Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Lightsaml
Assessments

Lightsaml Laravel Package

aerialship/lightsaml

SAML 2.0 toolkit for Laravel/PHP to add SSO and identity federation to your apps. Provides helpers for SAML authentication flows, metadata, and certificate handling, making it easier to integrate with common IdPs and SPs.

View on GitHub
Deep Wiki
Context7

Technical Evaluation

Architecture Fit

  • SAML 2.0 Use Case Alignment: The package provides a lightweight, PHP-native SAML 2.0 implementation, making it suitable for Laravel-based identity providers (IdP) or service providers (SP) requiring SAML integration (e.g., SSO, federated authentication).
  • Laravel Ecosystem Compatibility: While not Laravel-specific, it can be integrated via PHP services, middleware, or facade wrappers (e.g., Laravel SAML packages like onelogin/php-saml are alternatives but may be heavier).
  • Architectural Constraints:
    • Stateless vs. Stateful: SAML is inherently stateful (e.g., AuthN requests/responses). Laravel’s stateless middleware may require custom session handling or database-backed state storage.
    • XML Parsing Overhead: SAML relies on XML/HTTP-POST bindings, which may introduce parsing complexity compared to JWT/OAuth2. Laravel’s Blade/Queue systems could mitigate this via async processing.
    • Security Surface: SAML’s complexity (e.g., signature validation, metadata management) increases attack surface. The package’s last release (2015) raises concerns about unpatched CVEs (e.g., PHP XML vulnerabilities like CVE-2021-45044).

Integration Feasibility

  • Core Features:
    • Supports IdP/SP roles, metadata exchange, and binding protocols (HTTP-Redirect, HTTP-POST, SOAP).
    • Can be wrapped in Laravel Service Providers or Middleware for request/response handling.
  • Challenges:
    • Deprecated Dependencies: Likely relies on outdated PHP libraries (e.g., ext-soap, ext-xml). Modern Laravel (8+) may require polyfills or containerized PHP versions.
    • No Laravel-Specific Helpers: Requires manual handling of:
      • Session storage for SAML state (e.g., Auth::guard('saml')->attempt()).
      • Route binding (e.g., /saml/acs, /saml/ls endpoints).
      • Metadata management (e.g., parsing/validating partner SP/IdP metadata).
    • Testing Complexity: SAML’s interactive flows (e.g., ACS/ARP endpoints) demand mockable HTTP clients (e.g., Guzzle) and test doubles for XML validation.

Technical Risk

  • High:
    • Security Risk: Unmaintained codebase with no recent releases or vulnerability scans. SAML implementations are frequent targets for attacks (e.g., replay, metadata poisoning).
    • Compatibility Risk: PHP 8.x may break due to:
      • Deprecated functions (e.g., create_function, mb_* edge cases).
      • Strict typing or JIT incompatibilities.
    • Maintenance Risk: No community support or roadmap. Future Laravel upgrades (e.g., Symfony 7+) may introduce breaking changes.
  • Mitigation Strategies:
    • Fork and Modernize: Update dependencies (e.g., domdocumentSimpleXML), add PHP 8.x support, and integrate with Laravel’s Http\Client.
    • Wrapper Layer: Abstract SAML logic into a Laravel Package (e.g., vendor/bin/saml) with:
      • Config-driven metadata management.
      • Event-based hooks (e.g., saml.authenticated, saml.failed).
      • Queue jobs for async processing (e.g., SAML responses).
    • Fallback Plan: Evaluate alternatives like:

Key Questions

  1. Security:
    • Has the package been audited for SAML-specific vulnerabilities (e.g., OWASP SAML Top 10)?
    • Are there plans to backport critical PHP/XML patches (e.g., CVE-2021-45044)?
  2. Functional Gaps:
    • Does it support SAML 2.0 Profiles critical for your use case (e.g., ECP, Artifact, Holder-of-Key)?
    • How are metadata signatures validated? Is there support for encrypted assertions?
  3. Performance:
    • What are the memory/CPU costs of XML parsing in high-throughput scenarios (e.g., 1000+ SAML requests/sec)?
    • Can it integrate with Laravel’s Queue system for async response processing?
  4. Laravel-Specific:
    • How would you handle session persistence for SAML state (e.g., RelayState, AuthnRequest IDs)?
    • Can it coexist with Laravel’s auth system (e.g., Auth::loginUsingId() for post-SAML auth)?
  5. Long-Term Viability:
    • What’s the migration path if the package becomes unsustainable (e.g., switch to onelogin/php-saml)?

