- Can I use AE OneLogin SAML Bundle directly in Laravel, or is it strictly for Symfony?
- This bundle is designed for Symfony and lacks native Laravel support. To use it in Laravel, you’d need to abstract Symfony-specific components (like AppKernel or YAML config) via facades or polyfills (e.g., symfony/dependency-injection). Consider alternatives like janitzio/laravel-saml if you want a Laravel-native solution.
- What Laravel versions and PHP requirements does this bundle support?
- The bundle itself requires Symfony 2.x (last updated in 2019) and PHP 7.2+. For Laravel, you’d need to manually bridge Symfony dependencies (e.g., HTTP Foundation, DependencyInjection) using polyfills like symfony/http-client. PHP 8.1+ compatibility would require modernizing the underlying onelogin/php-saml library.
- How do I configure multiple SAML profiles (e.g., for different IdPs) in Laravel?
- The bundle supports multiple profiles via YAML config in Symfony. In Laravel, you’d need to replicate this logic using PHP arrays or environment variables (e.g., `.env` files) and map them to the underlying onelogin/php-saml library. Each profile would require distinct routes and firewall configurations.
- Does this bundle handle SAML security best practices like certificate validation and signing?
- Yes, the bundle leverages OneLogin’s PHP SAML toolkit, which includes configurable security options like signing assertions, encrypting NameIDs, and validating XML signatures. You can enable these in the `security` section of the YAML config (e.g., `wantAssertionsSigned: true`). Always validate certificates and use HTTPS for production.
- What are the key differences between this bundle and alternatives like janitzio/laravel-saml?
- janitzio/laravel-saml is Laravel-native and avoids Symfony dependencies, making it easier to integrate. This bundle offers deeper SAML protocol customization (e.g., advanced binding configurations) but requires manual Laravel-Symfony bridging. Choose janitzio if simplicity is prioritized; use this bundle if you need fine-grained SAML control.
- How do I handle SAML ACS (Assertion Consumer Service) routes in Laravel’s routing system?
- The bundle auto-generates ACS routes in Symfony. In Laravel, you’d need to manually register these routes in `routes/web.php` (e.g., `Route::post('/saml/acs', [SamlController::class, 'handleAssertion'])`). Use middleware to validate SAML responses before processing them with the underlying onelogin/php-saml library.
- Will this bundle work with Laravel’s stateless middleware paradigm, or do I need sessions?
- SAML relies on session state (e.g., for ACS or SLO flows), which conflicts with Laravel’s stateless design. You’ll need to enable sessions (`Session::start()`) or use a hybrid approach (e.g., Symfony’s session component via polyfill). For APIs, consider IdP-initiated SAML to minimize session dependencies.
- How do I test SAML flows locally before deploying to production?
- Use tools like [SAML Tester](https://www.saml-tester.com/) or [OneLogin’s SAML Test Tool](https://www.samltooling.net/) to simulate IdP/SP interactions. Mock the SAML library’s HTTP bindings (e.g., with Guzzle) and test ACS/SLO endpoints locally. Validate responses against the OneLogin PHP SAML toolkit’s expected formats.
- What maintenance risks should I consider with this outdated bundle (last release in 2019)?
- The bundle may not support modern PHP (8.1+) or Symfony (6.x) out of the box. You’ll need to fork and update dependencies like onelogin/php-saml. Alternatively, use the library directly with a Laravel wrapper. Monitor for SAML security vulnerabilities (e.g., XML signature flaws) and patch promptly.
- Can I integrate this bundle with Laravel’s built-in authentication system (e.g., Auth::login)?
- Yes, after processing a SAML assertion, you can manually authenticate users via `Auth::loginUsingId($samlUserId)` or `Auth::login($samlUser)`. Map SAML attributes (e.g., `email`, `name`) to Laravel’s user model. Use middleware to redirect authenticated users away from SAML flows after login.