From 9f52d364c9a9407345e187a12b410f4b639ff5ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Sat, 27 May 2023 20:38:32 +0200 Subject: [PATCH] Use newer nbgrp/onelogin-saml-bundle bundle for handling SAML --- composer.json | 1 + composer.lock | 167 +++++++++++++++++++- config/bundles.php | 1 + config/packages/hslavich_onelogin_saml.yaml | 60 ------- config/packages/nbgrp_onelogin_saml.yaml | 62 ++++++++ symfony.lock | 3 + 6 files changed, 233 insertions(+), 61 deletions(-) delete mode 100644 config/packages/hslavich_onelogin_saml.yaml create mode 100644 config/packages/nbgrp_onelogin_saml.yaml diff --git a/composer.json b/composer.json index 8aa27bc9..2da6664e 100644 --- a/composer.json +++ b/composer.json @@ -29,6 +29,7 @@ "league/csv": "^9.8.0", "league/html-to-markdown": "^5.0.1", "liip/imagine-bundle": "^2.2", + "nbgrp/onelogin-saml-bundle": "^1.3", "nelexa/zip": "^4.0", "nelmio/security-bundle": "^3.0", "nyholm/psr7": "^1.1", diff --git a/composer.lock b/composer.lock index 687fcbf6..2fd6f728 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "ef71583adf031fff76718bf97c9ca69c", + "content-hash": "bc9721bfdd7cdf88630f55f2ff97a28d", "packages": [ { "name": "beberlei/assert", @@ -3431,6 +3431,73 @@ ], "time": "2023-02-06T13:46:10+00:00" }, + { + "name": "nbgrp/onelogin-saml-bundle", + "version": "v1.3.2", + "source": { + "type": "git", + "url": "https://github.com/nbgrp/onelogin-saml-bundle.git", + "reference": "907a59431edcfbb962b2bb952d987693b63ca757" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/nbgrp/onelogin-saml-bundle/zipball/907a59431edcfbb962b2bb952d987693b63ca757", + "reference": "907a59431edcfbb962b2bb952d987693b63ca757", + "shasum": "" + }, + "require": { + "onelogin/php-saml": "^4", + "php": "^8.1", + "psr/log": "^1 || ^2 || ^3", + "symfony/config": "^6", + "symfony/dependency-injection": "^6", + "symfony/deprecation-contracts": "^3", + "symfony/event-dispatcher-contracts": "^3", + "symfony/http-foundation": "^6", + "symfony/http-kernel": "^6", + "symfony/routing": "^6", + "symfony/security-bundle": "^6", + "symfony/security-core": "^6", + "symfony/security-http": "^6" + }, + "conflict": { + "symfony/http-kernel": "<6.2", + "symfony/security-core": "<6.2" + }, + "require-dev": { + "doctrine/orm": "^2.3 || ^3", + "symfony/event-dispatcher": "^6", + "symfony/phpunit-bridge": "^6" + }, + "type": "symfony-bundle", + "autoload": { + "psr-4": { + "Nbgrp\\OneloginSamlBundle\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Alexander Menshchikov", + "email": "alexander.menshchikov@yandex.ru" + } + ], + "description": "OneLogin SAML Symfony Bundle", + "keywords": [ + "SSO", + "multiple IdP", + "onelogin", + "saml" + ], + "support": { + "issues": "https://github.com/nbgrp/onelogin-saml-bundle/issues", + "source": "https://github.com/nbgrp/onelogin-saml-bundle/tree/v1.3.2" + }, + "time": "2023-03-22T20:23:42+00:00" + }, { "name": "nelexa/zip", "version": "4.0.2", @@ -3933,6 +4000,62 @@ }, "time": "2023-04-24T09:09:02+00:00" }, + { + "name": "onelogin/php-saml", + "version": "4.1.0", + "source": { + "type": "git", + "url": "https://github.com/onelogin/php-saml.git", + "reference": "b22a57ebd13e838b90df5d3346090bc37056409d" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/onelogin/php-saml/zipball/b22a57ebd13e838b90df5d3346090bc37056409d", + "reference": "b22a57ebd13e838b90df5d3346090bc37056409d", + "shasum": "" + }, + "require": { + "php": ">=7.3", + "robrichards/xmlseclibs": ">=3.1.1" + }, + "require-dev": { + "pdepend/pdepend": "^2.8.0", + "php-coveralls/php-coveralls": "^2.0", + "phploc/phploc": "^4.0 || ^5.0 || ^6.0 || ^7.0", + "phpunit/phpunit": "^9.5", + "sebastian/phpcpd": "^4.0 || ^5.0 || ^6.0 ", + "squizlabs/php_codesniffer": "^3.5.8" + }, + "suggest": { + "ext-curl": "Install curl lib to be able to use the IdPMetadataParser for parsing remote XMLs", + "ext-dom": "Install xml lib", + "ext-openssl": "Install openssl lib in order to handle with x509 certs (require to support sign and encryption)", + "ext-zlib": "Install zlib" + }, + "type": "library", + "autoload": { + "psr-4": { + "OneLogin\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "description": "OneLogin PHP SAML Toolkit", + "homepage": "https://developers.onelogin.com/saml/php", + "keywords": [ + "SAML2", + "onelogin", + "saml" + ], + "support": { + "email": "sixto.garcia@onelogin.com", + "issues": "https://github.com/onelogin/php-saml/issues", + "source": "https://github.com/onelogin/php-saml/" + }, + "time": "2022-07-15T20:44:36+00:00" + }, { "name": "paragonie/constant_time_encoding", "version": "v2.6.3", @@ -5297,6 +5420,48 @@ }, "time": "2021-10-29T13:26:27+00:00" }, + { + "name": "robrichards/xmlseclibs", + "version": "3.1.1", + "source": { + "type": "git", + "url": "https://github.com/robrichards/xmlseclibs.git", + "reference": "f8f19e58f26cdb42c54b214ff8a820760292f8df" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/robrichards/xmlseclibs/zipball/f8f19e58f26cdb42c54b214ff8a820760292f8df", + "reference": "f8f19e58f26cdb42c54b214ff8a820760292f8df", + "shasum": "" + }, + "require": { + "ext-openssl": "*", + "php": ">= 5.4" + }, + "type": "library", + "autoload": { + "psr-4": { + "RobRichards\\XMLSecLibs\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "description": "A PHP library for XML Security", + "homepage": "https://github.com/robrichards/xmlseclibs", + "keywords": [ + "security", + "signature", + "xml", + "xmldsig" + ], + "support": { + "issues": "https://github.com/robrichards/xmlseclibs/issues", + "source": "https://github.com/robrichards/xmlseclibs/tree/3.1.1" + }, + "time": "2020-09-05T13:00:25+00:00" + }, { "name": "s9e/regexp-builder", "version": "1.4.6", diff --git a/config/bundles.php b/config/bundles.php index 8ca67ae7..da858c91 100644 --- a/config/bundles.php +++ b/config/bundles.php @@ -27,4 +27,5 @@ return [ Scheb\TwoFactorBundle\SchebTwoFactorBundle::class => ['all' => true], SpomkyLabs\CborBundle\SpomkyLabsCborBundle::class => ['all' => true], Webauthn\Bundle\WebauthnBundle::class => ['all' => true], + Nbgrp\OneloginSamlBundle\NbgrpOneloginSamlBundle::class => ['all' => true], ]; diff --git a/config/packages/hslavich_onelogin_saml.yaml b/config/packages/hslavich_onelogin_saml.yaml deleted file mode 100644 index cae3c539..00000000 --- a/config/packages/hslavich_onelogin_saml.yaml +++ /dev/null @@ -1,60 +0,0 @@ -# See https://github.com/SAML-Toolkits/php-saml for more information about the SAML settings - -hslavich_onelogin_saml: - # Basic settings - idp: - entityId: '%env(string:SAML_IDP_ENTITY_ID)%' - singleSignOnService: - url: '%env(string:SAML_IDP_SINGLE_SIGN_ON_SERVICE)%' - binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' - singleLogoutService: - url: '%env(string:SAML_IDP_SINGLE_LOGOUT_SERVICE)%' - binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' - x509cert: '%env(string:SAML_IDP_X509_CERT)%' - sp: - entityId: '%env(string:SAML_SP_ENTITY_ID)%' - assertionConsumerService: - url: '%partdb.default_uri%saml/acs' - binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' - singleLogoutService: - url: '%partdb.default_uri%logout' - binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' - x509cert: '%env(string:SAML_SP_X509_CERT)%' - privateKey: '%env(string:SAMLP_SP_PRIVATE_KEY)%' - - # Optional settings - #baseurl: 