Started using OneLogin SAML lib directly

- Aligned and formatted config options. - Provided way to override onelogin lib options if required. - Added endpoints in core bookstack routes. - Provided way to debug details provided by idp and formatted by bookstack. - Started on test work - Handled case of email address already in use.
2025-07-28 17:02:04 +03:00 · 2019-11-17 13:26:43 +00:00
parent 9bba84684f
commit 3a17ba2cb9
21 changed files with 442 additions and 381 deletions
--- a/app/Http/Controllers/Auth/Saml2Controller.php
+++ b/app/Http/Controllers/Auth/Saml2Controller.php
@ -0,0 +1,71 @@
+<?php
+
+namespace BookStack\Http\Controllers\Auth;
+
+use BookStack\Auth\Access\Saml2Service;
+use BookStack\Http\Controllers\Controller;
+use Illuminate\Http\Request;
+
+class Saml2Controller extends Controller
+{
+
+    protected $samlService;
+
+    /**
+     * Saml2Controller constructor.
+     */
+    public function __construct(Saml2Service $samlService)
+    {
+        parent::__construct();
+        $this->samlService = $samlService;
+    }
+
+    /**
+     * Start the login flow via SAML2.
+     */
+    public function login()
+    {
+        $loginDetails = $this->samlService->login();
+        session()->flash('saml2_request_id', $loginDetails['id']);
+
+        return redirect($loginDetails['url']);
+    }
+
+    /*
+     * Get the metadata for this SAML2 service provider.
+     */
+    public function metadata()
+    {
+        $metaData = $this->samlService->metadata();
+        return response()->make($metaData, 200, [
+            'Content-Type' => 'text/xml'
+        ]);
+    }
+
+    /**
+     * Single logout service.
+     * Handle logout requests and responses.
+     */
+    public function sls()
+    {
+        // TODO
+    }
+
+    /**
+     * Assertion Consumer Service.
+     * Processes the SAML response from the IDP.
+     */
+    public function acs()
+    {
+        $requestId = session()->pull('saml2_request_id', null);
+
+        $user = $this->samlService->processAcsResponse($requestId);
+        if ($user === null) {
+            $this->showErrorNotification(trans('errors.saml_fail_authed', ['system' => config('saml2.name')]));
+            return redirect('/login');
+        }
+
+        return redirect()->intended();
+    }
+
+}