Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Oneloginsaml Bundle
Assessments

Oneloginsaml Bundle Laravel Package

ae/oneloginsaml-bundle

Symfony bundle wrapping OneLogin’s PHP SAML toolkit to add SAML 2.0 SSO/SLO to your app. Configure IdP/SP metadata via YAML, expose ACS/logout/metadata endpoints, and integrate with Symfony security firewalls for authentication flows.

View on GitHub
Deep Wiki
Context7

Getting Started

Minimal Setup

  1. Installation Add the bundle via Composer:

    composer require ae/oneloginsaml-bundle:dev-master

    Enable it in config/bundles.php (Symfony 4+) or app/AppKernel.php (Symfony 2/3):

    AE\OneLoginSamlBundle\AEOneLoginSamlBundle::class => ['all' => true],

  2. Basic Configuration Define SAML settings in config/packages/ae_one_login_saml.yaml (Symfony 4+) or app/config/config.yml:

    ae_one_login_saml:
    default:
        idp:
            entityId: 'https://your-idp.com/saml2/idp/metadata'
            singleSignOnService:
                url: 'https://your-idp.com/saml2/idp/SSOService.php'
                binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
            x509cert: '%env(ONELOGIN_IDP_CERT)%'
        sp:
            entityId: 'https://your-app.com/saml/metadata'
            assertionConsumerService:
                url: 'https://your-app.com/saml/acs'
                binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'

  3. First Use Case: Authentication Configure a firewall in config/packages/security.yaml:

    security:
    firewalls:
        main:
            saml: true  # Enables SAML auth
            context: saml

    Test by accessing a protected route—you’ll be redirected to the IdP for login.

Implementation Patterns

Workflows

  1. User Authentication Flow

    • The bundle handles the SAML handshake automatically after saml: true is set in the firewall.
    • Use OneLogin_Saml_Utils::getAttributes() in controllers to access user attributes post-auth: 
      use AE\OneLoginSamlBundle\Utils\OneLoginSamlUtils;

public function postAuthAction(Request $request)
{
    $attributes = OneLoginSamlUtils::getAttributes();
    $userEmail = $attributes['email'][0] ?? null;
    // Create/update user in your system
}

  2. Metadata Generation Generate SP metadata dynamically for IdP configuration:

    php bin/console ae:onelogin:saml:metadata

    Outputs XML to var/saml/metadata.xml.

  3. Custom Attribute Mapping Map IdP attributes to Symfony users in config/packages/ae_one_login_saml.yaml:

    ae_one_login_saml:
    default:
        attribute_map:
            email: 'email'
            first_name: 'firstName'
            last_name: 'lastName'

  4. Logout Handling Trigger SAML logout via a route:

    # config/routes.yaml
saml_logout:
    path: /logout
    methods: GET
    defaults:
        _controller: AE\OneLoginSamlBundle\Controller\SamlController::logoutAction

Integration Tips

  • Symfony Security Events: Listen for security.interactive_login to sync user data:

    // src/EventListener/SamlAuthListener.php
public function onSamlLogin(InteractiveLoginEvent $event)
{
    $user = $event->getUser();
    $attributes = OneLoginSamlUtils::getAttributes();
    // Update user entity with SAML attributes
}

    Register in config/services.yaml:

    services:
    App\EventListener\SamlAuthListener:
        tags:
            - { name: kernel.event_listener, event: security.interactive_login, method: onSamlLogin }

  • Environment Variables: Store sensitive IdP certs in .env:

    ONELOGIN_IDP_CERT="-----BEGIN CERTIFICATE-----\n..."

    Reference in YAML:

    idp:
    x509cert: '%env(ONELOGIN_IDP_CERT)%'

  • Debugging SAML: Enable debug mode in config:

    ae_one_login_saml:
    default:
        debug: true

    Logs SAML messages to var/log/saml.log.

Gotchas and Tips

Pitfalls

  1. Certificate Handling

    • Issue: Missing or malformed x509cert causes SAML validation failures.
    • Fix: Ensure the cert is:
      • Properly formatted (PEM, no extra whitespace).
      • Loaded correctly (test with openssl x509 -in cert.pem -noout -text).
      • Referenced correctly in YAML (use %env() for .env vars).

  2. EntityID Mismatch

    • Issue: IdP rejects requests if sp.entityId doesn’t match the ACS URL.
    • Fix: Ensure entityId matches the route path (e.g., https://your-app.com/saml/metadata).

  3. Binding Configuration

    • Issue: Hardcoded bindings (e.g., HTTP-Redirect for ACS) may fail if IdP expects HTTP-POST.
    • Fix: Align bindings with IdP metadata. Defaults in the README may not match all IdPs.

  4. Attribute Access Timing

    • Issue: OneLoginSamlUtils::getAttributes() returns null outside SAML flows.
    • Fix: Check for SAML context first: 
      if (OneLoginSamlUtils::isSamlRequest()) {
    $attributes = OneLoginSamlUtils::getAttributes();
}

  5. Symfony 4+ Kernel Changes

    • Issue: Bundle assumes AppKernel (Symfony 2/3). In Symfony 4+, ensure:
      • The bundle is listed in config/bundles.php.
      • Config is in config/packages/ae_one_login_saml.yaml.

  6. CSRF on ACS

    • Issue: Some IdPs fail if ACS expects CSRF tokens.
    • Fix: Disable CSRF for SAML routes in security.yaml: 
      firewalls:
    main:
        saml: true
        csrf_protection: false

Debugging Tips

  • SAML Debug Logs: Enable debug: true and check var/log/saml.log for raw SAML messages.
  • Metadata Validation: Use SAML Tracer to inspect requests/responses.
  • IdP Test Mode: Configure IdP in "test mode" to avoid production issues during setup.

Extension Points

  1. Custom Auth Provider Override the default SamlAuthenticationProvider by extending AE\OneLoginSamlBundle\Security\SamlAuthenticationProvider and configuring it in security.yaml:

    security:
    providers:
        saml_provider:
            id: App\Security\CustomSamlProvider

  2. Attribute Filters Filter or transform attributes before user creation:

    // src/EventListener/SamlAttributeListener.php
public function onSamlAuth(SamlAuthEvent $event)
{
    $attributes = $event->getAttributes();
    $attributes['normalized_email'] = strtolower($attributes['email'][0]);
    $event->setAttributes($attributes);
}

  3. Dynamic Configuration Load SAML settings from a database or API:

    ae_one_login_saml:
    default:
        idp:
            entityId: '%env(SAML_IDP_ENTITYID)%'
            # Other dynamic settings...

    Use a compiler pass to resolve values at runtime.

  4. Multi-IdP Support Configure multiple IdPs in the same app by defining multiple configs:

    ae_one_login_saml:
    idp1:
        # Config for IdP 1
    idp2:
        # Config for IdP 2

    Route users to the correct IdP based on context (e.g., subdomain).

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
hamzi/corewatch
minionfactory/raw-hydrator
hexters/coinpayment
rjcodes/rjcms
act-training/laravel-permissions-manager
alimarchal/laravel-chart-of-accounts
babenkoivan/elastic-scout-driver
mkwebdesign/filament-watchdog-v5
renatomarinho/laravel-page-speed
zedmagdy/filament-business-hours
renatovdemoura/blade-elements-ui
devgeek/beacon-admin
benjamin-rqt/data-watcher-bundle
atriumphp/atrium
sandermuller/package-boost-laravel
sandermuller/boost-skills
redaxo/core
yusufgenc/filament-api-forge
l3aro/rating-star-for-filament
leek/filament-subtenant-scope