laravel-saml2 icon indicating copy to clipboard operation
laravel-saml2 copied to clipboard

Published 20 hours ago verified publisher icon 24Slides

Feature Request: Use Friendly Keys in URLs for Tenant Identification

Open MichMich opened this issue 1 year ago • 2 comments

Currently, tenants (SAML providers) are registered via Artisan commands and can be accessed through URLs like:

/saml2/b2dae2e6-e814-4553-a3a5-a56ddaca1110/login

While this works, I would prefer to use a more friendly identifier (such as a key) in the URLs, like:

/saml2/okta/login

To achieve this, I created a custom middleware that attempts to resolve the tenant by the friendly key and then falls back to the default UUID-based behavior if the key is not found. Here’s the code I used:

<?php

namespace App\Http\Middleware;

use Slides\Saml2\Repositories\TenantRepository;
use \Slides\Saml2\Http\Middleware\ResolveTenant;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

class Saml2TenantKeyResolverMiddleware extends ResolveTenant
{
    public function handle($request, \Closure $next)
    {
        try {
            parent::handle($request, $next);
        } catch (NotFoundHttpException $e) {
            $tenant = (new TenantRepository)->findByKey($request->route('uuid'));
            if (!$tenant) throw $e;

            $request->route()->setParameter('uuid', $tenant->uuid);
            parent::handle($request, $next);
        }
    }
}

I also overrode the saml2.resolveTenant middleware in bootstrap/app.php like so:

return Application::configure(basePath: dirname(__DIR__))
    ->booted(function (Application $app) {
        $app['router']->aliasMiddleware('saml2.resolveTenant', \App\Http\Middleware\Saml2TenantKeyResolverMiddleware::class);
    })

Question:

Is there a cleaner or more integrated way to accomplish this, or perhaps a feature that could be added to the package to support friendly keys natively?

Thanks for your work on this package, and I appreciate any insights you might have!

MichMich avatar Oct 16 '24 12:10 MichMich

This seems really sucks but worked 🤔

$ php artisan db
mysql> update saml2_tenants set uuid='okta' where id=1;

Then all urls are now under /saml2/okta/[...]

sarisia avatar Oct 17 '24 10:10 sarisia

Yeah that probably works but seems like a dirty hack. Thanks for the suggestion though.

MichMich avatar Oct 17 '24 10:10 MichMich

This would be relatively simple to add with a unique slug field. I did just that using the metadata field.

1 - Add a unique constraint to metadata->>slug (this is using Postgres):

create unique index saml2_tenants_metadata_slug_idx
    on public.saml2_tenants ((metadata ->> 'slug'::text));

2 - Create some route in your application such as /sso/{tenant_slug}/login 3 - In the controller, fetch the tenant by the metadata->>slug field and redirect to the UUID route.

saboya avatar Nov 14 '24 08:11 saboya

Cross linking. See https://github.com/24Slides/laravel-saml2/issues/66 also

RoSk0 avatar Nov 26 '24 20:11 RoSk0