Greetings! I'm Aneesh Sreedharan, CEO of 2Hats Logic Solutions. At 2Hats Logic Solutions, we are dedicated to providing technical expertise and resolving your concerns in the world of technology. Our blog page serves as a resource where we share insights and experiences, offering valuable perspectives on your queries.
For every authorized application, a set of login credentials (username and password) are needed. It’s hard to keep different credentials for different applications. For faster access to multiple applications, users can use a single set of credentials. How is it possible?
It can be achieved using Single sign-on (SSO). Single sign-on is a part of user authentication. Using SSO a user can easily be logged into multiple applications with a single set of credentials.
Let’s focus on how we can implement SSO in Laravel. It’s quite easy to implement SSO in Laravel.
Moving to SSO integration
Let’s flow to the river of steps included
Install the package via composer
1 | composer require aacotroneo/laravel-saml2 |
1 2 3 4 5 6 7 8 9 | 'providers' => [ ... AacotroneoSaml2Saml2ServiceProvider::class, ] 'alias' => [ ... 'Saml2' => AacotroneoSaml2FacadesSaml2Auth::class, ] |
Run the following to add saml configuration file
1 | php artisan vendor:publish --provider=”AacotroneoSaml2Saml2ServiceProvider” |
For configuration settings need a one-login account. Sign up as a developer in Onelogin
In the OneLogin dashboard follow the steps
- Select Apps->Add Apps
- Search for SAML Test Connector
- Select SAML Test Connector (IdP)
- Edit name and save
In the same configuration file, IdP section variables values can be changed as follows: In the SSO tab,
- URL => entityId
- SAML 2.0 Endpoint (HTTP) => singleSignOnService
- SLO Endpoint (HTTP) => singleLogoutService
- X.509 certificate->view details => x509cert
- Save the configuration file.
In the Configuration tab set,
- Audience => https://hostname/saml2/metadata
- Recipient => https://hostname/saml2/acs
- ACS (Consumer) URL Validator => .*
- Single Logout URL => https://hostname/saml2/sls
- Save the configuration file
- Add Users to the App from the Users tab.
- Then move to the Laravel project side.
After installing this package create saml login event and saml logout event in the application. Then add listeners to the saml events in Event Service Providers (app/providers/EventServiceProvider.php).
In EventServiceProvider.php the protected variable listen may change to:
1 2 3 4 5 6 7 8 | protected $listen = [ 'AacotroneoSaml2EventsSaml2LoginEvent' => [ 'AppListenersSaml2LoginListener', ], 'AacotroneoSaml2EventsSaml2LogoutEvent' => [ 'AppListenersSaml2LogoutListener', ], ]; |
Saml2LoginListener and Saml2LogoutListener are the listener’s files to be created. These two listeners are stored in the appListeners folder.}
LOGIN LISTENER
handle() function of Saml2LoginListener will look like the following
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | public function handle(Saml2LoginEvent $event) { $messageId = $event->getSaml2Auth()->getLastMessageId(); // your own code preventing reuse of a $messageId to stop replay attacks $user = $event->getSaml2User(); $userData = [ 'id' => $user->getUserId(), 'attributes' => $user->getAttributes(), 'assertion' => $user->getRawSamlAssertion() ]; $laravelUser = User::adminUsers()->where('email', $userData['id'])->first();//find user by ID or attribute //if it does not exist create it and go on or show an error message if($laravelUser) { Auth::login($laravelUser); AdminLoginHistory::create([ 'user_id' => Auth::id() ]); } else { session(['saml2_error_single' => 'You do not have access, please visit the system’s Teamdot page to obtain instructions']); } } |
Include these lines after namespace
1 2 3 | use AacotroneoSaml2EventsSaml2LoginEvent; use IlluminateQueueInteractsWithQueue; use IlluminateContractsQueueShouldQueue; |
LOGOUT LISTENER
handle() function of Saml2LogoutListener will be like the following
1 2 3 4 5 | public function handle($event) { Auth::logout(); Session::save(); } |
Include these lines after the namespace
1 2 3 | use AacotroneoSaml2EventsSaml2LogoutEvent; use IlluminateQueueInteractsWithQueue; use IlluminateContractsQueueShouldQueue; |
In the login view page add the route(‘saml_login’) in the login button to proceed with SSO.
Have Doubts? Contact Us!
If you’re looking to implement Single Sign-on (SSO) in your Laravel development services, you may be facing some challenges along the way. Fortunately, there are experienced Laravel developers like 2hats Logic Solutions who can help you navigate these obstacles and get your SSO system up and running smoothly.
At 2hats Logic Solutions, we have a team of experts who can help you integrate SSO into your Laravel application. We understand the ins and outs of the SSO process and can help you choose the right SSO solution for your business needs. Whether you’re looking to implement SSO for internal users or external clients, we can provide you with the expertise you need to get the job done.