Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dynamic configuration #32

Open
VincentClair opened this issue Oct 14, 2016 · 6 comments
Open

Dynamic configuration #32

VincentClair opened this issue Oct 14, 2016 · 6 comments
Labels
enhancement

Comments

@VincentClair
Copy link
Contributor

VincentClair commented Oct 14, 2016
edited

Hello,

I succeeded in installing the bundle in our application and make it work with ADFS.

Now, we would like to enhance our features:

  • First, we would like to make the bundle optional in our application, so the user could activate the SSO dynamically as needed, customize the configuration and test the results, etc. Actually, the bundle needs the parameters to be set and well set in file. As exemple, if i set the contact support email to null, it doesn't work. But, the real need is to load all parameters from a dynamic file or even better, from the database (i have actually the same need for native symfony ldap component).
  • Second, the configuration of the IdP/SP could not be so easy (for neophyte like me - it was a pain to found the could conf between IdP and SP so logout could work on ADFS). It will be interesting to import a IdP metadata, to know what parameters are allowed for IdP...

Maybe there is other idea to make the installation / process / bundle more flexible and fluid.
Do you plan some similare improvements ?

By the while, the bundle is really great and it makes already our development easier.
Thanks
@hslavich
Copy link
Owner

Hi Vincent,
Thank you for your feedback, I really appreciate it.

  • Symfony bundles can't be activated dynamically due to those are loaded at AppKernel creation. Maybe there is a way to enable/disable security firewalls dynamically.
  • Dynamic config is an interesting feature that I could develop. I think that I can add something like 'config provider' as a symfony service, where you can define you own logic in order to load those parameters.
  • Most of the bundle configuration are related to php-saml config and most of them are optionals, so you shouldn't have problems leaving them blank.
  • SAML setup could be hard, I often use some utilities from simpleSAMLphp that can parse the exposed SP metadata (example.app/saml/metadata). I'm not sure if this bundle should provide more help here.

Thanks

@s-a-y
Copy link

s-a-y commented May 15, 2017

+1 for dynamic configuration

@01e9
Copy link

01e9 commented Aug 10, 2017
edited

+1

We have Clients that use our service and they need to configure (optionally) their IdP and a "Login with SAML" will appear on their subdomain. There is no central IdP, the config must be loaded depending on current subdomain.

If you know a bundle that has this feature, please share.

@01e9
Copy link

01e9 commented Aug 24, 2017

LightSaml bundle did the job for me.

@VincentClair
Copy link
Contributor Author

Thank you for the link, i will give it a try !

@articque
Copy link

articque commented Jun 8, 2018
edited

In my application, the admin can choose to activate or not SSO.
When he activates it, i change dynamically yml files in config folder and load Bundle in AppKernel.

I have 3 yml files for sso config.

  • sso_security.yml
  • sso_config.yml
  • sso_routing.yml

These 3 files are empty if sso is not activated and filled by code when sso is activated.
These 3 files are always included by this way :

in routing.yml

import:
    resource: sso_routing.yml

in config.yml

imports:
  ...
    - { resource: sso_config.yml }
    - { resource: sso_security.yml }

When sso is activated the contents are :

in sso_routing.yml

hslavich_saml_sp:
    resource: '@HslavichOneloginSamlBundle/Resources/config/routing.yml'

in sso_config.yml

hslavich_onelogin_saml:
    idp:
        entityId: '...'
        singleSignOnService:
            .....
    sp:
        entityId: '...'
        assertionConsumerService:
            ....
    security:
        nameIdEncrypted: false
        ....

in sso_security.yml

security:
    firewalls:
        main:
            saml:
                username_attribute: username
                check_path: /saml/acs
                login_path: /saml/login
                failure_path: /login
                always_use_default_target_path: false
                user_factory: sso_user_factory
                persist_user: true
            logout:
                path: /saml/logout

To load dynamically Bundle in AppKernel.php, il read parameters.yml :

public function registerBundles()
{
  $paramYml = Yaml::parse(file_get_contents($this->getRootDir().'/config/parameters.yml'));
  $bundles = array( .... );
  if($paramYml['parameters']['sso_enabled'])
    $bundles[] = new Hslavich\OneloginSamlBundle\HslavichOneloginSamlBundle();
}

As you can see, i change the parameter "sso_enabled" in parameters.yml when the admin activates or not the sso.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@hslavich @s-a-y @VincentClair @articque @01e9