Shibboleth Authentication

Hello @prasadchinwal5 ! Thank you so much, I'm very glad someone replied after 8 months :)

Well 8 months ago, I had implemented a shibboleth emulation for my laravel site. Since then I've been working for other projects, but in the end I should use this package when the site goes live.

Let me explain what I want to do; So far I have created the laravel site on my windows pc and tested it with xampp apache server. Last month I built a CENTOS server and transferred my laravel site to it. The necessary modifications were done and LAN users can access the server visiting my site. We are still testing it, but later we want to add some authentication via shibboleth.

The organization has webmail and users have username & password. Is it possible to allow access to specific organization users using shibboleth? We would like the usernames and passwords used to be pooled from the organization users credentials.

Thank you a lot!!

@konrms Thanks for the information. Sounds like this is exactly what we do. We authenticate all our users (students/faculty/staff) via shibboleth.

We use this package https://github.com/uabookstores/laravel-shibboleth to achieve this. Steps:

1. Have a shibboleth configuration(mapping of shibboleth entities)
2. Install the package and migrate.
3. Add your configuration to config/shibboleth.php file in your laravel application. (Holds info about redirect after authentication/ add fields to User model etc.)
4. Add the routes to your web.php file.

Done. If you are facing issues in any of the above steps, let me know.

Hi @prasadchinwal5 When I will be close to releasing the site to live state, I hope you will be available to assist me a little with shibboleth!

Thank you VERY much for you help!

@konrms I would be happy to help you out. Please send me a message on twitter https://twitter.com/PrasadChinwal1

Hi @prasadchinwal5 !

Well, it seems the time to put server into production environment has come. The laravel project is installed on our server (I haven't added shibboleth package yet on it).

However, as mentioned in previous post, I have installed shibboleth with Shibalike emulation on my windows laptop laravel project, following https://github.com/uabookstores/laravel-shibboleth guide and secured (with success) a desired route by applying the following excerpt inside the corresponding blade

@if (Auth::guest())
    <a href="/shibboleth-login">Login</a>
@else
    <a href="/shibboleth-logout">
        Logout {{ Auth::user()->name }}
    </a>
@endif

Now, regarding the server, I guess I should add shibboleth package omitting the steps for shibalike emulation. How should I edit config/shibboleth.php for existing organization users? Is just this needed for users to be prompted for their individual authentication credentials when trying to open the specific link?

Thank you a lot!

@konrms Yes, absolutely correct. All you have to do for production server is install the package and edit config/shibboleth.php file as per your need.

Example: You may want to map your server variables with your laravel application User model.

'user' => [
        // fillable user model attribute => server variable
        'name' => 'your_name_variable_from_server',
        'email' => 'your_email_variable_from_server',
        'first_name' => 'your_firstname_variable_from_server',
        'last_name' => 'your_lastname_variable_from_server',
        'custom_field' => 'custom variable',
    ],

These are the fields I have specified in my users migration. The existing users in your organization would be greeted with your shib login page and on successful login they should be redirected to the redirect route specified in your config/shibboleth.php file.

    'authenticated' => '/',

@prasadchinwal5 Thank you in advance for your answer. I will try to follow your tips and come back with a question if necessary.