[3.x] New major release

breart commented 7 months ago

This is a draft PR for the next major release. The goal is to improve the design of the solution, giving developers more control and flexibility, as well as providing more basic functionality "out-of-the-box".

Plans

[x] Add custom resolves for more control over identity provider resolution, config resolution, etc.
[x] Add optional solution for logging in users
[x] Add a morph relation to associate IdP with related application entities (successor of "key")
[x] Add a new table for tracking SAML logins
[ ] Rewrite tests so they actually test stuff
[ ] Add support for multiple certificates
[ ] Improve console commands
[ ] Improve README
[ ] Describe upgrade guide

Key changes

Minimum PHP version — 7.3
Minimum Laravel version — 8

Database changes

Table saml2_tenants has been renamed to saml2_identity_providers
Table saml2_identity_providers now has an optional morph relation called "tenant" that can be associated with an application entity upon IdP creation
Table saml2_sessions has been added to track all logins (see Login & Tracking below)

Custom resolvers

Added "resolvers" that can be easily customised:
- IdentityProviderResolver implements logic for resolving identity provider based on the request route
- ConfigResolver implements logic for resolving IdP/SP config based on the resolved IdP model

Login & Tracking

To provide basic functionality out of the box for smaller application, authorization logic has been implemented, specifically:

User metadata resolution
Login/signup functionality

This is not designed for production needs, just an example on how login/signup can be implemented. For larger apps having custom logic is inevitable.

fedeisas commented 6 months ago

@breart I'm interested in this PR. Is there anything I can do to help? Thanks!

kasperhartwich commented 6 months ago

Nice PR. But why not abandon all non-supported Laravel versions? Laravel 8 is from 2020 and php 7.3 from 2018. Both unsupported and not getting security fixes. At the moment Laravel 10 and php 8.1 is the minimum versions still being maintained.

skydudie commented 5 months ago

@breart I'm interested in this PR. Is there anything I can do to help? Thanks!

Same here! Is there anything you need help with?

breart commented 2 months ago

Nice PR. But why not abandon all non-supported Laravel versions? Laravel 8 is from 2020 and php 7.3 from 2018. Both unsupported and not getting security fixes. At the moment Laravel 10 and php 8.1 is the minimum versions still being maintained.

Good point. My intention was to support slightly older versions since I'm aware this project is also used on bigger projects with older versions of Laravel & PHP. I like the idea of deprecating further, starting from L9 & PHP 8.0.

24Slides / laravel-saml2