Git Product home page Git Product logo

laravel-shibboleth's Introduction

Laravel Shibboleth Service Provider

This package provides Shibboleth authentication for Laravel.

For development, it can emulate an IdP (via mrclay/shibalike).

Build Status Code Climate Code Coverage

Installation

Use composer to require the latest release into your project:

composer require uabookstores/laravel-shibboleth

If you're running Laravel >= 5.5, then you can skip this step, otherwise you will need to manually register the service provider in your config/app.php file within the Providers array.

StudentAffairsUwm\Shibboleth\ShibbolethServiceProvider::class,

If you you would like to use the emulated IdP via shibalike, then you will need to manually register it on any version - this is not automatically loaded even in Laravel 5.5.

StudentAffairsUwm\Shibboleth\ShibalikeServiceProvider::class,

Note that the password is the same as the username for shibalike.

Publish the default configuration file:

php artisan vendor:publish --provider="StudentAffairsUwm\Shibboleth\ShibbolethServiceProvider"

Optionally, you can also publish the views for the shibalike emulated IdP login:

php artisan vendor:publish --provider="StudentAffairsUwm\Shibboleth\ShibalikeServiceProvider"

University of Arizona Users:

To also logout with the IdP, set the the following in config/shibboleth.php

'idp_logout' => '/Shibboleth.sso/Logout?return=https%3A%2F%2Fshibboleth.arizona.edu%2Fcgi-bin%2Flogout.pl',

Change the driver to shibboleth in your config/auth.php file.

'providers' => [
    'users' => [
        'driver' => 'shibboleth',
        'model'  => App\User::class,
    ],
],

Now users may login via Shibboleth by going to https://example.com/shibboleth-login and logout using https://example.com/shibboleth-logout so you can provide a custom link or redirect based on email address in the login form.

@if (Auth::guest())
    <a href="/shibboleth-login">Login</a>
@else
    <a href="/shibboleth-logout">
        Logout {{ Auth::user()->name }}
    </a>
@endif

You may configure server variable mappings in config/shibboleth.php such as the user's first name, last name, entitlements, etc. You can take a look at them by reading what's been populated into the $_SERVER variable after authentication.

<?php print_r($_SERVER);

Mapped values will be synced to the user table upon successful authentication.

Authorization

You can check for an entitlement string of the current user statically:

$entitlement = 'urn:mace:uark.edu:ADGroups:Computing Services:Something';

if (Entitlement::has($entitlement)) {
    // authorize something
}

Now you can draft policies and gates around these entitlements.

Local Users

This was designed to work side-by-side with the native authentication system for projects where you want to have both Shibboleth and local users. If you would like to allow local registration as well as authenticate Shibboleth users, then use laravel's built-in auth system.

php artisan make:auth

JWTAuth Tokens

If you're taking advantage of token authentication with tymon/jwt-auth then set this variable in your .env

JWTAUTH=true

laravel-shibboleth's People

Contributors

bmw27 avatar cjmaio avatar daynesh avatar dfoxx avatar jpuck avatar michaeljs1990 avatar naabster avatar pyrello avatar saits-webteam avatar tdhsmith avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.