2017 © Pedro Peláez
 

yii2-extension yii2-simplesamlphp

SAML Service Provider(SP) for Yii2 using simplesamlphp

image

lucidprogrammer/yii2-simplesamlphp

SAML Service Provider(SP) for Yii2 using simplesamlphp

  • Friday, March 2, 2018
  • by lucidprogrammer
  • Repository
  • 1 Watchers
  • 0 Stars
  • 196 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 1 Forks
  • 0 Open issues
  • 5 Versions
  • 4 % Grown

The README.md

yii2-simplesamlphp

SAML Service Provider(SP) for Yii2 using simplesamlphp (yii2 extension). This is useful when you want to act as a Service Provider(SP), where a partner company is acting as a SAML Identity Provider (IDP). User data and their credentials are with the IDP and you are using SAML based login and use those users information in your yii2 application., (*1)

This is a very basic implementation where we are not persisting user data coming from the IDP at the Service Provider side for reporting on usage etc. However, those are fairly straightforward additions one can do., (*2)

Installation

This is available to be installed via composer. In your yii2 application folder, run the following command., (*3)

composer require lucidprogrammer/yii2-simplesamlphp

This will install the package as a yii2 extension and update the extensions and installs the simplesamlphp project too in the vendor folder., (*4)

Configuration

Step 1 - Configuring an alias for /saml in your web server.

In a standard web server configuration like Apache, the DocumentRoot will be pointing to the yii2 application's web folder. Create an alias for /saml pointing to pathto_my-yii2-app/vendor/simplesamlphp/simplesamlphp/www., (*5)

In the case of Apache, you may do something like (replace pathto_my-yii2-app with your real path.), (*6)

echo "Alias /saml pathto_my-yii2-app/vendor/simplesamlphp/simplesamlphp/www" >> /etc/apache2/apache2.conf
echo "<Directory \"pathto_my-yii2-app/simplesamlphp/simplesamlphp/www/\"> \n Options Indexes FollowSymLinks \n AllowOverride all \n Require all granted \n   </Directory>" >> /etc/apache2/apache2.conf

To explain it visually, following could help., (*7)

my-yii2-app/
          /web    -> DocumentRoot
          ..
          ..
          /vendor
              ...
              ...
              /lucidprogrammer  (newly created folder in vendor)
              /simplesamlphp    (newly created folder in vendor)
                  /simplesamlphp/wwww      -> [Create an alias /saml pointing to pathto_my-yii2-app/vendor/simplesamlphp/simplesamlphp/www]

Step 2 - Configure yii2 configuration.

Yii configuration straightforward, just add the following in your config/web.php, (*8)

'user' => [
    'class' => 'lucidprogrammer\simplesamlphp\SamlUser',
    //idAttribute is mandatory
    //for example, if your IDP is sending a SAML payload which has ID, you may do as follows
    'idAttribute' => 'ID',
    //if you want to map IDP provided attributes to something else, you may do additional mappings as name value pairs.
    //following are some examples, not mandatory
    'firstName' => 'givenName',
    'company' => 'companyName',
],

ADFS example,, (*9)

'user' => [
    'class' => 'lucidprogrammer\simplesamlphp\SamlUser',
    //for example, if your IDP is ADFS, and you want to use email address as the unique ID
    'idAttribute' => 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
],

Note on enabling authentication for a route using yii2

Let's say you have a rule like the following in your yii2 setting,, (*10)

'access' => [
    'class' => AccessControl::className(),
    'only' => ['index','logout','about'],
    'rules' => [
      [
            'allow' => true,
            'actions' => ['index'],
            'roles' => ['?'],
        ],
        [
            'actions' => ['logout'],
            'allow' => true,
            'roles' => ['@'],
        ],
    ],
  ],

After the component is installed, the moment you hit the site/about page, it should redirect you to the configured saml idp login page., (*11)

So, if you want to do SAML provided attributes and want to implement a fine grained access control, yii2 makes it easy., (*12)

If your application has links to login, for example, 'site/login', you need to change to saml/login., (*13)

However, it is best if you use Yii::$app->user->loginUrl[0], so it will take whatever is the correct loginUrl, so it will work with or without this plugin., (*14)

Sample app

https://github.com/lucidprogrammer/yii2-adfs-saml20-sp, (*15)

Changelog

02 March 2018 http://www.yiiframework.com/doc-2.0/yii-base-object.html The class name Object is invalid since PHP 7.2, use [[BaseObject]] instead. [handle backward compatibility to yii base Object] Added SamlSettings options for easy configuration. Tested with ADFS 3.0, Windows 2012 R2 & simplesamlphp (IDP), (*16)

The Versions

02/03 2018

dev-master

9999999-dev

SAML Service Provider(SP) for Yii2 using simplesamlphp

  Sources   Download

BSD-3-Clause

The Requires

 

by Lucid Programmer

saml yii2 yii simplesamlphp

02/03 2018

1.3

1.3.0.0

SAML Service Provider(SP) for Yii2 using simplesamlphp

  Sources   Download

BSD-3-Clause

The Requires

 

by Lucid Programmer

saml yii2 yii simplesamlphp

01/03 2018

1.2

1.2.0.0

SAML Service Provider(SP) for Yii2 using simplesamlphp

  Sources   Download

BSD-3-Clause

The Requires

 

by Lucid Programmer

saml yii2 yii simplesamlphp

15/02 2017

1.1

1.1.0.0

SAML Service Provider(SP) for Yii2 using simplesamlphp

  Sources   Download

BSD-3-Clause

The Requires

 

by Lucid Programmer

saml yii2 yii simplesamlphp

15/02 2017

1.0

1.0.0.0

SAML Service Provider(SP) for Yii2 using simplesamlphp

  Sources   Download

BSD-3-Clause

The Requires

 

by Lucid Programmer

saml yii2 yii simplesamlphp