Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Saml Sp Bundle
Assessments

Saml Sp Bundle Laravel Package

aerialship/saml-sp-bundle

Symfony2 bundle providing a SAML 2.0 Service Provider: authenticate against one or more IdPs with SSO (AuthnRequest), Single Logout, federation metadata, discovery service, and HTTP-POST/Redirect bindings. Legacy; newer version exists.

View on GitHub
Deep Wiki
Context7

Technical Evaluation

Architecture Fit

  • Symfony2 SAML2 SP Integration: The bundle provides a Symfony2-specific SAML 2.0 Service Provider (SP) implementation, leveraging the onelogin/php-saml library under the hood. This aligns well with Symfony2-based applications requiring SAML authentication (e.g., enterprise SSO, federated identity).
  • Modularity: The bundle follows Symfony’s bundle architecture, making it easy to integrate into existing Symfony2 applications without major refactoring.
  • Protocol Support: SAML 2.0 is a standardized identity protocol, ensuring compatibility with most Identity Providers (IdPs) like Okta, Azure AD, ADFS, or Shibboleth.
  • Limitation: No Symfony 3+ support (deprecated in favor of lightSAML/SpBundle). If using Symfony 2.8+, evaluate migration risk.

Integration Feasibility

  • Dependency Alignment:
    • Requires onelogin/php-saml (v2.x), which is stable but outdated (last major update in 2016).
    • Symfony 2.3–2.7 compatibility (Symfony 2.8+ may need adjustments).
    • PHP 5.3.3+ (older than modern PHP 8.x).
  • Configuration Overhead:
    • Requires XML metadata (IdP/SP configuration) and Symfony service/configuration setup.
    • Custom authentication logic may need extension via event listeners or custom guards.
  • Database Agnostic: No direct DB dependencies, but user provisioning (post-auth) may require custom logic.

Technical Risk

Risk Area Severity Mitigation Strategy
Deprecated Bundle High Migrate to lightSAML/SpBundle if possible.
Outdated Dependencies Medium Test compatibility with newer PHP/Symfony.
SAML Complexity Medium Use existing IdP metadata; validate with test IdPs (e.g., Okta sandbox).
Security Updates High Monitor onelogin/php-saml for CVEs.
Symfony Version Lock High Avoid if using Symfony 3+ or PHP 7+.

Key Questions

  1. Symfony Version: Is the application locked to Symfony 2.3–2.7? If not, should we migrate to lightSAML/SpBundle?
  2. IdP Compatibility: Which IdPs will integrate? Are their metadata formats supported?
  3. Customization Needs: Does the app require custom attribute mapping, multi-IdP support, or post-auth workflows?
  4. Performance: Will SAML auth introduce latency? (Test with load scenarios.)
  5. Maintenance: Is the team comfortable maintaining a near-abandoned bundle, or should we invest in a modern alternative?

Integration Approach

Stack Fit

  • Symfony2 Environment: Ideal for Symfony 2.3–2.7 apps. For newer versions, avoid unless absolutely necessary.
  • PHP Version: Works with PHP 5.3.3+, but PHP 7.4+ may require polyfills or forks.
  • Database: No direct coupling, but user provisioning may need custom logic (e.g., Doctrine listeners).
  • Frontend: SAML relies on HTTP redirects/POST bindings; ensure no CSP or proxy blocks SAML responses.

Migration Path

  1. Assessment Phase:
    • Audit current auth flow (e.g., form-based → SAML).
    • Validate IdP metadata compatibility.
  2. Bundle Installation: 
    composer require aerialship/saml-sp-bundle
    • Configure app/config/config.yml with IdP metadata and SP settings.
  3. Authentication Flow:
    • Extend SamlGuard or create a custom firewall for SAML auth.
    • Example: 
      # app/config/security.yml
firewalls:
    saml:
        pattern: ^/saml
        saml: ~
  4. Testing:
    • Use test IdPs (e.g., Okta, SimpleSAMLphp) to validate auth cycles.
    • Test error scenarios (invalid metadata, expired tokens).

