oshco/adfs

Library to provide ADFS integration for WebFiori based applications.

Maintainers

Package info

github.com/OSHCO/adfs

pkg:composer/oshco/adfs

Statistics

Installs: 1 436

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

v1.3.0 2026-04-12 20:21 UTC

Requires

Requires (Dev)

MIT a7527fa7007cc4d6cd222b31d90eff9a8ecc92c5

apiadfswebfioriWeb APIs

This package is auto-updated.

Last update: 2026-04-12 20:22:13 UTC

README

A PHP library that provides ADFS (Active Directory Federation Services) single sign-on integration for WebFiori based applications using SAML 2.0.

Requirements

Installation

composer require oshco/adfs

How It Works

  1. Your application builds a SAML request using SAMLRequest and redirects the user to the ADFS server.
  2. The user authenticates on the ADFS login page.
  3. ADFS posts a SAML response back to your application's callback endpoint.
  4. Your ADFSVerificationService subclass parses the response, looks up the user, and handles success or failure.

Classes and Interfaces

Class / Interface Description
ADFSUser Interface representing an authenticated user. Requires getId().
SAMLRequest Builds a SAML 2.0 authentication request. Supports XML generation and base64+deflate encoding for HTTP-Redirect binding.
ADFSResponse Parses a base64-encoded SAML response from ADFS. Extracts success/failure status, username, and application name.
ADFSVerificationService Abstract web service that acts as the ADFS callback endpoint. Subclass it to implement getUser() and onSuccess().

Usage

1. Implement the ADFSUser interface

use oshco\adfs\ADFSUser;

class AppUser implements ADFSUser {
    private int $id;
    private string $email;

    public function __construct(int $id, string $email) {
        $this->id = $id;
        $this->email = $email;
    }

    public function getId() {
        return $this->id;
    }
}

2. Build and send a SAML request

use oshco\adfs\SAMLRequest;

$request = new SAMLRequest();
$request->setDestination('https://adfs.example.com/adfs/ls');
$request->setAppID('My Application');
$request->setAppURL('https://myapp.example.com');
$request->setIssueInstant(gmdate('Y-m-d\TH:i:s\Z'));

$encoded = $request->encode();

// Redirect user to ADFS with the encoded SAML request
header('Location: https://adfs.example.com/adfs/ls?SAMLRequest=' . urlencode($encoded));

3. Create a verification service

Extend ADFSVerificationService and implement the two abstract methods:

use oshco\adfs\ADFSUser;
use oshco\adfs\ADFSVerificationService;

class MyVerificationService extends ADFSVerificationService {

    public function __construct() {
        parent::__construct('adfs-verify', 'https://myapp.example.com/login-failed');
    }

    public function getUser(string $username): ?ADFSUser {
        // Look up the user in your database by username/email
        // Return an ADFSUser instance or null if not found
    }

    public function onSuccess(ADFSUser $user) {
        // User authenticated successfully
        // Set session, redirect to dashboard, etc.
    }
}

When ADFS posts back to your endpoint, the service will:

  • Parse the SAML response
  • Call getUser() with the authenticated username
  • Call onSuccess() if the user is found, or onFail() if not (redirects to the fail URL with a ?status= parameter)

4. Inspect the SAML response

use oshco\adfs\ADFSResponse;

$response = new ADFSResponse($_POST['SAMLResponse']);

$response->isSuccess();    // true if ADFS authentication succeeded
$response->getUserName();  // authenticated username (lowercased)
$response->getAppName();   // application name from ADFS
$response->getXMLString(); // raw XML of the SAML response
$response->storeResponse(); // save response to file for debugging

Running Tests

composer test

License

This library is licensed under the MIT License.

Copyright (c) 2023 Olayan Saudi Holding Company (OSHCO)