Composer
首页 包列表 提交包 常见问题 关于

承接 almaviacx/ibexasamlbundle 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

almaviacx/ibexasamlbundle

最新稳定版本:1.1.1

Composer 安装命令:

composer require almaviacx/ibexasamlbundle

包简介

Bundle that add a way to connect to Ibexa using the SAML protocol

关键字:

# bundle # ibexa

README 文档

README

Configuration

Add the following config to the routing config file

hslavich_saml_sp:
  resource: "@HslavichOneloginSamlBundle/Resources/config/routing.yml"

Add the following parameters to the security config file

ibexa_saml_front:
    pattern: /saml/(login|metadata|logout)
    security: false

ibexa_front:
    ...
    saml:
        use_attribute_friendly_name: false
        check_path: saml_acs
        login_path: saml_login
        failure_path: saml_login
        default_target_path: /dashboard
        always_use_default_target_path: true
        user_factory: almaviacx.saml.user_factory
        # username_attribute:

The following variables are used to define the different parameters for the SAML endpoint communication

SAML_IDENTITY_PROVIDER_ENTITYID="..."
SAML_IDENTITY_PROVIDER_LOGIN_URL="..."
SAML_IDENTITY_PROVIDER_LOGIN_BINDING=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
SAML_IDENTITY_PROVIDER_LOGOUT_URL="..."
SAML_IDENTITY_PROVIDER_LOGOUT_BINDING=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
SAML_IDENTITY_PROVIDER_EMAIL_ATTRIBUTE="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
SAML_IDENTITY_PROVIDER_X509_CERT="..."

SAML_SERVICE_PROVIDER_URL=https://novabundles.ddev.site/admin
SAML_SERVICE_PROVIDER_NAMEID_FORMAT='urn:oasis:names:tc:SAML:2.0:nameid-format:nameidentifier'
SAML_SERVICE_PROVIDER_USER_GROUP_ID=sdf1sd61868sd1fdsvc

env(SAML_IDENTITY_PROVIDER_EMAIL_ATTRIBUTE): ~
env(SAML_IDENTITY_PROVIDER_LOGIN_ATTRIBUTE): ~

These variables are used to define the following global configuration :

idp:
    entityId: '%env(resolve:SAML_IDENTITY_PROVIDER_ENTITYID)%'
    singleSignOnService:
        url: '%env(resolve:SAML_IDENTITY_PROVIDER_LOGIN_URL)%'
        binding: '%env(resolve:SAML_IDENTITY_PROVIDER_LOGIN_BINDING)%'
    singleLogoutService:
        url:  '%env(resolve:SAML_IDENTITY_PROVIDER_LOGOUT_URL)%'
        binding: '%env(resolve:SAML_IDENTITY_PROVIDER_LOGOUT_BINDING)%'
    x509cert: '%env(resolve:SAML_IDENTITY_PROVIDER_X509_CERT)%'
sp:
    entityId: '%env(resolve:SAML_SERVICE_PROVIDER_URL)%/saml/metadata'
    assertionConsumerService:
        url: '%env(resolve:SAML_SERVICE_PROVIDER_URL)%/saml/acs'
        binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
    singleLogoutService:
        url: '%env(resolve:SAML_SERVICE_PROVIDER_URL)%/saml/logout'
        binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
    NameIDFormat: '%env(resolve:SAML_SERVICE_PROVIDER_NAMEID_FORMAT)%'
baseurl: '%env(resolve:SAML_SERVICE_PROVIDER_URL)%/saml'
debug: '%kernel.debug%'

To change the configuration based on siteaccess, it's possible to defined it under the folowing siteaccess aware parameter : almaviacx.saml.<siteaccess|siteaccess_group>.auth_settings

The following parameters are also available to tweak the behavior

# Attribute used to get the email address from
almaviacx.saml.identity.provider.email.attribute: '%env(resolve:SAML_IDENTITY_PROVIDER_EMAIL_ATTRIBUTE)%'
# Attribute used to get the login from (null = nameId or what is defined for the "username_attribute" parameter)
almaviacx.saml.identity.provider.login.attribute: '%env(resolve:SAML_IDENTITY_PROVIDER_LOGIN_ATTRIBUTE)%'

# Method used to load existing users 
almaviacx.saml.config.default.user_load_method: !php/const AlmaviaCX\Bundle\IbexaSaml\Security\Saml\SamlUserProvider::LOAD_METHOD_LOGIN

# Content Id or Remote Content Id of the user group where new users will be created
almaviacx.saml.config.default.user_group_id: '%env(resolve:SAML_SERVICE_PROVIDER_USER_GROUP_ID)%'

# Map user content type fields to the saml response attributes
almaviacx.saml.config.default.user_attributes_mapping:
    first_name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    last_name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Load user by email instead of login

Configure the following parameters :

# In security.yaml, configure the value for the following parameter :
username_attribute: '%almaviacx.saml.identity.provider.email.attribute%'
    
# As you don't want the email address to be used as login (Ibexa doesn't support special char in login), you need to configure this parameter :
almaviacx.saml.identity.provider.login.attribute: 
    
# Change the user load method
almaviacx.saml.config.default.user_load_method: !php/const AlmaviaCX\Bundle\IbexaSaml\Security\Saml\SamlUserProvider::LOAD_METHOD_EMAIL

统计信息

  • 总下载量: 6.02k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 1
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 2
  • Forks: 0
  • 开发语言: PHP
访问仓库

其他信息

  • 授权协议: MIT
  • 更新时间: 2024-02-29