How to integrate SSO(Single Sign-on) in Laravel ?
Table of contents
For every authorized application, a set of login credentials (username and password) are needed. It’s hard to keep different credentials for different applications. For faster access to multiple applications, users can use a single set of credentials. How is it possible?
It can be achieved using Single sign-on (SSO). Single sign-on is a part of user authentication. Using SSO a user can easily be logged into multiple applications with a single set of credentials.
Let’s focus on how we can implement SSO in Laravel. It’s quite easy to implement SSO in Laravel.
Moving to SSO integration
Let’s flow to the river of steps included
Install the package via composer
composer require aacotroneo/laravel-saml2
For Laravel 5.5 or more no need to register service providers. For <5.5 version add providers in config/app.php
'providers' => [ ... Aacotroneo\Saml2\Saml2ServiceProvider::class, ] 'alias' => [ ... 'Saml2' => Aacotroneo\Saml2\Facades\Saml2Auth::class, ]
Run the following to add saml configuration file
php artisan vendor:publish --provider=”Aacotroneo\Saml2\Saml2ServiceProvider”
This will add a saml_settings.php file config folder. In the configuration file, we need to set some variables.
For configuration settings need a one-login account. Sign up as a developer in Onelogin
In the OneLogin dashboard follow the steps
- Select Apps->Add Apps
- Search for SAML Test Connector
- Select SAML Test Connector (IdP)
- Edit name and save
In the same configuration file, IdP section variables values can be changed as follows: In the SSO tab,
- URL => entityId
- SAML 2.0 Endpoint (HTTP) => singleSignOnService
- SLO Endpoint (HTTP) => singleLogoutService
- X.509 certificate->view details => x509cert
- Save the configuration file.
In the Configuration tab set,
- Audience => https://hostname/saml2/metadata
- Recipient => https://hostname/saml2/acs
- ACS (Consumer) URL Validator => .*
- Single Logout URL => https://hostname/saml2/sls
- Save the configuration file
- Add Users to the App from the Users tab.
- Then move to the Laravel project side.
After installing this package create saml login event and saml logout event in the application. Then add listeners to the saml events in Event Service Providers (app/providers/EventServiceProvider.php).
In EventServiceProvider.php the protected variable listen may change to:
protected $listen = [ 'Aacotroneo\Saml2\Events\Saml2LoginEvent' => [ 'App\Listeners\Saml2LoginListener', ], 'Aacotroneo\Saml2\Events\Saml2LogoutEvent' => [ 'App\Listeners\Saml2LogoutListener', ], ];
Saml2LoginListener and Saml2LogoutListener are the listener’s files to be created. These two listeners are stored in the app\Listeners folder.}
LOGIN LISTENER
handle() function of Saml2LoginListener will look like the following
public function handle(Saml2LoginEvent $event) { $messageId = $event->getSaml2Auth()->getLastMessageId(); // your own code preventing reuse of a $messageId to stop replay attacks $user = $event->getSaml2User(); $userData = [ 'id' => $user->getUserId(), 'attributes' => $user->getAttributes(), 'assertion' => $user->getRawSamlAssertion() ]; $laravelUser = User::adminUsers()->where('email', $userData['id'])->first();//find user by ID or attribute //if it does not exist create it and go on or show an error message if($laravelUser) { Auth::login($laravelUser); AdminLoginHistory::create([ 'user_id' => Auth::id() ]); } else { session(['saml2_error_single' => 'You do not have access, please visit the system’s Teamdot page to obtain instructions']); } }
Include these lines after namespace
use Aacotroneo\Saml2\Events\Saml2LoginEvent; use Illuminate\Queue\InteractsWithQueue; use Illuminate\Contracts\Queue\ShouldQueue;\
LOGOUT LISTENER
handle() function of Saml2LogoutListener will be like the following
public function handle($event) { Auth::logout(); Session::save(); }
Include these lines after the namespace
use Aacotroneo\Saml2\Events\Saml2LogoutEvent; use Illuminate\Queue\InteractsWithQueue; use Illuminate\Contracts\Queue\ShouldQueue;
In the login view page add the route(‘saml_login’) in the login button to proceed with SSO.
Have Doubts? Contact Us!
If you’re looking to implement Single Sign-on (SSO) in your Laravel development services, you may be facing some challenges along the way. Fortunately, there are experienced Laravel developers like 2hats Logic Solutions who can help you navigate these obstacles and get your SSO system up and running smoothly.
At 2hats Logic Solutions, we have a team of experts who can help you integrate SSO into your Laravel application. We understand the ins and outs of the SSO process and can help you choose the right SSO solution for your business needs. Whether you’re looking to implement SSO for internal users or external clients, we can provide you with the expertise you need to get the job done.