tvdijen / saml2
SAML2 PHP library from SimpleSAMLphp
Requires
- php: >=5.4
- ext-dom: *
- ext-openssl: *
- ext-zlib: *
- psr/log: ~1.0
- robrichards/xmlseclibs: ^3.0
Requires (Dev)
- mockery/mockery: ~0.9
- phpmd/phpmd: ~1.5
- phpunit/phpunit: ~4
- sebastian/phpcpd: ~1.4
- sensiolabs/security-checker: ~1.1
- squizlabs/php_codesniffer: ~1.4
- v3.1.5
- v3.1.4
- v3.1.3
- v3.1.2
- v3.1.1
- v3.1.0
- v3.0.3
- v3.0.2
- v3.0.1
- v3.0.0
- v2.3.8
- v2.3.7
- v2.3.6
- v2.3.5
- v2.3.4
- v2.3.3
- v2.3.2
- v2.3.1
- v2.3
- v2.2
- v2.1
- v2.0.1
- v2.0.0
- v1.10.6
- v1.10.5
- v1.10.4
- v1.10.3
- v1.10.2
- v1.10.1
- v1.10
- v1.9.1
- v1.9
- v1.8.1
- v1.8
- v1.7.2
- v1.7.1
- v1.7.0
- v1.6.1
- v1.6.0
- v1.5.4
- 1.5.3
- v1.5.2
- v1.5.1
- v1.5.0
- v1.4.0
- v1.3.2
- v1.3.1
- v1.3.0
- v1.2.0
- v1.1.0
- v1.0.0
- v0.8.1
- v0.8.0
- v0.7.1
- v0.7.0
- v0.6.4
- v0.6.3
- v0.6.2
- v0.6.1
- v0.6.0
- v0.5.0
- v0.4.2
- v0.4.1
- v0.4.0
- v0.3.0
- v0.2.0
- v0.1.0
- v0.1.0-alpha
- dev-feature-friendlynames
- dev-release-4-alpha
- dev-typehints
- dev-release-1.x
- dev-release-2.x
- dev-release-1.8.x
- dev-release-1.9.x
- dev-master / 4.2.x-dev
This package is auto-updated.
Last update: 2024-10-15 07:22:44 UTC
README
A PHP library for SAML2 related functionality. Extracted from SimpleSAMLphp, used by OpenConext. This library started as a collaboration between UNINETT and SURFnet but everyone is invited to contribute.
Before you use it
DO NOT USE THIS LIBRARY UNLESS YOU ARE INTIMATELY FAMILIAR WITH THE SAML2 SPECIFICATION.
If you are not familiar with the SAML2 specification and are simply looking to connect your application using SAML2, you should probably use SimpleSAMLphp.
Note that the HTTP Artifact Binding and SOAP client do not work outside of SimpleSAMLphp.
Which version to pick?
The latest released version (4.x
range) is the preffered version.
The 3.x branch
is our LTS branch and will be supported as long as SimpleSAMLphp hasn't migrated to the 4.x
branch.
All other branches (2.x
and earlier) are no longer supported and will not receive any maintenance or
(security) fixes. Do not use these versions.
We conform to Semantic Versioning. Be sure to check the UPGRADING.md file if you are upgrading from an older version. Here you will find instructions on how to deal with BC breaking changes between versions.
Usage
- Install with Composer, run the following command in your project:
composer require simplesamlphp/saml2:^3.0
-
Provide the required external dependencies by extending and implementing the
SAML2\Compat\AbstractContainer
then injecting it in the ContainerSingleton (see example below). -
Make sure you've read the security section below.
-
Use at will. Example:
// Use Composers autoloading require 'vendor/autoload.php'; // Implement the Container interface (out of scope for example) require 'container.php'; SAML2\Compat\ContainerSingleton::setContainer($container); // Set up an AuthnRequest $request = new SAML2\AuthnRequest(); $request->setId($container->generateId()); $request->setIssuer('https://sp.example.edu'); $request->setDestination('https://idp.example.edu'); // Send it off using the HTTP-Redirect binding $binding = new SAML2\HTTPRedirect(); $binding->send($request);
Security
- Should you need to create a DOMDocument instance, use the
SAML2\DOMDocumentFactory
to create DOMDocuments from either a string (SAML2\DOMDocumentFactory::fromString($theXmlAsString)
), a file (SAML2\DOMDocumentFactory::fromFile($pathToTheFile)
) or just a new instance (SAML2\DOMDocumentFactory::create()
). This in order to protect yourself against the XXE Processing Vulnerability, as well as XML Entity Expansion attacks
License
This library is licensed under the LGPL license version 2.1. For more details see LICENSE.