Geek Answers Handbook

Saml2 Identity Provider in Symfony2

I have to implement and integrate SAML2 Identity Provider (IdP) with an existing Symfony 2 application.

I found several packages that implement Service Provider (SP) but not Identity Provider, so I think I can use the SimpleSAMLphp library . Are there other solutions?

How can I integrate my user logic using SimpleSAMLphp?

+4
source share
2 answers

UPDATE

As Milos Tomic mentioned in his comment, the / lightsaml antenna is replaced with lightsaml / sp-bundle . Here you can find here .

+++++++++++++++++++++++++++

SAML, Simplesamlphp IDP SamlSPBundle SP, .

Simplesamlphp, .

, IDP, "" ( - , ). " IdP SAML 2.0 IdP". XML, , .

symfony Bundle "SamlBundle". SamlSPBundle, ( 1 2).

SSO State/User class ( 3). , :

namespace SamlBundle\Entity;

use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\UserInterface;

/**
 * @ORM\Entity
 * @ORM\Table(name="samlUser")
 */
class SamlUser extends \AerialShip\SamlSPBundle\Entity\SSOStateEntity implements UserInterface
{

/**
 * initialize User object and generates salt for password
 */
public function __construct()
{
    if (!$this->userData instanceof UserData) {
        $this->userData  = new UserData();
    }
    $this->setRoles('ROLE_USER');
}

/**
 * @var int
 * @ORM\Column(type="integer")
 * @ORM\Id
 * @ORM\GeneratedValue(strategy="AUTO")
 */
protected $id;

/**
 * @var string username
 *
 * @ORM\Column(type="string", length=64, nullable=true)
 */
protected $username;

/**
 * @var string targetedId
 *
 * @ORM\Column(type="string", length=64, nullable=true, name="targeted_id")
 */
protected $targetedID;

/**
 * @var string
 * @ORM\Column(type="string", length=32, name="provider_id", nullable=true)
 */
protected $providerID;

/**
 * @var string
 * @ORM\Column(type="string", length=32, name="auth_svc_name")
 */
protected $authenticationServiceName;

/**
 * @var string
 * @ORM\Column(type="string", length=64, name="session_index", nullable=true)
 */
protected $sessionIndex;

/**
 * @var string
 * @ORM\Column(type="string", length=64, name="name_id")
 */
protected $nameID;

/**
 * @var string
 * @ORM\Column(type="string", length=64, name="name_id_format")
 */
protected $nameIDFormat;

/**
 * @var \DateTime
 * @ORM\Column(type="datetime", name="created_on")
 */
protected $createdOn;

/**
 * @var UserData
 * @ORM\OneToOne(targetEntity="UserData", cascade={"all"}, fetch="EAGER")
 * @ORM\JoinColumn(name="user_data", referencedColumnName="id")
 */
protected $userData;

config.yml( 4):

# app/config/config.yml
aerial_ship_saml_sp:
    driver: orm
    sso_state_entity_class: SamlBundle\Entity\SamlUser

security.yml( 5).

providers:
    saml_user_provider:
        id: SamlToState

firewalls:
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

    saml:
        pattern: ^/(?!login_check)
        anonymous: true
        aerial_ship_saml_sp:
            login_path: /saml/sp/login
            check_path: /saml/sp/acs
            logout_path: /saml/sp/logout
            failure_path: /saml/sp/failure
            metadata_path: /saml/sp/FederationMetadata.xml
            discovery_path: /saml/sp/discovery
            local_logout_path: /logout
            provider: saml_user_provider
            create_user_if_not_exists: true
            services:
                openidp:
                    idp:
                        #the XML-File you saved from the IDP earlier
                        file: "@SamlBundle/Resources/idp-FederationMetadata.xml"
                    sp:
                        config:
                            # required, has to match entity id from IDP XML
                            entity_id: http://your-idp-domain.com
                            # if different then url being used in request
                            # used for construction of assertion consumer and logout urls in SP entity descriptor
                            base_url: http://your-sp-domain.com
                        signing:
                             #self signed certificate, see [SamlSPBundle docs][4]
                            cert_file: "@SamlBundle/Resources/saml.crt"
                            key_file: "@SamlBundle/Resources/saml.pem"
                            key_pass: ""
                        meta:
                            # must implement SpMetaProviderInterface
                            # id: my.sp.provider.service.id

