/socialment-bastion-azure

Primary LanguagePHPMIT LicenseMIT

Socialment, Bastion, and Azure AD Unified Integration

Latest Version on Packagist GitHub Tests Action Status GitHub Code Style Action Status Total Downloads

This is a highly opinionated package that provides a bridge between Socialment, Bastion, and Azure AD.

Installation

You can install the package via composer:

composer require chrisreedio/socialment-bastion-azure

Then execute and follow the prompts:

php artisan socialment-bastion-azure:install

Include this plugin in your panel configuration:

$panel
    ->plugins([
        // ... Other Plugins
        \ChrisReedIO\Bastion\BastionPlugin::make(),
        \ChrisReedIO\Socialment\SocialmentPlugin::make()
            ->registerProvider('azure', 'fab-microsoft', 'Azure Active Directory'),
	])

Remember to add the Spatie HasRoles trait to your User model.

use Spatie\Permission\Traits\HasRoles;

class User extends Authenticatable
{
    use HasRoles;
}

This additional glue package will automagically hook the pre-login callbacks from Socialment into Bastion's Roles via the SSO Group field.

Seeder

If you're choosing to use the seeder(s) make sure you add the RoleSeeder to your DatabaseSeeder.php like this:

$this->call([
    // ... Other Seeders
    RoleSeeder::class,
]);

Also don't forget to edit the RoleSeeder.php to add your own SSO Groups to each Role.

Some example roles have been placed there for you.

Azure App Registration

Redirect URL

Ensure that you configure the redirect URL on your app registration and that it matches the value in your .env file.

AZURE_REDIRECT_URI=https://yourdomain.com/login/azure/callback

Azure Permissions

You will need to grant your app registration the following permissions:

  • Directory.Read.All
  • GroupMember.Read.All
  • User.Read

Config

By default, the config does not get published upon install.

This is the contents of the published config services.php file:

It is just the stock services file with the azure block added.

return [
    'mailgun' => [
        'domain' => env('MAILGUN_DOMAIN'),
        'secret' => env('MAILGUN_SECRET'),
        'endpoint' => env('MAILGUN_ENDPOINT', 'api.mailgun.net'),
        'scheme' => 'https',
    ],

    'postmark' => [
        'token' => env('POSTMARK_TOKEN'),
    ],

    'ses' => [
        'key' => env('AWS_ACCESS_KEY_ID'),
        'secret' => env('AWS_SECRET_ACCESS_KEY'),
        'region' => env('AWS_DEFAULT_REGION', 'us-east-1'),
    ],

    'azure' => [
        'client_id' => env('AZURE_CLIENT_ID'),
        'client_secret' => env('AZURE_CLIENT_SECRET'),
        'redirect' => env('AZURE_REDIRECT_URI'),
        'tenant' => env('AZURE_TENANT_ID'),
        'proxy' => env('PROXY')  // Optional
    ],

];

You may publish the config after installation with:

php artisan vendor:publish --tag="socialment-bastion-azure-config"

Testing

composer test

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

Credits

License

The MIT License (MIT). Please see License File for more information.