laravel-saml2 icon indicating copy to clipboard operation
laravel-saml2 copied to clipboard

Published 20 hours ago verified publisher icon 24Slides

Dynamic IDP SingleSignOnUrl

Open mrmaarek opened this issue 3 years ago • 5 comments

Hi @brezzhnev / @dmyers !

Currently i'm migrating from the old(er) package "aacotroneo/laravel-saml2" to yours. One thing that I about this version is that i'm in control of the SingleSignOnService URL.

"...../saml2/idp/SSOService.php"

In the older package this was written in the config. Anything related to the IDP isn't configurable anymore.

I would like to make this dynamic, with an extra PHP function.

For example:

"...../saml2/idp/SSOService.php".myFunction();

/**
 * @return string
 */
function myFunction()
{
if (isset($_GET['admin']){
$source = 'admin';
}
$source ='user';

return '?source=' . $source;

}

Previous you could do this in the config, but it looks like the "OneLoginBuilder" is already setting it (throughout my db)

$oneLoginConfig['idp'] = [
                'entityId' => $this->tenant->idp_entity_id,
                'singleSignOnService' => ['url' => $this->tenant->idp_login_url],
                'singleLogoutService' => ['url' => $this->tenant->idp_logout_url],
                'x509cert' => $this->tenant->idp_x509_cert
            ];

I'm looking forward to your solution, where can I overrule this "singleSignOnService url"?

mrmaarek avatar Oct 12 '22 10:10 mrmaarek

Hmm, that's an interesting case. So you need to conditionally adjust the configuration for certain IdPs?

I need to consider making a resolver function for this. I'm not sure how common this case is, though.

breart avatar Nov 20 '22 12:11 breart

Sounds good! waiting eagerly for your next new commits! will surely have a check out

mrmaarek avatar Nov 21 '22 09:11 mrmaarek

@brezzhnev the use case is common, for a multi-tenant application where each tenant has its own IdP (AAD, ADFS, ...).

@mrmaarek I have used a subdomain to differentiate tenants, then used a global middleware to change the config/sso.php using the config('sso.idp.singleLogoutService', Tenant::idp_login_url) helper.

natenatters avatar Nov 28 '22 05:11 natenatters

@brezzhnev

I need to consider making a resolver function for this. I'm not sure how common this case is, though.

I think we would have a use for this too. As it is there we have one IdP for which we do not want to present a requestedAuthnContext, but I still want it for all other IdPs.

Even though it doesn't really make sense to change your SP config depending on which IdP it's using (it's probably a really bad idea in 99% of cases), I think people are bound to encounter edge cases where they have to do just that.

nicolus avatar Nov 30 '23 16:11 nicolus

See https://github.com/24Slides/laravel-saml2/issues/41#issuecomment-1834423519

breart avatar Nov 30 '23 19:11 breart