                            # or use builtin SpMetaConfigProvider
                            # any valid saml name id format or shortcuts: persistent or transient
                            name_id_format: transient
                            binding:
                                # any saml binding or shortcuts: post or redirect
                                authn_request: redirect
                                logout_request: redirect
        logout:
            path:   /logout
            target: /
            invalidate_session: true

, 6. 7, . :

namespace SamlBundle\Models;

use SamlBundle\Entity\SamlUser;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use AerialShip\SamlSPBundle\Bridge\SamlSpInfo;
use AerialShip\SamlSPBundle\Security\Core\User\UserManagerInterface as UserManagerInterface;


class SamlToState implements UserManagerInterface
{
/**
 * @var ContainerInterface   base bundle container
 */
public $container;

/**
 * Constructor with DependencyInjection params.
 *
 * @param \Symfony\Component\DependencyInjection\ContainerInterface $container
 */
public function __construct(ContainerInterface $container)  {
    $this->container = $container;
}

/**
 * {@inheritdoc}
 */
public function loadUserBySamlInfo(SamlSpInfo $samlInfo)
{
    $user = $this->loadUserByTargetedID($samlInfo->getAttributes()['eduPersonTargetedID']->getFirstValue());

    return $user;
}

private function loadUserByTargetedID($targetedID) {
    $repository = $this->container->get('doctrine')->getManager()->getRepository('MrmPosSamlBundle:SamlUser');

    $user = $repository->findOneBy(
            array('targetedID' => $targetedID)
    );

    if ($user) {
        return $user;
    }

    throw new \Symfony\Component\Security\Core\Exception\UsernameNotFoundException();
}

/**
 * {@inheritdoc}
 */
public function createUserFromSamlInfo(SamlSpInfo $samlInfo)
{
    $repository = $this->container->get('doctrine')->getManager()->getRepository('MrmPosSamlBundle:SamlUser');

    $user = $repository->findOneBy(
            array('nameID' => $samlInfo->getNameID()->getValue())
    );

    if ($user) {
        $user->setUsername($samlInfo->getAttributes()['eduPersonPrincipalName']->getFirstValue());
        $user->setTargetedID($samlInfo->getAttributes()['eduPersonTargetedID']->getFirstValue());
        $user->setRoles($samlInfo->getAttributes()['role']->getFirstValue());
    } else {
        $user = new SamlUser();
        $user->setUsername($samlInfo->getAttributes()['eduPersonPrincipalName']->getFirstValue());
        $user->setTargetedID($samlInfo->getAttributes()['eduPersonTargetedID']->getFirstValue());
        $user->setRoles($samlInfo->getAttributes()['role']->getFirstValue());
        $user->setSessionIndex($samlInfo->getAuthnStatement()->getSessionIndex());

        $user->setProviderID($samlInfo->getNameID()->getSPProvidedID());
        $user->setAuthenticationServiceName($samlInfo->getAuthenticationServiceID());
        $user->setNameID($samlInfo->getNameID()->getValue());
        $user->setNameIDFormat($samlInfo->getNameID()->getFormat());
    }

    $em = $this->container->get('doctrine')->getManager();
    $em->persist($user);
    $em->flush();

    return $user;
}

public function loadUserByUsername($username)
{
    $repository = $this->container->get('doctrine')->getManager()->getRepository('MrmPosSamlBundle:SamlUser');

    $user = $repository->findOneBy(
            array('username' => $username)
    );

    if ($user) {
        return $user;
    }

    throw new \Symfony\Component\Security\Core\Exception\UsernameNotFoundException();
    return false;
}

/**
 * {@inheritdoc}
 */
public function refreshUser(UserInterface $user)
{
    $repository = $this->container->get('doctrine')->getManager()->getRepository('MrmPosSamlBundle:SamlUser');

    $newUser = $repository->findOneBy(
            array('nameID' => $user->getNameID())
    );

    if (!$newUser) {
        throw new \Symfony\Component\Security\Core\Exception\UsernameNotFoundException();
    }

    return $newUser;
}

/**
 * {@inheritdoc}
 */
public function supportsClass($class)
{
    return true;
}

}

SamlBundle/Resources/config/services.yml:

services:
    SamlToState:
        class: SamlBundle\Models\SamlToState
        arguments: [@service_container]

7, . SP XML, , IDP. "XML to simpleSAMLphp Metadata converter" "". SP XML simpleSAMLphp. saml20-sp-remote.php IDP.

, , - , , , . , , .

+4

:

. , , , , . , .

+1

More articles:


All Articles