A bundle that adds SAML capabilities to your application using simplesamlphp/saml2
Developed as part of the SURFnet StepUp Gateway
-
Add the package to your Composer file
composer require surfnet/stepup-saml-bundle
-
Add the bundle to your kernel in
app/AppKernel.php
public function registerBundles() { // ... $bundles[] = new Surfnet\SamlBundle\SurfnetSamlBundle; }
surfnet_saml:
hosted:
service_provider:
enabled: true
assertion_consumer_route: name_of_the_route_of_the_assertion_consumer_url
public_key: %surfnet_saml_sp_publickey%
private_key: %surfnet_saml_sp_privatekey%
identity_provider:
enabled: true
service_provider_repository: service.name.of.entity_repository
sso_route: name_of_the_route_of_the_single_sign_on_url
public_key: %surfnet_saml_idp_publickey%
private_key: %surfnet_saml_idp_privatekey%
metadata:
entity_id_route: name_of_the_route_of_metadata_url
public_key: %surfnet_saml_metadata_publickey%
private_key: %surfnet_saml_metadata_privatekey%
remote:
identity_provider:
enabled: true
entity_id: %surfnet_saml_remote_idp_entity_id%
sso_url: %surfnet_saml_remote_idp_sso_url%
certificate: %surfnet_saml_remote_idp_certificate%
The hosted configuration lists the configuration for the services (SP, IdP or both) that your application offers. SP and IdP
functionality can be turned off and on individually through the repective enabled
flags.
The remote configuration lists, if enabled, the configuration for a remote IdP to connect to.
The inlined certificate in the last line can be replaced with certificate_file
containing a filesystem path to
a file which contains said certificate.
It is recommended to use parameters as listed above. The various publickey
and privatekey
variables are the
contents of the key in a single line, without the certificate etc. delimiters. The use of parameters as listed above
is highly recommended so that the actual key contents can be kept out of the configuration files (using for instance
a local parameters.yml
file).
The service_provider_repository
is a repository of service providers for which you offer IdP services. The service
configured must implement the Surfnet\SamlBundle\Entity\ServiceProviderRepository
interface.
<?php
namespace Acme\SamlBundle
use Surfnet\SamlBundle\Http\XMLResponse;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
class MetadataController extends Controller
{
public function metadataAction(Request $request)
{
/** @var \Surfnet\SamlBundle\Metadata\MetadataFactory $metadataFactory */
$metadataFactory = $this->get('surfnet_saml.metadata_factory');
return new XMLResponse($metadataFactory->generate());
}
}