Docker image of Symfony4 with lightSAML(SP) based on CentOS8
There needs some settings to start SAML authentication. This setting process is based on lightSAML - Getting-started, but not saving on database.
-
Run docker image
$ docker run -i -t -p 8000:8000 tessai99/lightsaml_for_symfony4 /bin/bash
-
Setup configuration for lightSAML
- Make user object and user provider
[root@c4cb8a0f30c5 proj] php bin/console make:user The name of the security user class (e.g. User) [User]: > User Do you want to store user data in the database (via Doctrine)? (yes/no) [no]: > no # if you want to save to DB, input 'yes' Enter a property name that will be the unique "display" name for the user (e.g. email, username, uuid) [email]: > username Will this app need to hash/check user passwords? Choose No if passwords are not needed or will be checked/hashed by some other system (e.g. a single sign-on server). Does this app need to hash/check user passwords? (yes/no) [yes]: > no created: src/Security/User.php updated: src/Security/User.php created: src/Security/UserProvider.php updated: config/packages/security.yaml Success! Next Steps: - Review your new App\Security\User class. - Open src/Security/UserProvider.php to finish implementing your user provider. - Create a way to authenticate! See https://symfony.com/doc/current/security.html
- edit UserProvider.php
public function loadUserByUsername($username) { // edit to throw not found exception throw new UsernameNotFoundException(); } public function refreshUser(UserInterface $user) { // return user object return $user; }
- add lightSAML authentication to config/packages/security.yaml
firewalls: main: anonymous: ~ light_saml_sp: provider: app_user_provider user_creator: user_creator login_path: /saml/login check_path: /saml/login_check default_target_path: / require_previous_session: true logout: path: /logout access_control: # add route to your secure page - { path: ^/secure, roles: ROLE_USER }
- add routing to config/routes.yaml
lightsaml_sp: resource: "@LightSamlSpBundle/Resources/config/routing.yml" prefix: saml logout: path: /logout
-
That's all! Execute
symfony server:start
and access tohttp://localhost:8000/saml/login
to start authentication!if you want to more configuration about lightSAML, access here!
- This project uses saming as default IdP. So input ACS url as
/saml/login_check