{"id":23514685,"url":"https://github.com/openconext/stepup-saml-bundle","last_synced_at":"2025-07-25T05:15:15.834Z","repository":{"id":22619261,"uuid":"25961674","full_name":"OpenConext/Stepup-saml-bundle","owner":"OpenConext","description":"A PHP Symfony bundle that adds SAML capabilities to your application using simplesamlphp/saml2","archived":false,"fork":false,"pushed_at":"2024-05-22T13:04:49.000Z","size":756,"stargazers_count":14,"open_issues_count":2,"forks_count":25,"subscribers_count":14,"default_branch":"main","last_synced_at":"2024-05-22T14:29:29.361Z","etag":null,"topics":["php","saml2","simplesamlphp","symfony-bundle"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OpenConext.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-10-30T08:35:54.000Z","updated_at":"2024-05-22T14:29:38.157Z","dependencies_parsed_at":"2023-02-14T05:50:31.171Z","dependency_job_id":"fafb0d51-0dfb-4c89-b7b4-eaf3c0dd4373","html_url":"https://github.com/OpenConext/Stepup-saml-bundle","commit_stats":{"total_commits":334,"total_committers":22,"mean_commits":"15.181818181818182","dds":0.7574850299401198,"last_synced_commit":"f38da4d9e420d271e7e167c5904fdc569b3ea5df"},"previous_names":[],"tags_count":101,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenConext%2FStepup-saml-bundle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenConext%2FStepup-saml-bundle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenConext%2FStepup-saml-bundle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenConext%2FStepup-saml-bundle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OpenConext","download_url":"https://codeload.github.com/OpenConext/Stepup-saml-bundle/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249716251,"owners_count":21315062,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["php","saml2","simplesamlphp","symfony-bundle"],"created_at":"2024-12-25T14:09:57.553Z","updated_at":"2025-04-19T14:40:10.437Z","avatar_url":"https://github.com/OpenConext.png","language":"PHP","readme":"# SURFnet SamlBundle\n\n\u003c!--\n [![Build Status](https://travis-ci.org/SURFnet/Stepup-bundle.svg)](https://travis-ci.org/SURFnet/Stepup-bundle) [![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/SURFnet/Stepup-bundle/badges/quality-score.png?b=develop)](https://scrutinizer-ci.com/g/SURFnet/Stepup-bundle/?branch=develop) [![SensioLabs Insight](https://insight.sensiolabs.com/projects/5b8b8d8b-e917-4954-818b-782d9e181c75/mini.png)](https://insight.sensiolabs.com/projects/5b8b8d8b-e917-4954-818b-782d9e181c75)\n--\u003e\n\nA PHP Symfony bundle that adds SAML capabilities to your application using [simplesamlphp/saml2][1]\n\nDeveloped as part of the [OpenConext-Stepup Gateway][2] and related OpenConext-Stepup applications that use SAML 2.0\n\n## Installation\n\n* Add the package to your Composer file\n ```sh\n composer require surfnet/stepup-saml-bundle\n ```\n\nHow to install with SF6\n \n1. Require the bundle in the composer.json (version 4.1.9 or higher)\n2. Enable the bundle in `config/bundles.php` add to the return statement: `Surfnet\\SamlBundle\\SurfnetSamlBundle::class =\u003e ['all' =\u003e true],`\n3. Specify the bundle configuration in `config/packages/surfnet_saml.yaml`, consult the configuration section below for available options.\n4. Configure the templates to the Twig Bundle by adding `'%kernel.project_dir%/vendor/surfnet/stepup-saml-bundle/templates': 'SurfnetSaml'` to your twig.yaml config file(s) \n\n## Configuration\n\n```yaml\nsurfnet_saml:\n enable_authentication: false\n hosted:\n attribute_dictionary:\n ignore_unknown_attributes: false\n service_provider:\n enabled: true\n assertion_consumer_route: name_of_the_route_of_the_assertion_consumer_url\n public_key: %surfnet_saml_sp_publickey%\n private_key: %surfnet_saml_sp_privatekey%\n identity_provider:\n enabled: true\n service_provider_repository: service.name.of.entity_repository\n sso_route: name_of_the_route_of_the_single_sign_on_url\n public_key: %surfnet_saml_idp_publickey%\n private_key: %surfnet_saml_idp_privatekey%\n metadata:\n entity_id_route: name_of_the_route_of_metadata_url\n public_key: %surfnet_saml_metadata_publickey%\n private_key: %surfnet_saml_metadata_privatekey%\n remote:\n identity_provider:\n enabled: true\n entity_id: %surfnet_saml_remote_idp_entity_id%\n sso_url: %surfnet_saml_remote_idp_sso_url%\n certificate: %surfnet_saml_remote_idp_certificate%\n service_providers:\n - entity_id: \"%surfnet_saml_remote_sp_entity_id%\"\n certificate_file: \"%surfnet_saml_remote_sp_certificate%\"\n assertion_consumer_service_url: \"%surfnet_saml_remote_sp_acs%\" \n```\n\nThe `hosted:` configuration lists the configuration for the services (SP, IdP or both) that your application offers. SP and IdP\n functionality can be turned off and on individually through the repective `enabled` flags.