Create a new DB user when somebody logs in using SAML

2025-08-03 17:55:03 +02:00 · 2023-02-20 23:04:20 +01:00 · 2023-02-20 23:04:20 +01:00 · 78ec0f1ea3
commit 78ec0f1ea3
parent c0b74d83a5
6 changed files with 75 additions and 18 deletions
--- a/config/packages/hslavich_onelogin_saml.yaml
+++ b/config/packages/hslavich_onelogin_saml.yaml
@ -28,7 +28,7 @@ hslavich_onelogin_saml:
  #  nameIdEncrypted: false
     authnRequestsSigned: true
     logoutRequestSigned: true
-  #  logoutResponseSigned: false
+     logoutResponseSigned: true
  #  wantMessagesSigned: false
  #   wantAssertionsSigned: true
  #  wantNameIdEncrypted: false
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@ -4,23 +4,13 @@ security:
    password_hashers:
        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'

-    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
    providers:
-        local_users:
+        # used to reload user from session & other features (e.g. switch_user)
+        app_user_provider:
            entity:
                class: App\Entity\UserSystem\User
                property: name

-        saml_users:
-            saml:
-                user_class: App\Entity\UserSystem\User
-                default_roles: [ 'ROLE_USER' ]
-
-        # used to reload user from session & other features (e.g. switch_user)
-        app_user_provider:
-            chain:
-                providers: ['local_users', 'saml_users']
-

    firewalls:
        dev:
@ -41,8 +31,9 @@ security:
                max_attempts: 5 # per minute

            saml:
-                #username_attribute: username
-                #use_attribute_friendly_name: false
+                use_referer: true
+                user_factory: saml_user_factory
+                persist_user: true
                check_path: saml_acs
                login_path: saml_login
                failure_path: saml_login
--- a/config/services.yaml
+++ b/config/services.yaml
@ -127,6 +127,9 @@ services:
    # Security
    ####################################################################################################################

+    saml_user_factory:
+        class: App\Security\SamlUserFactory
+
    ####################################################################################################################
    # Cache
    ####################################################################################################################