netresearch / nr-saml-auth
TYPO3 SAML Authentication for frontend
Installs: 20
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 4
Forks: 0
Open Issues: 3
Type:typo3-cms-extension
pkg:composer/netresearch/nr-saml-auth
Requires
- php: >=7.1.0
- onelogin/php-saml: ^3.0.0 || ^4.0.0
- typo3/cms-core: ^10.4
- typo3/cms-frontend: ^10.4
- dev-master
- dev-main / 12.0.x-dev
- 10.0.10
- 10.0.9
- 10.0.8
- 10.0.7
- 10.0.6
- 10.0.5
- 10.0.4
- 10.0.3
- 10.0.2
- 10.0.1
- 10.0.0
- dev-renovate/typo3-cms-frontend-14.x
- dev-renovate/typo3-cms-extbase-14.x
- dev-renovate/typo3-cms-core-14.x
- dev-renovate/major-phpstan-packages
- dev-fix/version-alignment
- dev-chore/agents-md
- dev-renovate/typo3-testing-framework-9.x
- dev-renovate/shivammathur-setup-php-2.x
- dev-TYPO3_10
- dev-renovate/actions-checkout-6.x
- dev-feature/post-release-improvements
- dev-renovate/onelogin-php-saml-4.x
- dev-feature/typo3-v13-upgrade
- dev-fix/typo3-10-deprecation-notice
- dev-renovate/phpunit-phpunit-12.x
- dev-TYPO3_11
This package is auto-updated.
Last update: 2025-11-28 22:44:23 UTC
README
TYPO3 extension for SAML SSO authentication supporting frontend and backend users using the
onelogin/php-samllibrary.
Requirements
| Version | TYPO3 | PHP |
|---|---|---|
| 12.x | 12.4, 13.4 | 8.1 - 8.4 |
| 10.x | 10.4, 11.5 | 7.4 - 8.1 |
Installation
Install via Composer:
composer require netresearch/nr-saml-auth
Configuration
Backend Setup
- Create a new SAML Auth Settings record on the root page in the TYPO3 backend
- Configure the Service Provider (SP) and Identity Provider (IdP) settings
Example Configuration
# Service Provider Settings
Entity ID: https://your-domain.tld
Customer service URL: https://your-domain.tld/?logintype=login
Customer service binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
Name ID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
Certificate: -----BEGIN CERTIFICATE-----
MIIFYDCCA0igAwIBAgIJAMWkGz7F5peWMA0GCSqGSIb3DQEB...
-----END CERTIFICATE-----
Private key: -----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoIC...
-----END PRIVATE KEY-----
# Identity Provider Settings
Entity ID: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
SSO URL: https://idp.example.com/sso
Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
Certificate: [IDP Certificate]
# User Settings
Username prefix: sso-
User folder: [Select frontend user folder]
User groups: [Select default frontend user groups]
Testing with SimpleSAMLphp
For development/testing, you can use SimpleSAMLphp or online SAML testing tools like samling.
Features
Auto Discovery
The login service automatically detects the SAML configuration for the current request based on the sp_entity_id matching your domain.
Deep Link Support (Middleware)
The extension includes middleware for redirecting users to their original destination after login/logout:
- The
RelayStateparameter should contain the target URL - Transmitted via POST (login) or GET (logout) from SAML server to the configured ACS URLs
Backend Module
Access SAML metadata via the Admin Tools > SAML Auth backend module to configure your IdP.
Upgrading
From 10.x to 12.x
Version 12.x includes breaking changes:
- PHP 8.1+ required: Upgrade your PHP version
- TYPO3 12.4+ required: Upgrade your TYPO3 installation
- onelogin/php-saml 4.0: Library upgraded with security improvements
- PSR-14 Events: Legacy hooks replaced with modern event system
- Dependency Injection: Services now use TYPO3 DI container
No database migrations required.
Development
Quality Tools
# Install dependencies composer install # Run all CI checks composer ci # Individual checks composer ci:phpstan # Static analysis composer ci:cgl # Code style check composer ci:cgl:fix # Code style fix composer ci:tests:unit # Unit tests
License
This extension is proprietary software by Netresearch DTT GmbH.
Support
For issues and feature requests, please use the GitHub issue tracker.