README.md

SimpleSSO CommonBundle

A bundle with common tools for the SimpleSSO server and for any Symfony client., (*1)

Installation

Add the bundle to your Symfony project with composer., (*2)

composer require simplesso/common-bundle

Configuration

The bundle provide several models that will help you to communicate with the SimpleSSO server. By default, the bundle do not declare any service. It let you choose the services you want. This documentation will show you the whole configuration. You can then adapt it to fit your needs., (*3)

The Guard Authenticator

The bundle provide a guard that will authenticate the user against the SimpleSSO server., (*4)

First, create the config/packages/simplesso_common.yaml file and put the following content:, (*5)

# config/packages/simplesso_common.yaml

services:
    _defaults:
        autowire: true
        autoconfigure: true
        public: false

    SimpleSSO\CommonBundle\:
        resource: '../../vendor/simplesso/common-bundle/src/*'
        exclude: '../../vendor/simplesso/common-bundle/src/{Event,Exception,Model/Data}'

    SimpleSSO\CommonBundle\Model\AuthServerModel:
        $host: '%env(SIMPLESSO_SERVER_HOST)%'
        $publicKey: '%env(file:SIMPLESSO_SERVER_PUBLIC_KEY_PATH)%'
        $clientId: '%env(SIMPLESSO_CLIENT_ID)%'

    SimpleSSO\CommonBundle\Model\OpenSslModel:
        $privateKeyFilePath: '%env(SIMPLESSO_CLIENT_PRIVATE_KEY_PATH)%'
        $publicKeyFilePath: '%env(SIMPLESSO_CLIENT_PUBLIC_KEY_PATH)%'

    SimpleSSO\CommonBundle\Security\LogoutSuccessHandler: ~

    # If you use Twig.
    SimpleSSO\CommonBundle\Twig\Extension: ~

As you can see, the services require that you set several environment variables. In development, you can add the following lines to your .env file., (*6)

SIMPLESSO_SERVER_HOST=https://auth.example.com
SIMPLESSO_SERVER_PUBLIC_KEY_PATH=/path/to/server-public-key.pem
SIMPLESSO_CLIENT_ID=00000000-0000-0000-0000-000000000000
SIMPLESSO_CLIENT_PUBLIC_KEY_PATH=/path/to/client-public-key.pem
SIMPLESSO_CLIENT_PRIVATE_KEY_PATH=/path/to/client-private-key.pem

Note that you can get the SimpleSSO server public key by opening https://auth.example.com/public-key in a browser or with curl. Securing public keys or the client id is not necessary. However, a real care must be taken with the client private key. The file containing the private key must be readable by the application., (*7)

Then, you'll need to configure your security., (*8)

# config/packages/security.yaml

security:
    providers:
        # ...

    firewalls:
        main:
            anonymous: true
            provider: # ...
            guard:
                authenticators:
                    - SimpleSSO\CommonBundle\Security\AuthTokenAuthenticator
            logout:
                success_handler: SimpleSSO\CommonBundle\Security\LogoutSuccessHandler

The authentication routes

A fallback route must be configured. The SimpleSSO server will redirect the user to this route with an AuthToken. For now, you cannot choose the route you want: it must be /authenticate. A logout route must also be set. It can be whatever you want., (*9)

Tag the controller provided with the bundle., (*10)

# config/packages/simplesso_common.yaml

services:
    # ...

    SimpleSSO\CommonBundle\Controller\AuthenticationController:
        tags: [ 'controller.service_arguments' ]

Add an access control to your security configuration., (*11)

# config/packages/security.yaml

security:
    firewalls:
        main: # Your firewall must be named "main".
            # ...

    access_control:
        - { path: ^/authenticate, roles: ROLE_USER }

Add the route to the routing. Create the file config/routes/simplesso_common.yaml with the following content:, (*12)

# config/routes/simplesso_common.yaml

authentication:
    path: /authenticate
    controller: SimpleSSO\CommonBundle\Controller\AuthenticationController::authenticate

logout:
    path: /logout
    controller: SimpleSSO\CommonBundle\Controller\AuthenticationController::logout

User and User provider

The way you store the users is completely up to you. You need to provide a user provider that will fetch the user using the id of the user. This mean you have to keep this id (which is an UUID) stored so you can fetch users authenticating., (*13)

If the user is not found by the user provider, a authentication.unknownUserAuthenticated event is thrown, giving you the possibility to create the user and return it to the authentication system (check SimpleSSO\CommoneBundle\Event\UserEvent). This is the last chance before making the authentication fail., (*14)

We provide some basic user provider, but it is recommended that you implement your own. Use them for inspiration., (*15)

A) The simple in memory user provider

Implementation in SimpleSSO\CommonBundle\Security\UserProvider\InMemory., (*16)

This simple user provider do not stores anything in a persistent way. It fetches the profile information from the SimpleSSO server API each time the user is authenticated., (*17)

To use this user provider, you need to register it as a service, and configure it in the security config:, (*18)

# config/packages/simplesso_common.yaml

services:
    # ...

    SimpleSSO\CommonBundle\Security\UserProvider\InMemory\UserProvider: ~

# config/packages/security.yaml

security:
    providers:
        simple_in_memory:
            id: SimpleSSO\CommonBundle\Security\UserProvider\InMemory\UserProvider

    firewalls:
        main:
            provider: simple_in_memory # Use it in your main firewall.
            # ...

By default, it will instantiate a SimpleSSO\CommonBundle\Security\UserProvider\InMemory\SimpleInMemoryUser object to stores the user's profile. The object is then serialized in session in the security token. You can configure another class that you implemented if needed. This class must implement SimpleSSO\CommonBundle\Security\UserProvider\SimpleSSOUserInterface., (*19)

# config/packages/simplesso_common.yaml

services:
    # ...

    SimpleSSO\CommonBundle\Security\UserProvider\InMemory\UserProvider:
        arguments:
            $userClass: App\Model\Data\MyCustomSimpleSSOUser

B) A Doctrine based user provider

TODO., (*20)

The Versions

30/03 2018

dev-master

9999999-dev

Bundle providing common tools for SimpleSSO server and for Symfony clients.

  Sources   Download

MIT

The Requires

 

by Avatar Vinorcola

30/03 2018

v1.0.5

1.0.5.0

Bundle providing common tools for SimpleSSO server and for Symfony clients.

  Sources   Download

MIT

The Requires

 

by Avatar Vinorcola

29/03 2018

v1.0.4

1.0.4.0

Bundle providing common tools for SimpleSSO server and for Symfony clients.

  Sources   Download

MIT

The Requires

 

by Avatar Vinorcola

28/03 2018

v1.0.3

1.0.3.0

Bundle providing common tools for SimpleSSO server and for Symfony clients.

  Sources   Download

MIT

The Requires

 

by Avatar Vinorcola

26/03 2018

v1.0.2

1.0.2.0

Bundle providing common tools for SimpleSSO server and for Symfony clients.

  Sources   Download

MIT

The Requires

 

by Avatar Vinorcola

19/03 2018

v1.0.1

1.0.1.0

Bundle providing common tools for SimpleSSO server and for Symfony clients.

  Sources   Download

MIT

The Requires

 

by Avatar Vinorcola

19/03 2018

v1.0.0

1.0.0.0

Bundle providing common tools for SimpleSSO server and for Symfony clients.

  Sources   Download

The Requires

 

by Avatar Vinorcola