'http://myapp.com' - strict: true - debug: false - security: - allowRepeatAttributeName: true - # nameIdEncrypted: false - authnRequestsSigned: true - logoutRequestSigned: true - logoutResponseSigned: true - # wantMessagesSigned: false - # wantAssertionsSigned: true - # wantNameIdEncrypted: false - # requestedAuthnContext: true - # signMetadata: false - # wantXMLValidation: true - # relaxDestinationValidation: false - # destinationStrictlyMatches: true - # rejectUnsolicitedResponsesWithInResponseTo: false - # signatureAlgorithm: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' - # digestAlgorithm: 'http://www.w3.org/2001/04/xmlenc#sha256' - #contactPerson: - # technical: - # givenName: 'Tech User' - # emailAddress: 'techuser@example.com' - # support: - # givenName: 'Support User' - # emailAddress: 'supportuser@example.com' - # administrative: - # givenName: 'Administrative User' - # emailAddress: 'administrativeuser@example.com' - #organization: - # en: - # name: 'Part-DB-name' - # displayname: 'Displayname' - # url: 'http://example.com' \ No newline at end of file diff --git a/config/packages/nbgrp_onelogin_saml.yaml b/config/packages/nbgrp_onelogin_saml.yaml new file mode 100644 index 00000000..d2f5bae0 --- /dev/null +++ b/config/packages/nbgrp_onelogin_saml.yaml @@ -0,0 +1,62 @@ +# See https://github.com/SAML-Toolkits/php-saml for more information about the SAML settings + +nbgrp_onelogin_saml: + onelogin_settings: + default: + # Basic settings + idp: + entityId: '%env(string:SAML_IDP_ENTITY_ID)%' + singleSignOnService: + url: '%env(string:SAML_IDP_SINGLE_SIGN_ON_SERVICE)%' + binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' + singleLogoutService: + url: '%env(string:SAML_IDP_SINGLE_LOGOUT_SERVICE)%' + binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' + x509cert: '%env(string:SAML_IDP_X509_CERT)%' + sp: + entityId: '%env(string:SAML_SP_ENTITY_ID)%' + assertionConsumerService: + url: '%partdb.default_uri%saml/acs' + binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' + singleLogoutService: + url: '%partdb.default_uri%logout' + binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' + x509cert: '%env(string:SAML_SP_X509_CERT)%' + privateKey: '%env(string:SAMLP_SP_PRIVATE_KEY)%' + + # Optional settings + #baseurl: 'http://myapp.com' + strict: true + debug: false + security: + allowRepeatAttributeName: true + # nameIdEncrypted: false + authnRequestsSigned: true + logoutRequestSigned: true + logoutResponseSigned: true + # wantMessagesSigned: false + # wantAssertionsSigned: true + # wantNameIdEncrypted: false + # requestedAuthnContext: true + # signMetadata: false + # wantXMLValidation: true + # relaxDestinationValidation: false + # destinationStrictlyMatches: true + # rejectUnsolicitedResponsesWithInResponseTo: false + # signatureAlgorithm: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' + # digestAlgorithm: 'http://www.w3.org/2001/04/xmlenc#sha256' + #contactPerson: + # technical: + # givenName: 'Tech User' + # emailAddress: 'techuser@example.com' + # support: + # givenName: 'Support User' + # emailAddress: 'supportuser@example.com' + # administrative: + # givenName: 'Administrative User' + # emailAddress: 'administrativeuser@example.com' + #organization: + # en: + # name: 'Part-DB-name' + # displayname: 'Displayname' + # url: 'http://example.com' \ No newline at end of file diff --git a/symfony.lock b/symfony.lock index 061acab8..d5cfaf98 100644 --- a/symfony.lock +++ b/symfony.lock @@ -204,6 +204,9 @@ "monolog/monolog": { "version": "1.24.0" }, + "nbgrp/onelogin-saml-bundle": { + "version": "v1.3.2" + }, "nelmio/security-bundle": { "version": "2.4", "recipe": {