This is a Shibboleth bundle for Symfony 3+ that uses the Guard system.
Install bundle via composer by running the following command :
composer require unicesil/shibboleth-bundleIf you don't use flex, enable the bundle in config/bundles.php :
<?php
return [
//...
UniceSIL\ShibbolethBundle\UniceSILShibbolethBundle::class => ['all' => true]
];Modify the file config/packages/unice_sil_shibboleth.yaml to add your shibboleth settings :
unice_sil_shibboleth:
login_path: 'Shibboleth.sso/Login' # The path used to call Shibboleth login authentication (default = 'Shibboleth.sso/Login')
logout_path: 'Shibboleth.sso/Logout' # The path used to call Shibboleth logout (default = 'Shibboleth.sso/Logout')
username: 'eppn' # The Shibboleth attribute that is used as username for the logged in user. The attribute must appear in the'attributes' parameter list (default = 'username')
attributes: ['eppn', 'mail', 'givenName', 'sn'] # The list of attributes returned by Shibboleth Service Provider
login_target : '' # The route to which the user will be redirected after login. If this parameter is not filled, the user will be redirected to the page from which he comes. (default = null)
logout_target : '' # The route to which the user will be redirected after logout. If this parameter is not filled, the user will be redirected to the page from which he comes. (default = null)And modify your security.yml file to secure your application :
security:
enable_authenticator_manager: true
provider:
shibboleth:
id: Your\Shibboleth\User\Provider\Class
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
shibboleth:
lazy: true
provider: shibboleth
custom_authenticators:
- unicesil.shibboleth_authenticator
logout: ~
access_control:
- { path: ^/, roles: ROLE_USER }Configure your application .htaccess or your apache configuration:
AuthType shibboleth
ShibRequestSetting requireSession 0
ShibUseHeaders On
ShibRequestSetting applicationId engagement
Require shibboleth
Create your own User and UserProvider classes
class User extends UserInterface
{
//...
public function getUserIdentifier() {
// ...
}
}use UniceSIL\ShibbolethBundle\Security\Provider\AbstractShibbolethUserProvider;
class MyShibbolethUserProvider extends AbstractShibbolethUserProvider
{
public function loadUserByIdentifier(string $identifier): UserInterface
{
$shibbolethUserAttributes = $this->getAttributes();
// Return an instance of User
}
}to properly disconnect your users from the application via Shibboleth, configure the listener as follows in the service.yaml file.
unicesil.shibboleth_logout_event:
class: UniceSIL\ShibbolethBundle\EventListener\LogoutEventListener
arguments: ['%unice_sil_shibboleth%', "@router"]
tags:
- name: 'kernel.event_listener'
event: 'Symfony\Component\Security\Http\Event\LogoutEvent'
method: onLogout
dispatcher: security.event_dispatcher.{YOUR_FIREWALL_NAME} # ex: security.event_dispatcher.mainConfigure the logout route in security.yaml.
security:
firewalls:
shibboleth:
logout:
path: /logoutDon't forgot to declare the logout route in your route configuration file.
logout:
path: /logout