search

24Slides / laravel-saml2

[Laravel 5.4+] An integration to add SSO to your service via SAML2 protocol based on OneLogin toolkit with support of multiple Identity Providers
MIT License
232 stars 69 forks source link

Make --metadata take a JSON object #91

Open pixelcat opened 6 months ago

pixelcat commented 6 months ago

Background:

The metadata parsing as it exists today won't honor http:// schema names, which we need in order to support multiple IdP types, and specifically Microsoft Entra ID which uses schemas instead of simple strings.

As part of our implementation we store those schema names as mappings to field names in metadata, such as the following:

| Metadata        | Array                                                                                             
|                 | (                                                                                                             
|                 |     [field_email] => http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
|                 |     [field_lastName] => http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
|                 |     [field_uniqueId] => http://schemas.microsoft.com/identity/claims/objectidentifier 
|                 |     [field_firstName] => http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname                     
|                 | )

Solution: Instead of mapping metadata to an array based on : as a separator, this PR allows users to specify metadata as a serialized JSON string during creation or update.

breart commented 2 months ago

Great idea and thanks for your PR @pixelcat. I'd suggest keeping backward-compatibility, either dynamically check if JSON was provided and then treat as JSON or introduce a new option like --metadata-json.