Compatibility

  • Symfony Components: Uses Symfony’s DependencyInjection, Routing, and Security components.
  • SAML Libraries: Relies on onelogin/php-saml (v2.x). Check for breaking changes if upgrading PHP.
  • Legacy Systems: If integrating with old IdPs, ensure metadata formats (e.g., XML schema) align.

Sequencing

  1. Phase 1: Bundle installation + basic IdP config.
  2. Phase 2: Implement user provisioning (e.g., sync SAML attributes to DB).
  3. Phase 3: Add fallback auth (e.g., form login if SAML fails).
  4. Phase 4: Load testing and monitoring (e.g., SAML response times).

Operational Impact

Maintenance

  • Bundle Updates: No new features expected; only critical bug fixes. Monitor aerialship/SamlSPBundle and onelogin/php-saml for patches.
  • Dependency Risks:
    • onelogin/php-saml has no active development. Consider forking if critical fixes are needed.
    • Symfony 2.x end-of-life (EOL): Plan for migration to lightSAML/SpBundle or a modern alternative (e.g., league/oauth2-saml).
  • Configuration Drift: SAML metadata and IdP changes may require frequent config updates.

Support

  • Community: Limited (63 stars, last release 2016). Support may require self-service debugging.
  • Logging: Bundle provides basic logs via Symfony’s logger. Extend with SAML-specific logging for troubleshooting.
  • IdP Vendor Support: Issues may require coordination with IdP teams (e.g., Azure AD, Okta).

Scaling

  • Performance:
    • SAML introduces round-trip latency (authn requests/responses). Test under load.
    • Caching: Cache IdP metadata if static (e.g., using Symfony’s cache layer).
  • Horizontal Scaling:
    • Stateless by design (SAML tokens are signed), but session management (e.g., user attributes) may need coordination across instances.
    • Use shared storage (e.g., Redis) for transient SAML state if needed.
  • Database Load: Minimal unless custom user provisioning is heavy.

Failure Modes

Failure Scenario Impact Mitigation
IdP Unavailable Auth failures Implement fallback (e.g., form login).
Malformed SAML Response Security risk (e.g., replay attacks) Validate signatures; use strict mode.
Bundle/Dependency Bug Auth outages Rollback to known version; fork if critical.
Metadata Misconfiguration Auth loops or 403s Validate with test IdPs early.
PHP/Symfony Version Incompatibility Crashes Containerize with pinned versions.

Ramp-Up

  • Developer Onboarding:
    • 1–2 days: Understand SAML basics (flows, metadata, bindings).
    • 3–5 days: Configure bundle + test with a sandbox IdP.
  • Operational Onboarding:
    • 1 week: Monitor logs for SAML-specific errors (e.g., SamlException).
    • 2 weeks: Document IdP-specific quirks (e.g., attribute naming).
  • Training Needs:
    • Security Team: SAML threat model (e.g., phishing via IdP).
    • DevOps: Debugging SAML traffic (use Wireshark or SAML tracer tools).
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
daikazu/eloquent-salesforce-objects
unseen-codes/chat
romalytar/yammi-jobs-monitoring-laravel
kisame76/filament-db-table-state
nqxcode/laravel-lucene-search
dpfx/laravel-livewire-wizards
workos/workos-php-laravel
sofa/laravel-global-scope
nawasara/auth-primitives
adhocrat-io/arkhe-main
make-dev/orca-harpoon
itsemon245/lamet
baks-dev/dashboard
amoifr/pickle-panther-bundle
make-dev/orca
dmstr/symfony-system-resources-bundle
dmstr/symfony-job-queue-bundle
dmstr/openapi-json-schema-bundle
dmstr/keycloak-security-bundle
dmstr/doctrine-audit-log-bundle