Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

how to use SimpleSAMLphp in yii framework?

I have two project in yii framework and I want to use both project using SimpleSAMLphp with SSO. The condition, I need is if I login from the first project, i want access to the second project. Thank you in advance.

like image 792
Anil Bhattarai100 Avatar asked Apr 03 '14 06:04

Anil Bhattarai100


People also ask

What is yii2 framework?

Yii is a pure OOP (Object-Oriented Programming) framework. Hence, it requires a basic knowledge of OOP. The Yii framework also uses the latest features of PHP, like traits and namespaces. The major requirements for Yii2 are PHP 5.4+ and a web server.

How do I use SAML service provider (SP) for yii2?

SAML Service Provider (SP) for Yii2 using simplesamlphp (yii2 extension). This is useful when you want to act as a Service Provider (SP), where a partner company is acting as a SAML Identity Provider (IDP). User data and their credentials are with the IDP and you are using SAML based login and use those users information in your yii2 application.

What are the manuals of Yii?

Manuals describe basic work with Yii like creating demo project, relations among tables etc … In demo project (as same as in any other Yii project) is important folder "protected". It contains 3 subfolders: models, controllers, views. There are stored PHP scripts that power your web. You will find there only 2 models that are not connected to DB.

What is inside the Yii demo project?

In demo project (as same as in any other Yii project) is important folder "protected". It contains 3 subfolders: models, controllers, views. There are stored PHP scripts that power your web. You will find there only 2 models that are not connected to DB. Demo project does not work with DB at all.


1 Answers

First you load the SAML library by temporarily disabling the Yii autoloader. This is just to let you use the SAML classes and methods:

<?php
class YiiSAML extends CComponent {
    private $_yiiSAML = null;
    static private function pre() {
        require_once (Yii::app()->params['simpleSAML'] . '/lib/_autoload.php');
        // temporary disable Yii autoloader
        spl_autoload_unregister(array(
            'YiiBase',
            'autoload'
        ));
    }
    static private function post() {
        // enable Yii autoloader
        spl_autoload_register(array(
            'YiiBase',
            'autoload'
        ));
    }
    public function __construct() {
        self::pre();
        //We select our authentication source:
        $this->_yiiSAML = new SimpleSAML_Auth_Simple(Yii::app()->params['authSource']);
        self::post();
    }
    static public function loggedOut($param, $stage) {
        self::pre();
        $state = SimpleSAML_Auth_State::loadState($param, $stage);
        self::post();
        if (isset($state['saml:sp:LogoutStatus'])) {
            $ls = $state['saml:sp:LogoutStatus']; /* Only for SAML SP */
        } else return true;
        return $ls['Code'] === 'urn:oasis:names:tc:SAML:2.0:status:Success' && !isset($ls['SubCode']);
    }
    public function __call($method, $args) {
        $params = (is_array($args) and !empty($args)) ? $args[0] : $args;
        if (method_exists($this->_yiiSAML, $method)) return $this->_yiiSAML->$method($params);
        else throw new YiiSAMLException(Yii::t('app', 'The method {method} does not exist in the SAML class', array(
        '{method}' => $method
    )));
    }
}
class YiiSAMLException extends CException {
}

Then you define a filter extending the CFilter Yii class:

<?php
Yii::import('lib.YiiSAML');
class SAMLControl extends CFilter {
    protected function preFilter($filterChain) {
        $msg = Yii::t('yii', 'You are not authorized to perform this action.');
        $saml = new YiiSAML();
        if (Yii::app()->user->isGuest) {
            Yii::app()->user->loginRequired();
            return false;
        } else {
            $saml_attributes = $saml->getAttributes();
            if (!$saml->isAuthenticated() or Yii::app()->user->id != $saml_attributes['User.id'][0]) {
                Yii::app()->user->logout();
                Yii::app()->user->loginRequired();
                return false;
            }
            return true;
        }
    }
}

And finally, in the controllers you are interested to restrict, you override the filters() method:

public function filters() {
    return array(
        array(
            'lib.SAMLControl'
        ) , // perform access control for CRUD operations
        ...
    );
}

Hope it helps.

like image 93
clapas Avatar answered Oct 04 '22 23:10

clapas