Integration Approach

Stack Fit

  • Laravel Core:
    • Service Provider: Boot the SAML library as a Laravel service (e.g., registerSamlService() in AppServiceProvider).
    • Middleware: Use HandleSamlRequests middleware to intercept SAML ACS/ARP endpoints.
    • Facade: Create a Saml facade for fluent API (e.g., Saml::validateResponse($request)).
  • Dependencies:
  • Database:
    • Metadata Storage: Use saml_metadata table for partner SP/IdP configs (e.g., entity_id, acs_url, x509cert).
    • State Storage: saml_state table for AuthnRequest IDs, RelayState, and session data.

Migration Path

  1. Assessment Phase:
    • Audit current SAML flows (e.g., IdP-initiated vs. SP-initiated).
    • Map existing metadata/configs to the package’s schema.
  2. Proof of Concept (PoC):
    • Implement a minimal SP with:
      • ACS endpoint (/saml/acs).
      • AuthnRequest generation.
      • Response validation.
    • Test with a known SAML IdP (e.g., Okta, Azure AD).
  3. Incremental Rollout:
    • Phase 1: Replace legacy SAML logic with the package in a non-production environment.
    • Phase 2: Integrate with Laravel’s auth system (e.g., Saml::login($user)).
    • Phase 3: Add metadata management UI (e.g., Laravel Nova resource for saml_metadata).
  4. Fallback Strategy:
    • Maintain a feature flag (config('saml.enabled')) to toggle between old/new implementations.
    • Use queue jobs to log failures during transition.

Compatibility

  • PHP Version: Test on PHP 7.4–8.1 (PHP 8.2+ may require polyfills).
  • Laravel Version: Compatible with Laravel 8–10 (avoid Laravel 11’s Symfony 7+ if using deprecated PHP features).
  • SAML Protocol:
    • Verify support for required bindings (e.g., HTTP-Redirect for IdP-initiated, HTTP-POST for SP-initiated).
    • Check metadata formats (e.g., can it parse/validate XML metadata files?).
  • Third-Party Tools:
    • Ensure compatibility with SAML test tools (e.g., SAML Tracer for debugging).

Sequencing

  1. Setup:
    • Install via Composer (composer require aerialship/lightsaml:dev-master).
    • Configure config/saml.php with:
      • entity_id, acs_url, certificate.
      • Partner SP/IdP metadata.
  2. Core Integration:
    • Add routes: 
      Route::post('/saml/acs', [SamlController::class, 'handleAssertion']);
Route::get('/saml/ls', [SamlController::class, 'handleLogout']);
    • Implement middleware to validate incoming SAML requests.
  3. Auth Integration:
    • Extend Laravel’s AuthManager to handle SAML users: 
      Auth::guard('web')->userResolver(function ($request) {
    return Saml::getUserFromResponse($request);
});
  4. Metadata Management:
    • Build a
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
milito/query-filter
apiboxsym/user-bundle
apiboxsym/health-check-bundle
jayeshmepani/jpl-moshier-ephemeris-php
elnasnato/laraliveui
labrodev/rest-sdk
sampaui/sampaui
babelqueue/php-sdk
facebook/capi-param-builder-php
babelqueue/symfony
hamzi/corewatch
minionfactory/raw-hydrator
hexters/coinpayment
rjcodes/rjcms
act-training/laravel-permissions-manager
alimarchal/laravel-chart-of-accounts
babenkoivan/elastic-scout-driver
mkwebdesign/filament-watchdog-v5
renatomarinho/laravel-page-speed
zedmagdy/filament-business-hours