laravel-saml2 icon indicating copy to clipboard operation
laravel-saml2 copied to clipboard

Published 20 hours ago verified publisher icon 24Slides

[3.x] New major release

Open breart opened this issue 1 year ago • 4 comments

This is a draft PR for the next major release. The goal is to improve the design of the solution, giving developers more control and flexibility, as well as providing more basic functionality "out-of-the-box".

Plans

  • [x] Add custom resolves for more control over identity provider resolution, config resolution, etc.
  • [x] Add optional solution for logging in users
  • [x] Add a morph relation to associate IdP with related application entities (successor of "key")
  • [x] Add a new table for tracking SAML logins
  • [ ] Rewrite tests so they actually test stuff
  • [ ] Add support for multiple certificates
  • [ ] Improve console commands
  • [ ] Improve README
  • [ ] Describe upgrade guide

Key changes

  • Minimum PHP version — 7.3
  • Minimum Laravel version — 8

Database changes

  • Table saml2_tenants has been renamed to saml2_identity_providers
  • Table saml2_identity_providers now has an optional morph relation called "tenant" that can be associated with an application entity upon IdP creation
  • Table saml2_sessions has been added to track all logins (see Login & Tracking below)

Custom resolvers

  • Added "resolvers" that can be easily customised:
    • IdentityProviderResolver implements logic for resolving identity provider based on the request route
    • ConfigResolver implements logic for resolving IdP/SP config based on the resolved IdP model

Login & Tracking

To provide basic functionality out of the box for smaller application, authorization logic has been implemented, specifically:

  1. User metadata resolution
  2. Login/signup functionality

This is not designed for production needs, just an example on how login/signup can be implemented. For larger apps having custom logic is inevitable.

breart avatar Apr 13 '24 17:04 breart

@breart I'm interested in this PR. Is there anything I can do to help? Thanks!

fedeisas avatar May 06 '24 23:05 fedeisas

Nice PR. But why not abandon all non-supported Laravel versions? Laravel 8 is from 2020 and php 7.3 from 2018. Both unsupported and not getting security fixes. At the moment Laravel 10 and php 8.1 is the minimum versions still being maintained.

kasperhartwich avatar May 07 '24 09:05 kasperhartwich

@breart I'm interested in this PR. Is there anything I can do to help? Thanks!

Same here! Is there anything you need help with?

skydudie avatar Jun 18 '24 23:06 skydudie

Nice PR. But why not abandon all non-supported Laravel versions? Laravel 8 is from 2020 and php 7.3 from 2018. Both unsupported and not getting security fixes. At the moment Laravel 10 and php 8.1 is the minimum versions still being maintained.

Good point. My intention was to support slightly older versions since I'm aware this project is also used on bigger projects with older versions of Laravel & PHP. I like the idea of deprecating further, starting from L9 & PHP 8.0.

breart avatar Sep 13 '24 13:09 breart