Skip to content
Permalink
Browse files

symfony google sso saml

  • Loading branch information...
joserobleda committed Oct 2, 2016
1 parent f27fedb commit 4b9be4809e78a924ed3aa8ed2e37263d07dd6360
@@ -15,6 +15,8 @@ public function registerBundles()
new Symfony\Bundle\SwiftmailerBundle\SwiftmailerBundle(),
new Doctrine\Bundle\DoctrineBundle\DoctrineBundle(),
new Sensio\Bundle\FrameworkExtraBundle\SensioFrameworkExtraBundle(),
new LightSaml\SymfonyBridgeBundle\LightSamlSymfonyBridgeBundle(),
new LightSaml\SpBundle\LightSamlSpBundle(),
new AppBundle\AppBundle(),
];
@@ -66,3 +66,16 @@ swiftmailer:
username: "%mailer_user%"
password: "%mailer_password%"
spool: { type: memory }

light_saml_symfony_bridge:
own:
entity_id: 'https://developerdepueblo.com/backoffice'
credentials:
-
certificate: "%kernel.root_dir%/config/saml/mygoogleappsidp.crt"
key: "%kernel.root_dir%/config/saml/mygoogleappsidp.key"
password: ~
party:
idp:
files:
- "%kernel.root_dir%/config/saml/google-apps.com.xml"
@@ -1,3 +1,7 @@
app:
resource: "@AppBundle/Controller/"
type: annotation

lightsaml_sp:
resource: "@LightSamlSpBundle/Resources/config/routing.yml"
prefix: "/backoffice/saml"
@@ -6,6 +6,8 @@ security:
providers:
in_memory:
memory: ~
admin_user_mock:
id: app.security.admin_user_mock_provider

firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
@@ -22,3 +24,19 @@ security:

# form_login: ~
# http://symfony.com/doc/current/cookbook/security/form_login_setup.html

backoffice:
pattern: ^/backoffice
anonymous: true
http_basic: false
light_saml_sp:
provider: admin_user_mock
login_path: /backoffice/saml/login
check_path: /backoffice/saml/login_check
require_previous_session: false

access_control:
# Allow ananymous access the /saml paths
- { path: ^/backoffice/saml, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Require user to be admin to access our backoffice
- { path: ^/backoffice, role: ROLE_ADMIN }
@@ -4,6 +4,5 @@ parameters:
# parameter_name: value

services:
# service_name:
# class: AppBundle\Directory\ClassName
# arguments: ["@another_service_name", "plain_value", "%parameter_name%"]
app.security.admin_user_mock_provider:
class: AppBundle\Security\AdminUserMockProvider
@@ -27,7 +27,8 @@
"symfony/polyfill-apcu": "^1.0",
"sensio/distribution-bundle": "^5.0",
"sensio/framework-extra-bundle": "^3.0.2",
"incenteev/composer-parameter-handler": "^2.0"
"incenteev/composer-parameter-handler": "^2.0",
"lightsaml/sp-bundle": "^1.0"
},
"require-dev": {
"sensio/generator-bundle": "^3.0",
@@ -0,0 +1,29 @@
<?php
namespace AppBundle\Security;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\User\User;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
class AdminUserMockProvider implements UserProviderInterface
{
public function loadUserByUsername($username)
{
$user = new User($username, '', ['ROLE_ADMIN']);
return $user;
}
public function refreshUser(UserInterface $user)
{
return $this->loadUserByUsername($user->getUsername());
}
public function supportsClass($class)
{
return (bool) $class;
}
}

0 comments on commit 4b9be48

Please sign in to comment.
You can’t perform that action at this time.