phantomwatson / cakephp-simple-saml
SimpleSaml plugin for CakePHP
Installs: 215
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 3
Forks: 0
Open Issues: 0
Type:cakephp-plugin
Requires
- php: >=7.2
- cakephp/authentication: ^2.0
- cakephp/authorization: ^2.1
- cakephp/cakephp: ~4.2.0
- simplesamlphp/simplesamlphp: 1.19
Requires (Dev)
- phpunit/phpunit: ^8.0
This package is auto-updated.
Last update: 2024-10-24 04:44:34 UTC
README
Installation
Until this issue is resolved, SimpleSAML is incompatible with CakePHP's Bake package, so cakephp/bake must be removed before installing.
composer remove cakephp/bake
Then:
composer require phantomwatson/cakephp-simple-saml
Add an authorization policy
- Add an authorization policy class under
/src/Policy
. (example policy)
Update Application.php
- Have the
Application
class implementAuthorizationServiceProviderInterface
- Add these lines to
Application::bootstrap()
:$this->addPlugin('Authentication'); $this->addPlugin('SimpleSaml');
- Add
getAuthorizationService()
andgetAuthenticationService()
methods, using the name of your policy class:/** * Returns the authorization service * * @param \Psr\Http\Message\ServerRequestInterface $request Server request * @return \Authorization\AuthorizationServiceInterface */ public function getAuthorizationService(ServerRequestInterface $request): AuthorizationServiceInterface { $mapResolver = new MapResolver(); $mapResolver->map(ServerRequest::class, YourPolicyClass::class); return new AuthorizationService($mapResolver); } /** * Returns a service provider instance. * * @param \Psr\Http\Message\ServerRequestInterface $request Request * @return \Authentication\AuthenticationServiceInterface */ public function getAuthenticationService(ServerRequestInterface $request): AuthenticationServiceInterface { $service = new AuthenticationService(); $loginUrl = '/login'; // Define where users should be redirected to when they are not authenticated $service->setConfig([ 'unauthenticatedRedirect' => $loginUrl, 'queryParam' => 'redirect', ]); $service->loadAuthenticator('Authentication.Session'); $service->loadAuthenticator('SimpleSaml.SimpleSaml'); // Load identifiers $service->loadIdentifier('Authentication.Token', [ // The field in the database to check against 'tokenField' => '', // The field in the passed data from the authenticator 'dataField' => '', /* The OrmResolver will search the Users table for a record with a tokenField with the same value as * dataField */ 'resolver' => [ 'className' => OrmResolver::class, 'userModel' => 'Users', 'finder' => 'all', ] ]); return $service; }
- Set the value of
tokenField
to the name of the database field to identify users with (e.g.'sso-uuid'
) - Set the value of
dataField
to the name of the field in the data received from the authenticator (e.g.'id'
)
- Set the value of
Update AppController.php
In AppController::initialize()
, load the SimpleSamlComponent
from the plugin:
$this->loadComponent('SimpleSaml.SimpleSaml', [ //'authSource' => 'default-sp' ]);
Uncomment and change the value of authSource
if needed.
Update User model
Have User
entity class
implement IdentityInterface
and add the getIdentifier()
and getOriginalData()
methods to it. (example)
Get SimpleSAML's /www directory ready for being accessed
- Set up a VirtualHost alias (or its equivalent in non-Apache servers) or a symlink for
/vendor/simplesamlphp/simplesamlphp/www
, named something like/simplesaml
- Navigate to
/vendor/simplesamlphp/simplesamlphp
in the command line and run these two commands to download front-end dependencies and set up CSS and JS (this assumes that NodeJS is installed on the server).npm install npm run build
Configuration
- Copy the SimpleSAML
/config-templates
directory to/config/simplesaml
at the root of the project - Set the
SIMPLESAMLPHP_CONFIG_DIR
environment variable to the path to this new directory so SimpleSAML can access these config files.- If you're doing this via PHP, you would use
putenv('SIMPLESAMLPHP_CONFIG_DIR=' . CONFIG . 'simplesaml');
- Do not include a trailing slash in the path string
- This can be placed in
/config/bootstrap.php
- If you're doing this via PHP, you would use
- Set
baseurlpath
value to the full URL path to access SimpleSAML's www directory, e.g.'baseurlpath' => 'https://example.com/simplesaml-alias-name/'
- If SimpleSAML's metadata files need to be edited
- Copy the library's
/metadata-templates
directory to/config/simplesaml/metadata
from the project's root - Update the metadatadir value in
/config/simplesaml/config.php
'metadatadir' => CONFIG . 'simplesaml' . DS . 'metadata'',
- Copy the library's
Run checks
Open the SimpleSAML web-accessible directory in a browser to confirm that it’s installed and configured correctly.
Using the component
All controllers should now have access to the SimpleSaml
component, which provides these methods:
$this->SimpleSaml->isAuthenticated();
- Returns true if the user is logged in via SimpleSaml$this->SimpleSaml->login($params);
- Starts the authentication process ($params
is documented at\SimpleSAML\Auth\Simple::login()
)$this->SimpleSaml->logout();
- Logs the user out$this->SimpleSaml->getUserAttributes();
- Returns the authenticated user's attributes from the SimpleSaml session, or an empty array if no user is authenticated