Skip to content

Commit

Permalink
added support for saml login (#1408)
Browse files Browse the repository at this point in the history
  • Loading branch information
@kevinpapst
kevinpapst committed Jan 31, 2020
1 parent 3ff46e0 commit 6a53357
Show file tree
Hide file tree
Showing 47 changed files with 2,278 additions and 77 deletions.
2 changes: 2 additions & 0 deletions composer.json
View file
Expand Up @@ -25,13 +25,15 @@
"jms/metadata": "^2.0",
"jms/serializer-bundle": "^3.2",
"kevinpapst/adminlte-bundle": "^3.0",
"hslavich/oneloginsaml-bundle": "^1.4",
"kimai/kimai2-composer": "^0.1",
"laravolt/avatar": "^3.0",
"league/csv": "^9.4",
"mpdf/mpdf": "^8.0",
"nelmio/api-doc-bundle": "^3.2",
"nelmio/cors-bundle": "^1.5",
"ocramius/proxy-manager": "^2.1.1",
"onelogin/php-saml": "^3.4",
"phpoffice/phpspreadsheet": "^1.10",
"phpoffice/phpword": "^0.17",
"psr/log": "^1.1",
Expand Down
149 changes: 143 additions & 6 deletions composer.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 5 additions & 3 deletions config/packages/security.yaml
View file
Expand Up @@ -5,11 +5,11 @@ security:
providers:
chain_provider:
chain:
providers: [fos_userbundle]
providers: [kimai_internal]
kimai_ldap:
id: App\Ldap\LdapUserProvider
fos_userbundle:
id: fos_user.user_provider.username_email
kimai_internal:
id: App\Security\DoctrineUserProvider

firewalls:
dev:
Expand Down Expand Up @@ -54,6 +54,8 @@ security:
ROLE_SUPER_ADMIN: ROLE_ADMIN

access_control:
- { path: '^/auth/saml/login', roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '^/auth/saml/metadata', roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '^/(%app_locales%)$', role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '^/(%app_locales%)/login', role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: '^/(%app_locales%)/register', role: IS_AUTHENTICATED_ANONYMOUSLY }
Expand Down
32 changes: 32 additions & 0 deletions config/services-saml.yaml
View file
@@ -0,0 +1,32 @@

services:

# ================================================================================
# SAML
# ================================================================================

App\Saml\SamlAuth:
alias: onelogin_auth

OneLogin\Saml2\Auth:
alias: onelogin_auth

onelogin_auth:
class: App\Saml\SamlAuth
arguments: ['@request_stack', '%kimai.saml.connection%']

App\Saml\User\SamlUserFactory:
arguments: ['%kimai.saml%']

kimai.saml_listener:
class: Hslavich\OneloginSamlBundle\Security\Firewall\SamlListener
parent: security.authentication.listener.abstract
abstract: true
calls:
- [setOneLoginAuth, ["@onelogin_auth"]]

App\Saml\Provider\SamlProvider:
arguments: ['@App\Repository\UserRepository', '', '@App\Saml\SamlTokenFactory', '@App\Saml\User\SamlUserFactory']

App\Saml\Security\SamlAuthenticationSuccessHandler:
parent: security.authentication.success_handler
3 changes: 1 addition & 2 deletions config/services.yaml
View file
Expand Up @@ -146,8 +146,7 @@ services:
# LDAP
# ================================================================================

kimai_ldap.security.authentication.provider:
class: App\Ldap\LdapAuthenticationProvider
App\Ldap\LdapAuthenticationProvider:
arguments: ['@App\Security\UserChecker', '', '', '', '@App\Configuration\LdapConfiguration', '%security.authentication.hide_user_not_found%']

# ================================================================================
Expand Down
3 changes: 2 additions & 1 deletion src/DependencyInjection/AppExtension.php
View file
Expand Up @@ -65,7 +65,8 @@ public function load(array $configs, ContainerBuilder $container)
$this->createPermissionParameter($config['permissions'], $container);
$this->createThemeParameter($config['theme'], $container);
$this->createUserParameter($config['user'], $container);

$container->setParameter('kimai.saml', $config['saml']);
$container->setParameter('kimai.saml.connection', $config['saml']['connection']);
$container->setParameter('kimai.timesheet', $config['timesheet']);
$container->setParameter('kimai.timesheet.rates', $config['timesheet']['rates']);
$container->setParameter('kimai.timesheet.rounding', $config['timesheet']['rounding']);
Expand Down
3 changes: 3 additions & 0 deletions src/DependencyInjection/Compiler/TwigContextCompilerPass.php
View file
Expand Up @@ -29,6 +29,9 @@ public function process(ContainerBuilder $container)
$theme = $container->getDefinition(ThemeConfiguration::class);
$twig->addMethodCall('addGlobal', ['kimai_context', $theme]);

$saml = $container->getParameter('kimai.saml');
$twig->addMethodCall('addGlobal', ['saml', $saml]);

if ($container->hasDefinition('twig.loader.native_filesystem')) {
$definition = $container->getDefinition('twig.loader.native_filesystem');

Expand Down

0 comments on commit 6a53357

Please sign in to comment.