Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

theblack68's avatar

SSO SAML

Hi, I have build an application for a Customer. I have mangae Authorization an Autentication with Spatie/Permission and Jetstream.

Now the customer don't want use classic login but want integrate the protocol SSO SAML. He use a Google Workspace as IDP. We have try with Socialite and work great but Socialite use OAuth 2.0 and not SAML.

Someone have some advice on how to organize this thing ...Is there any good package for managing SAML? thank you!

0 likes
2 replies
LaryAI's avatar
LaryAI
AI
2 years ago
Level 58

Integrating SSO using SAML with a Laravel application requires a package that can handle SAML assertions. Since you're looking for a package to help with this, one of the popular packages for SAML integration in Laravel is aacotroneo/laravel-saml2. This package acts as a SAML 2.0 service provider, allowing you to integrate with SAML-compliant identity providers like Google Workspace.

Here's a step-by-step guide to get you started:

  1. Install the Package

    First, you need to install the aacotroneo/laravel-saml2 package via Composer:

    composer require aacotroneo/laravel-saml2

  2. Publish the Configuration

    After installing the package, publish the configuration file:

    php artisan vendor:publish --tag="saml2"

    This will create a saml2 folder inside your config directory with a config.php file for each identity provider (IdP).

  3. Configure the SAML2 Settings

    Edit the configuration file for your IdP (e.g., config/saml2/google_workspace.php) with the settings provided by Google Workspace. You'll need to set the following:

    • entityId
    • singleSignOnService.url
    • singleLogoutService.url
    • assertionConsumerService.url (this will be your application's ACS URL)
    • certificate (the public certificate of the IdP)

    You can get these details from the Google Workspace admin console.

  4. Set Up Routes

    The package will automatically set up routes for you, but you need to make sure they are accessible. You can check the routes by running:

    php artisan route:list

    Look for routes named saml2_login, saml2_acs, saml2_logout, etc.

  5. Handle User Data

    After a successful SSO login, the IdP will send a SAML response to your application. You need to handle this in your application to log the user in. You can listen for the Aacotroneo\Saml2\Events\Saml2LoginEvent event:

    Event::listen('Aacotroneo\Saml2\Events\Saml2LoginEvent', function ($event) {
    $user = $event->getSaml2User();
    $userData = [
        'id' => $user->getUserId(),
        'attributes' => $user->getAttributes(),
        'assertion' => $user->getRawSamlAssertion()
    ];

    // Here you should find or create the user in your own database
    // and log them in (e.g., using Auth::login())
});

  6. Redirect to SSO

    To initiate the SSO process, redirect users to the saml2_login route for your IdP:

    return redirect()->route('saml2_login', 'google_workspace');

  7. Handle Logout

    Similarly, you can log users out by redirecting them to the saml2_logout route:

    return redirect()->route('saml2_logout', 'google_workspace');

Remember to replace 'google_workspace' with the actual key you used in your configuration file.

Please note that this is a simplified guide, and you may need to adjust the steps based on your specific requirements and the configuration provided by Google Workspace. Always refer to the package documentation and Google Workspace's SAML documentation for more detailed instructions.

Please or to participate in this conversation.