Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

SSO security filter for symfony1.4

branch: master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 config
Octocat-spinner-32 lib
Octocat-spinner-32 modules
Octocat-spinner-32 README.markdown
README.markdown

knpSsoPlugin

The knpSsoPlugin is a symfony 1.4 plugin that provides authentication via SSO above the standard security feature of symfony.

It gives you the model (user) and the modules (frontend) to secure your symfony application in a minute in a configurable plugin. It does not require a database as the user infos are only stored in the user session.

Credits go to the knpLabs team.

Installation

  • Install the plugin (via a git submodule)

    git submodule add git://github.com/knplabs/knpSsoPlugin.git plugins/knpSsoPlugin
    
  • Activate the plugin in the config/ProjectConfiguration.class.php

    [php]
    class ProjectConfiguration extends sfProjectConfiguration
    {
      public function setup()
      {
        $this->enablePlugins(array(
          'knpSsoPlugin',
          '...'
        ));
      }
    }
    

Secure your application

To secure a symfony application:

  • Enable the module knpSsoAuth in settings.yml

    all:
      .settings:
        enabled_modules: [..., knpSsoAuth]
    
  • Change the default login and secure modules in settings.yml

    login_module:           knpSsoAuth
    login_action:           signin
    
    secure_module:          knpSsoAuth
    secure_action:          secure
    
  • Change the parent class in myUser.class.php

    class myUser extends knpSsoSecurityUser
    {
    }
    
  • Optionally add the following routing rules to routing.yml

    knp_sso_signin:
      url:   /login
      param: { module: knpSsoAuth, action: signin }
    
    knp_sso_signout:
      url:   /logout
      param: { module: knpSsoAuth, action: signout }
    

    You can customize the url parameter of each route.

    These routes are automatically registered by the plugin if the module knpSsoAuth is enabled unless you defined knp_sso_plugin_routes_register to false in the app.yml configuration file:

    all:
      knp_sso_plugin_routes_register:
        routes_register: false
    
  • Secure some modules or your entire application in security.yml

    default:
      is_secure: true
    
  • Configure your SSO server in your app.yml

    all:
      knp_sso_plugin:
        # sso_plugin_signin_form: knpSsoFormSignin
        # sso_key_parameter: sso_key                     # name of the GET parameter you will use
        # sso_fetcher_class: knpSsoFetcher
        sso_fetcher_options:
          method: demo.validateSso
          url: http://www.knplabs.com/xmlrpc.php
    
  • You're done. Now, if you try to access a secure page with a valid sso_key as a parameter, you will have access to the page.

Customize knpSsoAuth module actions

If you want to customize or add methods to the knpSsoAuth:

  • Create a knpSsoAuth module in your application

  • Create an actions.class.php file in your actions directory that inherit from BaseknpSsoAuthActions (don't forget to include the BaseknpSsoAuthActions as it can't be autoloaded by symfony)

    <?php
    
    require_once(sfConfig::get('sf_plugins_dir').'/knpSsoPlugin/modules/knpSsoAuth/lib/BaseknpSsoAuthActions.class.php');
    
    class knpSsoAuthActions extends BaseknpSsoAuthActions
    {
      public function executeNewAction()
      {
        return $this->renderText('This is a new knpSsoAuth action.');
      }
    }
    

knpSsoSecurityUser class

This class inherits from the sfBasicSecurityUser class from symfony and is used for the user object in your symfony application (because you changed the myUser base class earlier).

So, to access it, you can use the standard $this->getUser() in your actions or $sf_user in your templates.

knoSsoSecurityUser adds some methods:

  • signIn() and signOut() methods

Validators

knpSsoPlugin comes with a validator that you can use in your modules: knpSsoValidatorUser.

Something went wrong with that request. Please try again.