\n\nThe `remote:` configuration lists, if enabled, the configuration for one or more remote service providers and identity providers to connect to.\nIf your application authenticates with a single identity provider, you can use the `identity_provider:` option as shown above. The identity\nprovider can be accessed runtime using the `@surfnet_saml.remote.idp` service.\n\nIf your application authenticates with more than one identity providers, you can omit the `identity_provider:` key from configuration and list all\nidentity providers under `identity_providers:`. The identity providers can be accessed by using the `@surfnet_saml.remote.identity_providers` service.\n```yaml\n remote:\n identity_providers:\n - enabled: true\n entity_id: %surfnet_saml_remote_idp_entity_id%\n sso_url: %surfnet_saml_remote_idp_sso_url%\n certificate: %surfnet_saml_remote_idp_certificate%\n\n```\n\nThe inlined certificate in the last line can be replaced with `certificate_file` containing a filesystem path to\na file which contains said certificate.\nIt is recommended to use parameters as listed above. The various `publickey` and `privatekey` variables are the\n contents of the key in a single line, without the certificate etc. delimiters. The use of parameters as listed above\n is highly recommended so that the actual key contents can be kept out of the configuration files (using for instance\n a local `parameters.yml` file).\n\nThe `service_provider_repository` is a repository of service providers for which you offer IdP services. The service\nconfigured _must_ implement the `Surfnet\\SamlBundle\\Entity\\ServiceProviderRepository` interface.\n\nService providers can be provided statically by using the remote.service_providers configuration option. To use these configured service \nproviders keep in mind that you need to assign `surfnet_saml.remote.service_providers` as `service_provider_repository`.\n\n## Example Usage\n\n### Symfony Authentication\nAs of version 5 of this bundle, we started supporting SAML authentications via the Stepup SAML bundle. This ties into \nthe Symfony Security component. \n\nDetails about how to install this into your SP, see the [EXAMPLES.md](EXAMPLES.md).\n\n#### Overriding the ACS processor\nYour application will start to try and handle all SAML Responses that are posted to your apps ACS location.\nIn most situations that's exactly what you want. However if you want to handle the response yourself. You can!\n\n1. Ensure you add a RelayState statement to the AuthnRequest\n2. Configure that RelayState value in the `rejected_relay_states` parameter (in your app). This value defaults to `[]`. So be sure to pass an array of string values\n3. Thats it.\n\n### Metadata Publishing\n\n```php\n\u003c?php\n\nnamespace Acme\\SamlBundle\n\nuse Surfnet\\SamlBundle\\Http\\XMLResponse;\nuse Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller;\nuse Symfony\\Component\\HttpFoundation\\Request;\n\nclass MetadataController extends Controller\n{\n public function metadataAction(Request $request)\n {\n /** @var \\Surfnet\\SamlBundle\\Metadata\\MetadataFactory $metadataFactory */\n $metadataFactory = $this-\u003eget('surfnet_saml.metadata_factory');\n\n return new XMLResponse($metadataFactory-\u003egenerate());\n }\n}\n```\n\nSee more examples in [EXAMPLES.md](EXAMPLES.md).\n\n\n## Release strategy\n\n### CHANGELOG.md\nPlease read: https://github.com/OpenConext/Stepup-Deploy/wiki/Release-Management for more information on the release strategy used in Stepup projects.\n\n### UPGRADING.md\nWhen introducing backwards compatible breaking changes in the bundle. Please update the UPGRADING.md file to instruct\nusers how to deal with these changes. This makes upgrading as painless as possible. \n\n[1]: https://github.com/simplesamlphp/saml2\n[2]: https://github.com/OpenConext/Stepup-Gateway\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenconext%2Fstepup-saml-bundle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopenconext%2Fstepup-saml-bundle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenconext%2Fstepup-saml-bundle/lists"}