dcSamlPlugin
0.0.9beta
for sf 1.4sf 1.3sf 1.2 MIT
dcSamlPlugin
Introduction
This plugin provides SSO authentication and authorization for symfony
applications based in [SAML].
SSO provided by Saml allow developers to concentrate in business logic
delegating all authentication and authorization work to Saml Identity
Manager.
The plugin installation is as simply as described here.
An other additional feature is that once a user is authenticated
in one of the applications using Saml, you will be automatically
authenticated in the others applications
Subversion download
You can download the latest version of this plugin from:
http://svn.symfony-project.com/plugins/dcSamlPlugin/trunk/
Installation
svn installation:
$ svn co http://svn.symfony-project.com/plugins/dcSamlPlugin/trunk/ plugins/dcSamlPlugin
install as a plugin:
$ ./symfony pl:i dcSamlPlugin
Enable the plugin in your proyect configuration (only if installed through svn)
// in config/ProjectConfiguration.class.php add:
$this->enablePlugin("dcSamlPlugin");clear the cache
$ ./symfony cc
Configuration
- In your app.yml add the following configuration lines
- Is important that you know the Login URL of Saml
- Is important that you know the Logout URL of Saml
- Saml server x509 Certificate
Example
all:
.....
dc_saml_plugin:
# Saml Server settings
login_url: http://localhost/simplesaml/saml2/idp/SSOService.php
logout_url: http://localhost/simplesaml/saml2/idp/initSLO.php?RelayState=
certificate: <?php echo file_get_contents(sfConfig::get('sf_root_dir').'/saml.cert');?> # if you have a file with the saml certificate called saml.cert
name_identifier_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistant"
application_issuer: application-identification-name
# The prefix to delete from the appliction credentials.
# If you have this credentials for your application:
# [application-identification-name.delete_something, application-identification-name.create_something]
# the prefix should be "application-identification-name"
remove_permission_prefix: prefix
# Where do you want the plugin redirects you when login or logout
success_signin_url: @homepage
success_signout_url: @homepage
# This module actions are if you want to redefine them. Do not recomended
security_check_module: dcSamlAuth
security_check_action: securityCheck
- In your settings.yml enable crJossoAuth module and change
Example
enabled_modules: [default, dcSamlAuth, .... ]
login_module: dcSamlAuth
login_action: signin
- Prepend the following routing rules in routing.yml:
Example
dc_saml_signin:
url: /login
param: { module: dcSamlAuth, action: signin }
dc_saml_signout:
url: /logout
param: { module: dcSamlAuth, action: signout }
....
- Change the security filter: filters.yml
Example
rendering: ~
security:
class: dcSamlSecurityFilter
...
- Change the parent class of myUser.class.php:
Example
class myUser extends dcSamlSecurityUser
{
}
- Remember that it is important to change the session_name in factories.yml
Example
all:
storage:
class: sfSessionStorage
param:
session_name: saml-test
Author
Matías E. Brown mbrown@cespi.unlp.edu.ar
Developers
License
Copyright (c) 2012 MatÃas Brown
Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation
files (the "Software"), to deal in the Software without
restriction, including without limitation the rights to use,
copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the
Software is furnished to do so, subject to the following
conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
Releases for sf 1.4
| Version |
License |
API |
Released |
|
0.0.9beta
|
MIT license |
1.4.0beta
|
09/04/2012 |
Releases for sf 1.3
| Version |
License |
API |
Released |
|
0.0.9beta
|
MIT license |
1.4.0beta
|
09/04/2012 |
Releases for sf 1.2
| Version |
License |
API |
Released |
|
0.0.9beta
|
MIT license |
1.4.0beta
|
09/04/2012 |
Changelog for release 0.0.9 - 09/04/2012
Other releases
Release 0.0.9 - 09/04/2012
dcSamlPlugin
Introduction
This plugin provides SSO authentication and authorization for symfony
applications based in [SAML].
SSO provided by Saml allow developers to concentrate in business logic
delegating all authentication and authorization work to Saml Identity
Manager.
The plugin installation is as simply as described here.
An other additional feature is that once a user is authenticated
in one of the applications using Saml, you will be automatically
authenticated in the others applications
Subversion download
You can download the latest version of this plugin from:
http://svn.symfony-project.com/plugins/dcSamlPlugin/trunk/
Installation
svn installation:
$ svn co http://svn.symfony-project.com/plugins/dcSamlPlugin/trunk/ plugins/dcSamlPlugin
install as a plugin:
$ ./symfony pl:i dcSamlPlugin
Enable the plugin in your proyect configuration (only if installed through svn)
// in config/ProjectConfiguration.class.php add:
$this->enablePlugin("dcSamlPlugin");clear the cache
$ ./symfony cc
Configuration
- In your app.yml add the following configuration lines
- Is important that you know the Login URL of Saml
- Is important that you know the Logout URL of Saml
- Saml server x509 Certificate
Example
all:
.....
dc_saml_plugin:
# Saml Server settings
login_url: http://localhost/simplesaml/saml2/idp/SSOService.php
logout_url: http://localhost/simplesaml/saml2/idp/initSLO.php?RelayState=
certificate: <?php echo file_get_contents(sfConfig::get('sf_root_dir').'/saml.cert');?> # if you have a file with the saml certificate called saml.cert
name_identifier_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistant"
application_issuer: application-identification-name
# The prefix to delete from the appliction credentials.
# If you have this credentials for your application:
# [application-identification-name.delete_something, application-identification-name.create_something]
# the prefix should be "application-identification-name"
remove_permission_prefix: prefix
# Where do you want the plugin redirects you when login or logout
success_signin_url: @homepage
success_signout_url: @homepage
# This module actions are if you want to redefine them. Do not recomended
security_check_module: dcSamlAuth
security_check_action: securityCheck
- In your settings.yml enable crJossoAuth module and change
Example
enabled_modules: [default, dcSamlAuth, .... ]
login_module: dcSamlAuth
login_action: signin
- Prepend the following routing rules in routing.yml:
Example
dc_saml_signin:
url: /login
param: { module: dcSamlAuth, action: signin }
dc_saml_signout:
url: /logout
param: { module: dcSamlAuth, action: signout }
....
- Change the security filter: filters.yml
Example
rendering: ~
security:
class: dcSamlSecurityFilter
...
- Change the parent class of myUser.class.php:
Example
class myUser extends dcSamlSecurityUser
{
}
- Remember that it is important to change the session_name in factories.yml
Example
all:
storage:
class: sfSessionStorage
param:
session_name: saml-test
Author
MatÃas E. Brown mbrown@cespi.unlp.edu.ar
